Apply on Employer Site

Veridian Credit Union · 20 hours ago

IT Security Risk and Compliance Specialist - FT

Cedar Falls, IA, US

Full-time

Hybrid

Mid, Senior Level

3+ years exp

Veridian Credit Union is looking for an IT Security Risk and Compliance Specialist to support and maintain their Information Security and Privacy compliance programs. This role involves ensuring adherence to regulatory and internal requirements through monitoring controls, conducting assessments, and partnering with business units to enhance the organization’s security posture.

BankingCredit CardsFinancial Services

Responsibilities

Maintain and support Veridian's Information Security compliance frameworks (e.g. ISO 27001, PCI DSS v4, CSF 2.0, CIS Controls) and ensure alignment with industry best practices

Oversee ongoing compliance activities, including evidence collection, control testing, documentation updates, and remediation tracking

Administer the IT Security Compliance/GRC (Auditboard CrossComply) platform and partner with Enterprise Risk to align controls with KPIs and reporting requirements

Assist with mapping data flows across the organization ensuring compliance with privacy, security, and regulatory obligations

Support standards and procedure development to ensure they reflect regulatory requirements and organizational objectives

Serve as the primary internal subject matter expert for PCI DSS. Coordinate and validate evidence, support annual PCI assessments, assist with compensating controls, and interface with external QSAs and auditors

Perform periodic assessments of technical and administrative controls to evaluate compliance effectiveness and identify gaps or deficiencies

Conduct control testing, reviews, and continuous monitoring activities to ensure systems and processes meet regulatory expectations

Partner with internal and external auditors or assessors to prepare assessments, gather required artifacts, respond to inquiries, and track remediation activities. Provide regular, clear, and concise reporting to IT Security Management communicating the effectiveness of standards and compliance requirements

Communicate compliance gaps, control weakness, or control risks. Provide guidance and support to stakeholders in understanding compliance findings, resolve audit exceptions, and implement corrective actions

Support IT Security Team with risk reduction initiatives, compliance-driven projects, and continuous improvement activities that strengthen the organization’s security posture

Perform due diligence on third-party vendors to assess security posture, compliance with regulatory requirements, and alignment with organizational standards

Qualification

ISO 27001PCI DSSNISTCIS ControlsCompliance evidence managementCISACISMOral communicationWritten communicationProblem solving

Required

Bachelor's Degree in Computer Science, Information Systems, or related field or equivalent combination of education, training, and experience of 8+ years

3+ years of experience with practical knowledge of regulatory standards such as NCUA, FFIEC, HIPAA, GLBA and PCI DSS

Strong 1+ years of experience with IT Security frameworks such as NIST, CSF, CIS, and ISO 27001:2022

1+ years of experience conducting control assessments, managing compliance evidence, or supporting audit support