Security and Compliance Manager
Blend is fixing the lending experience for one of the most important purchases people make - their home. Home lending is a $10 trillion vertical that hasn’t kept pace with technology, so we’re bringing banks and their customers the software and tools they deserve.
At Blend, top engineers and designers from Palantir, Google, Stanford, and Caltech have joined forces with industry experts from firms like CoreLogic to disrupt the archaic systems in use today. We're founded by former Palantir engineers and backed by Peter Thiel, Andreessen Horowitz, and other prominent investors.
As the Security Compliance Manager , you will ensure Blend's compliance with security commitments and best practices. You will lead, develop, implement or manage on-going controls to meet security standards such as ISO 27001 and SOC 2 control objectives. You will be responsible for testing, documenting, evaluating, and remediating internal controls and collaborating with internal and external audit teams, IT management, and other stakeholders to ensure compliance project deliverables are met.
- Design and develop security processes and controls to protect the confidentiality, integrity and availability of the company’s assets.
- Perform continuous gap analysis of existing security processes and develop and coordinate mitigating controls with the stakeholders.
- Design and execute the security audit to test the design and operating effectiveness for IT systems and internal controls; coordinate required remediation
- Conduct risk assessments on business and operational processes, procedures, and policies
- Contribute to customer RFIs
- Evaluate information security posture of vendors
- Review customer contracts for compliance implications
- BA/BS in Business Administration, Accounting, Computer Science, Information Systems Administration or related field
- At least 4 years of internal audit experience or prior work experience as an IT auditor
- Strong project management skills
- Vendor management experience
- Hands on experiences in conducting SOC 2 and ISO 27001 audits in internal and external capacity.
- Exposure to cloud-based technologies such as AWS, GitHub and JIRA.
Nice to Haves
- Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) designations
- Project Management Lite (PMBOK)
- Prior experience with governance and controls frameworks, such as COBIT, NIST, ITIL, ISO, NIST, FISMA, FedRAMP, PCI DSS, HIPAA or HITRUST
- Meaningful equity at an early stage company
- Daily catered lunch and dinner, and an endless snack supply
- Conveniently located in San Francisco, right next to Montgomery BART Station
- Top-tier medical, dental, and vision insurance
- Gym membership
- Public transportation pass
- Wellness program
- Flexible work hours and vacation time