IT & Cyber Senior Analyst, Control Monitoring & Testing

The role:

As the IT & Cyber Senior Analyst for Control Monitoring & Testing, you will play a pivotal role in defining and supporting the company's second line of defense (2LOD) risk management activities across technology risk functions at SoFi. This role focuses on performing a regular cadence and targeted control testing within technology and cybersecurity environments, specifically AWS cloud platforms. The position requires fundamental experience in developing and executing control tests to assess the design and operational effectiveness of controls. Key responsibilities include consolidating control testing results, assisting in the development of reporting mechanisms for senior management, and supporting the implementation of control enhancements based on testing outcomes. The role involves evaluating various aspects of the technology and cybersecurity risk environment, including access controls and security monitoring. Familiarity with AWS solutions and basic knowledge of CSPM and DSPM tools are beneficial. Strong collaboration skills are essential for working with cross-functional teams, while effective communication is required to present findings and contribute to improving risk management processes in a dynamic environment.

The ideal candidate will be knowledgeable and inquisitive about technology risk management, with a demonstrated track record of implementing best practices within established frameworks (e.g., NIST, UCF, SOC2 etc.). They will possess the skills and expertise necessary to assess critical AWS services in collaboration with operational owners, ensuring comprehensive and effective control testing. Additionally, this role will be key in ensuring SoFi meets regulatory requirements by fostering and promoting best practices in technology risk assessment through evangelizing and collaborating with cross-functional stakeholders. Possessing strong partnership skills, excellent communication and collaboration abilities, and the ability to deliver programs that improve SoFi's overall technology risk posture will be a key to success in this role. This role is a rare opportunity to work with a growing and driven team at a fast-growing and innovative financial technology company.

What you'll do:

At SoFi, our ambition is to help our members achieve financial independence and reach their goals. We aim to be at the center of our members' financial lives, and to help every member get their money right. You will be a part of the second line Technology Risk Management team, dedicated to driving risk management around our foundational technology, with a specific focus on IT and AWS environments that provide the solutions supporting our mission to help members achieve their financial ambitions. Opportunities for success will include but not limited to the following risk activities:

• Conduct targeted control testing to assess the design and operational effectiveness of controls within technology and cybersecurity environments.
• Document and report the results of control testing, developing a comprehensive reporting mechanism for presentation to the Board and relevant Committees.
• Utilize control testing results to drive enhancements in first-line controls, ensuring that identified gaps are addressed and controls are strengthened.
• Evaluate and test controls related to various aspects of the technology and cybersecurity risk environment, including access controls, network security, data protection, and endpoint security.
• Assess the effectiveness of security monitoring processes and incident response mechanisms to ensure they are adequately addressing threats and vulnerabilities.
• Review third-party risk management practices to ensure that external partners and vendors are compliant with SoFi's security requirements.
• Examine business continuity and disaster recovery plans to verify that they are robust and capable of managing potential disruptions effectively.
• Evaluate new product initiatives, including emerging technologies like AI, to ensure that associated risks are adequately managed and controls are implemented.
• Assess the adequacy of technology and cybersecurity policies, standards, and processes to ensure they remain effective and up-to-date in addressing current risks.
• Collaborate with other teams to drive continuous improvement in risk management practices and control implementation based on testing findings and emerging risks.

What you'll need:

• 5-8 years of relevant experience in First Line or Second Line roles within technology risk management, technology risk consulting, or related fields. Exposure to AWS platforms and financial frameworks such as FFIEC, NIST, ISO, COBIT, and/or PCI is beneficial.
• A Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field, or equivalent technical experience in AWS cloud infrastructure and supporting services.
• 2-4 years of experience in technology risk governance, including some exposure to compliance, technology risk management, and internal or external audits.
• 1-3 years of experience in the assessment of an AWS environment to support security, risk mitigation efforts, or regulatory compliance.
• Experience in risk assessment and process evaluation, with a focus on developing process flows and applying them to cloud-native (AWS) platforms.
• The ability to work collaboratively with cross-functional teams, building and maintaining working relationships to support risk management and control implementation.
• Good verbal, written, and visual communication skills, with the ability to explain technology and security concepts to both technical and non-technical audiences.

Nice to have:

• Relevant industry certifications, for example, CRISC, AWS CCP, CCSK
• Experience with technology risk assessment programs and standards in an AWS environment, with similar capabilities in Azure or Google cloud platforms.
• Prior experience with control testing
• Ability to drive innovation, new practices;
• Experience working in Google Docs, Sheets and Slides