Security GRC Specialist, Audit & Assurance
Oportun
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $114,500 - $183,200 per year
Job Level
Mid-LevelSenior
Tech Stack
Cyber Security
About the role
- Lead the planning, coordination, and execution of internal and external audits across SOC 2, PCI DSS, and partner assurance programs.
- Maintain Oportun’s control framework within AuditBoard, ensuring timely updates, documentation accuracy, and evidence completeness.
- Collaborate with control owners and cross-functional teams to prepare audit artifacts, track remediation activities, and communicate progress to leadership.
- Develop and refine audit procedures, evidence collection methodologies, and reporting standards using Microsoft Excel, PowerPoint, and SharePoint.
- Support development and maintenance of policies, standards, and procedures aligned to regulatory and industry frameworks (NIST CSF, ISO 27001, AICPA/SOC, PCI DSS).
- Conduct internal readiness assessments and gap analyses to proactively identify compliance risks and improvement opportunities.
- Manage auditor and partner requests, providing timely and professional responses.
- Serve as a mentor and escalation point for junior GRC analysts.
Requirements
- Bachelor’s degree in Information Systems, Cybersecurity, Business, or related field.
- 6–8 years of experience in IT audit, security governance, risk, and compliance, or related functions.
- Hands-on experience supporting or leading SOC 2 and PCI DSS audits.
- Proficiency with AuditBoard, Microsoft Office (Excel, Word, PowerPoint), and collaboration tools.
- Strong understanding of information security frameworks (NIST, ISO 27001, AICPA/SOC, PCI DSS, FTC).
- Excellent written and verbal communication skills, with the ability to translate technical topics into business terms.
- Proven ability to manage multiple concurrent audits or assurance initiatives in a dynamic environment.
- Certifications such as CISA, CIA, CRISC, or CISSP are preferred.
- Experience coordinating SOC 1, FTC Safeguards, or SOX ITGC programs is preferred.
- Experience in the financial services or fintech industry is preferred.
- Demonstrated ability to build relationships across technical and non-technical teams is preferred.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
IT auditsecurity governancerisk managementcomplianceSOC 2PCI DSSaudit proceduresevidence collection methodologiesgap analysesinternal readiness assessments
Soft skills
communication skillsmentoringrelationship buildingproject managementcollaboration
Certifications
CISACIACRISCCISSP