About Extend:
Extend is revolutionizing the post-purchase experience for retailers and their customers by providing merchants with AI-driven solutions that enhance customer satisfaction and drive revenue growth. Our comprehensive platform offers automated customer service handling, seamless returns/exchange management, end-to-end automated fulfillment, and product protection and shipping protection alongside Extend's best-in-class fraud detection. By integrating leading-edge technology with exceptional customer service, Extend empowers businesses to build trust and loyalty among consumers while reducing costs and increasing profits.Today, Extend works with more than 1,000 leading merchant partners across industries, including fashion/apparel, cosmetics, furniture, jewelry, consumer electronics, auto parts, sports and fitness, and much more.
Extend is backed by some of the most prominent technology investors in the industry, and our headquarters is in downtown San Francisco.
What You'll Do:
- Lead Compliance Auditing Process
- Manage annual SOC2 audit processes and maintain DFS500 compliance
- Coordinate with external auditors and internal stakeholders
- Develop and implement audit preparation procedures
- Track remediation efforts for audit findings
- Develop and Maintain GRC Documentation
- Compile and update security, privacy, and risk policies
- Ensure policies align with regulatory requirements and industry standards
- Create and maintain standards, procedures, and controls documentation
- Collaborate with cross-functional teams to implement GRC requirements
- Manage Risk Management Program
- Oversee risk assessment and analysis activities
- Develop risk mitigation strategies and track implementation
- Maintain risk register and reporting metrics
- Facilitate business continuity and disaster recovery planning
- Additional Responsibilities
- Provide GRC guidance and thought leadership to senior management
- Oversee vulnerability management processes
- Lead security awareness and training initiatives
- Support incident response activities when needed
- Generate reports and metrics for executive leadership
What We're Looking For:
- 10+ years of experience in information security, risk management, or compliance
- 2+ years in a leadership role managing GRC programs
- Strong knowledge of security frameworks (SOC2, NIST, ISO) and regulatory requirements
- Experience with DFS500 compliance preferred
- Demonstrated ability to develop and implement risk management strategies
- Excellent communication skills - able to translate technical concepts for non-technical audiences
- Experience with compliance automation tools and GRC platforms
- Strong project management and organizational skills
- Ability to work effectively in a fast-paced, remote environment
- Relevant certifications (CISA, CISSP, CRISC, etc.) preferred
Why Extend?
- Opportunity to shape GRC processes at a rapidly growing fintech company
- Competitive compensation and benefits package
- Remote-first work environment
- Collaborative culture with experienced leadership team
- Make an impact while working with cutting-edge technology
- Extend is an equal opportunity employer committed to diversity and inclusion in the workplace.
Expected Pay Range: $189,000 - $205,000 per year salaried** The target base salary range for this position is listed above. Individual salaries are determined based on a number of factors including, but not limited to, job-related knowledge, skills and experience.
Life at Extend:
- Working with a great team from diverse backgrounds in a collaborative and supportive environment.
- Competitive salary based on experience, with full medical and dental & vision benefits.
- Stock in an early-stage startup growing quickly.
- Very generous, flexible paid time off policy.
- 401(k) with Financial Guidance from Morgan Stanley.
Extend CCPA HR Notice
