InfoSec Control Automation Specialist

Role Summary

The GRC Control Automation Specialist automates cybersecurity compliance, reducing manual effort and increasing audit reliability. This role blends risk management, cybersecurity operations, and automation engineering to streamline evidence collection and control validation, crucial for SoFi’s growth and regulatory demands. The specialist will also manage due diligence inquiries, leveraging automation platforms to scale operations and accelerate business opportunities.

Collaboration with control owners, engineers, and audit teams is key to identifying automation opportunities, implementing scripts or integrations, and validating outputs against frameworks like PCI DSS, SOX, and SOC 2. This position supports continuous control monitoring and audit Readiness.

What You’ll Do

• Automate manual cybersecurity and compliance controls and administration of the compliance automation platform for audit support (e.g.,SOC 2, SOX, PCI DSS).

• Develop automated control mechanisms (e.g., scripts, APIs, policy checks), integrating validation logic into CI/CD pipelines, cloud environments, and endpoint tools.

• Enable continuous control monitoring (CCM) by developing reusable logic and ensuring automated controls produce auditable evidence.

• Support internal and external audits by providing access to accurate automated evidence and system logs.

• Develop dashboards visualizing compliance status and resolve platform integration errors.

• Analyze automated test gaps, distinguishing false positives from true findings, and driving remediation.

• Manage the Inbound Due Diligence platform to automate security questionnaire responses, ensuring accuracy and updating Trust Centers.

• As required, collaborate with business and other stakeholders to collect security questionnaire responses.

• Maintain a control automation backlog and document all automated control logic.

What You’ll Bring

• Bachelor's degree or equivalent experience.
• 3–5+ years in cybersecurity, GRC, compliance operations, or DevSecOps.
• Experience with GRC and compliance automation platforms (e.g., Anecdotes, Drata,

Vanta, Safebase).

• Strong knowledge of security frameworks (e.g., PCI DSS, SOX, GLBA, ISO 27001, NIST CSF, SOC 2).

• Familiarity with SIEM, cloud platforms (AWS, GCP), IaC, and scripting (Terraform, Python).

• Foundational knowledge of cloud architecture and cybersecurity principles.
• Strong analytical and troubleshooting skills, with an eye for efficiency and risk reduction.
• Exceptional organizational skills, attention to detail, and ability to manage multiple projects.

• Excellent documentation, collaboration, and communication skills.
• Experience managing third-party due diligence or security questionnaires.

Nice to Have

• Direct experience with external auditors and regulatory bodies.
• Professional certifications (e.g., CISA, CRISC, AWS Solutions Architect, cloud security).
• Experience in fintech or financial services.
• Hands-on experience with API integrations or light scripting.