Information Security Auditor

Website Dwolla Dwolla

Programmable Payments

Dwolla is one of the fastest growing technology companies in Des Moines and has been recognized by Fast Company as ‘one of the world’s most innovative companies.’ Joining the team at Dwolla means you will be entering a unique and fast-paced working environment. You will join our team in building the ideal platform to move money simply and securely, giving businesses the tools they need to access the ACH network and improve their payments process.

Dwolla, a leading provider of secure and reliable payment processing technologies, is currently at a very exciting time in its growth — entering new markets and deploying new technologies to existing ones. We are seeking an ambitious individual to help us grow and mature our internal information security compliance program. Dwolla maintains a SOC 2 Type II report, a PCI DSS Service Provider Level 1 certification, and manages compliance with other contractual provisions and risk-based policies. As Dwolla continues to grow, we are looking for a candidate that is excited about envisioning the future of this program, using quantitative and automated methods where possible, and ensuring that audit-related efforts are appropriately targeted towards the most important areas of consideration. You will have the opportunity to collaborate with teams across the company, and put our values of building trust through transparency, empathy, and action; changing the status quo; fueling success through inclusion; and never being done into action every day. Dwolla is an increasingly distributed company headquartered in Des Moines, Iowa, and is open to both local and work-from-anywhere candidates for this position.

SUMMARY: The primary responsibility of the Information Security Auditor is to reduce risk through the monitoring and auditing of information security-related controls.  This position will work directly with teams across the company to deliver secure and well-monitored services using leading practices.
Developing and maintaining process documentation.
Developing internal tooling for data collection and process automation.
Performing internal IT audit tasks to measure Dwolla compliance with policies and compliance requirements.
Developing information security awareness content for employees.
Performing risk assessments of customers and vendors.
Supporting responses to information security-related incidents.
Serving as an information security subject matter expert for other Dwolla teams, as needed.
Performing comprehensive risk assessments of internal Dwolla systems and processes.
Delivering information security awareness content for employees.
Supporting external IT audits through collection and delivery of requested evidence.
Basic knowledge of software engineering best practices.
Basic knowledge of system administration best practices.
Basic knowledge of relevant cloud environments, inherent risks, and appropriate security mitigations.
Basic knowledge of common security vulnerabilities and remediation strategies.
Detailed knowledge of relevant regulatory frameworks and compliance standards.
Strong analytical thinking skills.
Strong written and verbal communication skills.
Typically requires a minimum of 4 years of related experience with a Bachelor’s degree; or 2 years and a Master’s degree; or a PhD without experience; or equivalent work experience.
Typically requires a general industry-accepted credential such as a CISA.
Perks to working at Dwolla:

– Competitive salaries
– Stock Options
– 401K
– Generous Paid Time Off
– 12 weeks paid parental leave
– Paid parking or public transportation stipend
– Medical, dental & vision insurance
– Long-term disability insurance
– Medical leave
– Life Insurance
– Flexible Spending Accounts
– Casual dress

At Dwolla, we hold the core belief that the best teams are built by the inclusion of diverse ideas, experiences, and people.

Join our team and bring your unique perspective to help build the ideal platform to move money simply and securely.

To apply for this job please visit