Security GRC Specialist, Audit & Assurance (R13698)

ABOUT OPORTUN Oportun (Nasdaq: OPRT) is a mission-driven fintech that puts its members' financial goals within reach. With intelligent borrowing, savings, and budgeting capabilities, Oportun empowers members with the confidence to build a better financial future. Since inception, Oportun has provided more than $19.7 billion in responsible and affordable credit, saved its members more than $2.4 billion in interest and fees, and helped its members save an average of more than $1,800 annually. Oportun has been certified as a Community Development Financial Institution (CDFI) since 2009. WORKING AT OPORTUN Working at Oportun means enjoying a differentiated experience of being part of a team that fosters a diverse, equitable and inclusive culture where we all feel a sense of belonging and are encouraged to share our perspectives. This inclusive culture is directly connected to our organization's performance and ability to fulfill our mission of delivering affordable credit to those left out of the financial mainstream. We celebrate and nurture our inclusive culture through our employee resource groups. POSITION OVERVIEW The Security GRC Specialist, Audit & Assurance is responsible for leading Oportun’s audit readiness and assurance initiatives across security and compliance programs. This role will oversee execution and continuous improvement of control frameworks supporting SOC 2, PCI DSS, and partner assurance programs, ensuring alignment with Oportun’s compliance strategy and regulatory expectations. The ideal candidate will serve as a subject matter expert in security controls, evidence management, and audit coordination using AuditBoard and bolthires Office Suite. Experience with FTC Safeguards, SOC 1, or SOX programs is beneficial but not required. This role partners closely with internal teams, external auditors, and business stakeholders to maintain a robust and transparent compliance posture. RESPONSIBILITIES • Lead the planning, coordination, and execution of internal and external audits across SOC 2, PCI DSS, and partner assurance programs. • Maintain Oportun’s control framework within AuditBoard, ensuring timely updates, documentation accuracy, and evidence completeness. • Collaborate with control owners and cross-functional teams to prepare audit artifacts, track remediation activities, and communicate progress to leadership. • Develop and refine audit procedures, evidence collection methodologies, and reporting standards using bolthires Excel, PowerPoint, and SharePoint. • Support development and maintenance of policies, standards, and procedures aligned to regulatory and industry frameworks (NIST CSF, ISO 27001, AICPA/SOC, PCI DSS). • Conduct internal readiness assessments and gap analyses to proactively identify compliance risks and improvement opportunities. • Manage auditor and partner requests, providing timely and professional responses. • Serve as a mentor and escalation point for junior GRC analysts. REQUIREMENTS • Bachelor’s degree in Information Systems, Cybersecurity, Business, or related field. • 6–8 years of experience in IT audit, security governance, risk, and compliance, or related functions. • Hands-on experience supporting or leading SOC 2 and PCI DSS audits. • Proficiency with AuditBoard, bolthires Office (Excel, Word, PowerPoint), and collaboration tools. • Strong understanding of information security frameworks (NIST, ISO 27001, AICPA/SOC, PCI DSS, FTC). • Excellent written and verbal communication skills, with the ability to translate technical topics into business terms. • Proven ability to manage multiple concurrent audits or assurance initiatives in a dynamic environment. Preferred • Certifications such as CISA, CIA, CRISC, or CISSP. • Experience coordinating SOC 1, FTC Safeguards, or SOX ITGC programs. • Experience in the financial services or fintech industry. • Demonstrated ability to build relationships across technical and non-technical teams. LEVEL VALIDATION: A7 (Specialist / Lead) Aligned to Oportun’s Professional & Management Global Level Criteria: • Recognized for specialized depth in GRC and audit frameworks. • Leads complex audit initiatives with limited guidance. • Decisions have cross-functional impact on compliance and risk posture. • Provides guidance and mentorship to junior staff. The US base salary range for this full-time position is $114,500 - $183,200. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects a national minimum and maximum range for new hire salaries for this position. Within this range, individual pay is determined by work location and additional factors, such as job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range that meets your criteria during the hiring process. Please note that the compensation range listed in this posting reflects only the base salary for this position and does not include other compensation elements or benefits. #LI-REMOTE #LI-RR1 We are proud to be an Equal Opportunity Employer and consider all qualified applicants for employment opportunities without regard to race, age, color, religion, gender, national origin, disability, sexual orientation, veteran status or any other category protected by the laws or regulations in the locations where we operate. California applicants can find a copy of Oportun's CCPA Notice here: We will never request personal identifiable information (bank, credit card, etc.) before you are hired. We do not charge you for pre-employment fees such as background checks, training, or equipment. If you think you have been a victim of fraud by someone posing as us, please report your experience to the FBI’s Internet Crime Complaint Center (IC3). Apply tot his job Apply tot his job