12 days ago

Information Security Program Manager - GRC

Upstart

Hybrid
Full Time
$140,000
Hybrid

Job Overview

Job TitleInformation Security Program Manager - GRC
Job TypeFull Time
CategoryCommerce
Experience5 Years
DegreeMaster
Offered Salary$140,000
LocationHybrid

Who's the hiring manager?

Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.

Uncover Hiring Manager

Job Description

About Upstart

At Upstart, our mission is to reduce the cost and complexity of borrowing for all Americans using creativity, advanced AI, and a human touch. As the leading AI lending marketplace, we empower banks and credit unions with smarter, fairer decisions, impacting millions.

The Team

The Information Security Governance, Risk, and Compliance (GRC) team focuses on building scalable security governance, managing risk, and ensuring regulatory compliance. The team's mission is to protect customer trust and meet regulatory commitments through automation, collaboration, and clear, secure practices.

Role Overview

As an Information Security Program Manager - GRC, you will own and execute GRC programs to protect customer trust and support regulatory requirements. You will coordinate with technical, operational, and business stakeholders to manage audits, risk assessments, policy management, and third-party security risk.

How You’ll Make An Impact

  • Partner with teams to translate audit and risk requirements.
  • Coordinate core assurance activities including SOX IT and SOC 2.
  • Manage security due diligence for customer and partner trust.
  • Own policy management and drive security awareness.
  • Support third-party risk management and process improvement.

Minimum Qualifications

  • 5+ years of experience in information security, GRC, or IT audit.
  • Experience operating GRC programs in regulated environments.
  • Knowledge of common frameworks like SOC 2, NIST CSF 2.0, etc.
  • Strong communication skills for technical and non-technical audiences.
  • Ability to design metrics, KRIs, and reporting.

Preferred Qualifications

  • Experience in cloud-native environments (AWS preferred).
  • Familiarity with GRC automation tools and scripting.
  • Relevant certifications (CISSP, CISA, CRISC, CISM).
  • Understanding of privacy and data protection (GDPR, CCPA).

Location & Work Arrangement

This role is available in Remote, San Mateo, Columbus, and Austin. Flexibility is provided with remote work and periodic in-person collaboration based on team needs.

Compensation & Benefits

Upstart offers competitive base salary, bonus, equity compensation, and a comprehensive benefits package including medical, dental, vision, 401(k) with matching, employee stock purchase plan, and more.

Equal Opportunity

Upstart is committed to inclusive hiring practices. For accommodation requests, email candidate_accommodations@upstart.com.

Key skills/competency

  • GRC
  • Information Security
  • Audit
  • Risk Management
  • Compliance
  • Policy Management
  • SOC 2
  • NIST
  • Cloud
  • Automation

Tags:

information security
GRC
risk management
compliance
SOX
SOC2
audit
policy
cloud
automation
information security
GRC programs
risk assessment
regulatory
compliance frameworks
AWS
automation tools
policy management
certifications
scripting

Share Job:

How to Get Hired at Upstart

  • Customize your resume: Tailor it to highlight GRC experience.
  • Research Upstart: Understand their AI-driven credit platform.
  • Showcase certifications: Emphasize CISSP, CISA, or similar.
  • Prepare for technical discussions: Review common GRC frameworks.
  • Practice behavioral responses: Be ready for audit and compliance questions.

Frequently Asked Questions

Find answers to common questions about this job opportunity

Explore similar opportunities that match your background