Senior Analyst II

Information Security

Confirmed live in the last 24 hours

Locations

Remote

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Management

Requirements

Experience with security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, and ISO control framework
Background in Information Security, IT Risk Management, or third party risk management
8+ years of experience supporting Information Technology compliance programs to meet regulatory or compliance requirements
Experience identifying potential IT controls risks and opportunities through and offering sustainable recommendations that address cause rather than symptoms
Experience with information security standards, best practices for securing computer systems within applicable laws and regulations
Experience with Governance Risk & Compliance (GRC) tools and procedure development
Experience working in a regulated industry (financial services or health care)
Day 1 - Month 3: Define Your Mission You'll understand our company mission, values, and vision, and how your position at OppFi plays a part in that. With the help of your manager, you'll set mission-aligned goals to make an impact in your role

Responsibilities

Manage the process and tools for Information Security & Risk Management, and process IT due-diligence requests and ensure compliance to policies, procedures and regulations
Function as a central third-party risk management subject matter expert looking to involve third parties in processes that interact with data. Support completion of information security review process for all new third parties, and annual reviews for all other relationships, that receive and/or interact with data
Maintain inventory of third parties who possess and/or interact with data, including key risk information about the relationship, data attributes involved, and regulatory compliance. Monitor open third party security issues and remediation actions associated with security control gaps to ensure timely closure
Educate and build cybersecurity awareness across the enterprise
Identify and analyze new requirements for policy impacts; develop and update policies, procedures and guidelines
Improve compliance with security standards and policies across the enterprise
Be the primary point of security risk management activities, including analyzing, quantifying, and tracking identified information security risks and reviewing and documenting risk exception requests
Work with the Technology Process Owners to create, modify, validate, and decommission policies/procedures
Create dynamic dashboards and scorecards for visibility of Information Security Governance activities

Helping the Everyday Consumer Build Financial Health

As a leading financial technology platform, OppFi powers banks to bring credit access to millions of everyday consumers who are locked out of mainstream financial options. We go beyond our mission - to help people rebuild financial health - and further ensure we keep the customer at the center of everything we do. We are creating a Customer-obsessed culture with the capital "C".

And it starts with our team here. We are a team of caring, innovative, and inclusive individuals who thrive in being immersed in diverse talents, expertise, perspectives, and backgrounds. Our employees approach every new challenge with an unparalleled ability to see what could be rather than settle for what is. We welcome individuals who want to make a difference in the financial system by creating and building simple, transparent products that facilitate credit access, enable savings, and build wealth.

A few other fun facts about us. OppFi has been an Inc. 5000 company for six straight years, a Deloitte’s Technology Fast 500™, the seventh fastest-growing Chicagoland company by Crain’s Chicago Business, and was named on Built In’s 2022 Best Places to Work in Chicago.

What you’ll get to do:

Manage the process and tools for Information Security & Risk Management, and process IT due-diligence requests and ensure compliance to policies, procedures and regulations.
Function as a central third-party risk management subject matter expert looking to involve third parties in processes that interact with data. Support completion of information security review process for all new third parties, and annual reviews for all other relationships, that receive and/or interact with data.
Maintain inventory of third parties who possess and/or interact with data, including key risk information about the relationship, data attributes involved, and regulatory compliance. Monitor open third party security issues and remediation actions associated with security control gaps to ensure timely closure.
Educate and build cybersecurity awareness across the enterprise
Identify and analyze new requirements for policy impacts; develop and update policies, procedures and guidelines.
Improve compliance with security standards and policies across the enterprise.
Be the primary point of security risk management activities, including analyzing, quantifying, and tracking identified information security risks and reviewing and documenting risk exception requests.
Work with the Technology Process Owners to create, modify, validate, and decommission policies/procedures.
Create dynamic dashboards and scorecards for visibility of Information Security Governance activities.

What you’ll bring to the team:

Experience with security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, and ISO control framework
Background in Information Security, IT Risk Management, or third party risk management
8+ years of experience supporting Information Technology compliance programs to meet regulatory or compliance requirements
Experience identifying potential IT controls risks and opportunities through and offering sustainable recommendations that address cause rather than symptoms
Experience with information security standards, best practices for securing computer systems within applicable laws and regulations
Experience with Governance Risk & Compliance (GRC) tools and procedure development
Experience working in a regulated industry (financial services or health care)

Reports to: Senior Manager, Information Security Governance

Job Level: Lead

The minimum salary for this role is $110,000. The total compensation package includes eligibility for performance-based bonuses as well as a 1-time equity grant based on level.

The actual offer, reflecting the total compensation package and benefits, will be at the company’s sole discretion, and determined by a myriad of factors including, but not limited to, years of experience, depth of experience, and other relevant business considerations.

Define your career at OppFi

OppFi is committed to providing an exceptional employee experience from Day 1. Key new hire programs include Day 1 Orientation, training with your manager and team, lunches with our CEO and President, and an educational summit featuring presentations by our senior leaders. Throughout and beyond your first-year journey, you’ll have access to a variety of events focused on culture, inclusion, connection, and education. We want you to feel welcomed, informed, and valued for who you are and what you bring to our company.

Day 1 - Month 3: Define Your Mission
You’ll understand our company mission, values, and vision, and how your position at OppFi plays a part in that. With the help of your manager, you’ll set mission-aligned goals to make an impact in your role.

Months 3 - 6: Define Your Belonging
You’ll understand OppFi’s culture and know how to engage with and influence that culture.

Months 6 - 12: Define Your JourneyYou’ll feel confident in your ability to execute in your role and empowered to take next steps in developing your career at OppFi.

Compensation and Benefits

OppFi offers a flexible remote environment, 401(k) matching program, and flexible paid vacation. Other benefits include medical benefits, dental and vision coverage, and tuition reimbursement. To support your wellness & growth, we provide monthly meditation and yoga classes and access to all LinkedIn Learning courses. We also offer Fringe, which is a lifestyle benefits platform that lets you decide how you want to spend your rewards from dozens of vendors like Uber, Doordash, and Urban Sitter. Dress code is casual.

EEOC Statement

OppFi is an equal opportunity employer and does not discriminate based on any actual or perceived legally recognized protected bases under local, state, or federal law or regulations. Our goal as a company is to build an equitable workplace that actively works to dismantle systems of oppression in our processes, procedures, and interactions. We aim to help our employees thrive where they work and beyond. Check out our Culture page here.

OppFi is committed to the full inclusion of all qualified individuals. As part of this commitment, OppFi will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact our People team at [email protected].

Pursuant to the requirements of the California Consumer Privacy Act, OppFi is providing the "OppFi California Employee Privacy Policy", which details the categories of personal information collected and your rights under the policy. If you are a California resident, please review the policy here: https://www.oppfi.com/careers/

501-1,000 employees

Website

Financial technology platform

Company Overview

OppFi's mission is to empower everyday consumers to rebuild financial health through facilitating credit access, enabling savings, and building wealth. The company build financial literacy products for all.

Benefits

Generous vacation
Insurance benefits
401(k) matching
Employee Assistance Program
Tuition reimbursement
Subsidies for childcare costs, free financial literacy tools, 6 paid weeks of parental leave
Collaborative and supportive company culture