Director, Technology Exam and Audit Management

The Role

This role is critical to SoFi's evolution as we scale past $50B in assets and navigate heightened prudential standards. The Director will serve to support the primary regulatory interface for all technology and cybersecurity matters, requiring both deep banking regulatory expertise and broad technical knowledge across our full technology estate. The role requires someone who has previously held similar regulatory liaison responsibilities at a complex financial institution and can build credibility with regulators, auditors, and internal technology leaders. The role requires someone who has successfully navigated and delivered on heightened prudential standards requirements at a large, complex financial institution

As the Director, Technology and Cyber Exam and Audit Management, you will be responsible for leading and coordinating regulatory inquiries, responses and interactions for technology and cyber functions at SoFi. This role will report to the Head of Technology and InfoSec Business Controls. You will coordinate interactions, prepare responses, and provide accurate and valid information. You will also act as the central technology liaison with Internal Audit, managing comprehensive audit engagements and coordinating remediation efforts across technology domains.
What You’ll Do

• Serve as the primary liaison with regulatory bodies on Technology and Cyber, managing examination processes, inquiry responses, and ongoing regulatory communications through effective partnership with technology, cybersecurity, risk, and business stakeholders across a complex matrixed organization. 
• Orchestrate preparation for regulatory assessments by coordinating with subject matter experts, reviewing documentation, and ensuring timely submission of required materials. 
• Proactively monitor regulatory developments and adapt organizational strategies accordingly.
• Lead Technology and Cyber Risk assessments, including but not limited to technology infrastructure, application development lifecycle, IT operations, and Data Loss Prevention, recommend mitigation strategies, and collaborate with internal partners to assign ownership, advise on solutions, and drive to closure.
• Oversee audit readiness across diverse technology domains including: cloud infrastructure, SDLC practices, API governance, and cybersecurity controls
• Act as the central Technology and Cyber liaison with Internal Audit functions, facilitating comprehensive audit engagements and control assessments through strong cross-functional relationships and credibility with second and third lines of defense . 
• Foster cohesion and alignment across Technology functions, Information Security, Data Governance, and Insider Threat Programs, ensuring integrated risk management approaches and coordinated responses to regulatory expectations across these interconnected domains
• Lead preparation for internal audit reviews by leading a team, validating control documentation, and ensuring audit readiness across Technology and Cyber teams. 
• Manage the complete audit lifecycle from scoping through remediation, coordinating management responses to audit findings and overseeing timely implementation of corrective action plans with accountability for results. 
• Collaborate closely with audit teams to provide technical expertise during control testing while maintaining independence and objectivity in audit processes.
• Work with team members to ensure risks and processes are properly documented and corresponding controls are designed effectively to address external and internal requirements
• Demonstrate a deep sense of curiosity and willingness to learn and run after problems

What You’ll Need

• 10+ years of progressive technology and cybersecurity risk/audit experience within banking or financial services institutions, with at least 5 years at institutions subject to heightened prudential standards (≥$50B assets), including demonstrated success implementing and sustaining enhanced control frameworks and risk management programs
• Bachelors’ Degrees in Computer Science, Systems Engineering, Information Technology or equivalent technical experience
• Experience working with large Fed-regulated Bank Holding Companies and leading regulatory interactions
• Proven track record building and maintaining trusted advisor relationships with banking regulators and audit teams, with demonstrated success as primary regulatory contact managing on-site examinations through proactive, transparent, responsive communication and ability to articulate complex technical matters to non-technical audiences
• Experience with driving risk management scale and implementing risk programs that adhere to regulatory Heightened Standards
• Deep expertise across both technology operations and cybersecurity domains, with demonstrated ability to assess risks and controls across infrastructure, applications, development practices, and security
• Subject matter expert on information security and technology risk management, across the full technology stack, with understanding of IT control policies
• Experience orchestrating cross-domain risk and governance programs across Information Security, Data Governance, Insider Threat, and Technology, with ability to identify interdependencies and drive integrated approaches to regulatory compliance and risk management
• Demonstrated expertise in data security, risk management & controls, security governance, and analytical thinking
• Excellent command of cyber and operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
• Experience working in an Agile development environment 
• Flexible and adaptable; able to work through ambiguous situations to create clear systems and processes in an evolving regulatory environment
• Exceptional partnership capabilities and able to thrive in a matrixed organization where success depends on a high degree of cross-functional collaboration; ability to build strong relationships within the team, with executives, and with cross-functional partners across the company
• Excellent communication skills (verbal, written, and visual); ability to communicate technology and security concepts to both technical and non-technical partners