OppFi is a tech-enabled, mission-driven specialty finance platform that broadens the reach of community banks to extend credit access to everyday Americans. Through best-in-class customer service, transparency, responsible lending, and financial inclusion, we support consumers, who are turned away by mainstream options, to build better financial health.
We are a team of caring, innovative, and inclusive individuals who thrive in being immersed in diverse talents, expertise, perspectives, and backgrounds. Our employees approach every new challenge with an unparalleled ability to see what could be rather than settle for what is. Our business principles guide us and create an open and collaborative culture where we improve 1% every day, and the best ideas always win! We welcome individuals who want to make an impact in the financial system by facilitating credit access, expanding financial inclusion, promoting financial health, and delivering exceptional customer service.
A few other fun facts about us. OppFi is one of the top consumer-rated financial platforms online, maintaining a 4.5/5.0-star rating on Trustpilot. We are a 2023 Crain’s Fast 50™ company and were named on Built In’s 2024 Best Places to Work
What you’ll get to do:
- Manage the process and tools for Information Security & Risk Management, and process IT due-diligence requests and ensure compliance to policies, procedures and regulations.
- Function as a central third-party risk management subject matter expert looking to involve third parties in processes that interact with data. Support completion of information security review process for all new third parties, and annual reviews for all other relationships, that receive and/or interact with data.
- Maintain inventory of third parties who possess and/or interact with data, including key risk information about the relationship, data attributes involved, and regulatory compliance. Monitor open third party security issues and remediation actions associated with security control gaps to ensure timely closure.
- Educate and build cybersecurity awareness across the enterprise
- Identify and analyze new requirements for policy impacts; develop and update policies, procedures and guidelines.
- Improve compliance with security standards and policies across the enterprise.
- Be the primary point of security risk management activities, including analyzing, quantifying, and tracking identified information security risks and reviewing and documenting risk exception requests.
- Work with the Technology Process Owners to create, modify, validate, and decommission policies/procedures.
- Create dynamic dashboards and scorecards for visibility of Information Security Governance activities.
What you’ll bring to the team:
- Experience with security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, and ISO control framework
- Background in Information Security, IT Risk Management, or third party risk management
- 8+ years of experience supporting Information Technology compliance programs to meet regulatory or compliance requirements
- Experience identifying potential IT controls risks and opportunities through and offering sustainable recommendations that address cause rather than symptoms
- Experience with information security standards, best practices for securing computer systems within applicable laws and regulations
- Experience with Governance Risk & Compliance (GRC) tools and procedure development
- Experience working in a regulated industry (financial services or health care)
Reports to: Senior Manager, Information Security Governance
Job Level: Lead
The minimum salary for this role is $102,400. The total compensation package includes eligibility for performance-based bonuses as well as a 1-time equity grant based on level.
The actual offer, reflecting the total compensation package and benefits, will be at the company’s sole discretion, and determined by a myriad of factors including, but not limited to, years of experience, depth of experience, and other relevant business considerations.
EEO Statement:
OppFi is an equal opportunity employer and does not discriminate based on any actual or perceived legally recognized protected bases under local, state, federal law, or regulations. Our goal as a company is to build an equitable workplace that actively works to dismantle systems of oppression in our processes, procedures, and interactions. We aim to help our employees thrive where they work and beyond. Check out our Culture page here.
As part of OppFi’s commitment to providing equal opportunity to qualified individuals, OppFi will ensure that persons with disabilities are provided reasonable accommodation as defined by applicable laws and organizational policies. If reasonable accommodation is needed to participate in the job application or interview processes or job requirements, please contact our People Team at recruiting@oppfi.com.
Pursuant to the requirements of the California Consumer Privacy Act, OppFi is providing the “OppFi California Employee Privacy Policy”, which details the categories of personal information collected and your rights under the policy. If you are a California resident, please review the policy here: https://www.oppfi.com/careers/.
The information in this document is for general informational purposes only. It is not intended to be an all-inclusive list or description of the organization and its requirements for positions and employees. OppFi reserves the right to modify or change the information on this document at its discretion.