This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

This position provides support for technology compliance programs, executing functions that may include:

• Performing segregation of duties reviews and user attestations
• Identifying/remediating technology compliance issues
• Enforcing information security policies and standards to maintain company certifications (PCI DSS, NIST CSF)
• Documenting, updating, and facilitating technology compliance deliverables
• Participating on large-scale projects
• Documenting and testing general computer and application controls
• Supporting technology components of onsite and virtual audits/assessments, NCUA examinations, and client due diligence reviews

The individual will execute assigned duties to meet stated priorities within SLAs and plays a critical role in driving technology control and compliance practices and adoption across the company.

Qualifications

• Bachelor’s degree in computer science, information systems, cybersecurity, or related field, or equivalent combination of education and experience required
• Cybersecurity risk management, governance, and control professional certification required (CISA, CRISC, CGEIT)
• Other relevant professional certifications preferred (e.g., CISSP, Security +, PCI Internal Security Assessor (ISA), PCI Qualified Security Assessor (QSA), Certificate of Cloud Security Knowledge (CCSK))
• Five (5) years of relevant work experience in public accounting firm, IT controls consulting/testing, PCI/NIST CSF assessments, IT internal/external auditing, and technology risk management required
• Experience in identification, validation, design, and testing operating effectiveness of general computer and application controls required
• Experience in financial services required
• Experience assessing Cloud security and controls preferred
• Background in PCI DSS, NIST CSF, NIST AI Risk Mgt Framework, FFIEC, NACHA, CMM, COBIT, ITIL, COSO
• Working knowledge of independent audit and assessment reports per job function (e.g., SOC1/2, PCI DSS AOC/ROC)
• Ability to work with cross-functional technology and business teams
• Ability to apply understanding of IT security/controls risk vs. business impact in decision making
• Understanding and ability to apply security concepts across a broad scope of information technology areas
• Working knowledge of and experience with various operating system and database platforms (e.g. Windows AD, Azure, Unix, Oracle, SQL)

Requirements

• Execute technology compliance and governance duties as assigned to meet company information security & technology compliance standards, industry requirements, and applicable laws and regulations
• Review, test, and validate user account and system security configurations for compliance
• Execute segregation of duties (SOD) reviews and user attestations of internal/business partner systems
• Document, maintain, and facilitate technology compliance deliverables
• Support technology components of internal/external audits and assessments
• Support vendor risk governance program, RFPs, and client due diligence responses
• Identify, communicate, and escalate technology compliance issues and information security policy violations
• Function as a liaison between technology and business units
• Identify ongoing process improvements, operational gaps, and potential remediation steps
• Participate on strategic business and client commercialization projects
• Perform other duties as assigned

Benefits

• Competitive wages
• Medical with telemedicine
• Dental and Vision
• Basic and Optional Life Insurance
• Paid Time Off (PTO)
• Maternity, Parental, Family Care
• Community Volunteer Time Off
• 12 Paid Holidays
• Company Paid Disability Insurance
• 401k (with employer match)
• Health Savings Accounts (HSA) with company provided contributions
• Flexible Spending Accounts (FSA)
• Supplemental Insurance
• Mental Health and Well-being: Employee Assistance Program (EAP)
• Tuition Reimbursement
• Wellness program