GRC Specialist

Unit is building the platform to power the next generation of financial services. Our mission is to help companies expand financial access for all. Our simple and powerful banking-as-a-service API helps companies launch bank accounts, cards, payments, and lending in weeks - not years. 

Unit was founded by a team with deep fintech and financial services experience and the first banking-as-a-service platform to reach unicorn status. We have raised over $169 million to date from top investors including Insight Partners, Accel, Better Tomorrow Ventures, Aleph, and Flourish and serve 140+ customers including AngelList, Honeybook, Roofstock, and many more.

THE ROLE

We are hiring a GRC Specialist to join our growing team. Reporting to the Information Security Manager, the GRC Specialist is primarily responsible for supporting the company’s security program and compliance initiatives. The GRC Specialist will help ensure that we meet the requirements of various security frameworks and regulations while overseeing processes related to security governance, risk management, and compliance. 

KEY RESPONSIBILITIES

• Manage external security audits (e.g., PCI-DSS, SOC 2, SOC 1), including evidence collection, operation of GRC tools, collaboration with stakeholders, and reporting to auditors.

• Review and update security policies and procedures and implement corrective actions based on audit findings and management feedback.

• Lead ongoing security and compliance tasks, such as user access review cycles and audit-related compliance initiatives across the organization.

• Drive security awareness and training activities, including phishing simulations, publishing security-related content, and leading company-wide Security & Privacy sessions.

• Collect and review security documentation (e.g., policies, penetration tests) from clients and conduct vendor assessments for various risk levels, including software, service providers, and external workforce.

• Security clients-facing effort: answer security questionnaires, review legal contracts from a security perspective, maintain our security internal knowledge base and ake part in security related calls with clients and partners. 

• Operate and utilize GRC tools.

• Serve as a go-to person for employees on security and compliance matters and perform other team-related duties as needed.

WHAT WE’RE LOOKING FOR

• At least 3 years of professional experience in GRC, information security, compliance, or a related role (preferably in a startup or SaaS environment; 

• Strong understanding of security and privacy frameworks such as SOC 2, PCI-DSS, GLBA, and CCPA. 

• Technical orientation, with the ability to collaborate effectively across diverse teams; familiarity with cloud platforms and concepts is a strong advantage.

• Exceptional project management and organizational skills, capable of handling multiple tasks and priorities efficiently.

• Highly professional, detail-oriented, proactive, and self-motivated work ethic.

• Excellent communication skills in both Hebrew and English, including strong verbal and written abilities.

• Relevant certifications such as CISM, CISSP, CISO, or CIPM - advantage.

• Experience in a fintech company - advantage.

• Legal background - advantage.

Working at Unit means joining a global team on a mission to create a more equitable financial ecosystem. We’re a fast-growing team of individuals who are passionate about their work, see the big picture and always seek to empower our clients and their end-customers.