Analyst - Technology and Security Risk

Security Governance, Risk & Compliance Analyst

At Early Warning, we've powered and protected the U.S. financial system for over thirty years with cutting-edge solutions like Zelle®, Paze℠, and so much more. As a trusted name in payments, we partner with thousands of institutions to increase access to financial services and protect transactions for hundreds of millions of consumers and small businesses.

Positions located in Scottsdale, San Francisco, Chicago, or New York follow a hybrid work model to allow for a more collaborative working environment.

Candidates responding to this posting must independently possess the eligibility to work in the United States, for any employer, at the date of hire. This position is ineligible for employment Visa sponsorship.

Overall Purpose

The Security Governance, Risk & Compliance Analyst conducts comprehensive activities supporting information security governance, risk, and compliance, including but not limited to drafting and updating security policies, standards, and procedures; performing security risk assessment and remediation activities; supporting the internal controls testing program; facilitating audits and assessments; information security issues oversight; supporting security training and awareness activities.

Essential Functions

• Plan and support the Security Governance, Risk and Compliance programs and department initiatives
• Further develop Security Governance, Risk and Compliance skills and support at least two of the functional areas within Security Governance, Risk and Compliance: Risk management, PCI assessments, Internal Audits, Security policy management, GRC tool management, remediation plans for security-related findings (IA, OCC, SOC-2, etc.), participation and facilitation of external audits: (GLBA, SOC-2, customer audits, consolidated customer audits), Security trainings and user responsibility agreements, ensure adherence to policies and deadlines, and provide assistance to remediation owners for interpretation of policies and processes in line with the objectives of the organization and regulators.
• Provide consultation to management on regulatory, legal, and contractual requirements.
• Perform GRC activities using the GRC platform; support the Security Department with GRC platform usage and best-practices.
• Engage business owners throughout the organization in the development and enforcement of security policies, standards, procedures, and guidelines at the direction of Security Management.
• Oversee the completion of internal control testing; advise management on control design and implementation; perform testing where needed.
• Identify control gaps and weaknesses, and track and report remediation progress.
• Assess information security risk and recommend mitigation activities in alignment with Enterprise and Operational Risk Management requirements.
• Facilitate the collection and review of documentation required for internal and external audits and assessments (SOC-2, GLBA, FISMA, PCI-DSS, others).
• Facilitate the execution of internal and external audits and assessments.
• Conduct security GRC reporting (risk, controls, issues, or otherwise) for management and stakeholders.
• Create monthly security-focused metrics reporting for management and senior leadership.
• Maintain compliance programs (security awareness and training activities, phishing and password, etc.) according to their set schedules.
• Support the company's commitment to protect the integrity and confidentiality of systems and data.

Minimum Qualifications

• Education and experience typically obtained through completion of a bachelor's degree.
• Minimum 2 years direct/ related work experience in security, governance, risk, and compliance, risk management, IT audit, information technology, or related.
• Excellent written/verbal communication skills, with ability to present to peers and co-workers
• Working knowledge of common security frameworks such as: HITRUST, ISO 27001, NIST, PCI-DSS or SOC
• Background and drug screen.

Preferred Qualifications

• Additional related education and/or experience preferred.
• Prior financial services or FinTech experience.
• Prior GRC, Information Security & Technology Consulting, or Advisory experience with leading consulting firms such as KPMG, Deloitte, E&Y, PWC is highly desirable.
• Working knowledge of ISO 27002, PCI DSS 3.2 or current, NIST 800-53a, Standard Information Gathering Questionnaires, FFIEC handbooks, SOC-2 Type II, GLBA, FCRA, NYDFS, and data privacy.

The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.

Physical Requirements

Working conditions consist of a normal office environment. Work is primarily sedentary and requires extensive use of a computer and involves sitting for periods of approximately four hours. Work may require occasional standing, walking, kneeling and reaching. Must be able to lift 10 pounds occasionally and/or negligible amount of force frequently. Requires visual acuity and dexterity to view, prepare, and manipulate documents and office equipment including personal computers. Requires the ability to communicate with internal and/or external customers. Employee must be able to perform essential functions and physical requirements of position with or without reasonable accommodation.

The base pay scale for this position in: Phoenix, AZ/ Chicago, IL / Washington, DC in USD per year is: $76,000 - $95,000. New York, NY/ San Francisco, CA in USD per year is: $91,000 - $114,000. Additionally, candidates are eligible for a discretionary incentive plan and benefits.

Some of the Ways We Prioritize Your Health and Happiness

• Healthcare Coverage – Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
• 401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
• Paid Time Off – Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
• 12 weeks of Paid Parental Leave
• Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.

And SO much more! We continue to enhance our program, so be sure to check our Benefits page here for the latest. Our team can share more during the interview process!

Early Warning Services, LLC ("Early Warning") considers for employment, hires, retains and promotes qualified candidates on the basis of ability, potential, and valid qualifications without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote equal employment opportunity and affirmative action, in accordance with all applicable federal, state, and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our employees.

Early Warning Services LLC is a proud participant in E-Verify, a federal program to help ensure a legal and authorized workforce. As part of our hiring process, we electronically verify the employment eligibility of all new hires through E-Verify. For more information on your rights and responsibilities under E-Verify please visit Home | E-Verify.