Cybersecurity Risk Manager

Employee Applicant Privacy Notice
Who we are:
Shape a brighter financial future with us.
Together with our members, we're changing the way people think about and interact with personal finance.
We're a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we're at the forefront. We're proud to come to work every day knowing that what we do has a direct impact on people's lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.
The role:
The Cybersecurity Risk Manager will develop and implement SoFi's second line of defense (2LOD) cyber risk and control evaluation program. This role requires a proven expertise in and understanding of Amazon Web Services (AWS) security options and best-practice configurations. Expertise in cloud configurations, especially AWS, will be equivalent to the first line of defense (1LOD) cloud operators.
The manager will collaborate closely with 1LOD IT and Cybersecurity teams to analyze cloud based controls and must have the hands-on skills necessary to navigate and evaluate configurations. In AWS, this means expertise in GuardDuty for continuous threat detection, Inspector for vulnerability assessments, CloudWatch for monitoring and alerting, and other cloud-native controls such as Cloud Access Security Broker (CASB) solutions that oversee and govern cloud-first technologies, ensuring robust security controls and compliance with industry-leading cybersecurity frameworks.
The role requires a deep understanding of cyber risk and the ability to create oversight and governance processes and procedures, providing credible expert challenges, and conducting independent assessments to ensure IT and cybersecurity programs are well-designed and operating effectively. Results of these reviews will be thoroughly documented and require effective translation from technical summaries to risk reports that are easily consumed by the risk owners (1LOD) and leadership. The Cybersecurity Risk Manager will also be a leader in developing 2LOD policies, standards, frameworks, procedures, guidelines, and reporting to support and influence risk management associated with the 1LOD cybersecurity program. Furthermore, the manager will oversee workload management strategies within AWS environments, optimizing resource allocation and ensuring resilience against cyber threats. By leveraging CASB solutions and AWS tools, the manager will ensure that SoFi's cybersecurity programs and processes comply with operational, regulatory, and established SoFi policies, standards, procedures, and guidelines, safeguarding critical assets and data in cloud environments effectively. Proven experience with AWS services and tools, as well as a strong understanding of cybersecurity frameworks and standards, are essential for this role.
What you'll do:

• Establish a strategic plan for the review and development of the independent review of 1LOD and the technical evaluation of the breadth and depth of the control environment.
• Develop and implement a comprehensive 2LOD cybersecurity risk management program.
• Provide independent assessment and credible challenge to the 1LOD cybersecurity team's controls, processes and procedures.
• Collaborate closely with the 1LOD IT and cybersecurity teams to provide risk guidance and framework support.
• Perform reviews of 1LOD risk and control self-assessments (RCSA) to identify, analyze, and evaluate cybersecurity risks and gaps and to ensure controls are designed and operating effectively across SoFi and affiliates.
• Ensure 1LOD activities properly identify, document, and risk rank critical cyber assets on-prem and in cloud services in a timely manner, and those risks are reflected in monitoring and incident response protocols to ensure a low cyber risk tolerance.
• Conduct regular reviews and provide credible challenges to cloud configurations, settings, procedures and processes, especially in the AWS environment to ensure residual risks do not exceed SoFi's low-risk tolerance.
• Provide technical expertise with Infrastructure as Code (IaC) tools and practices (e.g, Terraform, CloudFormation)
• Assess and enhance the security posture of 1LOD Cloud environments using key security tools like: AWS GuardDuty, AWS Inspector, AWS Security Hub, and Cloudflare.
• Evaluate the effectiveness of AWS monitoring and logging tools, including Amazon CloudWatch and AWS CloudTrail and their integration with the SIEM.
• Develop custom scripts to aid in evaluations, utilizing tools such as AWS CLI and AWS SDKs.
• Utilize industry-leading frameworks and best practices for risk assessment and mitigation including CIS AWS Foundations Benchmark, FFIEC management booklet, and NIST CSF.
• Perform frequent reviews of security metrics from all security controls ensuring they are reporting per SLA, and appropriate monitoring, alerting, and responses are managed and working effectively.
• Engage with senior cyber management and other stakeholders to communicate risk posture, gaps, and recommend actions.
• Ensure compliance with relevant regulatory requirements and industry standards (e.g., FFIEC, NIST, CIS).
• Work closely with 1LOD cross-functional teams to stay updated on the latest cybersecurity risks, threats, trends, and regulatory changes.
• Stay up to date on emerging AWS services and security features.
• Review cybersecurity training and awareness programs to ensure the organization is establishing an effective culture of cyber risk awareness and proactive cyber risk testing.
• Implement sound cyber risk management methodologies and requirements to be deployed by 1LOD risk owners.
• Develop and maintain comprehensive documentation of cyber risk assessments.
• Collect key cyber risk and performance data, establish cyber risk trends, analyze and report regularly on elevated risks failing to meet expected levels of cyber risk management and performance.
• Identify, document and test automated 1LOD cyber controls, and recommend opportunities for additional risk mitigation.
• Prepare and deliver clear, concise, and actionable reporting to senior leadership and governance committees.

What you'll need:

• Bachelor's degree or equivalent experience and certifications in cybersecurity, information technology, computer science or a related field
• 8+ years of relevant cybersecurity, technology, risk management, regulatory and compliance, or Internal Audit experience
• Minimum of 3 years assessing risk, cloud-based infrastructure management or development in a cloud-first environment
• Extensive knowledge of AWS cloud platform and capabilities, with equivalent cloud-provider experience in Azure or GCS a plus
• Cybersecurity operations background and deep understanding of risk management practices
• Proven record working with control frameworks, testing methodologies, and risk assessments
• Highly effective interpersonal and communication skills and proven ability to positively influence all levels of personnel, including IT/Security partners and senior leadership
• Strong understanding of risk governance and 2LOD processes used to review and challenge first line IT, cybersecurity, and business unit risk management processes
• Wide breadth of knowledge regarding primary risks associated with the products and services of online banking and infrastructure operations
• Experience leading and developing team members in a cybersecurity or risk group
• Proven success building and implementing control testing programs to evaluate the design and adequacy and effectiveness of key controls
• Experience building and maturing governance, risk, and compliance (GRC) systems
• Self-motivated with strong collaboration instincts and communication skills

Examples Include:

• Minimum Education Requirements such as: High School Diploma or Bachelor's Degree
• Minimum Experience Requirements such as: 1 year experience in a similar role. Be careful not to require more years than is necessary to gain the minimum qualifications.
• Knowledge of certain systems, policies, and procedures that are necessary to perform basic job functions right away.
• Language requirements if consistently partnering with teams that have a large client base with a foreign language.

Nice to have:

• Prior experience in a cybersecurity operations or cyber risk leadership role with significant risk management background
• Advanced degree; relevant industry certifications, for example, CSSP, CISSP, CISM, CCSK, CISA, Cloud Audit Academy certification, AWS Certified Security, AWS Certified Solutions Architect
• Ability to drive risk and control innovation, direct new cybersecurity practices in 1LOD
• Experience in banking, fintech, or highly regulated industry
• Experience preparing reports for and interacting with and presenting to regulators (Fed, OCC, CFPB, NYDFS) and executive leadership within IT and Risk
• Enterprise experience assessing AI risks
• Experience working in Google Docs, Sheets and Slides

Compensation and Benefits
The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate's experience, skills, and location.
To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
The Company hires the best qualified candidate for the job, without regard to protected characteristics.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
New York applicants: Notice of Employee Rights
SoFi is committed to embracing diversity. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email
Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.
Internal Employees
If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.