Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility. Your unique mission in Security GRC is to validate security configurations and controls while surfacing risk to technology and business owners in a collaborative and actionable way. What You'll Do Advocate for and support development of the security risk management program, policies, standards, and procedures. Design and conduct security risk assessments and measure continuous improvement. Test required security controls, and validate that the controls are appropriate and effective. Identify trends of emerging risks across our data center and cloud environments. Develop reports, presentations, dashboards and other metrics detailing identified security risks. Support the development of solutions for automating and streamlining security risk management practices. What's Great About It Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe. Solving security problems at scale in a highly technology-focused team, with a culture of “how to do this safely," not a culture of “no." Spending way less time convincing anyone why security is important and way more time talking about how to manage risk effectively - the importance of security is woven into our DNA already! What We Expect Minimum of 3 years of experience in Information Security and Risk Management. Experience driving enterprise projects and team goals. Extreme attention to detail and nuance, with a working familiarity of security practices and tooling. Experience with industry-based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27001&2, SSAE18 (SOC1&2), MS-SDL, PCI, SANS Top 20, etc.). Ability to communicate technical issues to non-technical people. Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.) BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience. Big 4 experience a plus! A fun and positive attitude!