This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Security GRC Specialist, Audit & Assurance is responsible for leading Oportun’s audit readiness and assurance initiatives across security and compliance programs. This role will oversee execution and continuous improvement of control frameworks supporting SOC 2, PCI DSS, and partner assurance programs, ensuring alignment with Oportun’s compliance strategy and regulatory expectations. The ideal candidate will serve as a subject matter expert in security controls, evidence management, and audit coordination using AuditBoard and arenaflex Office Suite. Experience with FTC Safeguards, SOC 1, or SOX programs is beneficial but not required. This role partners closely with internal teams, external auditors, and business stakeholders to maintain a robust and transparent compliance posture. Responsibilities • Lead the planning, coordination, and execution of internal and external audits across SOC 2, PCI DSS, and partner assurance programs. • Maintain Oportun’s control framework within AuditBoard, ensuring timely updates, documentation accuracy, and evidence completeness. • Collaborate with control owners and cross-functional teams to prepare audit artifacts, track remediation activities, and communicate progress to leadership. • Develop and refine audit procedures, evidence collection methodologies, and reporting standards using arenaflex Excel, PowerPoint, and SharePoint. • Support development and maintenance of policies, standards, and procedures aligned to regulatory and industry frameworks (NIST CSF, ISO 27001, AICPA/SOC, PCI DSS). • Conduct internal readiness assessments and gap analyses to proactively identify compliance risks and improvement opportunities. • Manage auditor and partner requests, providing timely and professional responses. • Serve as a mentor and escalation point for junior GRC analysts. Requirements • Bachelor’s degree in Information Systems, Cybersecurity, Business, or related field. • 6–8 years of experience in IT audit, security governance, risk, and compliance, or related functions. • Hands-on experience supporting or leading SOC 2 and PCI DSS audits. • Proficiency with AuditBoard, arenaflex Office (Excel, Word, PowerPoint), and collaboration tools. • Strong understanding of information security frameworks (NIST, ISO 27001, AICPA/SOC, PCI DSS, FTC). • Excellent written and verbal communication skills, with the ability to translate technical topics into business terms. • Proven ability to manage multiple concurrent audits or assurance initiatives in a dynamic environment. Preferred • Certifications such as CISA, CIA, CRISC, or CISSP. • Experience coordinating SOC 1, FTC Safeguards, or SOX ITGC programs. • Experience in the financial services or fintech industry. • Demonstrated ability to build relationships across technical and non-technical teams. Level Validation • A7 (Specialist / Lead) • Recognized for specialized depth in GRC and audit frameworks. • Leads complex audit initiatives with limited guidance. • Decisions have cross-functional impact on compliance and risk posture. • Provides guidance and mentorship to junior staff. Salary Information The US base salary range for this full-time position is $114,500 - $183,200. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects a national minimum and maximum range for new hire salaries for this position. Within this range, individual pay is determined by work location and additional factors, such as job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range that meets your criteria during the hiring process. Please note that the compensation range listed in this posting reflects only the base salary for this position and does not include other compensation elements or benefits. Equal Opportunity Employer We are proud to be an Equal Opportunity Employer and consider all qualified applicants for employment opportunities without regard to race, age, color, religion, gender, national origin, disability, sexual orientation, veteran status or any other category protected by the laws or regulations in the locations where we operate. Fraud Warning We will never request personal identifiable information (bank, credit card, etc.) before you are hired. We do not charge you for pre-employment fees such as background checks, training, or equipment. If you think you have been a victim of fraud by someone posing as us, please report your experience to the FBI’s Internet Crime Complaint Center (IC3). Apply tot his job Apply tot his job