Lead Security Governance, Risk & Compliance Analyst
About The Position
At Early Warning, we’ve powered and protected the U.S. financial system for over thirty years with cutting-edge solutions like Zelle®, Paze℠, and so much more. As a trusted name in payments, we partner with thousands of institutions to increase access to financial services and protect transactions for hundreds of millions of consumers and small businesses. Positions located in Scottsdale, San Francisco, Chicago, or New York follow a hybrid work model to allow for a more collaborative working environment. Candidates responding to this posting must independently possess the eligibility to work in the United States, for any employer, at the date of hire. This position is ineligible for employment Visa sponsorship. Overall Purpose The Lead Security Governance, Risk & Compliance Analyst acts as the Subject Matter Expert in providing comprehensive activities for information security governance, risk, and compliance, including but not limited to: developing, assessing and recommending security policies, standards, and procedure updates in accordance with legal, regulatory, and contractual requirements; conducting and leading risk management activities; driving security risk assessment and remediation activities; analyzing and improving the internal controls testing program; facilitating audits and assessments; information security issues oversight; developing and improving security training and awareness activities.
Requirements
- Education and experience typically obtained through completion of a bachelor’s degree.
- Minimum of 7 or more years of direct/ related experience in security, governance, risk, and compliance, risk management, IT audit, information technology, or related.
- Demonstrated business acumen with knowledge and understanding of business issues, priorities, goals, and strategy is necessary.
- Strong information security and technical background.
- Expertise in ISO 27002, PCI DSS 3.2 or current, NIST 800-53a, Standard Information Gathering Questionnaires, FFIEC handbooks, SOC-2 Type II, GLBA, FCRA, NYDFS, and data privacy.
- Ability to translate complex technical jargon into business language that can be easily consumed by key stakeholders.
- Works well in a fast-paced environment, flexible, able to change direction quickly and manage projects through ambiguity and constant change.
- Background and drug screen.
Nice To Haves
- Additional related education and/or experience preferred.
- Prior financial services or FinTech experience.
- Multiple certifications in any of the following: Security+, CISA, CISSP, CCSP, CRISC, GSNA, GCIH, or equivalent.
- Prior GRC, Information Security & Technology Consulting, or Advisory experience with leading consulting firms such as KPMG, Deloitte, E&Y, PWC is highly desirable.
- Experience with security-related technologies including GRC Technologies, Identity and Access Management tools, Single-sign-on technologies, and Security-focused systems.
- 2 years or more of leadership experience in business and technical environments in beneficial
Responsibilities
- Leads the Security Governance, Risk and Compliance programs and department initiatives.
- Oversees the security policy program, which includes document review cycle planning, policy drafting, researching regulations and industry frameworks, managing approvals in the Governance, Risk, and Compliance tool, facilitating cross-functional input, and ensuring compliance with policies.
- Leads internal control testing program, including the planning and execution of work across the department; advise management on control design and implementation.
- Acts as Point of Contact and Project Manager for Information Technology and Security focused external and internal audits and assessments (SOC-2, GLBA, FISMA, PCI-DSS, FFIEC, & others)
- Leads the team, advise the business about information security risk, and recommend mitigation activities in alignment with Enterprise and Operational Risk Management requirements.
- Leads metrics and management reporting activities for assigned areas.
- Presents to executive staff, business line leaders, and external customers on various security topics (risks, issues, policies, governance trends, compliance gaps, etc.)
- Owns the delivery of the security awareness programs efforts (security awareness training, Company communications, events, etc.)
- Serves as a mentor for Security Governance, Risk and Compliance staff.
- Effectively communicates Security-related risks, control gaps/failures, and vulnerabilities to stakeholders.
- Other assigned duties related to security governance, risk, and compliance activities.
- Support the company’s commitment to protect the integrity and confidentiality of systems and data.
- The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.
Benefits
- Healthcare Coverage – Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
- 401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
- Paid Time Off – Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
- 12 weeks of Paid Parental Leave
- Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
