Manager, Governance, Risk & Compliance (GRC)

Flex is a growth-stage, NYC headquartered FinTech company that is creating the best rent payment experience. It’s hard to believe that it’s 2025 and paying rent on time is expensive, inflexible, and difficult. We’re here to change that! Flex enables our users to pay rent throughout the month on a schedule that better fits their finances and budget. Our mission is to empower as many renters as possible with flexibility over their most significant recurring expense. After deliberately keeping a stealth profile as we built up unprecedented investor support and an enthusiastic user base, we are looking for motivated individuals to help us keep our mission growing. Will you be a part of the team?

About The Role

As the GRC Manager reporting directly to the Head of Security, you will play a pivotal role in shaping and maintaining the organization's governance, risk, and compliance programs. Your expertise will be crucial in ensuring adherence to regulatory requirements, industry standards, and internal policies.

This is a hybrid position with on-site expectations of 3 days per week in our New York Headquarters. For candidates outside of the NY/NJ area, you may be eligible for our relocation assistance program.

What You’ll Do

• Lead SOC 2 audit preparation and ongoing compliance efforts
• Utilize Vanta to automate and streamline compliance processes
• Contribute to the implementation and maintenance of NIST Cybersecurity Framework (CSF) controls
• Assist in ensuring compliance with NYDFS Cybersecurity Regulations
• Conduct risk assessments and develop mitigation strategies
• Create and update policies, procedures, and controls documentation
• Collaborate with internal stakeholders to support the implementation and monitoring of security controls
• Assist in preparing comprehensive reports for management on compliance status and risk exposure
• Stay informed about evolving regulatory requirements and industry best practices, sharing insights with the team
  
  

Required Qualifications

• Bachelor's degree in Information Security, Computer Science, or a related field
• Minimum 3 years of experience in GRC, information security, or related roles
• Proven experience with SOC 2 audit preparation and compliance
• Proficiency with Vanta or similar compliance automation tools
• Strong knowledge of NIST CSF and NYDFS Cybersecurity Regulations
• Excellent analytical and problem-solving skills
• Outstanding written and verbal communication abilities
• Fluency in English at the C2 level
• Self-motivated with the ability to work independently in a remote environment
  
  

Preferred Qualifications

• ISACA CISA certification
• Experience in the fintech or financial services industry
• Familiarity with other frameworks such as ISO 27001, GDPR, or PCI DSS
  
  

The compensation range for this role will be commensurate with the candidate's experience and Flex's internal leveling guidelines and benchmarks.

• For working locations in NY/NJ/CA, the base salary pay range will be $137,000-$156,000
  
  

Life at Flex:

We understand that it takes a diverse team of highly intelligent, curious, determined, empathetic, and self aware people to grow a successful company. Our HQ is located in New York City, but we have employees located throughout the US, Australia, Canada and South America. We are growing quickly, but deliberately, with a focus on building an inclusive culture. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity workplace.

We offer many employee benefits. For full time, U.S. based employees we offer:

• Competitive pay
• 100% company-paid medical, dental, and vision
• 401(k) + company equity
• Unlimited paid time off with a PTO minimum + 13 company paid holidays
• Parental leave
• Flex Cares Program: Non-profit company match + pet adoption coverage
• Free Flex subscription
  
  

For full time non-US employees, we offer

• Competitive Pay
• Company Equity
• Unlimited PTO