Technology Control Automation Specialist

The role:

The GRC Control Automation Specialist automates cybersecurity compliance, reducing manual effort and increasing audit reliability. This role blends risk management, cybersecurity operations, and automation engineering to streamline evidence collection and control validation, crucial for SoFi's growth and regulatory demands. The specialist will also manage due diligence inquiries, leveraging automation platforms to scale operations and accelerate business opportunities.

Collaboration with control owners, engineers, and audit teams is key to identifying automation opportunities, implementing scripts or integrations, and validating outputs against frameworks like PCI DSS, SOX, and SOC 2. This position supports continuous control monitoring and audit readiness.

What you’ll do:

• Design and architect technology and cybersecurity controls monitoring and testing function, leveraging enterprise compliance automation platforms, agentic AI, tools and workflows.

• Implement automated monitoring (anomaly detection) and surveillance methods to ensure systems operate within defined guardrails

• Create risk and compliance dashboards, remediation performance metrics, ticketing criteria, remediation queue monitoring, tracking, measuring and communicating key performance activities for Technology and Cybersecurity library of controls

• Automate manual cybersecurity and compliance controls and administration of the compliance automation platform for audit support (e.g.,SOC 2, SOX, PCI DSS).

• Develop automated control enforcement mechanisms (e.g., scripts, APIs, policy checks), integrating controls as code logic into CI/CD pipelines, cloud environments, and endpoint tools.

• Enable continuous control monitoring (CCM) by developing reusable logic and ensuring automated controls produce auditable evidence.

• Support internal and external audits by providing access to accurate automated evidence and system logs.

• Analyze automated test gaps, distinguishing false positives from true findings, and driving remediation.

• As required, collaborate with security, engineering, business and other stakeholders to collect security questionnaire responses.

• Maintain a control automation backlog and document all automated control logic.

What you'll need:

• Bachelor's degree or equivalent experience.

• 3–5+ years in developing AI agents, cybersecurity, GRC, compliance operations, or DevSecOps.

• Experience with enterprise AI tools and GRC and compliance automation platforms (e.g., Anecdotes, ServiceNow, Auditboard, Drata, Vanta, Safebase).

• Strong experience in technology risk management, cybersecurity, or compliance

• Experience integrating governance gates into CI/CD and MLOps pipelines

• Strong knowledge of security frameworks and standards (e.g., NIST AI RMF, ISO42001, PCI DSS, SOX, GLBA, ISO 27001, NIST CSF, SOC 2).

• Familiarity with SIEM, cloud platforms (AWS, GCP), IaC, and scripting (e.g., Terraform, Python).

• Foundational knowledge of cloud architecture and cybersecurity principles.

• Strong analytical and troubleshooting skills, with an eye for efficiency and risk reduction.

• Exceptional organizational skills, attention to detail, and ability to manage multiple projects.

• Excellent documentation, collaboration, and communication skills.

• AI/LLM Knowledge: understanding of developer productivity tools like Claude Code, Cursor and Large Language Models, agent frameworks (e.g., LangChain, AutoGPT), and RAG architecture.

• Security Engineering: Strong background in application security, cloud security (AWS/GCP/Azure), and threat modeling.

Nice to have:

• Direct experience with external auditors and regulatory bodies.

• Professional certifications (e.g., CISSP, CISA, CRISC, AWS Solutions Architect, cloud security).

• Experience in fintech or financial services.

• Hands-on experience with API integrations or light scripting.

• High-level stakeholder management, influence without authority, and ability to navigate ambiguity