Extend
Governance, Risk, and Compliance Lead
Job Description
About Extend:
Today, Extend works with more than 1,000 leading merchant partners across industries, including fashion/apparel, cosmetics, furniture, jewelry, consumer electronics, auto parts, sports and fitness, and much more. Extend is backed by some of the most prominent technology investors in the industry, and our headquarters is in downtown San Francisco.
What You'll Do:
- Lead Compliance Auditing Process
- Manage annual SOC2 audit processes and maintain DFS500 compliance
- Coordinate with external auditors and internal stakeholders
- Develop and implement audit preparation procedures
- Track remediation efforts for audit findings
- Develop and Maintain GRC Documentation
- Compile and update security, privacy, and risk policies
- Ensure policies align with regulatory requirements and industry standards
- Create and maintain standards, procedures, and controls documentation
- Collaborate with cross-functional teams to implement GRC requirements
- Manage Risk Management Program
- Oversee risk assessment and analysis activities
- Develop risk mitigation strategies and track implementation
- Maintain risk register and reporting metrics
- Facilitate business continuity and disaster recovery planning
- Additional Responsibilities
- Provide GRC guidance and thought leadership to senior management
- Oversee vulnerability management processes
- Lead security awareness and training initiatives
- Support incident response activities when needed
- Generate reports and metrics for executive leadership
What We're Looking For:
- 10+ years of experience in information security, risk management, or compliance
- 2+ years in a leadership role managing GRC programs
- Strong knowledge of security frameworks (SOC2, NIST, ISO) and regulatory requirements
- Experience with DFS500 compliance preferred
- Demonstrated ability to develop and implement risk management strategies
- Excellent communication skills - able to translate technical concepts for non-technical audiences
- Experience with compliance automation tools and GRC platforms
- Strong project management and organizational skills
- Ability to work effectively in a fast-paced, remote environment
- Relevant certifications (CISA, CISSP, CRISC, etc.) preferred
Why Extend?
- Opportunity to shape GRC processes at a rapidly growing fintech company
- Competitive compensation and benefits package
- Remote-first work environment
- Collaborative culture with experienced leadership team
- Make an impact while working with cutting-edge technology
- Extend is an equal opportunity employer committed to diversity and inclusion in the workplace.
Expected Pay Range: $189,000 - $205,000 per year salaried*
* The target base salary range for this position is listed above. Individual salaries are determined based on a number of factors including, but not limited to, job-related knowledge, skills and experience.
Life at Extend:
- Working with a great team from diverse backgrounds in a collaborative and supportive environment.
- Competitive salary based on experience, with full medical and dental & vision benefits.
- Stock in an early-stage startup growing quickly.
- Generous, flexible paid time off policy.
- 401(k) with Financial Guidance from Morgan Stanley.
Extend
Extend helps merchants generate revenue and mitigate fraud through modern post-purchase solutions like product and shipping protection. Lower risk. Greater reward.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.