IT Security Compliance Assurance Analyst
Rethink what’s possible with SwitchThink! SwitchThink Solutions is an IT Services CUSO from Desert Financial.
As a collaborative partner for innovation, SwitchThink Solutions offers technology solutions that help credit unions achieve their transformational goals. Our knowledgeable development, infrastructure, and IT operations experts work hand-in-hand with our clients to maximize the benefits of their technology and speed their results.
The Security Compliance Assurance Analyst is responsible for supporting the readiness to obtain Payment Card Industry Report on Compliance (PCI ROC) and Statement on Standards for Attestation Engagements (SSAE18) compliance and manages the ongoing re-certification process for these compliance initiatives. The Security Compliance Assurance Analyst will also coordinate and lead all IT-related audits. Areas of focus include information security, computer operations, software development, project management, and managed services.
What you will do here:
Support, facilitate, and coordinate audits and regulatory examinations on behalf of SwitchThink, Desert Financial Credit Union, and its subsidiaries.
- Internal Audits
- External Audits
- PCI AOC and ROC
- SSAE18 SOC Type1 and Type 2 Reports on Compliance
Centrally manage evidence collection, submission, communication, management response development, and remediation tracking for all audits and examinations
Perform risk assessments of vendors, software solutions, and system architectures based on known frameworks (NIST, PCI, SOC, etc).
Track Information Security related risks and corresponding action plans with due dates to ensure that issues are resolved.
Maintains and enhances Information Security Policy and Standards documentation and manages exception to standards.
Make recommendations for customized policies, procedures, and controls to improve compliance and risk exposure.
Partner with Learning & Development to enhance the organizational Security Awareness Program to include the development of new content, changes to existing content, and scheduling annual training activities.
Present monthly summary of overall organizational risk and compliance based on policies, exceptions, and current risk exposures.
Perform other job-related duties as assigned.
What you will need:
Bachelor’s degree. Specific field of Business or Information Technology preferred.
5 years of compliance-related or information security-related experience (preferably in the financial/banking industry).
Experience working in a fast-paced environment managing multiple initiatives at once.
Broad information security knowledge across common industry standards (ISO, NIST, COBIT, PCI, FFIEC, etc.).
Experience managing and maintaining a Governance Risk and Compliance platform (Archer, Allgress, LockPath, etc.).
PCI Professional (PCIP) or Internal Security Assessor (ISA) certification. If not currently certified, you must obtain PCI Professional (PCIP) or Internal Security Assessor (ISA) within 6 months of hire.
CISSP, CISA, CISM, or GIAC certifications preferred.
Strong communication skills and ability to communicate effectively (written and verbal) with all levels of staff and management.
Confidence in leading small to medium-sized teams and business meetings.
Attention to detail and ability to work across functions.
Ability to prioritize work within time constraints.
Strong organizational and follow-up skills.
Strong relationship-building skills.
Create and maintain reporting dashboards highlighting trends, progress, gaps, and other Information Security metrics.
Participating in and enhancing an ongoing compliance program.
Experience with Microsoft Office (Outlook, Word, Excel and Power Point, SharePoint, and Visio).
We are proud to be an EEO/AA employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing.
For additional information about our organization, careers and benefits visit www.switchthink.com/careers
Job Status: Full Time
Job Reference #: 76b0e75c-6b45-4290-b1d3-1a9d70a9b788