Senior Manager
Governance, Risk and Compliance
Posted on 4/2/2024
Prosper Funding

201-500 employees

Peer-to-peer lending marketplace offering financial solutions
Company Overview
Prosper Marketplace, the first peer-to-peer lending marketplace in the United States, has a proven track record of financial leadership, having facilitated over $21 billion in loans to more than 1.3 million people since its inception in 2005. The company's commitment to transparency and customer-centricity is reflected in its A+ rating from the Better Business Bureau and its position on the Board of Directors for the American Fintech Council. Prosper's robust security measures and diverse product offerings, including personal loans, credit cards, and home equity lines of credit, provide a competitive advantage in the fintech industry.
Fintech

Company Stage

Series G

Total Funding

$487.4M

Founded

2005

Headquarters

San Francisco, California

Growth & Insights
Headcount

6 month growth

-1%

1 year growth

-1%

2 year growth

9%
Locations
San Francisco, CA, USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Communications
Management
CategoriesNew
Project Management
Strategy Development
Business & Strategy
Requirements
  • 4+ years of direct management experience
  • 10+ years of progressive and demonstrated expertise in IT compliance and risk management (PCI-DSS, SOC 1/2, NIST CSF, etc.)
  • Excellent written, verbal communication skills
  • Experience with cloud environments
  • Excellent project management and process improvement skills
  • Ability to effectively work with technical and non-technical resources
  • Self-directed, works with minimal guidance, and recognizes when guidance needed
  • Experience with CCPA preferred
  • CISSP, CISA, or CRISC (or similar) certifications preferred
Responsibilities
  • Develop Prosper's GRC strategy and manage the day-to-day governance activities related to risk, control, and compliance management
  • Establish KPIs and metrics to demonstrate effectiveness of the GRC program and report risk
  • Lead the PCI-DSS compliance assessment (readiness along with the external attestation)
  • Own the Risk Management Program, planning and coordinating the execution of risk assessments (NIST CSF, CIS), monitoring of emerging risks, and maintenance of the risk register
  • Lead cross-functionally to maintain compliance certifications such as SOC1/SOC2 Type II, and other external IT audits
  • Drive remediation of process and control deficiencies and improvements identified internally and externally
  • Lead third-party cyber risk assessment/re-assessment tasks; overall responsible for vendor cybersecurity reviews
  • Lead the Security Awareness Program (routine phishing simulation campaigns, security awareness trainings, newsletters, etc.)
  • Take ownership of documentation processes; assist with the development and maintenance of policies, guidelines, standards, and processes
  • Interface with both technical (Engineering, Technical Operations) and non technical (HR, Legal, Compliance) teams
  • Build and automate processes to simplify and maintain continuous compliance over the technology environment
  • Communicate, develop, and foster strong, collaborative relationships with stakeholders across all levels of the organization
  • Assist with responding to privacy and security compliance requests from regulators, partners, and vendors
  • Lead a team of senior GRC analysts
  • Support the preparation of regular and ad-hoc risk reports for ERM governance, boards, and other relevant stakeholders