Security GRC Specialist

Sunbit builds financial technology for real life. Our AI-native platform helps more people get to “yes” at the moments that matter with personalized offers, transparent terms, and no added consumer fees. In stores, practices and service centers across the country, Sunbit provides a fast, fair pay-over-time option. For everything else, the Sunbit Credit Card delivers a modern, no-fee credit experience managed in a powerful mobile app.

We are guided by people-centered values:
Serve Others Before Self, Include Always, Connect Genuinely, Innovate for Good. These values shape how we build, how we support customers and merchants, and how we work with each other.

What makes Sunbit different is an AI-native infrastructure that runs through the full customer and merchant journey. Our interconnected AI systems power instant decisioning, streamline fraud checks with human-in-the-loop safeguards, enable highly personalized offers  result is a quick, fair, and simple experience for consumers and merchants.

We pair this technology with inclusion and transparency. Sunbit delivers industry-leading approval rates — 90%+ in auto service and 85%+ in dental — while maintaining zero consumer fee-based revenue. It is a better way to serve people and merchants, proven at scale.

Today, Sunbit is available across a nationwide, in-person merchant network of 30,000+ locations spanning auto service centers, dental and optical practices, veterinary clinics, and other specialty services. We help teams say “yes” more often and help customers move forward with confidence.

We seek a Cybersecurity GRC & Project Management Specialist to join our growing team. In this role, you will be pivotal in safeguarding our company’s data and systems, ensuring compliance with industry regulations, and fostering a security‑conscious environment.

• Maintain and extend our comprehensive cybersecurity program aligned with industry best practices and regulatory requirements (e.g., PCI DSS, SOC
  2).
• Establish and maintain a risk management framework to identify, assess, and prioritize cybersecurity risks.
• Develop and maintain our security policies, procedures, and standards.
• Manage and track cybersecurity risks, conduct threat assessments, and implement controls to mitigate risks.
• Stay abreast of evolving regulations and industry standards, such as PCI DSS, SOC 2, GDPR, and HIPAA, and translate these requirements into actionable security practices for Sunbit.
• Oversee internal audits and compliance assessments.

• Evaluate and manage the security posture of third‑party vendors, ensuring they adhere to Sunbit’s security standards.
• Develop and implement processes for vendor onboarding, risk assessment, and ongoing monitoring.

• Design and deliver engaging security awareness training programs for employees at all levels.
• Develop and maintain security awareness materials, such as newsletters, phishing simulations, and security posters.

• Manage and oversee the implementation of security projects, ensuring they are completed on time, within budget, and meet project goals.
• Work with cross‑functional teams to prioritize and execute security initiatives.

• Minimum 5 years of experience in cybersecurity, preferably within the financial services industry.
• Strong understanding of cybersecurity frameworks (e.g., NIST CSF, PCI DSS, SOC
  2).
• Experience with security risk management, vendor risk management, and security awareness programs.
• Proven project management skills, including experience with project planning, execution, and monitoring.
• Excellent communication, collaboration, and interpersonal skills.
• Ability to work independently and as part of a team.

• Join one of LA’s fastest growing startups (2023), A Most Loved Workplace, #576 on the 2023 Inc 5000 list, and Forbes Fintech 50 (2024)
• Mission driven + empowered + collaborative
• Competitive pay and stock options
• Unlimited PTO
• Health Insurance options including Medical, Dental, Vision, Life, EAP, FSA, & Parental Leave
• Newly added HSA and Pet Insurance
• 401K…