Senior ITS Security Compliance Analyst - Remote-USA

Join the People Helping People · Velera is the nation's premier payments credit union service organization (CUSO) and an integrated fintech solutions provider. The company serves more than 4,000 financial institutions throughout North America, operating with velocity to help our ...

Job description

Join the People Helping People

Velera is the nation's premier payments credit union service organization (CUSO) and an integrated fintech solutions provider. The company serves more than 4,000 financial institutions throughout North America, operating with velocity to help our clients keep pace with the rapid momentum of change and fuel growth in the new era of financial services. Our purpose: We accelerate partners' success through innovative financial technology solutions and inspired service.

The Opportunity:

The Senior IT Security Compliance Analyst will provide support for Velera's Information Technology Compliance Programs, including leading, developing, and maintaining the IT controls program. The individual will develop and maintain standards, processes, and procedures to assess, monitor, report, escalate, and manage remediation of IT control and compliance related issues. They work collaboratively with internal audit, enterprise risk management, and technical teams in the design and implementation of IT controls. They evaluate and test IT controls to ensure they are appropriately designed and operating effectively. This position will report to the Manager, Technology Compliance Programs and will own the execution of the IT controls program and established processes to meet stated priorities. This function will include strong collaboration with functional ITS and business leaders to drive IT control and compliance practices and adoption across the company. This role directs and advises technical staff in the design, implementation, monitoring and reporting of IT control and compliance processes and documentation, whether on premise or in the cloud.

Day in the Life:

• Provide ongoing training, guidance, support and IT control and compliance status reporting to the company to build awareness of and promote a progressive and sustainable compliance culture.

• Design, implement, and oversee execution of the IT controls program including periodic control testing (e.g., design and effectiveness) sufficient to meet regulatory requirements and to satisfaction of internal/external auditors.

• Implement and maintain IT controls catalogue and related documentation sufficient to ensure compliance with regulatory requirements and internal policies and procedures.

• Verify user and system security configurations for compliance with internal and external requirements; Collect and maintain appropriate evidence and supporting documentation.

• Build and maintain effective working relationships and liaise with IT and business unit control owners to collect, report, and retain compliance documentation.

• Identify control gaps and potential remediation steps; lead and/or assist process re-design and coordination of remediation efforts.

• Collaborate with and advise ITS and business unit resources on implementing IT controls that achieve risk and control objectives while striking a balance between costs vs. benefits.

• Respond to internal and external (clients and business partners) due diligence inquiries and requests for information related to information technology controls and security.

• Identify and report on IT control program status and metrics; Assist with Audit Committee and Board reporting.

• Document and maintain risk-based compliance policies and procedures; Develop and maintain IT controls related content for the Information Security & Compliance intranet site.

• Assist in effective management of internal and external audit efforts and partnership; Drive for timely submission of critical audit and compliance deliverables.

• Coach, mentor, and oversee company employees and/or external consultants on a periodic basis.

• Perform QA reviews of IT controls related work products (e.g., user attestations packages) and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners.

• Lead and/or participate in special project teams supporting general business initiatives outside of the primary Information Security & Compliance function.

• Maintain knowledge of legislation and regulation changes related to the financial industry; understanding of applicable finance industry security and privacy regulations, procedures and issues, and assist in ensuring the organization remains compliant with such laws and regulations.

• Assist in the creation of and updates to department documentation including operating procedures, RACI charts, and process diagrams.

• Assist with IT-related aspects of vendor risk management program functions (e.g., risk assessments, due diligence documentation reviews, control testing, contract reviews).

• Perform other duties as assigned.

Qualifications:

• Bachelor's Degree in Accounting, Management Information Systems, Computer Science or related discipline required. Currently holds an IT risk management, governance, or audit and control professional certification or equivalent (e.g., CISA, CCAK CRISC, CGEIT).

• Other relevant professional certifications such as Certified Internal Auditor (CIA), Certified Public Accountant (CPA) or Certified Scrum Master (CSM) are preferred.

• Eight (8) years of experience in IT internal/external auditing and internal control projects required.

• Experience in a public accounting firm and/or consulting in the financial services industry preferred. 

• Theoretical knowledge and practical application of major risk and IT control frameworks, IT industry standards, and financial services regulations surrounding IT (e.g., PCI, NIST, ISO27000 series of standards, FFIEC, CMM, COBIT, ITIL, COSO)

• Ability to apply understanding of IT security/controls risk vs. business impact in decision making

• Ability to influence without authority

• Solid understanding and ability to apply security concepts across a broad scope of information technology areas including data communications, network design, operations, database structures, operating systems, application development, security risk assessment, and disaster recovery

• Advanced knowledge and experience in identification, validation, design, and operating effectiveness of IT controls (e.g., general computer controls, application controls)

• Project management skills including ability to manage multiple projects and work effectively with ITS and business resources to drive internal control, process improvement, and remediation efforts

• Working knowledge of and experience with various operating system and database platforms (e.g. Windows AD, Unix, Oracle, SQL)

• Strong business acumen; Ability to communicate compliance and IT technical requirements into relevant and understandable terms for IT and business personnel and vice versa for IT personnel

• Solid knowledge of internal control reports (e.g., SOC1, SOC2)

• Proficiency in using word processing, flow charting (e.g., Visio) and advanced features of spreadsheet computer software applications

• Ability to travel as needed to successfully perform position responsibilities

#LI-LM1

About Velera

At Velera we are committed to fostering a workplace where every employee feels valued, respected, and connected. We understand, attract and engage a diverse workforce where every employee can live up to their full potential; ensuring that our employee base reflects the consumers we serve. The result of this effort is an inclusive environment where diverse talent thrives. We strive to foster a safe and inclusive work environment for people to bring their authentic selves in order to build a better community within our company and with our partners.   Learn more about our commitment to Diversity, Equity, and Inclusion HERE

Pay Equity

$95, $124,500.00

Actual Pay will be adjusted based on experience and other job-related factors permitted by law.

Great Work/Life Benefits

• Competitive wages

• Medical with telemedicine

• Dental and Vision

• Basic and Optional Life Insurance

• Paid Time Off (PTO)

• Maternity, Parental, Family Care

• Community Volunteer Time Off

• 12 Paid Holidays

• Company Paid Disability Insurance

• 401k (with employer match)

• Health Savings Accounts (HSA) with company provided contributions

• Flexible Spending Accounts (FSA)

• Supplemental Insurance

• Mental Health and Well-being: Employee Assistance Program (EAP)

• Tuition Reimbursement

• Wellness program

• Benefits are subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions

Velera is an Equal Opportunity Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state or local law.

Velera is an Equal Opportunity Employer that complies with the laws and regulations set forth in the following "EEO is the Law" Poster. Velera will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the legal duty to furnish information.

Velera is an E-Verify Employer. Review the E-Verify Poster here.  For information regarding your Right To Work, please click here.

This role is currently not eligible for sponsorship.

As an ongoing commitment to reasonably accommodate individuals with disabilities please contact a recruiter at for assistance.