Governance, Risk, and Compliance Lead

About Extend:

Extend is modernizing the $100 billion-per-year protection plan industry using cutting-edge technology and top-notch customer service. 

Our technology-forward omnichannel and API-first solution allows any merchant to offer protection plans, both online and in store, while also providing a merchant's end customers with a vastly improved and modern support experience that eliminates many of the issues customers face today with legacy underwriters. More recently, Extend also launched a shipping protection solution, covering consumers in the case of lost, damaged or stolen packages. This is further expanding the company’s addressable market and value creation for merchants.

We are a venture-backed startup in downtown San Francisco led by founders who have previously had multiple successful exits. Extend simplifies the technology stack for the product and shipping protection industries.

What You'll Do:

• Lead Compliance Auditing Process
• Manage annual SOC2 audit processes and maintain DFS500 compliance
• Coordinate with external auditors and internal stakeholders
• Develop and implement audit preparation procedures
• Track remediation efforts for audit findings
• Develop and Maintain GRC Documentation
• Compile and update security, privacy, and risk policies
• Ensure policies align with regulatory requirements and industry standards
• Create and maintain standards, procedures, and controls documentation
• Collaborate with cross-functional teams to implement GRC requirements
• Manage Risk Management Program
• Oversee risk assessment and analysis activities
• Develop risk mitigation strategies and track implementation
• Maintain risk register and reporting metrics
• Facilitate business continuity and disaster recovery planning
• Additional Responsibilities
• Provide GRC guidance and thought leadership to senior management
• Oversee vulnerability management processes
• Lead security awareness and training initiatives
• Support incident response activities when needed
• Generate reports and metrics for executive leadership

What We're Looking For:

• 10+ years of experience in information security, risk management, or compliance
• 2+ years in a leadership role managing GRC programs
• Strong knowledge of security frameworks (SOC2, NIST, ISO) and regulatory requirements
• Experience with DFS500 compliance preferred
• Demonstrated ability to develop and implement risk management strategies
• Excellent communication skills - able to translate technical concepts for non-technical audiences
• Experience with compliance automation tools and GRC platforms
• Strong project management and organizational skills
• Ability to work effectively in a fast-paced, remote environment
• Relevant certifications (CISA, CISSP, CRISC, etc.) preferred

Why Extend?

• Opportunity to shape GRC processes at a rapidly growing fintech company
• Competitive compensation and benefits package
• Remote-first work environment
• Collaborative culture with experienced leadership team
• Make an impact while working with cutting-edge technology
• Extend is an equal opportunity employer committed to diversity and inclusion in the workplace.

Expected Pay Range: $189,000 - $205,000 per year salaried*

* The target base salary range for this position is listed above. Individual salaries are determined based on a number of factors including, but not limited to, job-related knowledge, skills and experience.

Life at Extend:

• Working with a great team from diverse backgrounds in a collaborative and supportive environment.
• Competitive salary based on experience, with full medical and dental & vision benefits.
• Stock in an early-stage startup growing quickly.
• Very generous, flexible paid time off policy.
• 401(k) with Financial Guidance from Morgan Stanley.

Extend CCPA HR Notice