InfoSec, Risk & Compliance Specialist
Chime is the largest and fastest-growing player in the challenger-banking space, providing mobile and online banking technology in the U.S. and facilitating over 5M accounts with no physical branches. We’re a technology company relentlessly focused on helping our members achieve financial peace of mind. That’s why we offer access to an award-winning bank account that doesn’t charge hidden fees, can give members early access to their paychecks, and enables them to grow their savings automatically. And we’re just getting started. We are proud of our mission, devoted to our members, and passionate about applying technology to the challenge of making financial health a reality for everyone.
We have one of the most experienced management teams in Fintech and have raised over $800M in funding from DST, General Atlantic, Iconiq, Coatue, Dragoneer, Menlo, Access, Forerunner, and others. If you’re looking to join a fast-growing company with a beloved, daily-use product and an authentic mission that puts people first, we want to meet you.
About the Role
You are an INFOSEC specialist with an interest in security metrics and security policy. You can work on tight deadlines with inadequate documentation. You are comfortable being on the hook for risk decisions. You are familiar with PCI-DSS. You can craft policies in a rapidly-changing company environment, and are comfortable with the trade-offs between human readability, precision, and agility.
- Establish KPIs and KRIs for your role
- Fulfill all requests from compliance and risk
- Due diligence requests on vendors
- Due diligence checks by partners
- Compliance initiatives: Drive the INFOSEC portion of CCPA compliance; drive PCI compliance; other initiatives as time permits (SOC2, etc.); administer Security Awareness Training
- Complete internal Risk Assessments (CIS initially, then NIST CSF) to help drive INFOSEC decisions
- Fulfill any reasonable request from compliance, compliance operations, risk, policy related asks from other departments, etc.
- Develop a way to risk rank and cost-effectively audit our INFOSEC risk across several hundred vendors
- Maintain major policies: Information Security Policy and Acceptable Use Policy
- Establish INFOSEC portion of business continuity plan
- 2+ years of experience in a position focused primarily on INFOSEC compliance
- Deep knowledge of PCI-DSS
- Familiarity with CIS RAM and NIST 800/NIST CSF
- Experience writing information security policies
- AWS experience is a plus
- 5+ years in INFOSEC a plus
What we offer
- Competitive salary based on experience, with medical and dental benefits.
- Free snacks and drinks, plus weekly catered lunches.
- Flexible vacation policy.
- Monthly happy hours and company events.
- Dog-friendly office.
- A challenging and fulfilling opportunity to join one of the most experienced teams in FinTech and help create a completely new kind of bank.
We know great work isn’t done alone. We’re building a team of individuals to Chime in with their different strengths to benefit our employees and members. We strongly believe that different backgrounds and ideas are a competitive advantage; we hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Chime is proud to be an Equal Opportunity Employer and will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance. If you have a disability or special need that requires accommodation, please let us know. To learn more about how Chime collects and uses your personal information during the application process, please see the Chime Applicant Privacy Notice.