Senior Manager, Security GRC

The Senior Manager, Security GRC at OppFi is responsible for leading the development and execution of cyber risk management and compliance programs. This includes overseeing risk assessments, managing third-party security reviews, conducting audits, and developing security awareness initiatives. The role also includes ensuring that security policies align with regulatory requirements and industry best practices while collaborating with cross-functional teams.

To qualify for the Senior Manager, Security GRC position at OppFi, candidates typically need a bachelor's degree in Information Technology, Computer Information Systems, or a related field. Additionally, extensive experience in Information Security, IT Risk Management, or IT Audit is essential, alongside familiarity with compliance frameworks such as FFIEC, NIST, and ISO standards. A minimum of ten years in IT, with at least two years in a leadership role focused on compliance, is also required.

At OppFi, fostering a security-first culture starts with effective communication and training. The Senior Manager, Security GRC will implement an enterprise cybersecurity awareness program that educates employees about security practices. This initiative promotes proactive behavior regarding data protection and compliance, ensuring that security is a shared responsibility across all levels of the organization.

The work environment for a Senior Manager, Security GRC at OppFi is fully remote, promoting flexibility and work-life balance. OppFi embraces a collaborative culture, encouraging open communication and innovation among team members regardless of their physical location. This environment empowers employees to contribute ideas and solutions freely while being part of a mission-driven team.

OppFi values its employees and offers a comprehensive benefits package for the Senior Manager, Security GRC role, including competitive compensation, performance-based bonuses, equity grants, and a 401(k) matching program. Additional perks include flexible work options, generous paid time off, medical, dental, and vision coverage, as well as lifestyle benefits through various vendor partnerships.

When answering this question, highlight specific frameworks like NIST, ISO, and COBIT that you have worked with. Discuss how you have applied these frameworks to assess risks, manage compliance, and implement security policies effectively in your past roles.

Focus on leadership strategies you've employed. Include your approach to mentoring, team dynamics, and how you facilitate collaboration within the team. Discuss any specific successes or improvements your team achieved under your guidance.

For this question, emphasize a proactive approach. Discuss how you would begin by assessing the current security posture, identifying gaps, and recommending improvements. Mention strategies like increased risk assessments, security awareness training, and revising security policies to align with evolving threats.

Share a specific instance where you successfully identified a significant risk. Explain your methodology, the steps you took to mitigate the risk, the stakeholders involved, and the outcome. This shows your analytical skills and ability to implement effective solutions.

Explain your strategy for staying up to date with industry regulations and how you implement compliance measures within an organization. Focus on developing robust policies, conducting regular training, and implementing continual monitoring practices to ensure ongoing compliance.

Discuss the importance of clear communication in educating and aligning employees on security policies. Emphasize collaboration with different departments to create a unified approach to security that incorporates all aspects of compliance and governance.

Talk about your process for preparing for audits, such as conducting internal assessments, validating documentation, and ensuring all security controls are enforced. Provide examples of your experience leading successful audits and any lessons learned.

Share your strategies for promoting security awareness, such as developing training programs, creating engaging content, and utilizing real-life examples to underscore the importance of cybersecurity. Mention any successful initiatives you have led in past positions.

Identify key metrics such as incident response times, employee training completion rates, and risk assessment results. Discuss how you would utilize these metrics to assess ongoing performance and make data-driven decisions to enhance security practices.

Discuss current trends in cybersecurity, such as the rise of sophisticated cyber attacks or challenges with remote work security. Offer insights into potential solutions and how you would address these issues in your role as Senior Manager, Security GRC at OppFi.