GRC Specialist at UNIT

New York, New York, United States -

Full Time

Start Date

Immediate

Expiry Date

21 Dec, 25

Salary

0.0

Posted On

22 Sep, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

GRC, Information Security, Compliance, Security Frameworks, AWS Security, Compliance Automation, Vendor Risk Assessments, Kubernetes, Communication Skills, Detail-Oriented, Proactive, Self-Motivated, CISM, CISSP, CISO, CIPM

Industry

Financial Services

Description

ABOUT UNIT Unit is a market leader in embedded finance. We offer ready-to-launch financial services - like banking and capital - and serve millions of end-users across ~100 customers, including Wix, Bill.com, Honeybook, Relay, and more. We’re repeat founders with technical backgrounds, working hard to build a successful company that we’re proud to work at. Our product moves $40b+ annually and processes 12m+ API calls daily. We’ve raised $160m+ from top investors including Insight, Accel, and 60+ angels. THE ROLE We are hiring a Senior Technical GRC Specialist to join our growing team. Reporting to the Information Security Manager, the Senior Technical GRC Specialist is primarily responsible for supporting the company’s security program and compliance initiatives. The GRC Specialist will help ensure that we meet the requirements of various security frameworks and regulations while overseeing processes related to security governance, risk management, and compliance. KEY RESPONSIBILITIES Manage external security audits (e.g., PCI-DSS, SOC 2, SOC 1), including evidence collection, operation of GRC tools, collaboration with stakeholders, and reporting to auditors. Review and update security policies and procedures, and implement corrective actions based on audit findings and management feedback. Lead ongoing security and compliance tasks, such as user access review cycles and audit-related compliance initiatives across the organization. Drive security awareness and training activities, including phishing simulations, publishing security-related content, and leading company-wide Security & Privacy sessions. Collect and review security documentation (e.g., policies, penetration tests) from clients and conduct vendor assessments for various risk levels, including software, service providers, and external workforce. Security clients-facing effort: answer security questionnaires, review legal contracts from a security perspective, maintain our security internal knowledge base, and take part in security-related calls with clients and partners. Operate and utilize GRC tools. Serve as a go-to person for employees on security and compliance matters and perform other team-related duties as needed. WHAT WE’RE LOOKING FOR 5+ years of experience in GRC, information security, compliance, or related roles (preferably in fintech or banking) Strong knowledge of security and privacy frameworks such as SOC 2, PCI DSS, GLBA, and CCPA Familiarity with AWS security best practices is a must Hands-on experience with compliance automation tools (e.g., Anecdotes) Hands-on experience with vendor risk assessments and tools like Panorays. Experience creating compliance reports using CNAP tools (e.g., Wiz, Orca, Prisma Cloud) Familiarity with Kubernetes concepts and architecture Detail-oriented, proactive, and self-motivated Excellent written and verbal communication skills in English Relevant certifications (CISM, CISSP, CISO, CIPM) are an advantage A technical background in cloud environments is an advantage LIFE AT UNIT Working at Unit means joining a global team on a mission to create a more equitable financial ecosystem. We’re a fast-growing team of individuals who are passionate about their work, see the big picture and always seek to empower our clients and their end-customers.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The GRC Specialist will manage external security audits and oversee processes related to security governance, risk management, and compliance. They will also drive security awareness and training activities across the organization.