At Plaid, we're convinced that the way people interact with their finances will drastically improve in the next few years. We’re dedicated to empowering this transformation by building the tools that thousands of developers use to create their own products.

The Risk Team at Plaid is a cross functional team whose responsibility is to enable the business by mitigating risks and maintaining controls that ensure trust in the platform. 

Plaid sits in the middle of this ecosystem, and we're the gateway used by our customers to build, launch, and scale FinTech applications that democratize financial services. In this role, you will be responsible for scaling and hardening the Plaid Security Compliance program to enhance security and enable trust in the platform. This role will require deep cross-functional collaboration with Security Engineering, Legal, Product, Financial Access, and GTM teams to ensure that Plaid is able to successfully provide reasonable security assurance to all of Plaid's external stakeholders (customers, business partners, and regulators).

What Excites You:

• Being part of a highly evolving cross functional team in a rapidly growing organization
• Having a significant impact on the future of financial services
• Having the freedom and responsibility for building and executing Plaid’s security compliance roadmap
• Being a trusted partner for cross functional teams on all matters related to security assurance and compliance
• Building and maintaining highly effective cross functional relationships in a product focused organization

What Excites Us:

• Deep understanding of Information Security risk management strategies from both large enterprise and start-up perspectives (e.g. top down vs. bottom up)
• Deep understanding of security assurance and trust frameworks (AICPA Trust Service Principles, NIST, ISO2700x, CSA STAR, and others)
•  Experience building and scaling repeatable security assurance certification programs.
• Strong understanding of different types of application architectures (e.g. monoliths vs service-oriented architecture), and application deployment models (e.g. on-prem vs. cloud)
• Proven ability to run security audit engagements from beginning to end (as an auditee and as an auditor), and the ability to explain deep technical concepts to non technical audiences.
• Strong track record of developing and maintaining high quality GRC policies and procedures
• Proven ability to manage projects and deliverables to completion with limited direction
• Experience working extremely cross functionally in a fast moving, product focused organization
• Strong understanding of privacy and data protection laws (CCPA, GDPR, GLBA Privacy and Safeguards Rules) and their operationalization.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.