Security Compliance Analyst at Personal Capital
Security Compliance Analyst
Opportunity: Welcome to the blue team! As a core member of our security team, you will lead and execute on your set of security initiatives and engage broadly with every aspect of our growing business to block and tackle threats. You will work with our security team to enhance the overall security posture of the company while building a dynamic control environment. This will not be your typical compliance role, expect your hands to get dirty. We will learn and innovate together as we secure the organization while enabling the expected agility and speed. Boredom will not join us in this journey!
Candidate: You are passionate, curious and self-driven. Your vision encompasses the different domains of security and you have good familiarity with ISO27K as well as other major frameworks. You enjoy solving complex challenges with incomplete information, juggle many balls while getting more thrown at you and have fun while doing it. You don’t know everything but, given a new problem you have strong enough foundations to untangle, self-learn and identify creative ways to solve it. Having a special relationship with the checkbox is a plus.
The Role: You will work with the team to execute on the current portfolio of projects, which span the entire spectrum of Information Security domains.
- Monitor, update and/or implement security controls across all business areas.
- Assume ownership of our security framework mapped to processes, procedures, policies and standards.
- Collaborate with internal compliance partners to ensure cybersecurity controls meet objectives of all our compliance frameworks.
- Perform risk assessments and information security reviews for vendors and third-parties.
- Assess residual risks arising from third-parties, vendors and partners in our ecosystem and design bespoke controls to mitigate such risks.
- Promote security awareness within the organization and identify risks that are presented on an ongoing basis.
- Communicate with various technology and business teams to maintain cross-functional alignment on regulatory and policy requirements.
- Manage audit readiness, compliance reporting, compliance information & evidence management, and controls monitoring for multiple business functions.
- Serve as the liaison to third-party auditors and regulators to complete audits in a timely manner.
- Test operational effectiveness of current and future controls that pertain to compliance requirements.
- Design control testing automation so that key controls can be dynamically monitored.
Required Skills and Experience:
- Bachelor’s degree or higher in Computer Science or related field.
- 3-5 years or more of relevant information security experience.
- Good understanding of industry known security & audit frameworks such as ISO 2700x series, NIST SP-800 series, PCI, SOC and/or others.
- Fundamental knowledge of at least one scripting language to allow compliance automation (python is preferred)
- Good understanding of maintaining risk based controls in a changing environment.
- Unimpeachable integrity, character, courage and honesty.
Desirable Skills and Experience
- Experience in FinTech or Financial Services industry
- Big 4 or relevant consulting experience pertaining to risk management and compliance
- Information security certifications - CISA, CISM or CISSP preferred
- Familiarity with AWS cloud environments & SaaS services
- Experience with GRC tools in a production environment
Location: United States (Remote or in one of our Offices)