ABOUT VARO

We're on a mission to empower hard-working Americans to achieve greater financial resilience; arming them with the products and support they need to create healthy financial habits. Through our mobile app, we offer customers premium bank accounts that have no minimum balance requirement or monthly account fees, high-interest savings accounts, and solutions to build, repair, and access credit. Our state-of-the-art technology provides tech-first features to help people achieve their financial goals and manage their money more easily.

Varo is distinct from other fintechs: We've made history as the first and only consumer fintech to be granted a national bank charter by the Office of the Comptroller of the Currency (OCC). Our unique team combines the best of tech and banking, and we’re wildly passionate about keeping our customers happy by helping them manage and grow their money. Our teams are based in San Francisco and Salt Lake City. Privately held, we've raised over $419M to date, from leading institutional investors and strategic partners including Warburg Pincus, The Rise Fund / TPG Growth, Gallatin Point Capital, Harbourvest Partners, and Progressive Insurance.

ABOUT THIS ROLE

Varo Technology group is looking for an IT Risk Program Manager who will be responsible for developing, maintaining, testing, and reporting all aspects of IT controls and IT risk compliance practices. This role is responsible for identifying, assessing, monitoring, and mitigating information technology risk, including IT risks associated with third parties relationships owned by the Technology group. You will maintain an active view of inherent and residual risk in the technology group and action items related to the mitigation of those risks. 

WHAT YOU'LL DO

• Coordinate the development and ongoing maintenance of IT policies and procedures and ensure that all IT policies and procedures are compliant with regulatory requirements as well as Varo’s defined policies.
• Establish IT Business Continuity Plan (BCP) and Disaster Recovery (DR) testing methodologies and lead regular IT DR and BCP exercises in partnership with the Risk Management function. 
• Drive, coordinate and monitor the progress of initiatives/projects related to the remediation of audit findings or control weaknesses, gap analysis results, risk assessment results and incidents, to minimize the impact of risk and threats to the technology of the Bank.
• Provide progress reports on the implementation of information systems controls to inform stakeholders and to ensure that deviations are promptly addressed.
• Conduct IT controls testing to ensure they are working as designed and in accordance with policies and procedures.
• Assess and recommend tools and techniques to automate information systems control verification processes.
• Facilitate the identification and collection of metrics and key performance indicators (KPIs) and key risk indicators (KRIs) to enable the measurement of information systems control performance in meeting business objectives.
• Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity.
• Review activities related to GLBA and FFIEC CAT and NIST impacting IT in partnership with CISO org. 
• Manage IT-related SOC II activities in partnership with the CISO function.
• Serve as a liaison to auditors and the Bank Committees as it relates to Technology group activities. 

SKILLS AND EXPERIENCES THAT'LL HELP YOU BE GREAT

• Bachelor's Degree 
• At least 5 years of experience in IT risk assessment
• Experience using GRC tools knowledge such as Archer is a plus.
• Experience working with IS Risk Assessment methodologies such as ISO 27005.
• Experience working with IS control frameworks such as ISO 27001/27002, PCI DSS, or FFIEC CAT, NIST 800-53.
• Experience managing production incidents and participation in BCP tests
• Having worked within an IT or Engineering organization with hands-on IT solution implementation experience
• Knowledge of software development methodologies, particularly Agile
• Having exceptional coordination, and collaboration skills are very foundational for this role and ability to communicate effectively with all levels of organization and external parties. 
• Highly analytical

At Varo, we are committed to living our values. We hope these resonate with you.

Customers First: Understand the problems our customers are trying to solve. Respond with a sense of urgency. Build relationships that result in loyalty. Be data and insights-driven. Test everything. Achieve results through strong execution. Build a product people love. Assess new initiatives with the customers’ interest in mind. Act with empathy. 

Take Ownership: Bias towards action. Have high standards. Be accountable for the results of your work, our product, our company. Trust others to own it.

Respect: Treat others how you want to be treated. Listen first before being heard. Speak the truth even when it's not easy. Assume best intentions. Bring your full self to work.

Stay Curious: Ask why. Dare to make things better. Learn something new each day (even from mistakes). Be open to growth. Develop creative solutions.

Make it Better: Think big. Set high goals. Work towards long term value rather than short term wins. Create change. Be resilient.

Varo is an equal opportunity employer. Varo embraces diversity and we are committed to building teams that represent a variety of backgrounds, perspectives, and skills. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Learn more about Varo by following us:

Facebook - https://www.facebook.com/varomoney/

Instagram - https://www.instagram.com/varomoney/

LinkedIn - https://www.linkedin.com/company/varo-money-inc./

Twitter - https://twitter.com/varomoney

Engineering Blog - https://medium.com/engineering-varo

Beware of fraudulent job postings!

Varo will never ask for payment to process documents, refer you to a third party to process applications or visas, or ask you to pay costs. Never send money to anyone suggesting they can provide work with Varo. If you suspect you have received a phony offer, please e-mail [email protected] with the pertinent information and contact information. Varo takes this matter seriously, and is working closely with the appropriate authorities to effectively address the issue.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

We hope to hear you say, "I'm in!"