Posted 18 Apr 2024, 1:00 pm

Senior Security Risk Governance Analyst at Chime

About the Role

You are a fearless, seasoned security professional with an interest in new and emerging technology. You can work on tight deadlines with little guidance and are well-versed in risk, security, and controls. You can get to the root of a problem and you are familiar with frameworks such as SOC2, ISO27001, and PCI-DSS.  You are adept at documenting vendor reviews, procedures, and exceptions in a rapidly changing company environment, and are comfortable leading risk workshops, vendor interviews, and managing reviews and assessments through to completion.

For Colorado based roles:
In accordance with applicable law, this role has an annual starting salary of 119,000.00 - 165,300.00 plus bonus, a competitive equity package, and benefits (see below). The actual pay may be higher depending on your location, skills, qualifications, and experience. 


In this role, you can expect to

  • Deliver high-quality third party security reviews and evidence
    1. Due diligence requests
    2. Ongoing monitoring 
  • Help drive joint Security, Risk, and Compliance initiatives 
    1. PCI-DSS compliance
    2. SOC2 and ISO27001 certifications
  • Conduct risk assessments, gap analyses, and controls testing for critical areas
  • Help define KPIs, KRIs, and dashboards for reporting to management
  • Develop or source training content and ensure training of employees and contractors using a learning management system (LMS)
  • Create operational runbooks and establish security baselines and standards
  • Cross-collaborate to formalize the Security Architecture Review process with Security Engineering, Application, and Infrastructure Security


To thrive in this role, you have

  • Experience conducting third party audits, risk assessments, and controls testing
  • Experience using a vulnerability management tool and managing risk exceptions
  • The ability to document procedures and runbooks for the security program
  • Experience in a position focused primarily on information security and/or security program management
  • Familiarity with frameworks like SOC2, NIST 800/NIST CSF, ISO 27001, and PCI-DSS
  • A security certification such as CISSP, CISA, CISM or equivalent


A little about us

At Chime, we believe that everyone can achieve financial progress. We’re passionate about developing solutions and services to empower people to succeed. Every day, we start with empathy for our members and stay motivated by our desire to support them in ways that make a meaningful difference. 

We created Chime—a financial technology company, not a bank*-- founded on the premise that basic banking services should be helpful, transparent, and fair. Chime helps unlock the access and ability our members need to overcome the systemic barriers that block them from moving forward. By providing members with access to liquidity, rewards, and credit building, our easy-to-use tools and intuitive platforms give members the ability to have more control over their money and to take action toward achieving their financial ambitions.

So far, we’re well-loved by our members and proud to have helped millions of people unlock financial progress, whether they started a savings account, bought their first car or home, opened a business, or went to college. Every day, we’re inspired by our members’ dreams and successes, big and small. 

We’re uniting everyday people to unlock their financial progress—will you join us? 

*Chime partners with The Bancorp Bank and Stride Bank, N.A., Members FDIC, that power the bank accounts used by Chime Members.


What we offer

  • 🏢 A thoughtful hybrid work policy that combines in-office days and trips to team and company-wide events depending on location to ensure you stay connected to your work and teammates, whether you’re local to one of our offices or remote
  • 💻 Hybrid work perks, like UrbanSitter and Kinside for backup child, elder and/or pet care, as well as a subsidized commuter benefit
  • 💰 Competitive salary based on experience
  • ✨ 401k match plus great medical, dental, vision, life, and disability benefits
  • 🏝 Generous vacation policy and company-wide Take Care of Yourself Days 
  • 🫂 1% of your time off to support local community organizations of your choice
  • 🧠 Mental health support with therapy and coaching through Modern Health
  • 👶 16 weeks of paid parental leave for all parents and an additional 6-8 weeks for birthing parents
  • 👪 Access to Maven, a family planning tool, with up to $10k in reimbursement for egg freezing, fertility treatments, adoption, and more.
  • 🎉 In-person and virtual events to connect with your fellow Chimers—think cooking classes, guided meditations, music festivals, mixology classes, paint nights, etc., and delicious snack boxes, too!
  • 💚 A challenging and fulfilling opportunity to join one of the most experienced teams in FinTech and help millions unlock financial progress

We know that great work can’t be done without a diverse team and inclusive environment. That’s why we specifically look for individuals of varying strengths, skills, backgrounds, and ideas to join our team. We believe this gives us a competitive advantage to better serve our members and helps us all grow as Chimers and individuals.

We hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Chime is proud to be an Equal Opportunity Employer and will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance, Cook County Ordinance, and consistent with Canadian provincial and federal laws. If you have a disability or special need that requires accommodation, please let us know. To learn more about how Chime collects and uses your personal information during the application process, please see the Chime Applicant Privacy Notice.

Please mention the word **SUPREME** and tag RMzQuMTA1LjExMi4xMDE= when applying to show you read the job post completely (#RMzQuMTA1LjExMi4xMDE=). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.

The offering company is responsible for the content on this page / the job offer.
Source: Remote Ok