About Column

For companies building financial technology and transforming the financial services space, the biggest bottleneck to their growth and innovation is often the underlying banks and infrastructure stack they rely on. We have spent our careers founding and scaling companies like Plaid, Square, SoFi, Blend, and Affirm, and have seen this problem firsthand — builders and developers needing to partner with traditional banks, and creating API and abstraction layers over the patchwork that is the bank, its core, and many other vendors. All of this results in a complex (and often expensive) banking supply chain involving a user, fintech, BaaS middleware provider, bank, core and the Federal Reserve.

At Column, we set out to simplify and fix this. We are a bank and a software company built from the ground up, offering builders and developers technology-forward banking solutions that cut out the hundreds of vendors, middleware providers, and abstraction layers. This means a safer, more transparent, and less costly banking supply chain. Come build with us!

The opportunity

As a founding member of the Technology Risk team, you’ll leverage your experience with technology risk management, information security frameworks, and business continuity management to level up the maturity of our bank’s technology risk programs. You’ll work closely with other risk functions, regulatory compliance, engineering, and business stakeholders to ensure that controls are operating effectively and risks are identified in a timely manner. Reporting to the Information Security Officer, you will enable data-backed risk assessments and report issues to executive management and the Board of Directors. Our bank is driven by modern solutions and a methodical approach to secure design. You’ll play a key role ensuring that systems are operating according to sound risk management practices, and that your peers clearly understand the importance of technology risk management at the bank.

What you’ll do

• Assist in developing, implementing, and maintaining technology risk policies and procedures to ensure compliance with regulatory requirements and industry standards

• Perform risk assessments to identify, assess, and prioritize technology risks and recommend risk mitigation strategies and controls

• Monitor and report on the effectiveness of technology GRC controls and make recommendations for improvements

• Collaborate with business and engineering stakeholders to ensure that technology risk management requirements are addressed within projects focused on building the bank’s in-house software products

• Program manage testing initiatives to support the bank’s business continuity and disaster recovery program

• Ensure that identified risks and issues are addressed within established timelines

• Support internal audit activities and requests, including providing information about the technology environment, as well as control effectiveness and testing

• Provide responses to and maintain reference material for customer inquiries and due diligence procedures that involve technology compliance, and participate in discussions for security and compliance assessments

• Support third-party oversight and monitoring processes, including security assessments of the bank’s vendors and service providers

• Stay up-to-date with industry trends and regulatory requirements related to technology governance, risk, and compliance

• Perform day-to-day activities consistent with safe and sound business practices and regulatory requirements

What you’ll need to be successful

• Bachelor’s degree in Computer Science, Information Technology, or related field

• 5+ years of experience in a technology governance, risk, and compliance related role

• Knowledge of regulatory requirements and industry standards related to banking technology governance, risk, and compliance, such as NIST Cybersecurity Framework, ISO 27001, SOC 2, and FFIEC IT Examination Handbook

• Experience performing risk assessments and developing risk mitigation strategies and controls

• Familiarity with business continuity and disaster recovery programs, planning, and testing

• Strong analytical and problem-solving skills

• Excellent writing and communication skills

• Collaborative - willing and able to work effectively with both business and engineering stakeholders

• Professional certifications related to technology GRC or cybersecurity, such as CISA, CRISC, or CISSP, are a plus

What you’ll get from us

• Flexible PTO

• Competitive medical, dental, and vision plans (including options 100% subsidized by Column)

• FSA + HSA options

• 401(k) plan

• Commuter benefits

• Sponsored lunches and dinners

Pay transparency

The annual base salary range for this position is $120,000 - $200,000, exclusive of equity compensation and benefits.

The range provided may be inclusive of several career levels at Column, and will be narrowed during the interview process based on a number of factors including, but not limited to, the candidate’s skill sets, experience, licensure and certifications, location, and other business and organizational needs.

We look forward to hearing from you

Column is committed to working with the best and brightest people from the broadest talent pool possible. We value bringing together a team with different perspectives, educational backgrounds, and life experiences, and believe a diversity of ideas is what allows us to develop the best solutions. All qualified individuals are encouraged to apply.

If you need assistance or a reasonable accommodation during the application and recruiting process, please reach out to [email protected].