Manager, Governance, Risk & Compliance (GRC)

As a Manager of Governance, Risk & Compliance (GRC) at Flex, your responsibilities include leading SOC 2 audit preparations, implementing compliance strategies using tools like Vanta, and ensuring adherence to the NIST Cybersecurity Framework. You'll also conduct risk assessments, collaborate with stakeholders on security controls, and stay updated on regulatory changes to maintain our compliance status.

To be considered for the Manager, Governance, Risk & Compliance (GRC) position at Flex, you should have a bachelor's degree in Information Security or a related field, along with a minimum of three years of experience in GRC or information security roles. Proven knowledge of SOC 2 audit preparation, proficiency in compliance tools, and understanding of NIST CSF and NYDFS Cybersecurity Regulations are essential.

Preferred backgrounds for the GRC Manager role at Flex include individuals with ISACA CISA certification and experience in the fintech or financial services industry. Familiarity with additional frameworks such as ISO 27001 or GDPR can also be beneficial when applying for this exciting position.

As a Manager, Governance, Risk & Compliance (GRC) at Flex, you'll enjoy a competitive pay package that includes 100% company-paid medical, dental, and vision insurance, a 401(k) with company equity, and unlimited paid time off. Additional benefits like paid parental leave, a Flex Cares Program, and a free Flex subscription ensure you have a balanced life both at work and home.

The Flex office is located in the heart of New York City. As a Manager, Governance, Risk & Compliance (GRC), you are expected to be on-site three days a week to facilitate collaboration and foster a positive team environment.

In answering this question, provide specific examples of your previous roles in conducting SOC 2 audits. Highlight your preparation strategies, the audit process you followed, and how you ensured compliance throughout.

Discuss any compliance automation tools, like Vanta, you have utilized. Explain how these tools enhanced efficiency, reduced manual work, or streamlined compliance tracking in your past positions.

When answering this question, outline your methodology for performing risk assessments, including identifying assets, potential threats, vulnerabilities, and how you prioritize risks to develop strategies for mitigation.

Discuss your research habits, such as following relevant publications, joining professional organizations, or attending webinars and conferences to continually expand your knowledge surrounding regulatory changes.

Share specific examples of how you have applied the NIST Cybersecurity Framework in your previous jobs. Describe how you implemented its controls and measured compliance based on the framework's guidelines.

In your response, emphasize your ability to communicate complex concepts clearly and your experience in training teams on compliance procedures. Mention any success stories or strategies you've used to ensure team buy-in.

Use a specific instance to explain the compliance issue, your analysis of the situation, and the steps you took to resolve it. Highlight your problem-solving skills and the impact of your solution on the organization.

Tailor your answer to reflect your passion for FinTech and Flex’s mission. Discuss how your skills align with their goals and how you are excited about contributing to a company focused on enhancing the rent payment experience.

In your answer, list the components you believe are crucial to a solid governance framework such as clear policies, risk management procedures, reporting structures, and continuous improvement. Provide examples of how they contribute to overall compliance.

Discuss your approach to translating technical compliance details into relatable and actionable insights for non-technical stakeholders. Mention strategies you use to facilitate understanding and encourage compliance across the organization.