Governance, Risk, and Compliance (GRC) Engineer

ABOUT EARNIN

As one of the first pioneers of earned wage access, our passion at EarnIn is building products that deliver real-time financial flexibility for those with the unique needs of living paycheck to paycheck. Our community members access their earnings as they earn them, with options to spend, save, and grow their money without mandatory fees, interest rates, or credit checks. Since our founding, our app has been downloaded over 13M times and we have provided access to over $15 billion in earnings.

We’re fortunate to have an incredibly experienced leadership team, combined with world-class funding partners like A16Z, Matrix Partners, DST, Ribbit Capital, and a very healthy core business with a tremendous runway. We’re growing fast and are excited to continue bringing world-class talent onboard to help shape the next chapter of our growth journey.

POSITION SUMMARY

We are looking for a passionate and motivated security engineer to join our Information Security GRC team. You’ll make an impact on our rapidly growing product portfolio, while we continuously take a risk-based approach to enable the growth of our business. You’ll be responsible for ensuring operational excellence for the security certification program, and influence the cybersecurity risk management program at one of the fastest growing FinTech!

You should have a natural sense of curiosity, a propensity for action, and a collaborative approach to problem-solving. You’ll be excited to collaborate and partner across our engineering organization and all parts of our business. You enjoy building and improving things, big & small projects. You prefer automating things, and delighting your customers.

This position will be ideally hybrid from our Mexico City office as part of our expanding site location. EarnIn provides excellent benefits for our employees including healthcare, internet/cell phone reimbursement, a learning and development stipend, and potential opportunities to travel to our Palo Alto HQ.  Our salary ranges are determined by role, level, and location.

WHAT YOU'LL DO 

• Lead and own audit readiness for NIST CSF, AICPA SOC II Type 2, and PCI-DSS
• Establish and enforce security compliance-related processes and documentation
• Automate processes and implement compliance-related tooling, drive adoption of Compliance as Code
• Execute and own excellence of operational tasks
• Own cyber risk assessment and drive maturity in third-party risk management program
• Operationalize enterprise risk register and risk management across multiple business units
• Drive innovation with business stakeholders/IT/Platform around enterprise identity and access management (EIAM) processes

WHAT WE'RE LOOKING FOR

• 3-5 years of experience defining, measuring, and maturing compliance program
• Demonstrated experience with building and automating processes and controls
• Demonstrated experience with at least three security control frameworks, such as PCI-DSS, SOC II Type 2, NIST, ISO, FFIEC, etc.
• Detailed understanding of how compliance works with AWS in the FinTech industry
• Experience operationalizing risk assessment frameworks and implementing risk management programs
• Risk-approach mindset to enable the business and growth

At EarnIn, we believe that the best way to build a financial system that works for everyday people is by hiring a team that represents our diverse community. Our team is diverse not only in background and experience but also in perspective. We celebrate our diversity and strive to create a culture of belonging. EarnIn does not unlawfully discriminate based on race, color, religion, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), gender identity, gender expression, national origin, ancestry, citizenship, age, physical or mental disability, legally protected medical condition, family care status, military or veteran status, marital status, registered domestic partner status, sexual orientation, genetic information, or any other basis protected by local, state, or federal laws. EarnIn is an E-Verify participant. 

EarnIn does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to our hiring managers or HR team.