Senior Information Security GRC Analyst

About us:

Branch is on a mission to empower workers with financial freedom. We do this by helping companies accelerate payments and providing working Americans with accessible, free financial services. We’re committed to building and delivering more inclusive, transparent, and frictionless financial products.

Our goal of empowerment extends to our own employees, too. Have a great idea? Share it today and it might just get implemented tomorrow. As a member of our team, your voice and creativity matter—and they can directly impact our products, company, and culture.

We not only focus on attracting great talent from across the country, but also on building teams that help that talent thrive. That means valuing a diversity of opinions and working styles, while creating a shared belief in innovation, initiative, and winning together.

Come join our team as we develop new ways to improve the lives of working Americans.

About the role:

Branch is seeking an experienced Security Governance, Risk, and Compliance (GRC) professional to join our team.  This position will work in all aspects of GRC, so broad knowledge is preferred across multiple frameworks and related policy and procedure lifecycle management.  The ideal candidate will have a background in managing relationships with internal stakeholders (C Suite, Risk, and Legal), external partners (3rd party vendors, auditors, sub-processors), and working closely with members of the Security team.

Responsibilities include, but are not limited to:

• Manage and maintain the Branch Information Security Program, security function programs and processes.  Own internal Branch controls.  Maintain an accurate security program and all the associated processes across all corporate functions.
• Ambassador and champion of the Branch Information Security Program and security awareness.
• Perform control mapping to align internal controls with regulatory and compliance frameworks (e.g., PCI, SOC 2, ISO 27001, NIST CSF, CCPA).
• Conduct comprehensive gap analysis to identify deficiencies and areas for improvement in existing controls.
• Experience implementing new frameworks and integrating into existing audit cycles.
• Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with the frameworks (SOC 2, ISO 27001, PCI, NIST, CCPA) implemented by Branch.
• Manage Branch’s Drata GRC platform:
• Ensure information is up to date and automated collections are working appropriately.
• Ensure that Audit evidence is collected and validated.
• Manage access to and keep information up to date for Branch’s Security Trust Center.
• Manage and maintain frameworks, policies, control content and control mapping.
• Inform the proper stakeholders of important concerns, hazards, and risk to the organization.
• Collaborate with stakeholders (Security, Engineering, Cl