Tally makes people less stressed and better off financially. Currently at Series C with $92MM in funding, we are a team that is democratizing financial services to put billions of dollars back in people’s pockets. Tally built the first fully automated debt manager to help people overcome credit card debt and provides a completely free automated savings service, Tally Save. Tally’s vision is to automate people’s entire financial lives so they can worry about money less and do what they love more.
The Legal & Compliance Team at Tally prides itself on partnering with our teammates to champion our customer’s interests and find creative, compliant, and efficient solutions to further Tally’s mission of making people less stressed and better off financially. Tally’s Legal & Compliance team provides company-wide leadership, support, and independent oversight to ensure that business units understand and abide by applicable laws, rules, and regulations. And we think one of the most important ways to ensure Tally builds amazing experiences for our users is to grow and protect Tally’s culture and its most valuable resource: our Tally teammates! We are committed to the success of Tally’s mission and we believe that creating an environment where our teammates can succeed and thrive at Tally is mission critical.
We’re seeking an Information Security Compliance Manager to support our growth, help us build our company's critical infosec compliance programs and help manage our security program. The ideal candidate will be excited to take ownership of security compliance, have exceptional organizational and project management skills, and a willingness to learn. This role is based in San Francisco.
- Define, review and update organizational policies, practices, training programs and standards that govern security and operational functions associated with Tally’s systems, networks, and products
- Design and implement processes and procedures suitable for security and compliance audits
- Partner with the security engineering team to build a robust, secure and operationally mature organization
- Partner with the security engineering team to lead the day-to-day security monitoring, incident response and compliance development
- Perform vendor security reviews
- Meeting with affected groups and simplifying compliance requirements into actionable tasks
- Scoping and planning audits, coordinating and managing outside auditors, and driving resulting remediation items
- Facilitating SOC 2 and ISO certifications, design and implement controls based on the ISO27001 and SOC standards
- Partner with the Business and Engineering teams to conduct Business Continuity and Disaster recovery planning and testing
- Develop and implement Vendor Risk Management Framework
- Conduct quarterly risk audits and reviews
In this role we value:
- Successful track-record of leading audits for tech companies (IPCI-DSS Level-1, SOC2 Type II, ISO27001)
- Experience managing multiple compliance efforts and an intimate familiarity with process design, implementation and evidence collection
- Information security and compliance experience
- Degree in computer science, information security or related field, or comparable experience
- Excellent communication and interpersonal skills
- CISA, CISSP or equivalent certification (preferred, but not required)
- Commitment to success, integrity, and an all-around good person