GRC Engineer - Risk and Assurance

OnePay is a consumer financial services app with an exceedingly simple mission: to help people achieve financial progress.

Tens of millions of Americans today are unbanked or underbanked, meaning they don’t have enough money in savings to cover a minor emergency. They pay too much in fees, don’t have access to credit at affordable rates, and have little ability to grow their wealth. OnePay’s vision is to create a single app for consumers to save, spend, borrow, and grow their money, bringing our mission to life with simple and accessible banking, credit, and payments products that deliver a best-in-class experience to millions of customers. Our products include:

• Checking and high-yield savings accounts

• Domestic and international peer-to-peer payments

• Credit Builder and credit score monitoring

• Digital wallet / contactless payment solutions

• Buy-now-pay-later installment loans at Walmart

Why do we have a right to win? We have the backing of Walmart (a Fortune 1) and Ribbit Capital (a preeminent fintech investor), are deeply embedded with the distribution of the world’s largest omnichannel retailer, and have an industry-leading multi-product value proposition — all in addition to having some of the best people and talent in the industry.

There’s never been a better time to build a category-defining business and there has rarely been a team better positioned for the opportunity. Join us!

As our GRC Engineer in Risk and Assurance at OnePay, you will support the Security team with a focus on third-party risk management (TPRM), while also contributing to vulnerability and patch management, reviewing cloud security findings, data governance and privacy, and audit support. It’s a hybrid security role for someone eager to wear multiple security-related hats and grow alongside a seasoned team! You will:

• Drive and support the third-party risk management (TPRM) process

• Collaborate on vendor assessments and contract reviews tied to business deals

• Assist with vulnerability and patch management operations and process implementation

• Support the review of cloud security findings and remediation workflows

• Assist in the implementation of new systems and applications from a security perspective

• Help build the data governance and privacy program in conjunction with legal and business stakeholders

• Contribute to security compliance activities and internal & external audits

• 6+ years of experience in security governance, cloud and application security assessments, risk management, and/or third party risk.

• Strong knowledge of various industry standard frameworks such as NIST, FFIEC, SOC 2, PCI DSS, HiTrust, etc.

• Thorough knowledge of enterprise-scale security architecture, cloud security, and application security best practices.

• Domain knowledge of multiple disciplines including IT systems, networking, security, and compliance.

• Familiarity with containerization technologies (e.g., Docker, Kubernetes) and CI/CD pipelines.

• Excellent written and verbal communication skills, with the ability to convey technical concepts to both technical and non-technical audiences.

• Strong analytical and problem-solving skills with the ability to work independently and as part of a team.

• Relevant certifications such as AWS Certified Security Specialty, Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP) are a plus.

The estimated annual base salary for this position ranges from $143,000 to $175,000. Pay is generally based upon the level, complexity, responsibility, location and job duties/requirements of the specific position. We then source candidates with the requisite skills, expertise, education, training, and experience. If you are selected for an interview, please feel welcome to speak to a Talent Partner about our compensation philosophy and other available benefits.

• Competitive cash

• Benefits effective on day one

• Early access to a high potential, high growth fintech

• Generous stock option packages in an early-stage startup

• Remote friendly (anywhere in the US) and office friendly - you pick the schedule

• Flexible time off programs - vacation, sick, paid parental leave, and paid caregiver leave

• 401(k) plan with match

• Initial Interview with Talent Partner

• Technical or Hiring Manager Interview

• Team Interview

• Executive Interview

• Offer!

To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at talent@onepay.com.