Senior Security GRC Manager - Remote
Santa Clara, CA, United States
Company Description
PayNearMe develops technology to facilitate the end-to-end customer payment experience, making it easy for businesses to accept, disburse and manage payments. Our modern and reliable platform lowers the total cost of payments by increasing acceptance rates, driving self-service and simplifying exceptions. We future-proof our clients’ payments roadmap by including all payment types and channels through a single contract and integration. With PayNearMe, businesses can transform the outdated systems holding them back from achieving progress.
PayNearMe has over 200 employees, closed a $45M Series D round in June 2023 and is processing over $30B in payments annually. We’re headquartered in Silicon Valley with our employees distributed all across the U.S. Help us solve our clients’ biggest payment problems.
We are seeking a detail-oriented and proactive Sr. Security GRC Manager to join our team. This role is responsible for identifying, assessing, and mitigating information technology and information security risks. The Sr. Security GRC Manager will work closely with various departments to ensure compliance with industry standards and regulatory requirements, while also helping to protect the company’s information assets and maintain the integrity of our payment platform.
The Sr. Security GRC Manager will play a crucial role in safeguarding PayNearMe’s information assets and ensuring the security and integrity of our payment platform. By effectively managing IT/IS risks, the specialist will help maintain our company’s reputation for data safety and regulatory compliance, supporting our mission to provide secure and reliable payment solutions.
Job Description
- Identify, assess, and mitigate information security risks across the organization.
- Maintain and execute a comprehensive IT/IS risk management program
- Leverage, optimize, and automate GRC tools to enhance risk visibility and management.
- Conduct risk assessments to ensure compliance with industry standards and regulatory requirements.
- Collaborate with internal teams to implement risk mitigation strategies and controls.
- Monitor and analyze technology and security control effectiveness to identify risks and areas for improvement.
- Develop and maintain risk management policies, procedures, and documentation.
- Provide training and guidance to employees on IT/IS risk management best practices.
- Stay current with emerging trends and developments in IT/IS risk management.
- Provide actionable insights and recommendations in risk reports presented to senior management and stakeholders.
Qualifications
- 5+ years of experience implementing and managing IT/IS risk management frameworks (e.g. PCI-DSS, NIST, ISO27001, SOC2 CMMC, COSO ERM)
- Strong understanding of risk management principles, practices, and frameworks.
- Experience conducting assessments and control evaluation with information security regulations and industry standards (e.g. NIST, CIS, FFIEC Guidelines, PCI-DSS, SOC2)
- Proficiency with risk management tools and software (e.g. Anecdotes, Archer, ServiceNow, or equivalent platforms).
- Demonstrated experience in developing and implementing risk frameworks and conducting risk and control self-assessments (RCSA).
- Demonstrated ability applying GDPR, FedRAMP, and/or FFIEC Guidelines into a security risk framework.
- Proven skills in evaluating complex problems, identifying root causes, and developing effective, risk-minded solutions.
- Strong communication and interpersonal skills in fostering collaborative working relationships.
- Demonstrated capability to work autonomously on complex tasks, while contributing to the success of team and cross-functional objectives.
- Excellent organizational skills with a calculated approach to managing competing priorities, ensuring quality, and meeting deadlines.
Preferred Qualifications:
- Relevant certifications (e.g., CRISC, CISSP, CISM, ITIL).
- Experience in the financial technology sector with a publicly traded company.
- Knowledge of cloud security and understanding of cloud platforms (e.g., AWS, Azure, Google Cloud).
- Familiarity with data protection laws and regulations (e.g., GDPR, CCPA, HIPAA).
- Bachelor’s degree in Computer Science, Information Security, Risk Management, or a related field, or equivalent hands-on experience managing IT/IS risk frameworks
Additional Information
Benefits
- Base salary per year (paid semi-monthly)
- Fast- paced and professional work culture
- Stock options with standard startup vesting - 1 year cliff; 4 years total
- $50 monthly communication expense stipend to go towards your phone/internet bill
- $250 stipend to enhance your WFH setup
- Reimbursement for peripheral equipment: monitor (up to $400), keyboard and mouse (up to $200)
- Premium medical benefits including vision and dental (100% coverage for employees)
- Company-sponsored life and disability insurance
- Paid parental bonding leave
- Paid sick leave, jury duty, bereavement
- 401k plan
- Flexible Time Off (our team members typically take off ~3-4 weeks per year)
- Volunteer Time Off
- 13 scheduled holidays
- 4-6x / year in-person team meet-ups
Salary Range: $140,000 - 180,000
PayNearMe strives to create a workplace where all employees thrive. We welcome candidates from all backgrounds, experiences, and perspectives. Our core values represent who we are today and we take pride in the way we work with each other as well as with our stakeholders. If you meet the majority of the qualifications and bring enthusiasm for the role, we encourage you to apply.
We’re in this together to do the right thing. We deliver real results we are proud of while remaining respectful, transparent, and flexible.
PayNearMe is an equal opportunity employer. We are diligently and thoughtfully working towards cultivating a diverse workforce which in turn, enhances our products and services for the communities we serve. Applicants who represent all backgrounds are strongly encouraged to apply.
—
Candidate information will be treated in accordance with our job applicant privacy notice found at: https://home.paynearme.com/ccpa-privacy-notice-jobs-employees/
Assistance for Disabled Applicants
Alternative formats of this Notice are available to individuals with a disability. Please let us know if you need assistance.
All your information will be kept confidential according to EEO guidelines.
ApplyJob Profile
100% coverage for employees 13 scheduled holidays Base salary Base salary per year Communication expense stipend Company-sponsored life and disability insurance Flexible time off Holidays In-person team meet-ups Life and Disability insurance Medical benefits Paid parental bonding leave Paid Sick Leave Paid sick leave, jury duty, bereavement Premium medical benefits Reimbursement for peripheral equipment Scheduled holidays Stock options Team meet-ups Volunteer time off WFH setup reimbursement
Tasks- Collaborate on risk mitigation strategies
- Collaborate with internal teams
- Conduct risk assessments
- Develop risk management policies
- Identify and mitigate information security risks
- Maintain IT risk management program
- Monitor security control effectiveness
- Present risk reports to management
- Provide training
- Provide training on risk management best practices
Anecdotes Archer AWS Azure CIS Cloud Security CMMC Communication COSO COSO ERM Documentation FedRAMP FFIEC FFIEC Guidelines GDPR Go Google Cloud GRC Information security Integration Interpersonal ISO27001 IT risk management NIST Payments Payment Solutions PCI DSS RCSA Regulatory Compliance Risk and control self assessments Risk Management Risk management tools Security ServiceNow SOC2 Training
Experience5 years
EducationComputer Science Information Security Related Field Risk Management
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9