Note: The job is a remote job and is open to candidates in USA. SoFi is a next-generation financial services company and national bank focused on transforming personal finance. The Director, Technology Exam and Audit Management will lead regulatory inquiries and interactions for technology and cybersecurity functions, ensuring compliance with heightened prudential standards and managing audit engagements across technology domains.

Responsibilities

• Serve as the primary liaison with regulatory bodies on Technology and Cyber, managing examination processes, inquiry responses, and ongoing regulatory communications through effective partnership with technology, cybersecurity, risk, and business stakeholders across a complex matrixed organization.
• Orchestrate preparation for regulatory assessments by coordinating with subject matter experts, reviewing documentation, and ensuring timely submission of required materials.
• Proactively monitor regulatory developments and adapt organizational strategies accordingly.
• Lead Technology and Cyber Risk assessments, including but not limited to technology infrastructure, application development lifecycle, IT operations, and Data Loss Prevention, recommend mitigation strategies, and collaborate with internal partners to assign ownership, advise on solutions, and drive to closure.
• Oversee audit readiness across diverse technology domains including: cloud infrastructure, SDLC practices, API governance, and cybersecurity controls.
• Act as the central Technology and Cyber liaison with Internal Audit functions, facilitating comprehensive audit engagements and control assessments through strong cross-functional relationships and credibility with second and third lines of defense.
• Foster cohesion and alignment across Technology functions, Information Security, Data Governance, and Insider Threat Programs, ensuring integrated risk management approaches and coordinated responses to regulatory expectations across these interconnected domains.
• Lead preparation for internal audit reviews by leading a team, validating control documentation, and ensuring audit readiness across Technology and Cyber teams.
• Manage the complete audit lifecycle from scoping through remediation, coordinating management responses to audit findings and overseeing timely implementation of corrective action plans with accountability for results.
• Collaborate closely with audit teams to provide technical expertise during control testing while maintaining independence and objectivity in audit processes.
• Work with team members to ensure risks and processes are properly documented and corresponding controls are designed effectively to address external and internal requirements.
• Demonstrate a deep sense of curiosity and willingness to learn and run after problems.

Skills

• 10+ years of progressive technology and cybersecurity risk/audit experience within banking or financial services institutions, with at least 5 years at institutions subject to heightened prudential standards (≥$50B assets), including demonstrated success implementing and sustaining enhanced control frameworks and risk management programs
• Bachelors’ Degrees in Computer Science, Systems Engineering, Information Technology or equivalent technical experience
• Experience working with large Fed-regulated Bank Holding Companies and leading regulatory interactions
• Proven track record building and maintaining trusted advisor relationships with banking regulators and audit teams, with demonstrated success as primary regulatory contact managing on-site examinations through proactive, transparent, responsive communication and ability to articulate complex technical matters to non-technical audiences
• Experience with driving risk management scale and implementing risk programs that adhere to regulatory Heightened Standards
• Deep expertise across both technology operations and cybersecurity domains, with demonstrated ability to assess risks and controls across infrastructure, applications, development practices, and security
• Subject matter expert on information security and technology risk management, across the full technology stack, with understanding of IT control policies
• Experience orchestrating cross-domain risk and governance programs across Information Security, Data Governance, Insider Threat, and Technology, with ability to identify interdependencies and drive integrated approaches to regulatory compliance and risk management
• Demonstrated expertise in data security, risk management & controls, security governance, and analytical thinking
• Excellent command of cyber and operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
• Experience working in an Agile development environment
• Flexible and adaptable; able to work through ambiguous situations to create clear systems and processes in an evolving regulatory environment
• Exceptional partnership capabilities and able to thrive in a matrixed organization where success depends on a high degree of cross-functional collaboration; ability to build strong relationships within the team, with executives, and with cross-functional partners across the company
• Excellent communication skills (verbal, written, and visual); ability to communicate technology and security concepts to both technical and non-technical partners

Benefits

• Comprehensive and competitive benefits

Company Overview

Company H1B Sponsorship