InfoSec Compliance Analyst

We’re on a mission to help our customers and their communities unlock economic mobility for generations to come. Join the team that’s making our goal a reality.

At Possible, we’re building a new type of consumer finance company. One that helps our customers stay out of debt rather than profit from them staying in it. As a Public Benefit Corporation, it is our mission and responsibility to help communities unlock economic mobility through affordable credit products crafted to improve financial health.

Founded in 2017, our lead VCs are Canvas and Union Square Ventures. We have over 100,000 reviews on the App Store with a 4.8-star average rating.

Since our founding, we have redefined how people approach small-dollar loans—delivering over $1 billion in funding to more than 1 million customers, issuing over 4 million loans, and saving our customers more than $500 million.

We are seeking a driven and meticulous Information Security Compliance Analyst to support the intersection of project management, financial services compliance, and information security initiatives. This cross-functional role will own and lead our Information Technology, Information Security, and Cybersecurity audit and other functions (external IT audits, InfoSec questionnaires, PCI audits, disaster recovery audits, etc.), enabling the organization to maintain regulatory compliance, minimize risk, and safeguard sensitive data.

The ideal candidate will be proactive, organized, and comfortable collaborating across multiple teams, including Product, Engineering, Legal, Compliance, and Operations, and with external parties, including our bank partner and third-party audit firms.

Key Responsibilities

Information Security Support

• Assist with administering, documenting, auditing, and enforcing the organization's information security policies and standards.
• Coordinate vulnerability management, user access reviews, and security incident response drills.
• Support third-party risk management by evaluating vendor security practices and contracts.
• Lead the annual PCI audit, and associated internal processes and controls.
• Lead work (i.e., access control review) associated with quarterly and annual tasks to ensure the fulfillment of controls associated with compliance with internal policy, PCI, and SOC requirements.

Compliance & Regulatory Oversight

• Supervise evolving regulatory requirements within the IT space (primarily PCI DSS, SOC 2) and assist in translating them into actionable internal policies and procedures.
• Serve as primary owner of responses to audits, examinations, and internal controls testing within the Information Technology, Information Security, and Cybersecurity area.
• Maintain documentation related to risk assessments, compliance certifications, vendor due diligence, and regulatory filings.

Project Management

• Serve as a project coordinator for compliance and security-related initiatives, ensuring we achieve our goals and commitments.
• Develop project plans, handle risk logs, and supervise progress on remediation activities from security assessments or compliance reviews.

Required Qualifications

• Proven ability in compliance, Information Technology, Information Security, Cybersecurity, and IT Audits, preferably within financial services or fintech environments.
• Familiarity with IT / InfoSec regulatory standards (Specifically: PCI DSS, ISO 27001, SOC 1 & 2).
• Deep Understanding of basic information security concepts (e.g., access control, encryption, incident response).
• Experience with FFIEC Information Technology, Information Security, and Business Continuity Management booklets.
• Excellent documentation, communication, and organizational skills.
• Ability to work independently, prioritize multiple tasks, and collaborate with cross-functional stakeholders.

Preferred Qualifications

• Bachelor’s degree or equivalent experience in Information Security, Business Administration, Risk Management, Finance, or related field.
• Industry certifications such as:
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP) Associate or full.
• Familiarity with security technologies (SIEM tools, endpoint protection, encryption technologies).
• Experience working in AWS environments, with OKTA and Kandji.

This is a Hybrid position. We work in the office three days a week, and our office is centrally located in downtown Seattle.

The compensation range for this role is $127,700 to $134,800. We also offer significant stock options, comprehensive benefits, a bonus plan, commuter benefits, and an excellent office space with complimentary drinks and food options.

Possible Finance is dedicated to financial fairness and community empowerment. We welcome diverse perspectives and experiences to help us achieve our mission of unlocking economic mobility for generations to come.

Learn more about us as a Public Benefit Company.