Senior ITS Security Compliance Analyst - REMOTE
About the role
The Senior IT Security Compliance Analyst supports technology compliance programs, including leading and executing functions and duties that may include:
- Consulting and collaborating with business and technology stakeholders on control design and remediation to mitigate technology risks.
- Participating on large-scale projects.
- Maintaining IT control library/testing general computer and application controls.
- Cooking and supporting technology components of onsite and virtual audits/assessments, NCUA examinations and client due diligence reviews.
- Performing segregation of duties reviews and user attestations.
- Documenting process flows and compliance-related deliverables.
- Assisting with creation and maintenance of IT and information security policies and standards required to maintain company certifications (e.g., PCI DSS, NIST CSF).
- Coaching and cross-training technology compliance staff.
Responsibilities
Execute technology compliance and governance duties as assigned to meet company information security & technology compliance standards, industry requirements, and applicable laws and regulations (e.g., PCI DSS, NIST CSF, NIST AI Risk Mgt).
- Review, test, and validate user account and security configurations for compliance with information security and technology policies/standards.
- Collect and maintain appropriate evidence and supporting documentation.
- Collaborate with and advise technical and business unit resources on designing, implementing, and remediating technology controls that achieve risk and control objectives and meet compliance requirements while striking a balance between costs vs. benefits.
- Perform segregation of duties (SOD) reviews and user attestations of internal/business partner systems and client online banking platforms.
- Document, maintain, and facilitate technology compliance deliverables (e.g., PCI Scope Validation, Targeted Risk Assessments, Compensating Control Worksheets, Shared Responsibility Matrices, process flows, department procedures).
- Identify and report on technology control status and metrics; Assist with Audit Committee and Board reporting.
- Coordinate and support technology components of internal/external audits and assessments (e.g., SOC1/2, PCI DSS, NIST CSF, NIST AI Risk Mgt, NACHA) and onsite/virtual client reviews; Drive for timely submission of critical audit and compliance deliverables.
- Perform QA reviews of technology compliance work products (e.g., user attestation packages) and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners.
- Support vendor risk governance program, RFPs, and client due diligence responses (e.g., SIG questionnaires, cybersecurity risk assessments).
Qualifications
- Bachelor’s degree in computer science, information systems, cybersecurity, or related field, or equivalent combination of education and experience required.
- Cybersecurity risk management, governance, and control professional certification required (e.g., CISA, CRISC, CGEIT).
- Other relevant professional certifications preferred (e.g., PCI Internal Security Assessor (ISA), PCI Qualified Security Assessor (QSA), Certificate of Cloud Security Knowledge (CCSK), Project Management Professional (PMP), Certified ScrumMaster (CSM)).
- Eight (8) years of relevant work experience in public accounting firm, IT controls consulting/testing, PCI/NIST CSF assessments, IT internal/external auditing, and technology risk management required.
- Experience in identification, validation, design, and testing operating effectiveness of general computer and application controls.
- Experience assessing cloud security and controls required.
- Experience in financial services required.
SkillsTheoretical knowledge and practical application of major risk and IT control frameworks, IT industry standards, and financial services regulations surrounding IT (e.g., PCI, NIST CSF, NIST AI Risk Management, FFIEC, NACHA, CMM, COBIT, ITIL, COSO)
Benefits
- Competitive wages
- Medical with telemedicine
- Dental and Vision
- Basic and Optional Life Insurance
- Paid Time Off (PTO)
- Maternity, Parental, Family Care
- Community Volunteer Time Off
- 12 Paid Holidays
- Company Paid Disability Insurance
- 401k (with employer match)
- Health Savings Accounts (HSA) with company provided contributions
- Flexible Spending Accounts (FSA)
- Supplemental Insurance
- Mental Health and Well-being: Employee Assistance Program (EAP)
- Wellness program
Pay
$95,800.00 - $124,500.00 Actual Pay will be adjusted based on experience and other job-related factors permitted by law.
Schedule
Not specified
Benefits
Great Work/Life Benefits!
Company
Velera is an Equal Opportunity Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state or local law. Velera is an Equal Opportunity Employer that complies with the laws and regulations set forth in the following "EEO is the Law" Poster. Velera will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the legal duty to furnish information. Velera is an E-Verify Employer. Review the E-Verify Poster here. For information regarding your Right To Work, please click here. This role is currently not eligible for sponsorship. As an ongoing commitment to reasonably accommodate individuals with disabilities please contact a recruiter at recruiters@velera.com for assistance.