hero

Portfolio Careers

Discover opportunities across our network of transformational companies.
Stage 2 Capital
37
companies
79
Jobs

Senior Security Advisor, Governance Risk & Compliance (GRC)

Ocrolus

Ocrolus

Legal
Washington, DC, USA · Remote
Posted on Apr 4, 2024

At Ocrolus, we believe companies work best when they focus on their core business and let automation do the rest. We’re powering the digital lending ecosystem and help financial services firms make high-quality decisions with trusted data and unparalleled efficiency.

Ocrolus’ Human-in-the-Loop document automation software analyzes documents with over 99% accuracy. We're replacing legacy OCR vendors that cap out at 75-80% accuracy, and augmenting the robotic work that humans are prone to doing all too often – which can be expensive, error-prone, and slow. By empowering lenders to analyze diverse sources of financial data more efficiently, Ocrolus levels the playing field for every borrower, providing expanded access to credit at a lower cost.

We’ve raised over $100 million from blue-chip investors and are working with customers like PayPal, Brex, SoFi, Blend and Plaid. Join us as we build the future of fintech, and make an impact at an award-winning, high-growth startup that Forbes recently dubbed the “Next Billion-Dollar Startup”.

What you will do:

  • Maintain security policies, procedures, standards, checklists, and other necessary documentation.
  • Conduct gap assessments and implement/mature security processes and controls in line with industry frameworks and regulations.
  • Conduct comprehensive risk assessments, including technical security risks, threat modeling, and compliance evaluations. Develop and implement mitigation strategies to address identified risks.
  • Utilize advanced technical knowledge to identify, analyze, and mitigate security risks, focusing on both existing and emerging threats.
  • Perform periodic due diligence and risk assessment for Vendors, Sub-Processors.
  • Own the compliance monitoring program for security controls. Communicate with and present to Senior Management on progress and testing results.
  • Manage external compliance audits and other reviews, working with audit firms and internal parties.
  • Respond to customer due diligence requests; Attend customer calls (if required) and work closely with customer-facing teams on security-related matters.
  • Develop and deliver cybersecurity training and awareness programs to educate employees on security best practices and compliance.
  • Track compliance requirements and contractual obligations related to security.
  • Monitor and track relevant metrics for the security program's effectiveness.
  • Work closely with all engineering and product teams to ensure consistent and practical implementation of requirements for the Ocrolus infrastructure.
  • Keep abreast of best practices, framework changes, and new regulations to identify key risk areas further and analyze their applicability to Ocrolus.
  • Help develop technology solutions to support the various compliance programs.
  • Showcase a robust understanding of cloud services and related technologies, contributing to a secure cloud environment.

What you will bring:

  • 5-8 years of working experience in a GRC role.
  • Excellent understanding of regulatory compliance requirements
  • Experience in evaluating and implementing SOC 2, ISO 27001, and PCI DSS.
  • Experience documenting policies and procedures, attention to detail, and analytical skills.
  • Experience in risk assessment methodologies, tools, and technical risk assessments.
  • Practical experience or a solid conceptual understanding of the AWS cloud platform to define controls for cloud environments and recommend best practices. (Certification is a plus)
  • Experience in implementing security controls to address requirements of privacy regulations, including GDPR, CCPA, and other international regulations
  • Experience in developing test plans, testing security controls, internal audit
  • Experience in handling & managing external audits and auditors.
  • Ability to communicate with various stakeholders effectively across the organization.
  • Ability to prioritize identified areas for improvement and propose practical solutions.
  • Ability to work in a remote environment with teams in India and in the United States.
  • Excellent verbal and written communication skills (in English).
  • Desire to continuously seek and update technical security skills as required for the job.
  • Being Proactive and able to work with little direct supervision.

Additionally (a great plus)

  • Security certifications such as CISSP, CRISC, and AWS certifications.
  • Knowledge of Financial Services domain (Mortgage, Lending, etc..)
Life at Ocrolus
Come build the future of fintech with us. At Ocrolus, you will work with extraordinary people and receive benefits and development opportunities to empower you in and out of the office.

We take pride in our dynamic, diverse team, unified by shared values of Empathy, Curiosity, Humility and Ownership. We love what we do and the people we do it with, which is why we welcome every individual, provide them with equal opportunity irrespective of their race, gender, gender identity, age, disability, national origin or any other legally protected rights that one has.

We look forward to hearing from you!