Senior Manager, Information Security Risk & Governance

OppFi is a tech-enabled, mission-driven specialty finance platform that broadens the reach of community banks to extend credit access to everyday Americans. Through best-in-class customer service, transparency, responsible lending, and financial inclusion, we support consumers, who are turned away by mainstream options, to build better financial health.

We are a team of caring, innovative, and inclusive individuals who thrive in being immersed in diverse talents, expertise, perspectives, and backgrounds. Our employees approach every new challenge with an unparalleled ability to see what could be rather than settle for what is. Our business principles guide us and create an open and collaborative culture where we improve 1% every day, and the best ideas always win! We welcome individuals who want to make an impact in the financial system by facilitating credit access, expanding financial inclusion, promoting financial health, and delivering exceptional customer service.

A few other fun facts about us. OppFi is one of the top consumer-rated financial platforms online, maintaining a 4.5/5.0-star rating on Trustpilot. We are a 2023 Crain's Fast 50 company and were named on Built In's 2024 Best Places to Work

What you get to do:

We are looking for a passionate, mission-driven Information Security governance manager to join our expanding Information Security team. You will lead and manage the process and tools for Information Security & Risk Management, and process IT due diligence requests and ensure compliance to policies, procedures and regulations. You will also work with important partners in Technology, Compliance, Internal Audit, and Legal to review and provide security guidance on current and new processes, maintain evidence and artifacts for all audits.

• Work with CISO to develop information security program and security control assessment strategy

• Run the information security risk management process. Be the primary point of security risk management activities, including analyzing, quantifying, and tracking identified information security risks and reviewing and documenting risk exception requests

• Identify and analyze new requirements for policy impacts; develop policies, procedures, standards and guidelines.

• Ensure compliance with established IT policies and procedures by examining IT records, reports, operating practices, and documentation

• Manage and track cybersecurity audit engagements, due diligence activities, and vendor security reviews; Use working knowledge of information security best practices to ensure IT controls are in place to meet our external audit and client requirements

• Create dynamic dashboards and scorecard for visibility of Information Security Governance activities

• Develop mandatory enterprise cybersecurity awareness training program

• Coach a team of 3-4 information Security analysts

What you bring to the team:

• A degree in Information Technology/Computer Information Systems or related field.

• Background in Information Security, IT Risk Management, or IT Audit

• Experience with security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, ISO control framework

• Minimum ten (10) years of experience in Information Technology compliance programs to meet regulatory or compliance requirements with at least two years of management experience

• Experience identifying potential IT controls risks, issues and opportunities through and offering sustainable recommendations that address cause rather than symptoms

• Experience with information security standards, best practices for securing computer systems within applicable laws and regulations

Reports to: Chief Information Security Officer

Total Rewards and Benefits:

The starting base salary for this position is $125,000 per year. The actual offer, reflecting the total compensation package and benefits, will be at the company's sole discretion and determined by a myriad of factors including, but not limited to, years of experience, depth of experience, and other relevant business considerations. The total compensation package includes eligibility and potential for performance-based bonuses as well as equity grants dependent upon the role and job level.

OppFi offers a flexible, remote environment, 401(k) matching program, and generous paid time off. Other benefits include medical, dental, and vision coverage, and tuition reimbursement. There are also additional benefits including DoorDash DashPass, Figo pet insurance, Rocket Lawyer, and access to LinkedIn Learning. OppFi also offers Fringe, which is a lifestyle benefits platform that allows employees decide how to spend rewards from dozens of vendors like Uber, DoorDash, and UrbanSitter. #LI-Remote

EEO Statement:

OppFi is an equal opportunity employer and does not discriminate based on any actual or perceived legally recognized protected bases under local, state, federal law, or regulations. Our goal as a company is to build an equitable workplace that actively works to dismantle systems of oppression in our processes, procedures, and interactions. We aim to help our employees thrive where they work and beyond. Check out our Culture page here.

As part of OppFi's commitment to providing equal opportunity to qualified individuals, OppFi will ensure that persons with disabilities are provided reasonable accommodation as defined by applicable laws and organizational policies. If reasonable accommodation is needed to participate in the job application or interview processes or job requirements, please contact our People Team at recruiting@oppfi.com.

Pursuant to the requirements of the California Consumer Privacy Act, OppFi is providing the "OppFi California Employee Privacy Policy", which details the categories of personal information collected and your rights under the policy. If you are a California resident, please review the policy here: https://www.oppfi.com/careers/.

The information in this document is for general informational purposes only. It is not intended to be an all-inclusive list or description of the organization and its requirements for positions and employees. OppFi reserves the right to modify or change the information on this document at its discretion.