Lendistry is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, or membership in any other group protected by federal, state, or local law.
If you need assistance or accommodation due to a disability, you may contact us at [email protected]
Lendistry does not accept unsolicited resumes from recruiters, employment agencies, or staffing firms. To conduct business with Lendistry, a Master Services Agreement (MSA) must be executed and confirmed prior to submitting any information relating to a potential candidate. Without a signed MSA, Lendistry shall not be responsible to any individual or entity for any payment relating to any form of fee or compensation.
And, in the event that a resume or candidate is submitted by a recruiter, an employment agency, or a staffing firm without a fully executed MSA, Lendistry has the unrestricted right to pursue and hire any of those candidate(s) without any legal or financial responsibility to the recruiter, agency, and/or firm.
A Day in the Life
The GRC Analyst is a member of the Enterprise Security team within the Technology Department and serves as a key contributor to Lendistry's Governance, Risk, and Compliance (GRC) program. This role is responsible for transforming control outputs, audit evidence, vendor assessments, incident data, policy exceptions, and compliance activities into actionable insights that strengthen the organization's security and compliance posture.
The GRC Analyst supports the development, maintenance, and continuous improvement of Lendistry's control environment across multiple regulatory and compliance frameworks, including SOC 2, GLBA, SBA program requirements, state lending regulations, and CCPA/CPRA. This position works closely with Security Engineering, Information Technology, Legal, Compliance, Privacy, and business stakeholders to ensure controls remain effective, measurable, auditable, and aligned with business objectives.
This role is accountable for supporting audit readiness, evidence collection, risk assessments, vendor risk management, policy governance, and compliance reporting. The ideal candidate is analytical, detail-oriented, comfortable working with data, and capable of communicating complex compliance concepts to both technical and non-technical audiences.
Lendistry: Who We Are
We’re proud to be the nation’s largest minority-led, tech-savvy lender for small businesses and commercial real estate. As a certified Community Development Financial Institution (CDFI) and Community Development Entity (CDE), our mission is all about creating economic opportunities and fueling growth for small business owners and their communities. Join us as we pave the way with innovative financing and financial education!
What You’ll Be Doing
Governance, Risk & Compliance Operations
Maintain and support Lendistry's enterprise control inventory across multiple frameworks including SOC 2, GLBA, SBA requirements, state lending regulations, and privacy requirements.
Support evidence collection, control testing, and audit readiness activities utilizing GRC platforms such as Vanta, Drata, Hyperproof, AuditBoard, or similar tools.
Coordinate audit requests, maintain audit documentation, and assist internal and external auditors throughout examination cycles.
Track compliance findings, remediation activities, and control exceptions through resolution.
Maintain and support the organization's policy management lifecycle, including annual reviews, attestations, approvals, and version control.
Risk Analysis & Reporting
Develop and maintain compliance and risk dashboards, metrics, and reporting for Security leadership, executive management, and other stakeholders.
Analyze compliance, audit, and control data to identify trends, recurring issues, emerging risks, and opportunities for process improvement.
Assist with enterprise risk assessments for new products, vendors, technologies, business initiatives, and regulatory requirements.
Support the maintenance and ongoing review of the enterprise risk register.
Vendor & Third-Party Risk Management
Support the vendor risk management program, including risk assessments, due diligence reviews, documentation, monitoring activities, and offboarding processes.
Review SOC reports, security questionnaires, compliance attestations, and other vendor documentation to evaluate third-party risk.
Maintain accurate records of vendors, data flows, and third-party relationships that impact Lendistry's information security and privacy obligations.
Regulatory & Compliance Support
Monitor regulatory, privacy, and compliance developments impacting the organization and assist with implementing necessary control updates.
Support privacy and compliance initiatives related to GLBA, CCPA/CPRA, SBA programs, and other applicable requirements.
Assist with incident documentation, corrective action tracking, and compliance reporting requirements.
Partner with Privacy, Legal, Compliance, Security, and business stakeholders to ensure ongoing compliance obligations are met.
Cross-Functional Collaboration
Partner with Security Engineering and IT teams to translate technical controls into auditable evidence.
Collaborate with Legal, Compliance, Privacy, Product, and Engineering teams to ensure appropriate controls are incorporated into business operations and technology initiatives.
Communicate compliance requirements, audit findings, and risk-related information clearly to diverse stakeholder groups.
Perform other duties as assigned to support the efficient and effective operation of the department and that help to make Lendistry the best place to work!
Your Areas of Knowledge and Expertise
Required Qualifications
-
Minimum of 3 years of experience in Governance, Risk & Compliance (GRC), Information Security, IT Audit, Risk Management, Compliance, or a related field.
-
Experience working within regulated environments such as financial services, fintech, banking, lending, SaaS, or similar industries.
-
Working knowledge of SOC 2 controls, audit methodologies, and evidence collection practices.
-
Familiarity with GLBA Safeguards Rule and broader information security compliance programs.
-
Understanding of privacy regulations, including CCPA/CPRA, and related compliance requirements.
-
Experience utilizing GRC platforms such as Vanta, Drata, Hyperproof, AuditBoard, OneTrust, LogicGate, or similar solutions.
-
Strong analytical and problem-solving skills with the ability to evaluate data and identify risk trends.
-
Advanced proficiency in Microsoft Excel and/or Google Sheets; SQL experience preferred.
-
Experience preparing reports, dashboards, metrics, and executive-level summaries.
-
Strong written and verbal communication skills with the ability to present complex information clearly.
-
Excellent organizational skills and the ability to manage multiple priorities simultaneously.
Preferred Qualifications
-
Professional certifications such as CISA, CRISC, CISM, CIPP/US, CRCM, or similar.
-
Experience supporting SBA 7(a), SBA 504, CDFI, or other government lending programs.
-
Experience supporting bank partner audits, regulator examinations, or financial institution compliance programs.
-
Familiarity with NIST Cybersecurity Framework (CSF), NIST 800-53, FFIEC, or related frameworks.
-
Exposure to AI governance frameworks, including NIST AI Risk Management Framework (AI RMF).
-
Bachelor's degree in Information Systems, Accounting, Business Administration, Cybersecurity, Information Security, or a related field; or equivalent combination of education and experience.
Core Competencies
-
Analytical thinking and attention to detail.
-
Strong sense of ownership and accountability.
-
Sound risk judgment and decision-making skills.
-
Integrity and professionalism when handling sensitive information.
-
Effective collaboration and stakeholder management.
Why You'll Love Working Here:
Comprehensive Medical, Dental, and Vision Insurance
Generous Paid Time Off
Birthday Day Off
12 Paid Company Holidays
401(k) Match
FSA and HSA
Paid Life Insurance
Paid Disability Insurance
Pet Insurance
Employee Assistance Program (EAP)
Professional Development Courses
In Office Provided Snacks and Drinks
Gym Facilities (LA & Tustin/CEC Offices)
In Office Engagement Activities
Compensation Range
The US base salary range for this full-time position is $76,100 - $100,000 annually.
Our salary ranges are determined by role, level, and location.
The range displayed on each job posting reflects the minimum and maximum base salary for new hires for the position across all US locations. Within the range, individual pay is determined by multiple factors like job-related skills, experience, and state of residence. Your recruiter can share more about the specific salary range during the interview process.
Please note that the compensation details listed in US role postings reflect the base salary only, and do not include any variable compensation elements.
Physical Requirements
This is a stationary position that requires frequent sitting (approximately 95%), repetitive wrist motions, grasping, speaking, listening, close vision, and the ability to adjust focus. It also may require occasional standing, lifting, carrying of 20lbs or less, walking, kneeling, bending/stooping, twisting, pulling/pushing, and reaching above the shoulder. Employees in this position must be physically able to efficiently perform the essential functions of the position.
ACKNOWLEDGEMENT
B.S.D. Capital, Inc. dba Lendistry is an equal employment opportunity employer committed to providing its employees, applicants and other covered persons with equal opportunities without regard to race, color, age (40 or older), religious creed (including religious belief, practice or dress and grooming practices), national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender (including pregnancy, childbirth or medical condition related to pregnancy or childbirth), gender expression, gender identity, sexual orientation, military or veteran status (including past, current or prospective service), or any other characteristic protected under applicable federal, state or local law.
