{"id":852,"date":"2025-12-17T11:47:27","date_gmt":"2025-12-17T11:47:27","guid":{"rendered":"https:\/\/skillbasedmatching.com\/jobs\/?post_type=jobpost&#038;p=852"},"modified":"2025-12-17T11:47:31","modified_gmt":"2025-12-17T11:47:31","slug":"senior-security-analyst-iii-security-operations-grc-fintech","status":"publish","type":"jobpost","link":"https:\/\/skillbasedmatching.com\/jobs\/current-jobs\/senior-security-analyst-iii-security-operations-grc-fintech\/","title":{"rendered":"Senior Security Analyst III \u2013 Security Operations &#038; GRC (FinTech)"},"content":{"rendered":"\n<p>\u200bThis is a full-time, <strong>Remote<\/strong> role at OppFi, a tech-enabled financial platform. Despite the &#8220;III&#8221; designation, the role functions as a high-level operational and tactical contributor, blending <strong>Security Operations (SecOps)<\/strong> with <strong>Governance, Risk, and Compliance (GRC)<\/strong>. The position is ideal for an analyst who wants to bridge the gap between technical incident response and strategic risk management within a highly regulated financial services environment.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Location:<\/strong> Remote.<\/li>\n\n\n\n<li>\u200b<strong>Experience Required:<\/strong> <strong>3\u20135 years<\/strong> of professional experience in Information Security or IT Risk Management.<\/li>\n\n\n\n<li>\u200b<strong>Reporting Line:<\/strong> Reports to the Manager, Security Operations.<\/li>\n\n\n\n<li>\u200b<strong>Focus:<\/strong> Security reviews for new tools, incident triage, SIEM tuning, and maintaining security governance dashboards.<\/li>\n\n\n\n<li>\u200b<strong>Industry Context:<\/strong> Regulated financial services (FFIEC, NIST frameworks).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bWhat You Will Do: Risk Management &amp; Technical Operations<\/h2>\n\n\n\n<p>\u200bThe role is divided between proactive risk governance and reactive security monitoring, requiring a &#8220;whole-environment&#8221; view of security.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bInformation Security Risk &amp; Governance<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Security Reviews:<\/strong> Own the assessment process for evaluating risks when introducing new applications or tools.<\/li>\n\n\n\n<li>\u200b<strong>Policy Development:<\/strong> Identify emerging compliance requirements and refresh policies\/standards to align with <strong>NIST, ISO, or FFIEC<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Governance Visibility:<\/strong> Design and maintain <strong>dynamic dashboards and scorecards<\/strong> to provide leadership with insights into governance activities.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">\u200bSecurity Operations &amp; Incident Support<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Monitoring &amp; Triage:<\/strong> Act as a key responder for alerts from <strong>SIEM, EDR, and cloud logs<\/strong>. Gather data and escalate spicy incidents to senior engineers.<\/li>\n\n\n\n<li>\u200b<strong>Playbook Execution:<\/strong> Follow incident response playbooks for investigation, basic containment, and documentation.<\/li>\n\n\n\n<li>\u200b<strong>SIEM Tuning:<\/strong> Assist in the configuration and tuning of SIEM alerts and reports to reduce noise and improve detection logic.<\/li>\n\n\n\n<li>\u200b<strong>Log Analysis:<\/strong> Perform regular reviews of system logs to identify suspicious activity under the guidance of senior staff.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bRequired Technical Expertise and Qualifications<\/h2>\n\n\n\n<p>\u200bOppFi is looking for an analyst who understands the &#8220;defense-in-depth&#8221; philosophy and has hands-on experience with modern cloud-native security stacks.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Core Experience:<\/strong> 3\u20135 years in SecOps, IR, or Vulnerability Management. Experience in <strong>financial services or healthcare<\/strong> is highly preferred.<\/li>\n\n\n\n<li>\u200b<strong>Framework Knowledge:<\/strong> Familiarity with <strong>FFIEC, NIST, COBIT, ITIL, or ISO<\/strong> control frameworks.<\/li>\n\n\n\n<li>\u200b<strong>Technical Stack:<\/strong>\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>EDR:<\/strong> CrowdStrike, Defender for Endpoint, or SentinelOne.<\/li>\n\n\n\n<li>\u200b<strong>SIEM\/SOAR:<\/strong> Sumo Logic, Splunk, or Azure Sentinel.<\/li>\n\n\n\n<li>\u200b<strong>CSPM:<\/strong> <strong>Wiz, Prisma, or Orca<\/strong> (Cloud Security Posture Management).<\/li>\n\n\n\n<li>\u200b<strong>Vulnerability Management:<\/strong> Qualys, Tenable, or Rapid7.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u200b<strong>Cloud &amp; Networking:<\/strong> Foundational knowledge of <strong>AWS<\/strong>; basic understanding of Linux\/Windows and TCP\/IP networking.<\/li>\n\n\n\n<li>\u200b<strong>Threat Intelligence:<\/strong> Solid understanding of the <strong>MITRE ATT&amp;CK<\/strong> framework.<\/li>\n\n\n\n<li>\u200b<strong>Certifications (Preferred):<\/strong> CompTIA <strong>CySA+<\/strong>, GCIH, GCIA, GSOC, or <strong>CISSP Associate<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bWhy This Role is Unique<\/h2>\n\n\n\n<p>\u200bThis position is unique because it doesn&#8217;t pigeonhole the analyst into a single silo. You are expected to be technical enough to tune a SIEM and investigate a cloud alert, but also professional enough to conduct a full security risk assessment for a new vendor. It offers a clear path toward security architecture or management by providing exposure to the <strong>GRC<\/strong> side of the house.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u200bThis is a full-time, Remote role at OppFi, a tech-enabled financial platform. Despite the &#8220;III&#8221; designation, the role functions as a high-level operational and tactical contributor, blending Security Operations (SecOps) with Governance, Risk, and Compliance (GRC). The position is ideal for an analyst who wants to bridge the gap between technical incident response and strategic [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","jobpost_category":[44,734],"jobpost_job_type":[39],"jobpost_location":[],"jobpost_tag":[3836,3913,72,1936,3915,3911,81,3912,3914,2823],"class_list":["post-852","jobpost","type-jobpost","status-publish","hentry","jobpost_category-security","jobpost_category-support-service","jobpost_job_type-remote","jobpost_tag-3-5-years-experience","jobpost_tag-aws-security","jobpost_tag-fintech","jobpost_tag-grc","jobpost_tag-nist-ffiec","jobpost_tag-oppfi","jobpost_tag-remote","jobpost_tag-senior-security-analyst-iii","jobpost_tag-siem-edr","jobpost_tag-vulnerability-management"],"_links":{"self":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost\/852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost"}],"about":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/types\/jobpost"}],"author":[{"embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/media?parent=852"}],"wp:term":[{"taxonomy":"jobpost_category","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_category?post=852"},{"taxonomy":"jobpost_job_type","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_job_type?post=852"},{"taxonomy":"jobpost_location","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_location?post=852"},{"taxonomy":"jobpost_tag","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_tag?post=852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}