Security Governance, Risk, and Compliance Specialist job at Sunbit in New York, NY

JOB TITLE: Security GRC Specialist Location: New York United States Job Description: LOCATION: New York, Hybrid REPORTS TO: CISO The Company: Sunbit builds financial technology for real life. Our AI-native platform helps more people get to "yes" at the moments that matter with personalized offers, transparent terms, and no added consumer fees. In stores, practices and service centers across the country, Sunbit provides a fast, fair pay-over-time option. For everything else, the Sunbit Credit Card delivers a modern, no-fee credit experience managed in a powerful mobile app. We are guided by people-centered values: Serve Others Before Self, Include Always, Connect Genuinely, Innovate for Good. These values shape how we build, how we support customers and merchants, and how we work with each other. What makes Sunbit different is an AI-native infrastructure that runs through the full customer and merchant journey. Our interconnected AI systems power instant decisioning, streamline fraud checks with human-in-the-loop safeguards, and enable highly personalized offers at scale. The result is a quick, fair, and simple experience for consumers and merchants. We pair this technology with inclusion and transparency. Sunbit delivers industry-leading approval rates - 90%+ in auto service and 85%+ in dental - while maintaining zero consumer fee-based revenue. It is a better way to serve people and merchants, proven at scale. Today, Sunbit is available across a nationwide, in-person merchant network of 30,000+ locations spanning auto service centers, dental and optical practices, veterinary clinics, and other specialty services. We help teams say "yes" more often and help customers move forward with confidence. The Role: We seek a Cybersecurity GRC & Project Management Specialist to join our growing team. In this role, you will be pivotal in safeguarding our company's data and systems, ensuring compliance with industry regulations, and fostering a security-conscious environment. Requirements What You'll Own: Governance, Risk, and Compliance (GRC): Maintain and extend our comprehensive cybersecurity program aligned with industry best practices and regulatory requirements (e.g., PCI DSS, SOC 2). Establish and maintain a risk management framework to identify, assess, and prioritize cybersecurity risks. Develop and maintain our security policies, procedures, and standards. Manage and track cybersecurity risks, conduct threat assessments, and implement controls to mitigate risks. Stay abreast of evolving regulations and industry standards, such as PCI DSS, SOC 2, GDPR, and HIPAA, and translate these requirements into actionable security practices for Sunbit. Oversee internal audits and compliance assessments. Security Vendor Risk Management: Evaluate and manage the security posture of third-party vendors, ensuring they adhere to Sunbit's security standards. Develop and implement processes for vendor onboarding, risk assessment, and ongoing monitoring. Security Awareness: Design and deliver engaging security awareness training programs for employees at all levels. Develop and maintain security awareness materials, such as newsletters, phishing simulations, and security posters. Security Project Management: Manage and oversee the implementation of security projects, ensuring they are completed on time, within budget, and meet project goals. Work with cross-functional teams to prioritize and execute security initiatives. What You Bring To The Table: Minimum 5 years of experience in cybersecurity, preferably within the financial services industry. Strong understanding of cybersecurity frameworks (e.g., NIST CSF, PCI DSS, SOC 2). Experience with security risk management, vendor risk management, and security awareness programs. Proven project management skills, including experience with project planning, execution, and monitoring. Excellent communication, collaboration, and interpersonal skills. Ability to work independently and as part of a team. The Perks: Join one of LA's fastest growing startups (2023), A Most Loved Workplace, #576 on the 2023 Inc 5000 list, and Forbes Fintech 50 (2024) Mission driven + empowered + collaborative Competitive pay and stock options Unlimited PTO Health Insurance options including Medical, Dental, Vision, Life, EAP, FSA, & Parental Leave Newly added HSA and Pet Insurance 401K Plan with Matching Cell Phone Stipend Casual Dress Team based strategic planning + Team owned deliverables How We Pay: We believe in paying fairly and equitably based on a number of factors including but not limited to previous experience, relevant work history, interview performance, geographical location, internal equity, and expected level of ownership. We are targeting a salary of $150,000 - $200,000 per year for this role This role will also be granted company equity via stock options Core Competencies for Success in Role - fit for Sunbit in role Serve others before self - Enhance customer and colleague security by implementing robust measures and providing effective security training programs. Own the impact - Ensure the effectiveness of security policies and procedures, manage risks, conduct assessments, and maintain regulatory compliance. Connect genuinely - Build strong relationships with team members and vendors, communicate security risks clearly, and deliver engaging awareness programs. Act fast - Respond quickly to security threats and vulnerabilities, and manage security projects efficiently to ensure timely compliance with regulations. Include always - Involve all employees in security initiatives, making cybersecurity a collective responsibility. Innovate for good - Use cutting-edge technologies and best practices to continuously improve Sunbit's cybersecurity measures and protect customer data. We ask that you contact [email protected] only about potential instances of fraud. [email protected] does not reach our recruiting team directly. Your application directly through the posting is the best way to ensure that your candidacy is reviewed by our team. Due to the volume of applications, we will not respond to nor forward emails about your candidacy that are sent to [email protected] directly, and your email about your application will be deleted from our systems. Apply tot his job