Senior ITS Security Compliance Analyst - REMOTE

About the role

The Senior IT Security Compliance Analyst provides support for technology compliance programs, including leading and executing functions and duties that may include: consulting and collaborating with business and technology stakeholders at all levels on control design and remediation to migitigate technology risks; participating on large-scale projects; maintaining IT control library/testing general computer and application controls; coordinating and supporting technology components of onsite and virtual audits/assessments, NCUA examinations and client due diligence reviews; performing segregation of duties reviews and user attestations; documenting process flows and compliance-related deliverables; assisting with creation and maintenance of IT and information security policies and standards required to maintain company certifications (e.g., PCI DSS, NIST CSF); coaching and cross-training technology compliance staff. The individual will execute assigned duties to meet stated priorities and SLAs. The individual plays a critical role in driving technology control and compliance practices and adoption across the company. This role directs and advises technical SMEs in the design, implementation, monitoring and reporting of technology control and compliance processes and documentation on premise and in the Cloud. Day in the Life: With minimal oversight, execute technology compliance and governance duties as assigned to meet company information security & technology compliance standards, industry requirements, and applicable laws and regulations (e.g., PCI DSS, NIST CSF, NIST AI Risk Mgt). Participate on strategic business and client commercialization projects (e.g., consulting, documenting, validating, and testing Blueprint controls); Review, test, and validate user account and security configurations for compliance with information security and technology policies/standards; Collect and maintain appropriate evidence and supporting documentation. Collaborate with and advise technical and business unit resources at all levels on designing, implementing, and remediating technology controls that achieve risk and control objectives and meet compliance requirements while striking a balance between costs vs. benefits. Execute segregation of duties (SOD) reviews and user attestations of internal/business partner systems and client online banking platforms. Document, maintain, and facilitate technology compliance deliverables (e.g., PCI Scope Validation, Targeted Risk Assessments, Compensating Control Worksheets, Shared Responsibility Matrices, process flows, department procedures). Identify and report on technology control status and metrics; Assist with Audit Committee and Board reporting. Coordinate and support technology components of internal/external audits and assessments (e.g., SOC1/2, PCI DSS, NIST CSF, NIST AI Risk Mgt, NACHA) and onsite/virtual client reviews; Drive for timely submission of critical audit and compliance deliverables. Perform QA reviews of technology compliance work products (e.g., user attestation packages) and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners. Cross-train, coach, and mentor technology compliance team members in performing job functions. Support vendor risk governance program, RFPs, and client due diligence responses (e.g., SIG questionnaires, cybersecurity risk assessments). Perform other duties as assigned.