We bind our fortunes to those who dare to burn
away the obsolete and forge the unimagined future.

Information Security GRC Engineer



Remote · United States
Posted on Thursday, January 11, 2024

About ONE

ONE's mission is simple — financial progress. We’re doing this by creating simple solutions to help our customers save, spend, and grow their money — all in one place.

The U.S. consumer today deserves better. Millions of Americans today can’t access credit, build savings or wealth, and are left to manage their financial lives through multiple disconnected apps. Almost a quarter of U.S. adults are unbanked or underbanked and roughly 80% of fintech users rely on multiple accounts to manage their finances.

What makes us unique? We are backed by a preeminent fintech investor (Ribbit) and the world’s largest retailer (Walmart), maintain the speed and independence of a startup, and employ a strong (and growing) collection of world-class talent.

There’s never been a better moment to build a business that helps people achieve financial progress. Come build with us!

The role

As an Information Security GRC Engineer, you will be instrumental in defining and implementing the overall strategy for ONE’s Information Security program, and will have opportunities to identify control gaps and lead initiatives to remediate such gaps.

You will be designing, overseeing and executing ONE’s information security risk management processes, including internal cyber security assessments, third party due diligence reviews, establishing security standards and policies, managing identified security risks, and facilitating audits conducted by independent parties.

This role’s responsibilities include:

  • Conducting cyber security risk assessments for ONE and its financial products

  • Executing ONE’s third party risk management program which covers the due diligence, contract reviews, and remediation of any gaps prior to and during the engagement with new and existing suppliers and vendors

  • Engage with both technology and business teams as a consultant for any security-related issues that affect ONE’s product features and offerings

  • Work with the Information Security and IT team to establish, publish, and maintain company-wide security standards and requirements

  • Identify and track security risks throughout ONE’s environment and drive them to remediation with the appropriate stakeholders

  • Lead audits with external parties by performing internal readiness assessments, facilitating walkthroughs with key stakeholders, gathering relevant evidence, and driving remediation of any gaps identified

  • Evaluating new regulatory and industry best practices related to information security and data privacy

You bring

  • 5+ years of experience in information security, internal and third party risk management, and/or audit management

  • Strong knowledge of various industry standard frameworks such as NIST, FFIEC, SOC 2, PCI DSS, HiTrust, etc

  • Thorough knowledge of enterprise-scale security architecture, cloud security, and business continuity program best practices

  • The ability to explain security concepts to both technical and non-technical stakeholders

  • Domain knowledge of multiple disciplines including IT systems, networking, security, and compliance

  • Relevant certifications (such as AWS Certified Solutions Architect, CISSP, etc.) are a plus

Pay Transparency

The estimated annual base salary for this position ranges from $175,000 to $205,000. Pay is generally based upon the level, complexity, responsibility, and job duties/requirements of the specific position. We then source candidates with the requisite skills, expertise, education, training, and experience. If you are selected for an interview, please feel welcome to speak to a Talent Partner about our compensation philosophy and other available benefits.

Leveling Philosophy

In order to thoughtfully scale the company and avoid downstream inequities, we’ve adopted a flat titling structure at ONE. Though we may occasionally post a role externally with a prefix such as “Senior” to reflect the external level of the position, we do not use prefixes in titles like that internally unless in a position which manages a team. Internal titles typically include your specific functional responsibility, such as engineering, product management or sales, and often include additional descriptors to ensure clarity of role and placement within our organization (i.e. “Engineer, Platform”, “Sales, Business Development” or “Manager, Talent”). Employees are paid commensurate with their experience and the internal level within ONE.

Inclusion & Belonging

To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at talent@one.app.