Security Compliance Analyst (PCI/NIST) - REMOTE

About The Position

Requirements

• Bachelor’s degree in computer science, information systems, cybersecurity, or related field, or equivalent combination of education and experience required.
• Cybersecurity risk management, governance, and control professional certification required (CISA, CRISC, CGEIT).
• Five (5) years of relevant work experience in public accounting firm, IT controls consulting/testing, PCI/NIST CSF assessments, IT internal/external auditing, and technology risk management required.
• Experience in identification, validation, design, and testing operating effectiveness of general computer and application controls required.
• Experience in financial services required.
• Background in of PCI DSS, NIST CSF, NIST AI Risk Mgt Framework, FFIEC, NACHA, CMM, COBIT, ITIL, COSO
• Working knowledge of independent audit and assessment reports per job function (e.g., SOC1/2, PCI DSS AOC/ROC)
• Ability to work with cross-functional technology and business teams
• Ability to apply understanding of IT security/controls risk vs. business impact in decision making
• Understanding and ability to apply security concepts across a broad scope of information technology areas including cloud, data communications, network design, operations, database structures, operating systems, application development, security risk assessment, and disaster recovery
• Working knowledge of and experience with various operating system and database platforms (e.g. Windows AD, Azure, Unix, Oracle, SQL)

Nice To Haves

• Other relevant professional certifications preferred (e.g., CISSP, Security +, PCI Internal Security Assessor (ISA), PCI Qualified Security Assessor (QSA), Certificate of Cloud Security Knowledge (CCSK)
• Experience assessing Cloud security and controls preferred.

Responsibilities

• With minimal oversight, execute technology compliance and governance duties as assigned to meet company information security & technology compliance standards, industry requirements, and applicable laws and regulations (e.g., PCI DSS, NIST CSF, NIST AI Risk Mgt).
• Review, test, and validate user account and system security configurations for compliance with information security and technology policies/standards; Collect and retain appropriate evidence and supporting documentation.
• Execute segregation of duties (SOD) reviews and user attestations of internal/business partner systems and client online banking platforms per schedule with strong attention to detail in accordance with company standards; Take corrective actions to remove inappropriate access and SOD conflicts in a timely manner, escalating as appropriate
• Document, maintain, and facilitate technology compliance deliverables (e.g., PCI Scope Validation, Targeted Risk Assessments, Compensating Control Worksheets, Shared Responsibility Matrices, process flows, department procedures).
• Support technology components of internal/external audits and assessments (e.g., SOC1/2, PCI DSS, NIST CSF, NCUA) and onsite/virtual client reviews; Drive for timely submission of critical audit and compliance deliverables.
• Support vendor risk governance program, RFPs, and client due diligence responses (e.g., SIG questionnaires, cybersecurity risk assessments)
• Identify, communicate, and escalate technology compliance issues and information security policy violations as appropriate; assist in documenting exceptions, remediating issues, and enforcing information security policies and standards to achieve technology compliance objectives and maintain company certifications (e.g., PCI DSS, NIST CSF, NIST AI Risk Mgt Framework)
• Function as a liaison between technology and business units to collect, track, and retain compliance documentation and reports; Advise and assist stakeholders in preparing compliance reports and deliverables.
• Identify ongoing process improvements, operational gaps, and potential remediation steps; Assist and/or lead process re-design and coordination of remediation efforts and status reporting.
• Participate on strategic business and client commercialization projects; Prepare project deliverables and complete tasks as assigned
• Perform other duties as assigned.

Benefits

• Competitive wages
• Medical with telemedicine
• Dental and Vision
• Basic and Optional Life Insurance
• Paid Time Off (PTO)
• Maternity, Parental, Family Care
• Community Volunteer Time Off
• 12 Paid Holidays
• Company Paid Disability Insurance
• 401k (with employer match)
• Health Savings Accounts (HSA) with company provided contributions
• Flexible Spending Accounts (FSA)
• Supplemental Insurance
• Mental Health and Well-being: Employee Assistance Program (EAP)
• Tuition Reimbursement
• Wellness program