Sr. Manager of Technology Risk & Controls

Varo is an entirely new kind of bank. All digital, mission-driven, FDIC insured and designed for the way our customers live their lives. A bank for all of us.

• Coordinate the development, implementation, compliance with and ongoing maintenance of IT policies, standards and procedures and ensure that all  IT policies, standards and procedures are compliant with regulatory expectations as well as Varo’s defined policies
• Drive, coordinate and monitor the progress of initiatives/projects related to the remediation of audit findings or control weaknesses, gap analysis results, risk assessment results, and incidents, to minimize the impact of risk and threats to the technology of the Bank
• Coordinate responses to internal and external assessments, audits and exams.  
• Establish IT Business Continuity Plan (BCP) and Disaster Recovery (DR) testing methodologies and lead regular IT DR and BCP exercises in partnership with the Risk Management function
• Assist with system maintenance, including scheduling, communication with stakeholders and process oversight
• Oversee the execution of first-line controls self-assurance and risk assessment activities (ad hoc controls review, risk and control self-assessment (RCSA)) and support independent risk and audit activities as needed. Lead gap remediation efforts as a result of RCSA findings
• Provide progress reports on implementing information systems controls to inform stakeholders and ensure that deviations are promptly addressed
• Assess and recommend tools and techniques to automate information systems control verification processes
• Consult on controls design and efficiency with operations partners in support of their commitments to align with all applicable laws, regulations, and internal Varo policies and procedures
• Drive risk culture and accountability, specifically influence self-identification and disclosure of control self-assurance gaps
• Ensure gaps are identified and mitigated via remediation plans that adhere to Varo processes including timely issue and corrective action submission, accurate root cause identification, corrective action monitoring, and on-time closure
• Facilitate the establishment, identification, collection and active monitoring of metrics and key performance indicators (KPIs) and key risk indicators (KRIs) to enable the measurement of information systems control performance in meeting business objectives
• Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity
• Review activities related to GLBA, FFIEC CAT and NIST impacting IT in partnership with CISO org
• Serve as a liaison to auditors and the Bank Committees as it relates to Technology group activities
  

• Bachelor's Degree with at least 5 years of experience in technology risk management or Masters's Degree with 3 years of experience
• Knowledge of software development methodologies, particularly Agile/Scrum methodologies
• Exceptional analytical, coordination and collaboration skills and the ability to communicate effectively with all levels of the organization and external parties 
• Regulatory compliance experience OCC, FINRA, CFPB and/or FRB desired
• Experience in technology control optimization, testing and monitoring
• Experience working with Information Security Risk Assessment methodologies such as ISO 27005 and NIST SP800-53
• Experience working with Information Security control frameworks such as ISO 27001/27002, SOC I/II, PCI DSS, FFIEC CAT, NIST 800-53
• Experience working with the second line of defense (Risk and Compliance) and third line of defense (Internal Audit) teams on issues life cycle, examinations, and emerging trend identification, and Business Continuity/Disaster Recovery
• Experience working within an IT or Engineering organization with hands-on IT solution implementation
  

#MidSenior

We recognize not everyone will have all of these requirements. If you meet most of the criteria above and you’re excited about the opportunity and willing to learn, we’d love to hear from you!

About Varo

Varo launched in 2017 with the vision to bring the best of fintech into the regulated banking system. We’re a new kind of bank – all-digital, mission-driven, FDIC-insured, and designed around the modern American consumer. 

As the first consumer fintech to be granted a national bank charter in 2020, we make financial inclusion and opportunity for all a reality by empowering everyone with the products, insights, and support they need to get ahead. Through our core product offerings and suite of customer-first features, we aim to address a broad range of consumer needs while profitably serving underserved communities that have been historically excluded from the traditional financial system.

We are growing quickly in our hub locations of San Francisco, Salt Lake City, and Charlotte along with colleagues located across the country. We have been recognized among Fast Company’s Most Innovative Companies, Forbes’ Fintech 50, and earned the No. 7 spot on Inc. 5000’s list of fastest-growing companies across the country.

Varo. A bank for all of us.

Our Core Values

- Customers First

- Take Ownership

- Respect

- Stay Curious

- Make it Better

Learn more about Varo by following us:

Facebook - https://www.facebook.com/varomoney

Instagram - www.instagram.com/varobank

LinkedIn - https://www.linkedin.com/company/varobank

Twitter - https://twitter.com/varobank

Engineering Blog - https://medium.com/engineering-varo

SoundCloud - https://soundcloud.com/varobank

Varo is an equal opportunity employer. Varo embraces diversity and we are committed to building teams that represent a variety of backgrounds, perspectives, and skills. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Beware of fraudulent job postings!

Varo will never ask for payment to process documents, refer you to a third party to process applications or visas, or ask you to pay costs. Never send money to anyone suggesting they can provide work with Varo.  If you suspect you have received a phony offer, please e-mail careers@varomoney.com with the pertinent information and contact information.

CCPA Notice at Collection for California Employees and Applicants:

https://varomoney.box.com/s/q7eockvma9nd2b0utwryruh4ze6gf8eg