GRC/Data Privacy Specialist

Lendistry is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, or membership in any other group protected by federal, state, or local law.

If you need assistance or accommodation due to a disability, you may contact us at hr@lendistry.com

Lendistry does not accept unsolicited resumes from recruiters, employment agencies, or staffing firms. To conduct business with Lendistry, a Master Services Agreement (MSA) must be executed and confirmed prior to submitting any information relating to a potential candidate. Without a signed MSA, Lendistry shall not be responsible to any individual or entity for any payment relating to any form of fee or compensation.

And, in the event that a resume or candidate is submitted by a recruiter, an employment agency, or a staffing firm without a fully executed MSA, Lendistry has the unrestricted right to pursue and hire any of those candidate(s) without any legal or financial responsibility to the recruiter, agency, and/or firm.

A Day in the Life

The Security Engineer Lead is a senior, hands-on technical leader responsible for designing, executing, and continuously maturing the enterprise vulnerability management and security risk program across IT, cloud, and third-party environments. This role partners closely with Infrastructure, Cloud Engineering, Application Engineering, GRC, Legal, and Executive Leadership to ensure security risks are identified early, measured accurately, and reduced effectively without slowing business velocity.

This role is accountable for vulnerability identification, prioritization, remediation governance, risk acceptance, executive reporting, and operational security support. The Security Engineer Lead is comfortable operating both strategically and tactically, leading cross-functional remediation efforts, responding to incidents, and communicating risk clearly to technical and non-technical stakeholders.

Lendistry: Who We Are

We’re proud to be the nation’s largest minority-led, tech-savvy lender for small businesses and commercial real estate. As a certified Community Development Financial Institution (CDFI) and Community Development Entity (CDE), our mission is all about creating economic opportunities and fueling growth for small business owners and their communities. Join us as we pave the way with innovative financing and financial education!

What You’ll Be Doing

• Own and lead the end-to-end vulnerability management program across corporate IT, cloud (AWS/Azure), and supporting infrastructure

• Define vulnerability intake, prioritization, remediation SLAs, escalation paths, and risk acceptance processes

• Drive remediation accountability with engineering and IT teams while balancing business impact and risk

• Manage vulnerability exception and risk waiver processes, including documentation, approvals, and periodic reviews

• Operate and optimize vulnerability scanning tools across infrastructure, cloud, and endpoints

• Leverage SIEM and EDR platforms to support vulnerability correlation, threat detection, and incident response

• Partner with SOC and MSSP providers to support monitoring and response activities

• Participate in security incident response activities, including investigation, containment, remediation, and post-incident reviews

• Conduct vendor security assessments and manage third-party security risk

• Support SOC 2, ISO 27001, and other regulatory compliance and audit activities

• Develop and maintain security dashboards, KPIs, and executive risk reporting

Your Areas of Knowledge and Expertise

• 7+ years of experience in cybersecurity engineering or security operations with demonstrated leadership

• Proven experience leading an enterprise vulnerability management program

• Hands-on experience with vulnerability scanners, SIEM, EDR, and cloud platforms (AWS/Azure)

• Experience conducting vendor security assessments using recognized frameworks

• Direct involvement in incident response and operational security workflows

• Working knowledge of SOC 2 and ISO 27001 frameworks

• Experience producing executive-level security and risk reporting

Why You'll Love Working Here:

• Comprehensive Medical, Dental, and Vision Insurance
• Generous Paid Time Off
• Birthday Day Off
• 12 Paid Company Holidays
• 401(k) Match
• FSA and HSA
• Paid Life Insurance
• Paid Disability Insurance
• Pet Insurance
• Employee Assistance Program (EAP)
• Professional Development Courses
• In Office Provided Snacks and Drinks
• Gym Facilities (LA & Tustin/CEC Offices)
• In Office Engagement Activities

Compensation Range

The US base salary range for this full-time position is $109,000 - $145,000 annually.

Our salary ranges are determined by role, level, and location.

The range displayed on each job posting reflects the minimum and maximum base salary for new hires for the position across all US locations. Within the range, individual pay is determined by multiple factors like job-related skills, experience, and state of residence. Your recruiter can share more about the specific salary range during the interview process.

Please note that the compensation details listed in US role postings reflect the base salary only, and do not include any variable compensation elements.

Physical Requirements

This is a stationary position that requires frequent sitting (approximately 95%), repetitive wrist motions, grasping, speaking, listening, close vision, and the ability to adjust focus. It also may require occasional standing, lifting, carrying of 20lbs or less, walking, kneeling, bending/stooping, twisting, pulling/pushing, and reaching above the shoulder. Employees in this position must be physically able to efficiently perform the essential functions of the position.

ACKNOWLEDGEMENT
B.S.D. Capital, Inc. dba Lendistry is an equal employment opportunity employer committed to providing its employees, applicants and other covered persons with equal opportunities without regard to race, color, age (40 or older), religious creed (including religious belief, practice or dress and grooming practices), national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender (including pregnancy, childbirth or medical condition related to pregnancy or childbirth), gender expression, gender identity, sexual orientation, military or veteran status (including past, current or prospective service), or any other characteristic protected under applicable federal, state or local law.