Senior Information Security GRC Analyst

Branch is on a mission to help working Americans grow financially. We do this by helping companies accelerate payments and empower working Americans with accessible, fee-free financial services. We’re committed to building and delivering more inclusive and transparent financial products.

Come join our team as we develop new ways to improve the lives of working Americans. Our mission starts with empowering our own employees. Have a great idea? Share it today and it might just get implemented tomorrow. As a team member at Branch, your voice and creativity can directly impact the product and company. We not only attract great talent from across the country, but also build teams to help that talent to thrive. That means valuing a diversity of opinions and working styles, while creating a shared belief in innovation, initiative, and winning together.

Branch is seeking an experienced Security Governance, Risk, and Compliance (GRC) professional to join our team. This position will work in all aspects of GRC, so broad knowledge is preferred across multiple frameworks and related policy and procedure lifecycle management. The ideal candidate will have a background in managing relationships with internal stakeholders (C Suite, Risk, and Legal), external partners (3rd party vendors, auditors, sub-processors), and working closely with members of the Security team.

Responsibilities include, but are not limited to:

• Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with the frameworks (SOC 2, ISO 27001, PCI, NIST, CCPA) implemented by Branch
• Experience implementing new frameworks and integrating into existing audit cycles
• Manage Branch’s Drata GRC platform
• Ensure information is up to date and automated collections are working appropriately
• Ensure that Audit evidence is collected and validated
• Manage access to and keep information up to date for Branch’s Security Trust Center
• Inform the proper stakeholders of important concerns, hazards, and Risk to the organization
• Work together with other stakeholders to link our corporate IT, procurement, and privacy departments with GRC objectives
• Maintain up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertise
• Manage security standards, policies, and practices on an annual basis to make sure they meet corporate demands
• Assist the department in responding to inquiries from the business units about ongoing operational compliance
• Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
• Manage the 3rd Party Vendor Management process
• Partner with the Risk and Legal teams to share information and seek out areas for improvement to reduce Risk throughout the company

Qualifications:

• 5-7 years of experience in a similar role
• 3+ years of expertise conducting ISO 27001 and SOC 2 audits, as well as handling audit responses
• Excellent communication skills
• Oral and written communication to an audience of employees as well as to the leadership team is necessary
• Knowledge of GRC tool techniques and best practices (Drata, HyperProof, AuditBoard)
• Solid ethics and core values - Situations sometimes require discretion and may be of a confidential or sensitive nature
• Familiarity with security and compliance requirements for SOC 2, PCI, NIST CSF, ISO 27001, CCPA
• CISA, CISM or are working toward certification

• Remote-first work culture (domestic USA)
• Branch-paid medical, dental, and vision insurance
• Equity
• 401k
• Flexible time off
• Paid company holidays
• Paid parental leave (eligible after 6 months of employment)

Working At Branch

Branch is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

A remote-first company with employees located all throughout the US, Branch emphasizes transparency, accountability, and trust to create a collaborative environment where our product, engineering, marketing, customer support, customer success, and sales teams can all thrive together.

Our teamwork has enabled us to become an award-winning fintech company, with Branch’s innovation and workplace recognized across industries. Branch has been honored by the Webby Awards, Benzinga Fintech Awards, Fintech Breakthrough Awards, Top Workplaces USA, Great Places to Work, and EY Entrepreneur of the Year, Heartland, among others.

Learn more about our culture, approach, technology, and people here: https://www.branchapp.com/about

Must be currently authorized to work in the USA without sponsorship or transfer. No 3rd-parties, please.