About Upstart
At Upstart, we’re united by a mission that matters: to radically reduce the cost and complexity of borrowing for all Americans. Every day, we bring creativity, experimentation, and advanced AI to reshape access to credit, helping millions move forward financially with clarity and confidence.
As the leading AI lending marketplace, we partner with banks and credit unions to expand access to affordable credit through technology that’s both radically intelligent and deeply human. Our platform runs over one million predictions per borrower using more than 1,800 signals, powering smarter, fairer decisions for millions of customers. But the numbers only hint at the impact. Every idea, every voice, and every contribution moves us closer to a world where credit never stands between people and their financial progress.
We’re proudly digital-first, giving most Upstarters the flexibility to do their best work from wherever they thrive, alongside teammates across 80+ cities in the US and Canada. Digital-first doesn’t mean distant. We’re intentional about in-person connection through team onsites, planning sessions, and moments that spark creativity and trust. And whether you choose to work primarily from home or collaborate in-person from one of our offices in Columbus, Austin, the Bay Area, or New York City (opening Summer 2026), you’ll have the support to work in the way that works best for you.
If you’re energized by tackling meaningful problems, excited to innovate with purpose, and motivated by work that truly matters, we’d love to hear from you.
**The Team: **
Upstart's Risk team is enhancing its second line of defense function in support of our application to establish Upstart Bank, N.A., a de novo national bank. The Risk team is responsible for Upstart's enterprise risk management program and risk governance, and for providing independent oversight and credible challenge across all core risk categories– including operational risk, third party risk, technology and information security risk, and treasury risk. We partner with first-line business functions, senior and executive leadership, and the board of directors to ensure effective identification, assessment, monitoring, reporting, and control of material risks, in alignment with OCC, FDIC, and FFIEC regulatory expectations.
As the Senior Manager, Technology Risk you will lead the second-line technology and information security risk oversight program for Upstart Bank. You will establish the bank's 2LOD technology risk framework– leveraging and enhancing Upstart's existing technology and information security risk infrastructure to meet bank regulatory standards– and will provide independent oversight and credible challenge of the first-line technology and information security functions across all technology domains, including IT operations, cybersecurity, cloud infrastructure, affiliate-provided technology, and core banking systems. This role reports to the head of third party and technology risk and manages a team of two technology and security risk professionals.
How you’ll make an impact
- Provide independent second-line review and credible challenge of first-line technology and information security activities, including but not limited to: cybersecurity controls, software development lifecycle (SDLC) and incident response programs, technology resiliency and third-party arrangements
- Oversee completion of the FFIEC Cybersecurity Assessment Tool (CAT) or equivalent framework; conduct technology and security risk assessments; and provide independent oversight of technology and security risks in alignment with OCC guidance on cloud computing
- Serve as a primary second-line point of contact for OCC examiners, internal audit, and other external stakeholders on technology risk and information security program topics and inquiries; prepare and deliver technology risk reporting to risk committees, the CRO, and the board.
- Build and lead a growing Technology Risk team, shaping how the bank identifies, prioritizes, and responds to its most important technology and security risks in alignment with applicable industry regulations
- Partner with first-line IT and cybersecurity teams, TPRM, ERM, Legal, and Compliance to ensure technology and information security risk is integrated into enterprise risk programs, cross-functional risk assessments, and the bank's overall 2LOD reporting and governance structure
**Minimum Qualifications **
- Bachelor's degree or equivalent practical experience in information technology, cybersecurity, or a related field
- 8+ years of experience in technology risk, information security risk management, IT audit, or GRC in a banking or financial services environment
- 3+ years of direct people management experience leading technology risk, information security governance, risk, and compliance, or information technology audit professionals
- Demonstrated experience applying FFIEC IT Examination Handbook standards and OCC guidance on technology risk and information security in a bank or federally regulated institution
- Experience engaging banking regulators (OCC, FDIC, or Federal Reserve) on technology risk, cybersecurity, or IT controls examination matters
Preferred Qualifications
- Experience building or significantly enhancing a technology risk or information security GRC program in a de novo bank, early-stage bank, or similar environment where the program required meaningful design and build-out
- Knowledge of cloud risk management and OCC/FFIEC guidance on cloud computing (OCC Bulletin 2020-46), particularly in cloud-native or fintech-adjacent technology environments
- Familiarity with affiliate technology risk oversight, including independent oversight of bank-affiliate technology service arrangements, associated data segregation requirements, and Regulation W implications
- Experience with GRC tool implementation or administration in a bank regulatory context
- Current professional certification in information security or technology risk management (CISSP, CISA, CRISC, CISM, or comparable)
- Knowledge of AI/ML technology risk and related governance considerations in a fintech, lending, or model-intensive operating environment
Position location This role is available in the following locations: Remote
Travel requirements As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions’ cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.
#LI-REMOTE
#LI-MidSenior
At Upstart, your base pay is one part of your total compensation package. The anticipated base salary for this position is expected to be within the below range. Your actual base pay will depend on your geographic location–with our “digital first” philosophy, Upstart uses compensation regions that vary depending on location. Individual pay is also determined by job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.
In addition, Upstart provides employees with target bonuses, equity compensation, and generous benefits packages (including medical, dental, vision, and 401k).
United States | Remote - Anticipated Base Salary Range
$172,100—$238,300 USD
What you'll love
At Upstart, our benefits are designed to support your health, financial well-being, family, and personal growth. Here’s what you can expect:
- Competitive compensation, including base pay, bonus opportunities, and annual equity grants that vest quarterly
- Retirement benefits to help you plan for the future, including a 401(k) or Group Retirement Savings Plan with a company match of $2 for every $1 contributed, up to $15,000 annually (USD in the US, CAD in Canada)
- Employee Stock Purchase Plan (ESPP) with discounted stock purchase options for eligible employees (US only)
- Comprehensive health coverage designed to support you and your family, including medical, dental, vision, and wellness resources for US and supplemental health coverage for Canada.
- Health Savings Account contributions from Upstart for eligible plans (US only)
- Income protection benefits, including life insurance and disability coverage for added financial security
- Paid time off, sick leave, and company holidays, in line with local requirements
- Paid family and parental leave to support caregiving and major life moments (duration varies by country)
- Family-centered benefits to support fertility, parenthood, and caregiving needs
- Employee Assistance Program (EAP) offering mental health support and life-centered resources
- Financial wellness resources, including access to financial planning tools and a financial concierge service (US Only)
- Annual wellness allowance to support your physical and emotional well-being and personal development, based on what matters most to you
- Annual productivity allowance to invest in relevant tools and resources you need to do your best work, no matter where you work from
- Connection and community through team events, all-company updates, and employee resource groups (ERGs)
- Onsite perks, including catered lunches and fully stocked micro-kitchens when working from one of our offices in the Bay Area, Austin, Columbus, and New York City (opening Summer 2026!)
For roles based in Canada, please note that we are not currently able to hire in Quebec.
Upstart is a proud Equal Opportunity Employer. Just as we are dedicated to improving access to affordable credit for all, we are committed to inclusive and fair hiring practices.
If you require reasonable accommodation in completing an application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please email candidate_accommodations@upstart.com
https://www.upstart.com/candidate_privacy_policy