Investing in visionary founders, transformational technology and emergent ecosystems for a new world.

Innovation Endeavors
Innovation Endeavors

IT Audit Senior Risk Manager



San Francisco, CA, USA · Charlotte, NC, USA
Posted on Thursday, April 25, 2024

Employee Applicant Privacy Notice

Who we are:

Shape a brighter financial future with us.

Together with our members, we’re changing the way people think about and interact with personal finance.

We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.

The role:

As the Technology Audit Sr. Risk Manager, you will further define and support the company's second line risk management activities across technology risk functions at SoFi. This high-visibility role will require you to collaborate with cross-functional leaders across all lines of defense to drive technology risk decisions, innovations, and communicate them to senior executives and regulators. Additionally, you will play a key role in ensuring SoFi meets regulatory requirements by fostering and promoting best practices in technology risk assessment through evangelizing and collaborating with cross-functional stakeholders.

The ideal candidate for this role will have a deep understanding and curiosity of technology risk management and best practices, familiarity with a variety of frameworks (e.g. NIST, ISO, etc.), audit standards (IIA) and strong understanding of technology stack leveraged in cloud environments. Strong partnership skills, excellent communication and collaboration abilities, and the ability to deliver programs that improve SoFi's overall technology risk posture will be a key to success in this role. This role is a rare opportunity to work with a growing and driven team at a fast-growing and innovative financial technology company.

Outline the reason the job exists here. Document contributions of the role that contribute to the organization’s overall mission.

What you’ll do:

At SoFi, our ambition is to help our members achieve financial independence and reach their goals. We aim to be at the center of our members’ financial lives, and to help every member get their money right. You will be a part of the second line Technology Risk Management team dedicated to driving risk management around our foundational technology which drives forward our mission to help members achieve their financial ambitions.

  • Conduct comprehensive IT audits within banking environments, ensuring adherence to industry standards and regulations
  • Document findings according to IIA (Institute of Internal Auditors) standards, providing actionable recommendations
  • Collaborate with cross-functional teams to address audit issues and improve processes
  • Help further define and lead SoFi's technology risk management vision and execution by driving risk assessment programs, building policies and procedures, and finding solutions for various technology related initiatives
  • IT Risk Manager (Audit Assessment lead) - Banking IT Auditor
  • Lead and oversee Bank IT audits, managing a team of auditors to ensure thorough assessments and compliance
  • Develop audit strategies, review workpapers, and provide guidance on complex IT audit issues
  • Communicate audit results to senior management, driving continuous improvement in IT controls and processes
  • Partner with key stakeholders across the organization to implement processes that drive down residual risk and improve the overall technology risk posture, working closely with engineering and technology operations teams to establish infrastructure and tooling that enable teams across SoFi to comply with requirements.
  • Provide subject matter expertise in Technology Risk and serve as the main point of contact within the organization for technology risk assessment concepts
  • Consume technology and security standards, technology processes, and associated control requirements to support operationalization and deployment

This section should include a full overview of the role including information from a job analysis: what does the individual actually do on a daily basis and what tasks are performed regularly. What does the worksite or workstation look like? Is this a remote role or in office? Outline what essential functions are performed. What are the expectations and expected results for this role? Is overtime or extra-hours work often needed/required?

Be sure to use inclusive language, if you have questions, the TA Ops team can help! Make sure to avoid age-specific descriptions, gender-specific terms, mentions of race or religion, or verbiage about physical abilities (unless absolutely necessary to perform a role).

What you’ll need:

  • 10+ years of professional and relevant experience in Technology Audit Management and Technology Risk Consulting, including exposure with a Financial Technology - Framework (IIA, FFIEC, NIST, ISO, COBIT, PCI, etc.)
  • Bachelors’ Degrees in Computer Science, Systems Engineering, Information Technology or equivalent technical experience
  • 6+ years of experience in technology risk governance; handling compliance, technology risk management, and/or internal/external audits.
  • Strong risk assessment and process evaluation experience; developing and establishing process flows end-to-end
  • Strong partnership capabilities and ability to build and foster strong cross-functional work relationships
  • Excellent communication skills (verbal, written, and visual); ability to communicate technology and security concepts to both technical and non-technical partners

What experience and qualifications are required to perform well in this role? Please make sure to include only the required skills and experience. The next section will include preferred or “nice to haves”.

Include 5-10 education, training, or experience requirements in this section for a well rounded job description. Be sure that each requirement is linked back to the role the individual will be performing on a daily basis. These qualifications should be non-negotiable.

Examples Include:

  • Minimum Education Requirements such as: High School Diploma or Bachelor’s Degree
  • Minimum Experience Requirements such as: 1 year experience in a similar role. Be careful not to require more years than is necessary to gain the minimum qualifications.
  • Knowledge of certain systems, policies, and procedures that are necessary to perform basic job functions right away.
  • Language requirements if consistently partnering with teams that have a large client base with a foreign language.

Nice to have:

  • Experience establishing technology risk assessment programs and standards
  • Prior experience leading and completing end-to-end technology risk assessments
  • Relevant industry certifications, for example, CISSP, CCSK, CISA; ability to drive innovation, new practices; experience interacting with regulators (Federal Reserve, OCC, CFPB)
  • Experience working in Google Docs, Sheets and Slides
Compensation and Benefits
The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.
To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page!
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
The Company hires the best qualified candidate for the job, without regard to protected characteristics.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
New York applicants: Notice of Employee Rights
SoFi is committed to embracing diversity. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com.
Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.
Internal Employees
If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.