IT Risk Manager
MoneyLion is America’s most powerful and rewarding financial membership, empowering people to take control of their finances to achieve their overall life goals.
Since its launch in 2013, MoneyLion has engaged with 7.5 million hard-working Americans and has earned its members' trust by building a full-service digital platform to deliver mobile banking, lending, and investment solutions. From a single app, members can get a 360-degree snapshot of their financial lives and have access to personalized tips and tools to build and improve their credit and achieve everyday savings.
MoneyLion team members are passionate about making a difference in people’s lives. We work fast, collaborate always, and above all else, we do it for our customers.
MoneyLion is headquartered in New York City, with offices in San Francisco, Salt Lake City, Sioux Falls, and Kuala Lumpur, Malaysia.
About the Role
As the IT Risk Analyst, you’ll work closely with the IT Risk leadership team within MoneyLion, leading the implementation and continuous improvement of its risk management processes. This is a critical role reporting directly to the Head of Information Security and plays an integral part in developing, implementing, and complying with IT security and risk policies across the business. The position is responsible for managing risks related to IT general controls, information security, governance, disaster recovery planning, privacy, projects, vendor risk management, and compliance.
- Work with Business Technology Services (BTS) and the business to ensure an acceptable IT policy, cybersecurity, risk, and compliance level.
- Identify and classify potential risks/threats to the organization’s IT environment.
- Develop effective solutions for the management of IT risk
- Track the completion of mitigation activities and projects
- Manage the risk register with regular reporting
- Track and document accepted risks
- Manage risk and vulnerability assessments of projects, systems, and vendors.
- Collaborate with the organization’s broader Risk Management and Audit functions both locally and internationally to effectively manage and mitigate IT risk and security issues.
- Suggest enhancements to existing security products and assist with identifying security requirements for new IT systems or projects.
- Coordinate ongoing disaster recovery planning and annual testing.
- Provide subject-matter expert advice in information risk and security best practices.
- Lead the design and operation of auditing and compliance monitoring processes and remediation and control improvement activities to ensure compliance with internal security policies and applicable legislative, regulatory, and contractual obligations and best practice guidelines.
- Oversee and perform a periodic audit and compliance reviews and provide relevant management reporting.
- Provide a central liaison and coordination point for activities and reporting associated with internal and external auditors.
- Review and assess existing controls, manage risk mitigation and control improvement programs, and provide relevant management reporting.
- Perform application and project risk assessments.
- Assist with the vendor risk management program.
- Provide and contribute to the monthly metrics reporting.
- Assist with the usage of MoneyLioin’s GRC tool
- 3 to 5 years experience in an Information Security and Risk Management role and/or IT Audit role.
- • Must have a thorough understanding of the US and critical infrastructure security management standards, including ISO/IEC, 27001 / 27002, PCI DSS, SOX/NIST, and various State utility regulatory requirements
- Understand the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
- Must know security process frameworks, compliance and risk requirements, and regulations, with particular regard to data privacy and protection.
- Track record of implementing successful risk management & security control programs.
- Strong written and verbal presentation skills.
- Strong project and time management skills.
- Be able to "think outside the box" and provide both scenarios and solutions to the business to enhance the IT Risk & Security function.
- Bachelor’s Degree in Computer Science, Business, or a related discipline.
- One or more of the following industry certifications: CISSP, CISA, CISM, NIST CFP.
- Experience in facilitating workshops and developing and conducting presentations and training for both business and technical audiences.
MoneyLion is committed to equal employment opportunities for all employees. Inside our company, every decision we make regarding our employees is based on merit, competence, and performance, completely free of discrimination. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. Within that team, no one will feel more “other” than anyone else. We realize the full promise of diversity and want you to bring your whole self to work every single day.