IT Security Risk and Compliance Specialist - FT

About The Position

Requirements

• Bachelor's Degree in Computer Science, Information Systems, or related field or equivalent combination of education, training, and experience of 8+ years.
• 3+ years of experience with practical knowledge of regulatory standards such as NCUA, FFIEC, HIPAA, GLBA and PCI DSS.
• Strong 1+ years of experience with IT Security frameworks such as NIST, CSF, CIS, and ISO 27001:2022.
• 1+ years of experience conducting control assessments, managing compliance evidence, or supporting audit support.
• Oral and written communication skills.
• Member service focus.
• Attention to detail and accuracy.
• Positive attitude that supports a team environment.
• Dependable and punctual; flexible during peak times.
• High level of confidentiality.
• Organizational skills.
• Self-motivated; ability to work without close supervision.
• Problem solving; analysis.

Nice To Haves

• 5+ years of experience working with information security compliance standards.
• 3+ years of experience working with privacy regulations.
• Knowledge of 3 or more key compliance or regulatory standards related to financial institutions.
• Certification in audit practices, security, or privacy standards such as CISA, PCI IAS, and CISM.

Responsibilities

• Maintain and support Veridian's Information Security compliance frameworks (e.g. ISO 27001, PCI DSS v4, CSF 2.0, CIS Controls) and ensure alignment with industry best practices.
• Oversee ongoing compliance activities, including evidence collection, control testing, documentation updates, and remediation tracking.
• Administer the IT Security Compliance/GRC (Auditboard CrossComply) platform and partner with Enterprise Risk to align controls with KPIs and reporting requirements.
• Assist with mapping data flows across the organization ensuring compliance with privacy, security, and regulatory obligations.
• Support standards and procedure development to ensure they reflect regulatory requirements and organizational objectives.
• Serve as the primary internal subject matter expert for PCI DSS. Coordinate and validate evidence, support annual PCI assessments, assist with compensating controls, and interface with external QSAs and auditors.
• Perform periodic assessments of technical and administrative controls to evaluate compliance effectiveness and identify gaps or deficiencies.
• Conduct control testing, reviews, and continuous monitoring activities to ensure systems and processes meet regulatory expectations.
• Partner with internal and external auditors or assessors to prepare assessments, gather required artifacts, respond to inquiries, and track remediation activities. Provide regular, clear, and concise reporting to IT Security Management communicating the effectiveness of standards and compliance requirements.
• Communicate compliance gaps, control weakness, or control risks. Provide guidance and support to stakeholders in understanding compliance findings, resolve audit exceptions, and implement corrective actions.
• Support IT Security Team with risk reduction initiatives, compliance-driven projects, and continuous improvement activities that strengthen the organization’s security posture.
• Perform due diligence on third-party vendors to assess security posture, compliance with regulatory requirements, and alignment with organizational standards.

Benefits

• Take a look at all our great benefits here [https://www.veridiancu.org/belong/careers/benefits-overview]!