Director, Technology Exam and Audit Management

Employee Applicant Privacy Notice

Who we are:

Shape a brighter financial future with us.

Together with our members, we’re changing the way people think about and interact with personal finance.

We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.

The Role

This role is critical to SoFi's evolution as we scale past $50B in assets and navigate heightened prudential standards. The Director will serve to support the primary regulatory interface for all technology and cybersecurity matters, requiring both deep banking regulatory expertise and broad technical knowledge across our full technology estate. The role requires someone who has previously held similar regulatory liaison responsibilities at a complex financial institution and can build credibility with regulators, auditors, and internal technology leaders. The role requires someone who has successfully navigated and delivered on heightened prudential standards requirements at a large, complex financial institution

As the Director, Technology and Cyber Exam and Audit Management, you will be responsible for leading and coordinating regulatory inquiries, responses and interactions for technology and cyber functions at SoFi. This role will report to the Head of Technology and InfoSec Business Controls. You will coordinate interactions, prepare responses, and provide accurate and valid information. You will also act as the central technology liaison with Internal Audit, managing comprehensive audit engagements and coordinating remediation efforts across technology domains.

What You’ll Do

• Serve as the primary liaison with regulatory bodies on Technology and Cyber, managing examination processes, inquiry responses, and ongoing regulatory communications through effective partnership with technology, cybersecurity, risk, and business stakeholders across a complex matrixed organization.

• Orchestrate preparation for regulatory assessments by coordinating with subject matter experts, reviewing documentation, and ensuring timely submission of required materials.

• Proactively monitor regulatory developments and adapt organizational strategies accordingly.

• Lead Technology and Cyber Risk assessments, including but not limited to technology infrastructure, application development lifecycle, IT operations, and Data Loss Prevention, recommend mitigation strategies, and collaborate with internal partners to assign ownership, advise on solutions, and drive to closure.

• Oversee audit readiness across diverse technology domains including: cloud infrastructure, SDLC practices, API governance, and cybersecurity controls

• Act as the central Technology and Cyber liaison with Internal Audit functions, facilitating comprehensive audit engagements and control assessments through strong cross-functional relationships and credibility with second and third lines of defense .

• Foster cohesion and alignment across Technology functions, Information Security, Data Governance, and Insider Threat Programs, ensuring integrated risk management approaches and coordinated responses to regulatory expectations across these interconnected domains

• Lead preparation for internal audit reviews by leading a team, validating control documentation, and ensuring audit readiness across Technology and Cyber teams.

• Manage the complete audit lifecycle from scoping through remediation, coordinating management responses to audit findings and overseeing timely implementation of corrective action plans with accountability for results.

• Collaborate closely with audit teams to provide technical expertise during control testing while maintaining independence and objectivity in audit processes.

• Work with team members to ensure risks and processes are properly documented and corresponding controls are designed effectively to address external and internal requirements

• Demonstrate a deep sense of curiosity and willingness to learn and run after problems

What You’ll Need

• 10+ years of progressive technology and cybersecurity risk/audit experience within banking or financial services institutions, with at least 5 years at institutions subject to heightened prudential standards (≥$50B assets), including demonstrated success implementing and sustaining enhanced control frameworks and risk management programs

• Bachelors’ Degrees in Computer Science, Systems Engineering, Information Technology or equivalent technical experience

• Experience working with large Fed-regulated Bank Holding Companies and leading regulatory interactions

• Proven track record building and maintaining trusted advisor relationships directly interfacing with banking regulators and audit teams, with demonstrated success as primary regulatory contact managing on-site examinations through proactive, transparent, responsive communication and ability to articulate complex technical matters to non-technical audiences

• Experience with driving risk management scale and implementing risk programs that adhere to regulatory Heightened Standards

• Deep expertise across both technology operations and cybersecurity domains, with demonstrated ability to assess risks and controls across infrastructure, applications, development practices, and security

• Subject matter expert on information security and technology risk management, across the full technology stack, with understanding of IT control policies and experience managing compliance attestations including GLBA, PCI-DSS, SOC 2, and SOX

• Experience orchestrating cross-domain risk and governance programs across Information Security, Data Governance, Insider Threat, and Technology, with ability to identify interdependencies and drive integrated approaches to regulatory compliance and risk management

• Demonstrated expertise in data security, risk management & controls, security governance, and analytical thinking

• Excellent command of cyber and operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies

• Experience working in an Agile development environment

• Flexible and adaptable; able to work through ambiguous situations to create clear systems and processes in an evolving regulatory environment

• Exceptional partnership capabilities and able to thrive in a matrixed organization where success depends on a high degree of cross-functional collaboration; ability to build strong relationships within the team, with executives, and with cross-functional partners across the company

• Excellent communication skills (verbal, written, and visual); ability to communicate technology and security concepts to both technical and non-technical partners

Compensation and Benefits

The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.

To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page!

SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.

The Company hires the best qualified candidate for the job, without regard to protected characteristics.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

New York applicants: Notice of Employee Rights

SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email [email protected].

Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.

Internal Employees

If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.