Remotery

Senior ITS Security Compliance Analyst

atVeleraUS flagUnited StatesFull-timeSecurity AnalystSenior$95.8k – $124.5k/year

Posted 5 days ago

This is a fully remote position, open to applicants in United States.

📋 Description

• Execute technology compliance and governance responsibilities with minimal oversight to align with the company's information security and technology compliance standards, as well as relevant industry requirements and laws (e.g., PCI DSS, NIST CSF, NIST AI Risk Management).

• Engage in strategic business and client commercialization initiatives (e.g., consulting, documenting, validating, and testing Blueprint controls).

• Assess, test, and confirm user account and security configurations for adherence to information security and technology policies/standards.

• Gather and maintain necessary evidence and supporting documentation.

• Work collaboratively with technical and business unit resources at all levels to design, implement, and rectify technology controls that meet risk and control objectives while balancing costs against benefits.

• Conduct segregation of duties (SOD) reviews and user attestations for internal/business partner systems and client online banking platforms.

• Document, manage, and facilitate technology compliance deliverables (e.g., PCI Scope Validation, Targeted Risk Assessments, Compensating Control Worksheets, Shared Responsibility Matrices, process flows, department procedures).

• Identify and report on technology control statuses and metrics; assist with reporting to the Audit Committee and Board.

• Coordinate and support technology components of internal/external audits and assessments (e.g., SOC1/2, PCI DSS, NIST CSF, NIST AI Risk Management, NACHA) and onsite/virtual client reviews.

• Ensure timely submission of critical audit and compliance deliverables.

• Perform quality assurance reviews of technology compliance deliverables (e.g., user attestation packages) and client assistance documentation prior to submission to internal and external auditors, clients, and business partners.

• Provide cross-training, coaching, and mentoring to technology compliance team members on their job functions.

• Support the vendor risk governance program, RFPs, and responses to client due diligence (e.g., SIG questionnaires, cybersecurity risk assessments).

• Undertake additional responsibilities as assigned.


⛳️ Requirements

• A Bachelor’s degree in computer science, information systems, cybersecurity, or a related field, or an equivalent combination of education and experience is required.

• A professional certification in cybersecurity risk management, governance, and control is mandatory (e.g., CISA, CRISC, CGEIT).

• Additional relevant professional certifications are preferred (e.g., PCI Internal Security Assessor (ISA), PCI Qualified Security Assessor (QSA), Certificate of Cloud Security Knowledge (CCSK), Project Management Professional (PMP), Certified ScrumMaster (CSM)).

• A minimum of eight (8) years of relevant work experience in public accounting, IT controls consulting/testing, PCI/NIST CSF assessments, IT internal/external auditing, and technology risk management is essential.

• Experience in identifying, validating, designing, and testing the operating effectiveness of general computer and application controls is required.

• Experience in assessing cloud security and controls is mandatory.

• Experience in the financial services sector is necessary.

• Exhibit behaviors aligned with Velera values: Dedication, Collaboration, Belonging, Curiosity, & Integrity.

• Theoretical knowledge and practical application of major risk and IT control frameworks, IT industry standards, and financial services regulations concerning IT (e.g., PCI, NIST CSF, NIST AI Risk Management, FFIEC, NACHA, CMM, COBIT, ITIL, COSO) is expected.

• Solid understanding of independent audit and assessment reports relevant to the job function (e.g., SOC1/2, PCI DSS AOC/ROC).

• Ability to collaborate effectively with cross-functional technology and business teams.

• Capability to apply an understanding of IT security/controls risk versus business impact in decision-making.

• Proficiency in influencing without authority.

• Flexibility to work under pressure in a complex environment with frequently changing priorities.

• Strong organizational and time management abilities; skilled in multitasking and managing competing tasks under strict deadlines.

• A self-starter who can operate with minimal management oversight; capable of taking ownership and seeing tasks and projects through to completion.

• Strong interpersonal skills to engage with executive management and to garner cooperation from all levels of management and other personnel.

• Comprehensive understanding and ability to apply security concepts across a wide range of information technology domains, including cloud, data communications, network design, operations, database structures, operating systems, application development, security risk assessment, and disaster recovery.

• Extensive knowledge and experience with various operating systems and database platforms (e.g., Windows AD, Azure, Unix, Oracle, SQL).

• Project management skills, including the ability to manage multiple projects and work effectively with technology and business resources to enhance internal control, process improvement, and remediation efforts.

• Strong business acumen; adept at translating compliance and technical requirements into clear and understandable terms for business personnel and vice versa for technology personnel.

• Excellent verbal and written communication skills.

• Proven strong analytical, problem-solving, and critical thinking capabilities.

• Ability to thrive in a team environment.

• Capacity to exercise discretion, situational awareness, and sound judgment in decision-making.

• Proficiency in Word, flowcharting (e.g., Visio), and advanced spreadsheet features (Excel).

• Willingness to travel as necessary to fulfill job responsibilities, with less than 25% travel expected.

• Ability to maintain the confidentiality of sensitive materials.


🏝️ Benefits

• Competitive wages

• Medical coverage with telemedicine options

• Dental and vision plans

• Basic and optional life insurance

• Paid time off (PTO)

• Maternity, parental, and family care leave

• Community volunteer time off

• 12 paid holidays

• Company-paid disability insurance

• 401k plan with employer matching

• Health savings accounts (HSA) with company contributions

• Flexible spending accounts (FSA)

• Supplemental insurance options

• Mental health and well-being support through an employee assistance program (EAP)

• Tuition reimbursement opportunities

• Wellness program

People also viewed

Gartner4 hours ago

Senior Director Analyst – Application Security and Governance

US flagUnited States OnlyFull-timeSecurity Analyst$172k – $202.5k/year
ApplyView job
accesa.eu5 hours ago

L2 Security Analyst

RO flagRomania OnlyFull-timeSecurity Analyst
ApplyView job
FS-ISAC3 days ago

Threat Intelligence Analyst – Senior

US flagVirginia OnlyFull-timeSecurity Analyst$110k – $165k/year
ApplyView job
Proficio5 days ago

Information Security Analyst Level II – SIEM

IN flagIndia OnlyFull-timeSecurity Analyst₹1100k/year
ApplyView job
CrowdStrikeJul 6

Senior Competitive Intelligence Analyst – Cloud Security

US flagUnited States OnlyFull-timeSecurity Analyst$125k – $180k/year
ApplyView job
Davis Wright Tremaine LLPJul 5

Cybersecurity Analyst

US flagCalifornia, +4 more statesFull-timeSecurity Analyst$108k – $126k/year
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers