GRC Engineer
One
About One
One’s mission is simple - to help customers achieve financial progress. We’re doing this by creating simple solutions to help our customers save, spend, borrow, and grow their money – all in one place.
The U.S. consumer today deserves better. Millions of Americans today can’t access credit, build savings or wealth, and are left to manage their financial lives through multiple disconnected apps. Almost a quarter of U.S. adults are unbanked or underbanked and roughly 80% of fintech users rely on multiple accounts to manage their finances.
What makes us unique? We are backed by a preeminent fintech investor (Ribbit) and the world’s largest retailer (Walmart), maintain the speed and independence of a startup, and employ a strong (and growing) collection of world-class talent.
There’s never been a better moment to build a business that helps people achieve financial progress. Come build with us!
The role
As a GRC Engineer, you will be instrumental in the oversight and operation of One’s Information Security program, including its third party risk management program. You will have the opportunity to manage and execute One’s information security risk management processes, including performing third party due diligence reviews, managing identified security risks, and working on assessments conducted by other independent parties, such as auditors, partners, and vendors. You will also have opportunities to identify control & process gaps and lead efforts to remediate such gaps.
This role is responsible for:
Performing appropriate due diligence on One’s third-party vendors and partners’ capabilities around data protection, business continuity, and platform security.
Review contractual agreements and documents to ensure they meet internal standards and requirements for information security and privacy.
Engage with both technology and business teams as a consultant for any security-related issues that affect One’s product features and offerings.
Identify and track security risks throughout One’s environment and drive them to remediation with the appropriate stakeholders.
Assist in audits conducted by external parties by performing internal readiness assessments, facilitating walkthroughs with key stakeholders, gathering relevant evidence, and driving remediation of any gaps identified.
Assist in reviewing One’s compliance with privacy requirements and regulations as part of its product operations.
You bring
5+ years of experience in information security, internal and third party risk management, and/or audit management.
Strong knowledge of various industry standard frameworks such as NIST, SOC 2, PCI DSS, HiTrust, etc.
Thorough knowledge of enterprise-scale security architecture, cloud security, and business continuity program best practices.
The ability to explain security concepts to both technical and non-technical stakeholders.
Domain knowledge of multiple disciplines including IT systems, networking, security, and compliance.
Relevant certifications (such as AWS Certified Solutions Architect, CISSP, etc.) are a plus.
What it’s like working @ One
Competitive cash
Benefits effective on day one
Early access to a high-potential, high-growth fintech
Generous stock option packages in an early-stage startup
Employer Provident Fund contributions
Comprehensive health insurance for you and your family (health insurance, accident and disability insurance, term life insurance), including mental health support and wellness programs
Flexible time off programs – vacation, sick and other paid leaves and paid regional holidays
Monthly transport allowance over and above fixed cash for office commutes
Monthly work-from-home stipend over and above fixed cash for internet and utilities
Hybrid working model – work with our team in Bengaluru three times a week
Leveling Philosophy
In order to thoughtfully scale the company and avoid downstream inequities, we’ve adopted a flat titling structure at One. Though we may occasionally post a role externally with a prefix such as “Senior” to reflect the external level of the position, we do not use prefixes in titles like that internally unless in a position which manages a team. Internal titles typically include your specific functional responsibility, such as engineering, product management or sales, and often include additional descriptors to ensure clarity of role and placement within our organization (i.e. “Engineer, Platform”, “Sales, Business Development” or “Manager, Talent”). Employees are paid commensurate with their experience and the internal level within One.
Inclusion & Belonging
To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at talent@one.app.