Intuit Credit Karma is a mission-driven company, focused on championing financial progress for our more than 130 million members globally. While we're best known for pioneering free credit scores, our members turn to us for everything related to their financial goals, including identity monitoring, applying for credit cards, shopping for insurance and loans (car, home and personal) and savings accounts and checking accounts* -- all for free. Credit Karma has grown significantly through the years: we now have more than 1,700 employees across our offices in Oakland, Charlotte, Culver City, San Diego, London and New York City.

*Banking services provided by MVB Bank, Inc., Member FDIC

Security is a core value at Credit Karma. We help millions of people better manage their credit. Safeguarding their sensitive information is critical to our continued success. From the CEO down to each individual engineer, everyone views security as a personal responsibility.

We are seeking a skilled and experienced Staff Security GRC (Governance, Risk and Compliance) Analyst to join our dynamic team. The successful candidate will play a crucial role in identifying key initiatives based on the organization’s GRC strategy, industry best practices and emerging trends. Additionally, this role will directly support the Director of Security GRC with strategy and roadmap development, and act as a GRC domain advisor to the business.

What you’ll do:

  • Lead and manage enterprise-level GRC projects from initiation to completion, ensuring timely delivery and adherence to project objectives, timelines and budgets.
  • Proactively identify gaps or improvement opportunities in existing GRC processes. Develop and implement frameworks and solutions to enable process maturation, leveraging automation or other mechanisms. 
  • Conduct technical security reviews and risk assessments. 
  • Provide technical guidance and oversight to the GRC team, to ensure effective identification, assessment and mitigation of security risks across the third-party ecosystem, including vendors, partners and cloud service providers.
  • Represent the security organization in discussions and negotiations with third-party entities, effectively communicating our security posture to external stakeholders. 
  • Engage with third-parties, to provide guidance in understanding and adhering to CK’s security standards and requirements, advocating for the implementation of appropriate security controls.  
  • Conduct security audits, assessments and gap analyses to identify areas of non-compliance. Develop and implement remediation plans to address gaps and deficiencies
  • Prepare comprehensive reports and presentations to communicate GRC initiatives, risk assessments, security metrics and dashboards to senior management and relevant stakeholders 

What we’re looking for:

  • 8+ years of experience in cybersecurity, risk management or GRC roles
  • Proven experience in leading the design, implementation and management of enterprise-level GRC programs, with the ability to lead cross functional teams and manage multiple projects simultaneously
  • Proficient in information security principles, risk management frameworks,  compliance regulations and industry best practices

What we’d like to see:

  • Bachelor’s degree in Computer Science, Information Security or equivalent professional experience 
  • Relevant industry certifications (e.g. CISSP, CISM, CRISC, CCSP)
  • Knowledge of, or experience working with, cloud-services environment (GCP, AWS etc) and cloud security controls

What’s great about the role:

  • Carrying out two positive missions at the same time: helping people take back control of their credit and helping to keep their personal information safe.
  • Solving security problems at scale in a highly technology-focused team, with a culture of “how to do this safely”, not a culture of “no”.
  • Spending way less time convincing anyone why security is important and way more time talking about how to manage risk effectively - the importance of security is woven into our DNA already!
  • If you are a driven and experienced Security Risk professional with a passion for continuous improvement and a track record of successfully leading GRC initiatives, we encourage you to apply for this exciting opportunity. 

Benefits at Credit Karma include: 

  • Medical and Dental Coverage
  • Retirement Plan
  • Commuter Benefits
  • Wellness perks
  • Paid Time Off (Vacation, Sick, Baby Bonding, Cultural Observance, & More)
  • Education Perks
  • Paid Gift Week in December

Equal Employment Opportunity:

Credit Karma is proud to be an Equal Employment Opportunity Employer. We welcome all candidates without regard to race, color, religion, age, marital status, sex (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity or gender expression, national origin, veteran or military status, disability (physical or mental), genetic information or other protected characteristic. We prohibit discrimination of any kind and operate in compliance with applicable fair chance laws. 

Credit Karma is also  committed to a diverse and inclusive work environment because it is the right thing to do. We believe that such an environment advances long-term professional growth, creates a robust business, and supports our mission of championing financial progress for everyone. We offer generous benefits and perks with a single eye to nourishing an inclusive environment that recognizes the contributions of all and fosters diversity by supporting our internal Employee Resource Groups. We’ve worked hard to build an intensely collaborative and creative environment, a diverse and inclusive employee culture, and the opportunity for professional growth. As part of the Credit Karma team, your voice will be heard, your contributions will matter, and your unique background and experiences will be celebrated.

Please contact candidate.support@creditkarma.com if you are interested in employment with Credit Karma and need special assistance or an accommodation to either apply or interview for a specific role.

Privacy Policies:

Credit Karma is strongly committed to protecting personal data. Please take a look below to review our privacy policies:

Apply for this Job

* Required

resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)


Enter the verification code sent to to confirm you are not a robot, then submit your application.

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.