GRC Specialist

At Lendbuzz, we believe financial opportunity should be more personalized and fair. We develop innovative technologies that provide underserved and overlooked borrowers with better access to credit. From our employees to our dealers, partners, and borrowers, we’ve built a company and a culture around a resolute belief in the promise and power of diversity. We value independent and critical thinking.

We are seeking a dedicated Security GRC (Governance, Risk, and Compliance) Specialist to join our security team. The ideal candidate will play a critical role in managing our organization's security governance, risk management, BCP, and compliance efforts. This role involves implementing and maintaining security frameworks, managing security risks, ensuring compliance with relevant standards, and promoting security awareness across the organization.
Key Responsibilities:
Develop and implement security policies, procedures, and standards in line with industry best practices
Ensure security governance processes align with organizational goals and regulatory requirements
Lead the development, implementation, and maintenance of the organization's Business Continuity Planning (BCP) to ensure operational resilience during disruptions, while coordinating with key stakeholders for risk assessments and recovery strategies
Identify, assess, and manage security risks across the organization
Develop and maintain a comprehensive risk management program, including risk registers and mitigation plans
Manage the third-party security risk management program, including conducting vendor assessments and ongoing monitoring.
Work with cross-functional teams to ensure that risks are effectively managed and mitigated
Ensure the organization complies with relevant security standards and frameworks, such as SOC 2, ISO 27001, NIST, etc
Lead efforts to achieve and maintain necessary security certifications
Provide support during internal and external audits, including preparing necessary documentation and coordinating with auditors
Address audit findings and implement corrective actions to improve security posture
Design and implement security awareness programs to educate employees on security best practices
Conduct regular training sessions and awareness campaigns to promote a security-conscious culture
Qualifications:
3+ years of experience in a GRC role, with a focus on security governance, risk management, and compliance
Strong knowledge of security frameworks and standards such as SOC 2, ISO 27001, NIST, and others
Experience with security audit processes and supporting external audits
Experience in Business Continuity Planning (BCP) or Disaster Recovery (DR) strategies, including risk assessments, business impact analysis, and continuity plan development across diverse organizational functions
Excellent communication skills, with the ability to effectively convey complex security concepts
Relevant certifications (e.g., CISSP, CISM, CRISC, CISA) are highly desirable
Strong analytical and problem-solving skills
Ability to work independently and prioritize multiple tasks
Attention to detail and a proactive approach to identifying and mitigating risks
Excellent organizational skills and ability to manage complex projects
Strong interpersonal skills and the ability to collaborate across teams
What we offer:
- A culture that values product ownership, collaborative architectural planning, and building wins for your resume/portfolio as much as for the company.
- Smart, dynamic people with whom you can share the experience of building something unique.
- Competitive salary with opportunities for growth and advancement.