Director, Governance Risk & Compliance (GRC)

The Director, Governance, Risk & Compliance (GRC) is a key leader within the organization responsible for driving governance, oversight and assurance activities that strengthen Atomic’s overall security and compliance posture. This role provides independent challenge, transparency, and strategic guidance to ensure risk is effectively managed and security practices align with customer and regulatory expectations and industry standards.

This leader will oversee the Compliance team, advancing capabilities in policy governance, IT/IS and third-party risk assessments, program testing and security awareness. The Director will partner closely with internal teams to align risk management practices, enhance program maturity and deliver meaningful reporting to executive leadership.

Who we are:

Atomic is building a more connected financial landscape that enables consumers to connect their payroll and financial data to services that will better their financial lives.

At Atomic we're focused on building an incredible business while also having a huge social impact. We work with 8 of the top 10 financial institutions and 13 of the top 20 neobanks in the country to deliver exceptional user experiences and help people manage their money.

Responsibilities:

• Provide direction, coaching and development for the Compliance team to ensure effective execution of security governance, risk and compliance activities.

• Draft, maintain and evolve policies, standards, and procedures to align with industry best practices, regulatory requirements, and business needs.

• Serve as a primary contact for PCI DSS, SOC 2, NIST and security and compliance related customer and prospect audits and assessments.

• Coordinate security program testing, control validations, and independent assessments to validate program effectiveness and compliance with frameworks such as NIST CSF and PCI DSS, overseeing timely tracking, remediation and reporting of control gaps.

• Oversee annual enterprise risk assessments, security reviews, business impact analyses, business continuity/incident response tabletops, and critical service provider assessments, ensuring identification, tracking and remediation of risks.

• Drive continuous improvement of GRC processes, tools and methodologies to enhance program maturity.

• Partner with business units to strengthen a multifaceted security, privacy and compliance awareness program, fostering a culture of shared responsibility for information security, privacy and compliance.

• Develop, track, and report meaningful metrics and key risk indicators (KRIs) for Executive Leadership.

• Collaborate with Human Resources, Engineering, IT and other internal teams to ensure alignment of security practices across the enterprise.

• Work with internal teams to track and verify remediation of issues identified during testing, ensuring timely and effective resolution and reporting.

• Provide guidance to the company on emerging risks, industry trends, and regulatory expectations to influence security strategy and business decisions.

• Perform other functions as assigned.

Qualifications:

• Bachelor’s or Master’s degree in Information Security, Cybersecurity, Computer Science, Management Information Systems, or a related field, or related experience.

• 5+ years of experience in Information Security

• 1+ year of direct people management experience, including managing performance, coaching and developing personnel

• 3+ years working with security and risk frameworks such as PCI DSS NIST, ISO, CIS, etc.

• 3+ years of hands-on experience in control testing methodologies, risk assessments, and/or security audits and assessments

• Strong knowledge of security frameworks (PCI DSS, NIST CSF, ISO 27001, etc.)

• A professional certification such as CISSP, CISM, CRISC, or CISA is a plus

• Strategic thinker with a proactive and solutions-oriented approach

• Proven ability to influence senior stakeholders and partner with engineering and technology teams

• Financial services or highly regulated industry experience is a plus

• Effective communication and leadership skills

  About Atomic Financial:

  At Atomic, we're building financial connectivity that enables the fintech and financial services ecosystem to connect consumers to the data in their payroll accounts, drive conversions of direct deposit linked products, verify income and employment history in real-time, update the card-on-file in merchants, and manage their subscriptions and bills.

  We believe consumers should be able to easily share their own payroll data to improve their financial outcomes. However, connecting to the data is cumbersome, met with non-specialized solutions, which is why we founded Atomic.

  Signing up for a mortgage? We make it so you can submit your paystub and W-2 in seconds. Getting a credit card? We can verify you're employed in real-time. Switching banks? We can instantly and securely move your direct deposit to the financial institution of your choice.

  We build user-permissioned connectivity into payroll and merchant systems. Our products are used by some of the largest financial brands in the world, and we're funded by some of the best investors in the world, including Greylock (investor in LinkedIn, Nextdoor, Airbnb, and others), Core Innovation Capital (invested in Ripple, Nerd Wallet, and others), and Portag3 (invested in WealthSimple, Albert, and others).

  Our team has been the reason for our success thus far, and it will be the reason we continue to succeed. We're looking to continue to grow our world-class team to shape the tomorrow of Atomic.

  Atomic's Culture is:

  • Innovative - we're on the bleeding edge of the fintech space empowering some of the coolest brands in the world.

  • Transparent - we believe in being transparent with everyone in our company. Feel free to ask how we deliver on this promise during the interview process.

  • Customer-centric - we're wild about our customers.

  • Fun - We all spend a big portion of our lives with colleagues, so we want it to be fun. Our last company activity was a virtual escape room. Each team competed and we had a blast!

  Atomic is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.