For companies building financial technology and transforming the financial services space, the biggest bottleneck to their growth and innovation is often the underlying banks and infrastructure stack they rely on. We have spent our careers founding and scaling companies like Plaid, Square, SoFi, Blend, and Affirm, and have seen this problem firsthand — builders and developers needing to partner with traditional banks, and creating API and abstraction layers over the patchwork that is the bank, its core, and many other vendors. All of this results in a complex (and often expensive) banking supply chain involving a user, fintech, BaaS middleware provider, bank, core and the Federal Reserve.
At Column, we set out to simplify and fix this. We are a bank and a software company built from the ground up, offering builders and developers technology-forward banking solutions that cut out the hundreds of vendors, middleware providers, and abstraction layers. This means a safer, more transparent, and less costly banking supply chain. Come build with us!
As a founding member of the Technology Risk team, you’ll leverage your experience with technology risk management, information security frameworks, and business continuity management to level up the maturity of our bank’s technology risk programs. You’ll work closely with other risk functions, regulatory compliance, engineering, and business stakeholders to ensure that controls are operating effectively and risks are identified in a timely manner. Reporting to the Information Security Officer, you will enable data-backed risk assessments and report issues to executive management and the Board of Directors. Our bank is driven by modern solutions and a methodical approach to secure design. You’ll play a key role ensuring that systems are operating according to sound risk management practices, and that your peers clearly understand the importance of technology risk management at the bank.
This role is an in-person position, where you’ll be expected to work out of our Presidio-based office in San Francisco 3+ days a week.
What you’ll do
Assist in developing, implementing, and maintaining technology risk policies and procedures to ensure compliance with regulatory requirements and industry standards
Perform risk assessments to identify, assess, and prioritize technology risks and recommend risk mitigation strategies and controls
Monitor and report on the effectiveness of technology GRC controls and make recommendations for improvements
Collaborate with business and engineering stakeholders to ensure that technology risk management requirements are addressed within projects focused on building the bank’s in-house software products
Program manage testing initiatives to support the bank’s business continuity and disaster recovery program
Ensure that identified risks and issues are addressed within established timelines
Support internal audit activities and requests, including providing information about the technology environment, as well as control effectiveness and testing
Provide responses to and maintain reference material for customer inquiries and due diligence procedures that involve technology compliance, and participate in discussions for security and compliance assessments
Support third-party oversight and monitoring processes, including security assessments of the bank’s vendors and service providers
Stay up-to-date with industry trends and regulatory requirements related to technology governance, risk, and compliance
Perform day-to-day activities consistent with safe and sound business practices and regulatory requirements
What you’ll need to be successful
Bachelor’s degree in Computer Science, Information Technology, or related field
3-5 years of experience in a technology governance, risk, and compliance related role
Knowledge of regulatory requirements and industry standards related to banking technology governance, risk, and compliance, such as NIST Cybersecurity Framework, ISO 27001, SOC 2, and FFIEC IT Examination Handbook
Experience performing risk assessments and developing risk mitigation strategies and controls
Familiarity with business continuity and disaster recovery programs, planning, and testing
Strong analytical and problem-solving skills
Excellent writing and communication skills
Collaborative - willing and able to work effectively with both business and engineering stakeholders
Professional certifications related to technology GRC or cybersecurity, such as CISA, CRISC, or CISSP, are a plus
What you’ll get from us
Competitive medical, dental, and vision plans (including options 100% subsidized by Column)
FSA + HSA options
Sponsored lunches and dinners
The annual base salary range for this position is $80,000 - $140,000, exclusive of equity compensation and benefits.
The range provided may be inclusive of several career levels at Column, and will be narrowed during the interview process based on a number of factors including, but not limited to, the candidate’s skill sets, experience, licensure and certifications, location, and other business and organizational needs.
We look forward to hearing from you
Column is committed to working with the best and brightest people from the broadest talent pool possible. We value bringing together a team with different perspectives, educational backgrounds, and life experiences, and believe a diversity of ideas is what allows us to develop the best solutions. All qualified individuals are encouraged to apply.
If you need assistance or a reasonable accommodation during the application and recruiting process, please reach out to [email protected]