Lead Security Risk and Compliance Analyst

Progressive Leasing is a leading provider of in-store and e-commerce lease-to-own solutions. As an almost 20+ year old FinTech company that has gone from start-up to industry leader, we know how to innovate, simplify, and value all people. We are a company founded on our grit and we are constantly looking to the future. As an ever-evolving group of entrepreneurs and technologists, we strive to do the right thing period in all aspects of our work. We are a subsidiary of PROG Holdings (NYSE: PRG), an exciting FinTech holding company, with three business segments including Progressive, Vive Financial, and Four, a Buy Now Pay Later (BNPL) platform.

We are currently hiring a Lead Security Risk and Compliance Analyst focusing on security and awareness.

This role is a work from home position and can be performed remotely anywhere in the continental US or in our corporate office in Utah.

WE ARE: A team of Information Security professionals with a sharp focus on security and reliability. As a leading SaaS fintech company, we are dedicated to safeguarding our clients' data with the most advanced information security practices in the industry. Joining our InfoSec team means you'll be at the forefront of defending against cyber threats, leveraging cutting-edge technologies, and contributing to a culture that values innovation and excellence in every aspect of security. Your work here will not only protect our systems but also shape the future of financial security.

YOU ARE: As the Lead Security Risk and Compliance Analyst, you are a seasoned professional with extensive experience in information security, risk management, and compliance. You possess a deep understanding of industry standards, regulations, and best practices related to cybersecurity. You are adept at assessing security risks, developing mitigation strategies, and ensuring compliance with relevant laws and regulations.

YOUR DAY-TO-DAY:

• Risk Assessment and Management: Conduct comprehensive risk assessments to identify potential security threats and vulnerabilities. Analyze findings to prioritize risks and develop strategies for mitigation.

• Compliance Monitoring: Monitor and assess compliance with regulatory requirements, industry standards, and internal policies. Implement controls and procedures to ensure ongoing compliance.

• Policy Development: Develop and maintain information security policies, standards, and procedures in alignment with regulatory requirements and industry best practices.

• Security Controls Implementation: Collaborate with cross-functional teams to implement security controls and measures to protect sensitive information and mitigate security risks.

• Incident Response: Lead incident response activities in the event of security breaches or incidents. Investigate security incidents, assess the impact, and implement corrective actions to prevent recurrence.

• Vendor Risk Management: Assess the security posture of third-party vendors and service providers. Develop risk management strategies and monitor compliance with security requirements.

• Security Awareness Training: Develop and deliver security awareness training programs to educate employees on security risks, best practices, and compliance requirements.

• Security Metrics and Reporting: Establish key performance indicators (KPIs) and metrics to measure security posture and compliance effectiveness. Prepare and present regular reports to management on security and compliance status.

• Continuous Improvement: Stay current with emerging threats, technologies, and regulatory changes. Identify opportunities for process improvements and recommend enhancements to security and compliance programs.

YOU'LL BRING:

• Experience: Minimum of 5 years of experience in information security, risk management, or compliance roles, with at least 2 years in a leadership or supervisory capacity.

• Knowledge: In-depth understanding of information security principles, risk management methodologies, and regulatory requirements such as GDPR, HIPAA, PCI DSS, etc.

• Certifications: Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent are highly desirable.

• Analytical Skills: Strong analytical and problem-solving skills with the ability to assess complex security risks and develop effective mitigation strategies.

• Communication: Excellent written and verbal communication skills, with the ability to effectively communicate technical concepts to non-technical stakeholders.

• Leadership: Proven leadership abilities with the capacity to lead cross-functional teams, mentor junior analysts, and drive security and compliance initiatives.

• Attention to Detail: Meticulous attention to detail with a focus on accuracy and thoroughness in conducting risk assessments and compliance audits.

• Adaptability: Ability to work in a fast-paced environment, prioritize tasks, and manage multiple projects simultaneously while maintaining quality and meeting deadlines.

• Collaboration: Strong interpersonal skills with the ability to collaborate effectively with internal teams, external auditors, and regulatory agencies.

• Integrity: Demonstrated integrity and ethical behavior in handling sensitive and confidential information.

WE OFFER:

• Competitive Compensation; Eligible for STI

• Full Health Benefits; Medical/Dental/Vision/Life Insurance + Paid Parental Leave

• Company Matched 401k

• Paid Time Off + Paid Holidays + Paid Volunteer Time

• Diversity Alliance Resource Groups

• Employee Stock Purchase Program

• Tuition Reimbursement

• Charitable Gift Matching

• Job Required Equipment & Services Will Be Provided

Progressive Leasing welcomes and encourages diversity in the workplace. We do not discriminate in any aspect of employment on the basis of race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by federal, state, or local employment discrimination laws where Progressive Leasing does business.