GRC Engineer - Risk and Assurance

About OnePay

OnePay is a consumer financial services app with an exceedingly simple mission: to help people achieve financial progress.

Tens of millions of Americans today are unbanked or underbanked, meaning they don’t have enough money in savings to cover a minor emergency. They pay too much in fees, don’t have access to credit at affordable rates, and have little ability to grow their wealth. OnePay’s vision is to create a single app for consumers to save, spend, borrow, and grow their money, bringing our mission to life with simple and accessible banking, credit, and payments products that deliver a best-in-class experience to millions of customers. Our products include:

• Checking and high-yield savings accounts

• Domestic and international peer-to-peer payments

• Credit Builder and credit score monitoring

• Digital wallet / contactless payment solutions

• Buy-now-pay-later installment loans at Walmart

Why do we have a right to win? We have the backing of Walmart (a Fortune 1) and Ribbit Capital (a preeminent fintech investor), are deeply embedded with the distribution of the world’s largest omnichannel retailer, and have an industry-leading multi-product value proposition — all in addition to having some of the best people and talent in the industry.

There’s never been a better time to build a category-defining business and there has rarely been a team better positioned for the opportunity. Join us!

The Role

As our GRC Engineer in Risk and Assurance at OnePay, you will support the Security team with a focus on third-party risk management (TPRM), while also contributing to vulnerability and patch management, reviewing cloud security findings, data governance and privacy, and audit support. It’s a hybrid security role for someone eager to wear multiple security-related hats and grow alongside a seasoned team! You will:

• Drive  and support the third-party risk management (TPRM) process

• Collaborate on vendor assessments and contract reviews tied to business deals

• Assist with vulnerability and patch management operations and process implementation

• Support the review of cloud security findings and remediation workflows

• Assist in the implementation of new systems and applications from a security perspective

• Help build the data governance and privacy program in conjunction with legal and business stakeholders

• Contribute to security compliance activities and internal & external audits

You Bring

• 6+ years of experience in security governance, cloud and application security assessments, risk management, and/or third party risk.

• Strong knowledge of various industry standard frameworks such as NIST, FFIEC, SOC 2, PCI DSS, HiTrust, etc.

• Thorough knowledge of enterprise-scale security architecture, cloud security, and application security best practices.

• Domain knowledge of multiple disciplines including IT systems, networking, security, and compliance.

• Familiarity with containerization technologies (e.g., Docker, Kubernetes) and CI/CD pipelines.

• Excellent written and verbal communication skills, with the ability to convey technical concepts to both technical and non-technical audiences.

• Strong analytical and problem-solving skills with the ability to work independently and as part of a team.

• Relevant certifications such as AWS Certified Security Specialty, Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP) are a plus.

What We Offer

• Competitive base salary, stock options, and health benefits from Day 1

• 401(k) plan with company match

• Remote-friendly (US), flexible time off (FTO), and opportunities for growth

• A high-growth, mission-driven, inclusive culture where your work has real impact

Standard Interview Process

• Initial Interview with Talent Partner

• Technical or Hiring Manager Interview

• Team Interview

• Executive Interview

• Offer!

Equal Employment Opportunity

To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us at [email protected].