Security Compliance Analyst (PCI/NIST) - REMOTE at Velera

Join the People Helping People Velera is the nation’s premier payments credit union service organization (CUSO) and an integrated fintech solutions provider. The company serves more than 4,000 financial institutions throughout North America, operating with velocity to help our clients keep pace with the rapid momentum of change and fuel growth in the new era of financial services. Our purpose: We accelerate partners’ success through innovative financial technology solutions and inspired service. The Opportunity This position provides support for technology compliance programs, executing functions that may include: performing segregation of duties reviews and user attestations; identifying/remediating technology compliance issues and enforcing information security policies and standards to maintain company certifications (PCI DSS, NIST CSF); documenting, updating, and facilitating technology compliance deliverables; participating on large-scale projects; documenting and testing general computer and application controls; supporting technology components of onsite and virtual audits/assessments, NCUA examinations and client due diligence reviews. The individual will execute assigned duties to meet stated priorities within SLAs. The individual plays a critical role in driving technology control and compliance practices and adoption across the company. Day in the Life With minimal oversight, execute technology compliance and governance duties as assigned to meet company information security & technology compliance standards, industry requirements, and applicable laws and regulations (e.g., PCI DSS, NIST CSF, NIST AI Risk Mgt). Review, test, and validate user account and system security configurations for compliance with information security and technology policies/standards; Collect and retain appropriate evidence and supporting documentation. Execute segregation of duties (SOD) reviews and user attestations of internal/business partner systems and client online banking platforms per schedule with strong attention to detail in accordance with company standards; Take corrective actions to remove inappropriate access and SOD conflicts in a timely manner, escalating as appropriate Document, maintain, and facilitate technology compliance deliverables (e.g., PCI Scope Validation, Targeted Risk Assessments, Compensating Control Worksheets, Shared Responsibility Matrices, process flows, department procedures). Support technology components of internal/external audits and assessments (e.g., SOC1/2, PCI DSS, NIST CSF, NCUA) and onsite/virtual client reviews; Drive for timely submission of critical audit and compliance deliverables. Support vendor risk governance program, RFPs, and client due diligence responses (e.g., SIG questionnaires, cybersecurity risk assessments) Identify, communicate, and escalate technology compliance issues and information security policy violations as appropriate; assist in documenting exceptions, remediating issues, and enforcing information security policies and standards to achieve technology compliance objectives and maintain company certifications (e.g., PCI DSS, NIST CSF, NIST AI Risk Mgt Framework) Function as a liaison between technology and business units to collect, track, and retain compliance documentation and reports; Advise and assist stakeholders in preparing compliance reports and deliverables. Identify ongoing process improvements, operational gaps, and potential remediation steps; Assist and/or lead process re-design and coordination of remediation efforts and status reporting. Participate on strategic business and client commercialization projects; Prepare project deliverables and complete tasks as assigned Perform other duties as assigned. Qualifications Bachelor’s degree in computer science, information systems, cybersecurity, or related field, or equivalent combination of education and experience required. Cybersecurity risk management, governance, and control professional certification required (CISA, CRISC, CGEIT). Other relevant professional certifications preferred (e.g., CISSP, Security +, PCI Internal Security Assessor (ISA), PCI Qualified Security Assessor (QSA), Certificate of Cloud Security Knowledge (CCSK) Five (5) years of relevant work experience in public accounting firm, IT controls consulting/testing, PCI/NIST CSF assessments, IT internal/external auditing, and technology risk management required. Experience in identification, validation, design, and testing operating effectiveness of general computer and application controls required. Experience in financial services required. Experience assessing Cloud security and controls preferred. Background in of PCI DSS, NIST CSF, NIST AI Risk Mgt Framework, FFIEC, NACHA, CMM, COBIT, ITIL, COSO Working knowledge of independent audit and assessment reports per job function (e.g., SOC1/2, PCI DSS AOC/ROC) Ability to work with cross-functional technology and business teams Ability to apply understanding of IT security/controls risk vs. business impact in decision making Understanding and ability to apply security concepts across a broad scope of information technology areas including cloud, data communications, network design, operations, database structures, operating systems, application development, security risk assessment, and disaster recovery Working knowledge of and experience with various operating system and database platforms (e.g. Windows AD, Azure, Unix, Oracle, SQL) About Velera At Velera we are committed to fostering a workplace where every employee feels valued, respected, and connected. We understand, attract and engage a diverse workforce where every employee can live up to their full potential; ensuring that our employee base reflects the consumers we serve. The result of this effort is an inclusive environment where diverse talent thrives. We strive to foster a safe and inclusive work environment for people to bring their authentic selves in order to build a better community within our company and with our partners. Learn more about our commitment to Diversity, Equity, and Inclusion HERE ! Pay Equity $84,900.00 - $108,200.00 Actual Pay will be adjusted based on experience and other job-related factors permitted by law. Great Work/Life Benefits! Competitive wages Medical with telemedicine Dental and Vision Basic and Optional Life Insurance Paid Time Off (PTO) Maternity, Parental, Family Care Community Volunteer Time Off 12 Paid Holidays Company Paid Disability Insurance 401k (with employer match) Health Savings Accounts (HSA) with company provided contributions Flexible Spending Accounts (FSA) Supplemental Insurance Mental Health and Well-being: Employee Assistance Program (EAP) Tuition Reimbursement Wellness program Benefits are subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions Velera is an Equal Opportunity Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state or local law. Velera is an Equal Opportunity Employer that complies with the laws and regulations set forth in the following "EEO is the Law" Poster . Velera will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the legal duty to furnish information. Velera is an E-Verify Employer. Review the E-Verify Poster here . For information regarding your Right To Work, please click here . This role is currently not eligible for sponsorship. As an ongoing commitment to reasonably accommodate individuals with disabilities please contact a recruiter at recruiters@velera.com for assistance. Originally posted on Himalayas