Varo is on a mission to redefine banking so it's easy for everyone to make smart choices with their money. Our app offers bank accounts and high-yield savings accounts that don’t cost a thing, tools to help you manage your money and save automatically, and invitation-only personal loans at competitive rates. On the contrary, traditional banks charge fees, offer next-to-nothing savings rates, and don’t work with their customer’s best interests in mind.

Varo is distinct from other fintechs: With preliminary approval for a bank charter from the Office of the Comptroller of the Currency (OCC), we're on our way to becoming the first mobile-centric national bank in the country. Our unique team combines the best people in tech and banking, and we’re wildly passionate about keeping our customers happy by helping them manage and grow their money. Based in San Francisco and privately held, Varo has raised $178M to date, led by Warburg Pincus and The Rise Fund / TPG Growth.

The information security assessment manager - position is a very important role in our Information Security team at Varo and will report to the Chief Information Security Officer (CISO). This role will be responsible for providing management of security assessment functions.

AS INFORMATION SECURITY ASSESSMENT MANAGER, YOU WILL

• Develop and implement an industry standard, sustainable security controls and assessment framework, program that will make regulatory examinations, audits sustainable and easy. This will provide required assurance statements and enhance trust in Varo.
• Implement and utilize GRC tool as well as any other tools for automated and continuous monitoring of information security controls, assessments, testing and developing reporting metrics, dashboards, evidence artifacts required for sustainable compliance.
• Develop\update and communicate\educate all the stakeholders about the security controls covering internal assessments, FFIEC examinations, Cybersecurity Assessment Tool (CAT), and Payment Card Industry Data Security Standards (PCI DSS).
• Establish ownership of the controls, schedule regular assessments, testing of effectiveness and efficiency of controls.
• Report control failures, gaps to the stakeholders and prepare management reports to track remediation activities.
• Assess vulnerability management, scans (configuration and compliance), patching status, secure baselines, penetration test results\remediation, phishing-social engineering assessments and tests.
• Assist the CISO in promoting people-centric, mindful security approach that compliments the existing successful, innovative Varo culture with “security\privacy-by-design” embedded across the organization.
• Assist the CISO, other security team members in management of security program functions, as needed. 

PREVIOUS EXPERIENCES THAT'LL HELP YOU BE GREAT

• 3 - 5 years of information security assessment experience with a financial institution, a fintech company, or a provider to the financial services business sector;
• Implementing and reporting on Continuous Monitoring of information security & privacy controls; expert knowledge of NIST Cyber Security Framework, Risk Management Framework, GLBA assessment, Control frameworks, FFIEC Cybersecurity Assessment Tool, PCI DSS, and Cloud Security Alliance - Cloud Security Controls matrix. 
• B.S. in Information\Cyber Security or Computer Science, Information Technology 
• Security certifications (CISSP-ISSMP, CISM, CCSP and\or other comparable certifications) 
• Excellent GRC solution implementation, cloud security experience, AWS preferred
• Extensive experience working with banking examiners to demonstrate higher level maturity in information security controls framework that meets their expectations, particularly OCC, FDIC, and Federal Reserve Board examiners and state examiners; and
• Experience reporting\presenting to the senior management, the Board, and/or Committees of the Board on the status of risk assessments, information security controls.

THE THREE SKILLS THAT MATTER MOST

Nobody can be great at everything, but we’re looking for candidates who are extraordinary at:

• Passion for proactive & sustainable security\compliance that protects Varo assets, reputation & also enables the business;
• Ability to communicate\collaborate effectively with team members, internal customers, senior management and the board; and
• Knowledge of banking laws, regulations, and regulatory guidance that will be applicable to Varo now and when it opens the bank.

OTHER NICE TO HAVES

• Passion for and dedication to mastering the details of any project;
• Experience managing multiple projects in a fast-paced, high volume environment;
• Tenacity, resiliency, can do attitude and game for any task;
• Able to adapt to quick changes in direction;
• Demonstrates a strong sense of ownership and thought-leadership; and
• A very high level of cyber professional integrity, intellectual curiosity
• Flexibility for some travel

Learn more about Varo by following our:

Facebook - https://www.facebook.com/varomoney/

Instagram - https://www.instagram.com/varomoney/

LinkedIn - https://www.linkedin.com/company/varo-money-inc./

Twitter - https://twitter.com/varomoney

Engineering Blog - https://medium.com/engineering-varo

We hope to hear you say, "I'm in."