Senior Security Risk Analyst - Charlotte, NC
Charlotte, NC /
Credit Karma is a mission-driven company, focused on championing financial progress for our more than 100 million members in the U.S., Canada and U.K. While we're best known for pioneering free credit scores, our members turn to us for tips as they work on their financial goals, including helping them monitor their credit, identity monitoring, searching for credit cards, shopping for loans (car, home and personal), filing their taxes with Credit Karma Tax and growing their savings* -- all for free. Credit Karma has grown significantly through the years: we've added more than 70 million members in the last five years alone and now have more than 1,100 employees across our offices in San Francisco, Charlotte, Los Angeles, Leeds, London and soon Oakland.
Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission in Security GRC is to validate security configurations and controls while surfacing risk to technology and business owners in a collaborative and actionable way.
* Banking services provided by MVB Bank, Inc., Member FDIC
What you'll do:
- Advocate for and support development of the security risk management program, policies, standards, and procedures
- Design and conduct security risk assessments and measure continuous improvement
- Test required security controls, and validate that the controls are appropriate and effective
- Identify trends of emerging risks across our data center and cloud environments
- Develop reports, presentations, dashboards and other metrics detailing identified security risks
- Support the development of solutions for automating and streamlining security risk management practices
What’s great about the role:
- Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
- Solving security problems at scale in a highly technology-focused team, with a culture of “how to do this safely”, not a culture of “no”.
- Spending way less time convincing anyone why security is important and way more time talking about how to manage risk effectively - the importance of security is woven into our DNA already!
Minimum basic requirements:
- Minimum of 3 years of experience in Information Security and Risk Management
- Experience driving enterprise projects and team goals
- Extreme attention to detail and nuance, with a working familiarity of security practices and tooling.
- Experience with industry-based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27001&2, SSAE18 (SOC1&2), MS-SDL, PCI, SANS Top 20, etc.)
- Ability to communicate technical issues to non-technical people.
- Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.)
- BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience
- Big 4 experience a plus!
- A fun and positive attitude!
Credit Karma is committed to a diverse and inclusive work environment. We believe that such an environment advances long-term professional growth, creates a robust business, and supports our mission of championing financial progress for everyone. We offer generous benefits and perks with a single eye to nourishing an inclusive environment that recognizes the contributions of all and fosters diversity by supporting our internal Employee Resource Groups. We’ve worked hard to build an intensely collaborative and creative environment, a diverse and inclusive employee culture, and the opportunity for professional growth. As part of the Credit Karma team, your voice will be heard, your contributions will matter, and your unique background and experiences will be celebrated.
Credit Karma is also proud to be an Equal Opportunity Employer. We welcome all candidates without regard to race, color, religion, age, marital status, sex (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity or gender expression, national origin, veteran or military status, disability (physical or mental), genetic information, or any other protected characteristic. We prohibit discrimination of any kind and operate in compliance with the San Francisco Fair Chance Ordinance.