Information Security Program Manager - GRC

📋 Description

• Enable teams to move faster and securely by translating audit, risk, and compliance into guidance.
• Coordinate assurance activities (SOX IT, SOC 2) to ensure audit readiness.
• Manage security due diligence requests from partners with clear, timely responses.
• Own policy management: draft, maintain, review, and raise awareness of security policies.
• Support third-party risk program with vendor assessments, risk tracking, and remediation.
• Improve GRC operations via process improvements and automation.

🎯 Requirements

• 5+ years in information security, GRC, or IT/security audits.
• Experience operating GRC programs (audits, risk assessments, control testing, policy management, third-party risk) in regulated tech/financial services.
• Knowledge of SOC 2, NIST CSF 2.0, NIST SSDF, NYDFS.
• Strong written and verbal communication for technical and non-technical audiences.
• Ability to design metrics, KRIs, and reporting for diverse stakeholders.
• Experience using GRC automation tools.

🎁 Benefits

• Generous 401(k) plan with Upstart matching up to $15,000 per year.
• Employee Stock Purchase Plan (ESPP) with discounted stock purchase options.
• Affordable medical, dental, and vision coverage, with plans that cover 90% to 100% of the cost.
• Health Savings Account contributions from Upstart for eligible plans.
• Paid time off, sick and safe time, and company holidays.
• Onsite perks, including catered lunches and fully stocked micro-kitchens at offices in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!).