Security Audit Analyst at Blend
San Francisco, CA, US

Blend makes the process of getting a loan simpler, faster, and safer. With its industry-leading digital lending platform, Blend helps financial institutions like Wells Fargo and U.S. Bank increase productivity and deliver exceptional customer experiences. The company processes nearly $2 billion in loans daily, helping millions of consumers get into homes and gain access to the capital they need to lead better lives.

As a Security Analyst, you’ll lead our security audit projects at Blend. You’ll collaborate often with independent assessors, Blend subject matter experts, and our customers to manage top-quality audit engagements. This means that you’ll exercise your problem solving skills to help us make our work more efficient when we do things like deliver audit evidence or provide our customers with security insights. Additionally, you’ll help enable the business to move into new areas of focus by providing security guidance to our Product and Engineering teams. We’ll lean on you to give the team a clear outlook on how our security initiatives are tracking, and flag obstacles before they impact our targets. Our responsibility is to keep a finger on the pulse of Blend security, and your role is essential for ensuring that we can do that effectively.

Responsibilities

  • Manage the projects that comprise the security audit program at Blend (SOC 2, ISO 27001, PCI-DSS, and internal audit activities)
  • Track compliance-impacting initiatives through close collaboration with Product, Engineering, and Security teammates
  • Develop new approaches to report on the current compliance status for each active security control at Blend
  • Drive improvements to the security compliance program that stem from the output of audits, penetration tests, and other risk assessment activities
  • Identify opportunities for automation, and help spec out efficient solutions for improving security controls that currently require manual effort to maintain
  • Keep key security collateral up to date, draft technical audit procedures, perform targeted control testing, and stay current with new compliance requirements so that the team is prepared to adapt to changes in the industry

Requirements

  • Experience running security assessments and interacting with audit teams (either as the client or the auditor)
  • Strong working knowledge of SOC, ISO, PCI, or other relevant security frameworks
  • Demonstrated ability to apply rigorous tests to security controls in order to identify potential program weaknesses
  • Exposure to cloud-based technologies such as AWS, GitHub, and JIRA
  • Strong time management skills and the ability to prioritize amongst multiple projects 

Nice to Haves

  • BA/BS degree in relevant field preferred (e.g., Information Systems, Computer Science)2+ years of information security experience implementing and managing security controls and policies
  • Security industry certifications (CISA, CISSP, Security+, SSCP, etc.)
  • Exposure to governance frameworks such as COBIT, NIST, ITIL, ISO, FISMA, FedRAMP, HIPAA or HITRUST
  • Working proficiency in Python, Javascript, Go, or other programming languages

 

Blend is an equal opportunity employer that values diversity, inclusion and belonging. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity or expression, sexual orientation, age, marital status, veteran status, disability status, or any other characteristic protected by law. We will consider for employment all qualified applicants with arrest and conviction records in a manner consistent with applicable law, including the San Francisco Fair Chance Ordinance.