Compliance Program Manager - REMOTE

Velera

3d•$110,100 - $143,100•Remote

About The Position

Join the People Helping People Velera is the nation’s premier payments credit union service organization (CUSO) and an integrated fintech solutions provider. The company serves more than 4,000 financial institutions throughout North America, operating with velocity to help our clients keep pace with the rapid momentum of change and fuel growth in the new era of financial services. Our purpose: We accelerate partners’ success through innovative financial technology solutions and inspired service. The Opportunity: The Compliance Program Manager plays a critical role in ensuring the company adheres to applicable cyber laws, regulations and information security policies and standards. The individual will design, implement, and govern cyber risk management and technology compliance activities, collectively as a program. The individual will be responsible for execution of one or more cyber risk management programs (e.g., user attestations, security awareness training, third-party risk management, cyber contract administration, IT control testing, audit coordination).Program functions and duties may include: planning, scheduling, and oversight of internal/external system user attestations across the enterprise; assessing and consulting on third-party cyber risks; review and negotiation of cyber contracts; coordination of IT components of onsite and virtual audits/assessments (e.g., SOC1/2, PCI DSS/NIST CSF), NCUA regulatory examinations and client due diligence reviews. The individual must scope and execute program(s) to ensure the organization meets regulatory requirements and industry standards to mitigate cyber risks and achieve company certification and reporting objectives (e.g., PCI DSS, NIST, SOC1/2).The individual will work with internal and external stakeholders to mitigate risk, integrate security measures into business operations, and foster a security-conscious culture. A Day in the Life: Define program goals, measurable objectives and governance framework Design, scope, and execute program(s) to achieve stated objectives in alignment with business strategies and priorities Perform program functions and duties that may include: planning, scheduling, and oversight of internal/external system user attestations across the enterprise; assessing and consulting on third-party cyber risks; review and negotiation of cyber contracts; coordination of IT components of onsite and virtual audits/assessments (e.g., SOC1/2, PCI DSS/NIST CSF), NCUA regulatory examinations and client due diligence reviews. Execute assigned program(s) in accordance with company reporting and certification deadlines (e.g., PCI DSS, NIST CSF, SOC1/2) Gain support and buy-in by educating employees about program objectives, controls, and their responsibilities in mitigating cyber risks Lead and manage cyber risk management and technology compliance initiatives Interpret and translate cybersecurity and compliance requirements into program design Proactively identify and monitor emerging cybersecurity threats and regulatory landscape; adapt program design, scope, and execution to mitigate risks and comply with new regulation Collaborate and partner with cross-functional business and technology stakeholders at all levels to ensure program objectives are met; work with internal/external auditors, vendors, and clients as required Monitor and assess program governance and effectiveness (e.g., QA reviews, control testing) Define and report on KPIs Identify and implement process improvements to drive program efficiencies, minimize impact to business operations, and enhance user experiences; incorporate Inspired Service elements into program design where possible Perform all other duties as assigned.

Requirements

Bachelor’s or Master’s Degree in Computer Science, Cybersecurity, or related field, or equivalent combination of education and experience required.
Cybersecurity risk management and control certification or equivalent required (e.g., CISA, CISM, CRISC).
Eight (8) years of relevant experience in public accounting firm, technology controls consulting, PCI/NIST CSF assessments, IT internal/external auditing, or cyber risk management, with at least five (5) years in a program manager or equivalent role identifying, assessing, and mitigating information security, technology compliance, and cyber risks.
Experience in financial services required.
Demonstrate Velera values: Dedication, Collaboration, Belonging, Curiosity, and Integrity
Self-directed and ability to work independently with minimal supervision
Ability to navigate conflicting priorities while demonstrating resilience when under pressure
Knowledge of industry and cyber risk regulatory environment and information security standards (e.g., PCI DSS, FFIEC, NIST CSF, NIST AI Risk Management Framework)
Knowledge of local and federal cybersecurity regulations
Knowledge of the principles and practices of information security, risk management, and control
Ability to exercise discretion and good judgment in making decisions
Ability to communicate effectively in both verbal and written formats, articulate information security and control concepts to technical and non-technical audiences, and give presentations using various audiovisual support aids
Ability to be flexible, balance multiple projects, work under high pressure in complex, fast-paced environment, and meet deadlines
Strong business acumen and ability to think pragmatically and influence balanced outcomes that achieve business requirements and cyber compliance objectives
Effective collaboration skills, with the ability to work effectively with others through conflicting pressures and priorities while resolving complex issues
Demonstrated excellent analytical and quantitative skills
Ability to travel as needed to successfully perform position responsibilities, less than 25%

Nice To Haves

Project management or scrum master certification preferred (e.g., PMP, CSM).

Responsibilities

Define program goals, measurable objectives and governance framework
Design, scope, and execute program(s) to achieve stated objectives in alignment with business strategies and priorities
Perform program functions and duties that may include: planning, scheduling, and oversight of internal/external system user attestations across the enterprise; assessing and consulting on third-party cyber risks; review and negotiation of cyber contracts; coordination of IT components of onsite and virtual audits/assessments (e.g., SOC1/2, PCI DSS/NIST CSF), NCUA regulatory examinations and client due diligence reviews.
Execute assigned program(s) in accordance with company reporting and certification deadlines (e.g., PCI DSS, NIST CSF, SOC1/2)
Gain support and buy-in by educating employees about program objectives, controls, and their responsibilities in mitigating cyber risks
Lead and manage cyber risk management and technology compliance initiatives
Interpret and translate cybersecurity and compliance requirements into program design
Proactively identify and monitor emerging cybersecurity threats and regulatory landscape; adapt program design, scope, and execution to mitigate risks and comply with new regulation
Collaborate and partner with cross-functional business and technology stakeholders at all levels to ensure program objectives are met; work with internal/external auditors, vendors, and clients as required
Monitor and assess program governance and effectiveness (e.g., QA reviews, control testing)
Define and report on KPIs
Identify and implement process improvements to drive program efficiencies, minimize impact to business operations, and enhance user experiences; incorporate Inspired Service elements into program design where possible
Perform all other duties as assigned.