GRC Analyst

WHO WE ARE
Apex Fintech Solutions (AFS) powers innovation and the future of digital wealth management by processing millions of transactions daily, to simplify, automate, and facilitate access to financial markets for all. Our robust suite of fintech solutions enables us to support clients such as Stash, Betterment, SoFi, and Webull, and more than 20 million of our clients' customers.
Collectively, AFS creates an environment in which companies with the biggest ideas in fintech are empowered to change the world. We are based in Dallas, TX and also have offices in Austin, New York, Chicago, Portland, and Belfast.
If you are seeking a fast-paced and entrepreneurial environment where you'll have the opportunity to make an immediate impact, and you have the guts to change everything, this is the place for you.
AFS has received a number of prestigious industry awards, including:

• 2021, 2020, 2019, and 2018 Best Wealth Management Company - presented by Fintech Breakthrough Awards
• 2021 Most Innovative Companies - presented by Fast Company
• 2021 Best API & Best Trading Technology - presented by Global Fintech Awards

ABOUT THIS ROLE
Apex Fintech Solutions (AFS) is seeking an GRC Analyst who will serve as a member of our InfoSec Governance, Risk & Compliance (GRC) team responsible for implementing and maintaining the risk and control self-assessment capability for all current and future Information Technology and Cybersecurity related audit readiness requirements. This is a fantastic opportunity to join the front lines of our cybersecurity defense working in the Financial Technology (FinTech) industry, learning leading practice techniques to secure our systems and data.
Duties/Responsibilities

• Assist in the development, implementation, and maintenance of a governance, risk, and compliance framework.
• Collaborate with internal stakeholders to identify compliance requirements and develop processes to ensure adherence.
• Prepare reports and present findings to management, highlighting areas of non-compliance and recommending corrective actions.
• Coordinate and facilitate the IT & Cybersecurity portion of all risk and compliance audits with the business units annually, and work with external audits performing the independent audits.
• Monitor changes in regulatory requirements and industry best practices and make recommendations for adjustments to policies and procedures.
• Provide support to internal and external auditors and execute remediation plans when audit issues and concerns are raised.
• Support vendor due-diligence process, respond adeptly to client questionnaires and help to lead and define overall third-party risk management efforts.
• Support the InfoSec GRC team in implementing and maintaining the necessary control frameworks to support IT Control self-assessments across the organization.
• Support various Apex departments in their annual IT Control self-assessment in the role of an IT risk and control SME.
• Communicate and report to the InfoSec leadership team regarding control testing status, audit issues and deadlines.
• Champion transparency through the deployment of insightful operational metrics and KPIs.
• Execute User Access Reviews (UARs) to evaluate and correct user access, ensuring it aligns with job roles and the principle of least privilege.
• Leverage learning management system(s) (e.g. LinkedIn Learning) to stay current with IT and security technologies, trends, vulnerabilities, and threats to be a value-added member of the team.

Education and/or Experience

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity or equivalent combination of education and experience
• 2+ years of professional experience in the information security or information risk management field.
• Experience in collaborating with engineering teams and external agencies, serving as a critical liaison or auditor.

Required Skills/Abilities

• Demonstrated ability to think critically, proactively manage assigned tasks, handle multiple tasks concurrently and adhere to tight deadlines.
• Intermediate knowledge of the IT risk and control assessment or the IT audit process of relevant systems
• Intermediate knowledge of IT control requirements for regulations such as Financial Statement, Sarbanes-Oxley (SOX) and Service & Organizational Controls (SOC).
• Intermediate knowledge of IT risk and control frameworks such as NIST CSF.
• Strong presentation, communication, and writing skills with a demonstrated ability to present analysis and findings in a cohesive, understandable, and actionable format.
• Self-motivated with a strong desire to learn new skills.

Work Environment

• This job operates in an office environment.

​ Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
#IT #associate #full-time #LI-AM1 #APEX
​ Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
Our Rewards
We offer a robust package of employee perks and benefits, including healthcare benefits (medical, dental and vision, EAP), competitive PTO, 401k match, parental leave, and HSA contribution match. We also provide our employees with a paid subscription to the Calm app and offer generous external learning and tuition reimbursement benefits. At AFS, we offer a hybrid work schedule for most roles that allows employees to have the flexibility of working from home and one of our primary offices.
Diversity, Equity, Inclusion, and Belonging (DEIB) Commitment
We're looking for all kinds of people.
At Apex, we believe that wealth management and investing should be accessible to everyone, and we strive to create spaces to democratize investing for folks of all walks of life. Internally, we embrace diversity and are dedicated to creating an inclusive and equitable workplace, which reflects our company vision and mission. We value every team member's unique perspective and are committed to fostering a culture where everyone belongs. Join us in our mission to empower and celebrate individual differences.
Apex is committed to being an equal opportunity employer. We ensure that qualified applicants receive fair consideration for employment without discrimination based on sex, gender identity, gender expression, sexual orientation, race, color, natural or protective hairstyle, genetics, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law. Know your rights: workplace discrimination is illegal. We stand by this commitment to promote a diverse, equitable, and inclusive workforce.