Back River Search Group

Information Security Compliance Analyst

Back River Search - San Carlos, CA


Our client's mission is to enable effortless credit based on true risk. Why? Because credit really matters. Money is a fundamental ingredient of life, and unless you’re in the few percent of Americans with significant wealth, the price of borrowing affects you everyday. Through all of history, affordable credit has been central to unlocking mobility and opportunity.

Upstart is the first lending platform to leverage artificial intelligence and machine learning to price credit and automate the borrowing process. Upstart has demonstrated strong credit performance1 and maintains one of the industry’s highest consumer ratings according to leading consumer review sites.

In addition to its direct-to-consumer lending platform, our client provides technology to banks, credit unions and other partners via a “Software-as-a-Service” offering called Powered.


As a member of the Information Security team, this role’s primary function will be working with sales and business development (PBU) teams to help our enterprise customers understand how products support their security and technology compliance requirements. This position will develop training material to keep sales and PBU business development staff current in major regulatory frameworks, such as FFIEC, FINRA, FDIC, etc. and how products help customers meet such requirements and support their own vendor risk assessment and similar programs.

In addition, this role will evaluate and manage existing security & technology compliance activities of other departments (e.g. Sales, Marketing, IT, Products, Legal, HR, Engineering, etc.). This includes working with those departments to identify potential vulnerabilities and risks, develop and implement corrective action plans (in keeping with expectations set by bank auditors) and provide guidance on how to avoid or deal with similar issues in the future. This role will provide reports and keep management informed of the operation and progress of security compliance efforts across the company.

Here is what you'll be doing on a day to day basis:

  • Create security collateral such as shared security assessments, and standard response to typical bank due diligence questionnaires
  • Take ownership of timely responses and security engagement with the PBU business development team to ensure security is accurately represented in such deals
  • Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements
  • Assess completed vendor risk questionnaires and supporting documentation to validate vendor appropriate implementation of information security controls; analyze the information to identify information security weaknesses or non-compliance with and industry standards
  • Produce detailed documentation of assessments and perform threat analysis of gaps identified
  • Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks
  • Validate evidence from vendors, before Remediation Plans are closed.
  • Escalate issues associated with vendors as needed to management.


  • Familiarity with bank-provided security and technology questionnaires and other standard assessment frameworks such as the SIG, CIS Assessments or similar processes in Hipperos or similar systems
  • Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques
  • Nice to have: Strong technical and/or IT audit background and practical knowledge of a wide variety of technologies which include server infrastructure & operating systems, network & web infrastructures, database architecture and intrusion detection/prevention systems
  • Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines
  • Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person
  • Strong risk analysis and problem solving skills
  • Capable of ensuring assessments are performed by the mandated date and be able to manage multiple assessments simultaneously
  • Experience that is considered a strong plus: performing information security assessments; providing information security guidance to business stakeholders; interpreting and applying information security policy and standards

Posted On: Tuesday, March 26, 2019

Apply to this job