Senior ITS Security Compliance Analyst - REMOTE

About The Position

Requirements

• Bachelor’s degree in computer science, information systems, cybersecurity, or related field, or equivalent combination of education and experience required.
• Cybersecurity risk management, governance, and control professional certification required (e.g., CISA, CRISC, CGEIT).
• Eight (8) years of relevant work experience in public accounting firm, IT controls consulting/testing, PCI/NIST CSF assessments, IT internal/external auditing, and technology risk management required.
• Experience in identification, validation, design, and testing operating effectiveness of general computer and application controls.
• Experience assessing cloud security and controls required.
• Experience in financial services required.
• Demonstrate behaviors based on Velera values: Dedication, Collaboration, Belonging, Curiousity, & Integrity
• Theoretical knowledge and practical application of major risk and IT control frameworks, IT industry standards, and financial services regulations surrounding IT (e.g., PCI, NIST CSF, NIST AI Risk Management, FFIEC, NACHA, CMM, COBIT, ITIL, COSO)
• Solid knowledge of independent audit and assessment reports per job function (e.g., SOC1/2, PCI DSS AOC/ROC)
• Ability to work with cross-functional technology and business teams
• Ability to apply understanding of IT security/controls risk vs. business impact in decision making
• Ability to influence without authority
• Ability to be flexible and work under high pressure in a complex environment with frequently shifting priorities
• Strong organizational and time management skills; Ability to multi-task and juggle competing tasks under strict deadlines
• Self-starter with minimal management supervision; Ability to take ownership, seeing tasks and projects through to satisfaction and completion
• Interpersonal skills necessary to interact with executive management and to obtain cooperation from all levels of management and other company personnel
• Solid understanding and ability to apply security concepts across a broad scope of information technology areas including cloud, data communications, network design, operations, database structures, operating systems, application development, security risk assessment, and disaster recovery
• Solid knowledge of and experience with various operating system and database platforms (e.g. Windows AD, Azure, Unix, Oracle, SQL)
• Project management skills including ability to manage multiple projects and work effectively with technology and business resources to drive internal control, process improvement, and remediation efforts
• Strong business acumen; ability to communicate compliance and technical requirements into relevant and understandable terms for business personnel and vice versa for technology personnel
• Ability to communicate effectively, both verbally and in written formats
• Demonstrated strong analytical, problem solving, and critical thinking skills
• Ability to work well in team environment
• Ability to exercise discretion, situational awareness, and good judgment in making decisions
• Proficiency in Word, flow charting (e.g., Visio) and advanced features of spreadsheets (Excel)
• Ability to travel as needed to successfully perform position responsibilities, less than 25%
• Ability to maintain confidentiality of materials handled

Nice To Haves

• Other relevant professional certifications preferred (e.g., PCI Internal Security Assessor (ISA), PCI Qualified Security Assessor (QSA), Certificate of Cloud Security Knowledge (CCSK), Project Management Professional (PMP), Certified ScrumMaster (CSM)).

Responsibilities

• Execute technology compliance and governance duties as assigned to meet company information security & technology compliance standards, industry requirements, and applicable laws and regulations (e.g., PCI DSS, NIST CSF, NIST AI Risk Mgt).
• Participate on strategic business and client commercialization projects (e.g., consulting, documenting, validating, and testing Blueprint controls).
• Review, test, and validate user account and security configurations for compliance with information security and technology policies/standards.
• Collect and maintain appropriate evidence and supporting documentation.
• Collaborate with and advise technical and business unit resources at all levels on designing, implementing, and remediating technology controls that achieve risk and control objectives and meet compliance requirements while striking a balance between costs vs. benefits.
• Execute segregation of duties (SOD) reviews and user attestations of internal/business partner systems and client online banking platforms.
• Document, maintain, and facilitate technology compliance deliverables (e.g., PCI Scope Validation, Targeted Risk Assessments, Compensating Control Worksheets, Shared Responsibility Matrices, process flows, department procedures).
• Identify and report on technology control status and metrics.
• Assist with Audit Committee and Board reporting.
• Coordinate and support technology components of internal/external audits and assessments (e.g., SOC1/2, PCI DSS, NIST CSF, NIST AI Risk Mgt, NACHA) and onsite/virtual client reviews.
• Drive for timely submission of critical audit and compliance deliverables.
• Perform QA reviews of technology compliance work products (e.g., user attestation packages) and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners.
• Cross-train, coach, and mentor technology compliance team members in performing job functions.
• Support vendor risk governance program, RFPs, and client due diligence responses (e.g., SIG questionnaires, cybersecurity risk assessments).
• Perform other duties as assigned.

Benefits

• Competitive wages
• Medical with telemedicine
• Dental and Vision
• Basic and Optional Life Insurance
• Paid Time Off (PTO)
• Maternity, Parental, Family Care
• Community Volunteer Time Off
• 12 Paid Holidays
• Company Paid Disability Insurance
• 401k (with employer match)
• Health Savings Accounts (HSA) with company provided contributions
• Flexible Spending Accounts (FSA)
• Supplemental Insurance
• Mental Health and Well-being: Employee Assistance Program (EAP)
• Tuition Reimbursement
• Wellness program