InfoSec Compliance Analyst

We are seeking a driven and meticulous Information Security Compliance Analyst to support the intersection of project management, financial services compliance, and information security initiatives. This cross-functional role will own and lead our Information Technology, Information Security, and Cybersecurity audit and other functions (external IT audits, InfoSec questionnaires, PCI audits, disaster recovery audits, etc.), enabling the organization to maintain regulatory compliance, minimize risk, and safeguard sensitive data.

The ideal candidate will be proactive, organized, and comfortable collaborating across multiple teams, including Product, Engineering, Legal, Compliance, and Operations, and with external parties, including our bank partner and third-party audit firms.

• Assist with administering, documenting, auditing, and enforcing the organization's information security policies and standards.
• Coordinate vulnerability management, user access reviews, and security incident response drills.
• Support third-party risk management by evaluating vendor security practices and contracts.
• Lead the annual PCI audit, and associated internal processes and controls.
• Lead work (i.e., access control review) associated with quarterly and annual tasks to ensure the fulfillment of controls associated with compliance with internal policy, PCI, and SOC requirements.

• Supervise evolving regulatory requirements within the IT space (primarily PCI DSS, SOC 2) and assist in translating them into actionable internal policies and procedures.
• Serve as primary owner of responses to audits, examinations, and internal controls testing within the Information Technology, Information Security, and Cybersecurity area.
• Maintain documentation related to risk assessments, compliance certifications, vendor due diligence, and regulatory filings.

• Serve as a project coordinator for compliance and security-related initiatives, ensuring we achieve our goals and commitments.
• Develop project plans, handle risk logs, and supervise progress on remediation activities from security assessments or compliance reviews.

• Proven ability in compliance, Information Technology, Information Security, Cybersecurity, and IT Audits, preferably within financial services or fintech environments.
• Familiarity with IT / InfoSec regulatory standards (Specifically: PCI DSS, ISO 27001, SOC 1 & 2).
• Deep Understanding of basic information security concepts (e.g., access control, encryption, incident response).
• Experience with FFIEC Information Technology, Information Security, and Business Continuity Management booklets.
• Excellent documentation, communication, and organizational skills.
• Ability to work independently, prioritize multiple tasks, and collaborate with cross-functional stakeholders.

• Bachelor’s degree or equivalent experience in Information Security, Business Administration, Risk Management, Finance, or related field.
• Industry certifications such as:
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP) Associate or full.
• Familiarity with security technologies (SIEM tools, endpoint protection, encryption technologies).
• Experience working in AWS environments, with OKTA and Kandji.

This is a Hybrid position. We work in the office three days a week, and our office is centrally located in downtown Seattle.

The compensation range for this role is $127,700 to $134,800. We also offer significant stock options, comprehensive benefits, a bonus plan, commuter benefits, and an excellent office space with complimentary drinks and food options.