Staff, GRC & Privacy - Snap! Finance : Job Details

Company Overview:At Snap Finance, we believe everyone deserves access to the things they need, regardless of credit history. Since 2012, we've used data, machine learning, and a more human approach to create flexible financing solutions that help people move forward. We're proud of our inclusive, supportive culture, built on empowering our customers, partners, and team members alike. When our people thrive, so does our innovation.If you're looking to make an impact and grow with a team that values you, come join us!Job DescriptionWe are looking for an exceptional Staff-Level Security, Compliance, and Privacy professional to join our team and ensure that program and project goals are consistently achieved. This candidate will play a pivotal role in shaping and overseeing the organization's information security, compliance, and privacy strategies. This role involves designing and implementing comprehensive security controls, managing risk assessments, leading compliance and privacy initiatives, and ensuring that the organization adheres to data protection regulations. The ideal candidate will have a strong background in security frameworks, privacy regulations, audit management, and process optimization, coupled with exceptional leadership and communication skills.How you'll make an impact:* Strategic Design and Implementation:* Develop and implement an integrated information security, compliance, and privacy controls model aligned with industry standards and organizational objectives.* Drive the creation and execution of the security and privacy compliance roadmap, ensuring alignment with regulatory requirements and industry best practices.* Risk and Compliance Management:* Conduct risk assessments to identify vulnerabilities, privacy risks, and gaps across critical service areas, and formulate effective remediation plans.* Oversee audit activities related to security, compliance, and privacy, ensuring thorough and timely completion, and manage the integration of audit findings into the respective programs.* Privacy Program Management:* Develop and implement privacy policies and procedures in compliance with relevant data protection regulations (e.g., GDPR, CCPA).* Lead efforts to ensure data protection by design and by default and oversee the management of data subject rights requests and data breach responses.* Stakeholder Engagement:* Provide exceptional support to both internal and external stakeholders, delivering a world-class experience related to information security, risk, compliance, and privacy.* Accurately communicate the organization's compliance and privacy position and programs to customers and other key stakeholders.* Process Optimization:* Build and enhance automated, scalable, and efficient security, compliance, and privacy processes.* Drive continuous improvement initiatives to strengthen the risk, compliance, and privacy programs and overall security posture.* Monitoring and Reporting:* Lead continuous monitoring efforts, manage remediation activities, and report on control effectiveness and status.* Maintain comprehensive evidence documentation to ensure repeatable and auditable processes related to security, compliance, and privacy.* Cross-Functional Leadership:* Coordinate cross-functional team meetings to address and close control gaps effectively in the areas of security, compliance, and privacy.* Foster partnerships across the organization to align on compliance and privacy goals and ensure cohesive execution of related initiatives.:What you'll need to succeed:* Bachelor's degree in Computer Science, Information Security, Business Administration, Privacy Law, or a related field. Advanced degree or relevant certifications (e.g., CISSP, CISM, CISA, CIPP) preferred.* Extensive experience (minimum 10 years) in security, compliance, and privacy roles, with a proven track record in a leadership position. Hands-on experience in conducting audits and risk assessments against information security and privacy frameworks is essential.* Deep understanding of compliance frameworks and privacy regulations such as SOC 2, ISO 27001, NIST CSF, PCI, HITRUST, GDPR, CCPA.* Proficiency in writing and implementing Information Security and Privacy Policies, Standards, Guidelines, and Procedures.* Experience with Security Exception processes, risk management, and privacy impact assessments.* Familiarity with software development and cloud computing security principles.* Experience implementing and managing GRC tools and processes.* Strong project management abilities, with a proven track record of driving initiatives from conception through to delivery and control.* Detail-oriented with a bias toward action and continuous improvement.* Excellent verbal and written communication skills, with the ability to articulate complex security, compliance, and privacy concepts to diverse audiences.Why Join Us:* Generous paid time off* Competitive medical, dental & vision coverage* 401K with company match for US* Company-paid life insurance* Company-paid short-term and long-term disability* Access to mental health and wellness resources* Company-paid volunteer time to do good in your community* Legal coverage and other supplemental options* A value-based culture where growth opportunities are endlessMore:Snap values diversity and all qualified applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. Learn more by visiting our website at www.snapfinance.com.California Residents, please review our California Consumer Privacy Act Notice at