Apply on Employer Site

Velera · 1 month ago

Senior ITS Security Compliance Analyst - REMOTE

United States

Full-time

Remote

Senior Level, Lead/Staff

$96K/yr - $124K/yr

8+ years exp

Velera is the nation’s premier payments credit union service organization and an integrated fintech solutions provider. The Senior IT Security Compliance Analyst will support Velera’s Information Technology Compliance Programs by leading and maintaining the IT controls program, collaborating with various teams to ensure compliance with regulatory requirements.

CreditFinTechManagement Consulting

No H1B

Responsibilities

Provide ongoing training, guidance, support and IT control and compliance status reporting to the company to build awareness of and promote a progressive and sustainable compliance culture

Design, implement, and oversee execution of the IT controls program including periodic control testing (e.g., design and effectiveness) sufficient to meet regulatory requirements and to satisfaction of internal/external auditors

Implement and maintain IT controls catalogue and related documentation sufficient to ensure compliance with regulatory requirements and internal policies and procedures

Verify user and system security configurations for compliance with internal and external requirements; Collect and maintain appropriate evidence and supporting documentation

Build and maintain effective working relationships and liaise with IT and business unit control owners to collect, report, and retain compliance documentation

Identify control gaps and potential remediation steps; lead and/or assist process re-design and coordination of remediation efforts

Collaborate with and advise ITS and business unit resources on implementing IT controls that achieve risk and control objectives while striking a balance between costs vs. benefits

Respond to internal and external (clients and business partners) due diligence inquiries and requests for information related to information technology controls and security

Identify and report on IT control program status and metrics; Assist with Audit Committee and Board reporting

Document and maintain risk-based compliance policies and procedures; Develop and maintain IT controls related content for the Information Security & Compliance intranet site

Assist in effective management of internal and external audit efforts and partnership; Drive for timely submission of critical audit and compliance deliverables

Coach, mentor, and oversee company employees and/or external consultants on a periodic basis

Perform QA reviews of IT controls related work products (e.g., user attestations packages) and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners

Lead and/or participate in special project teams supporting general business initiatives outside of the primary Information Security & Compliance function

Maintain knowledge of legislation and regulation changes related to the financial industry; understanding of applicable finance industry security and privacy regulations, procedures and issues, and assist in ensuring the organization remains compliant with such laws and regulations

Assist in the creation of and updates to department documentation including operating procedures, RACI charts, and process diagrams

Assist with IT-related aspects of vendor risk management program functions (e.g., risk assessments, due diligence documentation reviews, control testing, contract reviews)

Perform other duties as assigned

Qualification

IT risk management certificationIT controls program managementIT compliance standards knowledgeIT internal/external auditingFinancial services regulationsOperating system knowledgeSecurity concepts applicationProject management skillsInfluenceBusiness acumenCoachingCommunication skillsMentoringCollaboration skills

Required

Bachelor's Degree in Accounting, Management Information Systems, Computer Science or related discipline required

Currently holds an IT risk management, governance, or audit and control professional certification or equivalent (e.g., CISA, CCAK CRISC, CGEIT)

Eight (8) years of experience in IT internal/external auditing and internal control projects required

Theoretical knowledge and practical application of major risk and IT control frameworks, IT industry standards, and financial services regulations surrounding IT (e.g., PCI, NIST, ISO27000 series of standards, FFIEC, CMM, COBIT, ITIL, COSO)

Ability to apply understanding of IT security/controls risk vs. business impact in decision making

Ability to influence without authority

Solid understanding and ability to apply security concepts across a broad scope of information technology areas including data communications, network design, operations, database structures, operating systems, application development, security risk assessment, and disaster recovery

Advanced knowledge and experience in identification, validation, design, and operating effectiveness of IT controls (e.g., general computer controls, application controls)

Project management skills including ability to manage multiple projects and work effectively with ITS and business resources to drive internal control, process improvement, and remediation efforts

Working knowledge of and experience with various operating system and database platforms (e.g. Windows AD, Unix, Oracle, SQL)

Strong business acumen; Ability to communicate compliance and IT technical requirements into relevant and understandable terms for IT and business personnel and vice versa for IT personnel

Solid knowledge of internal control reports (e.g., SOC1, SOC2)

Proficiency in using word processing, flow charting (e.g., Visio) and advanced features of spreadsheet computer software applications

Ability to travel as needed to successfully perform position responsibilities

Preferred

Other relevant professional certifications such as Certified Internal Auditor (CIA), Certified Public Accountant (CPA) or Certified Scrum Master (CSM)

Experience in a public accounting firm and/or consulting in the financial services industry