Lead automation-focused GRC work: monitor and audit controls against PCI-DSS, NIST CSF, and SOC frameworks; automate evidence collection and compliance workflows using scripting and AI; oversee IAM reviews; collaborate with engineering, DevOps, and product to embed compliance into CI/CD and cloud infrastructure.
Your role in our mission
Prosper is seeking a detail-oriented, highly motivated, and automation-focused security compliance professional to support, promote, and further mature the company's Governance, Risk, and Compliance program. In this position, you will blend standard GRC practices (PCI DSS, NIST, SOC 1/2) with a technical mindset, leveraging GRC platforms, scripting and AI tools to automate manual compliance workflows, audit trails, and data gathering.
You will use your strong analytical and technical skills to identify security gaps and build efficient, scalable processes. We are looking for self-driven candidates who want to be part of an innovative FinTech company with a mission to improve the financial well-being of its customers.
How you’ll make an impact
- Automated Compliance Monitoring: Review, audit, and monitor security compliance programs against frameworks like PCI-DSS, NIST CSFv2, and SOC 1/2, leveraging automation tools to continuously assess control health
- Process Optimization & AI Integration: Identify opportunities to leverage AI tools and LLMs to accelerate risk assessments, summarize complex regulatory requirements, and streamline process improvements
- Code-Assisted Evidence Collection: Lead and automate evidence collection for external audits (SOC 1, PCI Level 1), reducing manual overhead for engineering and product teams
- Identity & Access Management (IAM): Oversee user access management and quarterly user access reviews, exploring ways to automate provisioning audits and detect anomalies
- Cross-Functional Collaboration: Build and cultivate positive working relationships with engineering, DevOps, and product stakeholders to bake compliance directly into the CI/CD pipeline and cloud infrastructure
Skills that will help you thrive
- Education: B.S. degree in Computer Science, Information Systems, Cyber Security, or a related technical field
- Experience: 5–7 years of GRC or Security Engineering experience, ideally within a SaaS, FinTech, or Cloud-native company
- Solid understanding of Cloud Security compliance (AWS/Azure/GCP)
- Technical & Scripting Skills: Hands-on working experience with command line and scripting languages (Python, Bash, Powershell, etc) to parse logs, query APIs, and automate repetitive GRC tasks
- AI Savvy: Familiarity with utilizing AI productivity tools, prompt engineering, or LLMs to optimize documentation, drafting, or data analysis
- Framework Fluency: Experience with security standards/frameworks such as PCI-DSS, NIST (800-53/CSF), and SOC 1/2 Type II
- Soft Skills: Strong ability to clearly articulate technical risk to non-technical stakeholders and strategically collaborate cross-functionally
- Certifications: CISSP, CISA, CISM, CCSP, or similar security certifications are a plus
Resources to help you prosper
- A connected experience: We prioritize high-touch collaboration and flexibility. Whether you are working from our San Francisco or Phoenix offices or joining us as a fully remote team member, we provide the digital-first tools and intentional culture to keep you synced and supported
- Invested in your future: A competitive salary and a 401(k) with a 5% company match to help you build long-term financial security
- Holistic well-being: We provide the resources you need to thrive, from flexible time off and paid parental leave to an annual wellness allowance and comprehensive health coverage
- Professional & personal growth: Take advantage of a suite of premium perks, including Udemy access, childcare assistance, pet insurance, and a bevy of additional savings through Beneplace
#LI-RC1#LI-remote
Similar Jobs
Events • Analytics • Consulting
Conduct research and deliver strategic advice on risk management and cyber risk quantification. Develop and maintain risk artifacts (standards, procedures, appetite, registry), produce 6–8 research projects yearly, consult with clients, collaborate across Forrester teams, advise vendors, publish insights, and present externally. Support C-suite and risk leaders and travel up to 20%.
Top Skills:
Grc Platforms
Consulting
Lead end-to-end ServiceNow initiatives: gather and translate complex business requirements, design solutions across ITSM/SPM/GRC/App Engine, guide development and testing, drive stakeholder workshops, manage UAT and change management, mentor junior analysts, and deliver high-quality documentation and training to ensure successful platform adoption.
Top Skills:
DatabricksPower AppsPower AutomatePower BISafeScoped ApplicationsScrumServicenowServicenow App EngineServicenow GrcServicenow ItsmServicenow SpmSharepointTableauUipath
Big Data • Healthtech
The Senior GRC Analyst will enhance compliance programs, respond to security inquiries, conduct audits, review contracts, and optimize processes using AI.
Top Skills:
AIAutomationCloud SecurityFedramp)HipaaHitrustRegulatory Compliance Frameworks (Nist
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
