Sr. IT Security Compliance Analyst

Company: PSCU
Location: Saint Petersburg
Posted on: January 15, 2021

Job Description:

Join the people helping people. For people drawn to serving others through their work, PSCU is a place to thrive, as we serve our credit union members best by taking care of each other first. If you want to help shape an industry, challenge yourself, and invest in your own future, this is the place for you. PSCU is a highly accessible environment where you're empowered to think on your feet, work from your heart, and discover the very best version of your professional and personal self. "Our Momentum. Your Moment." This application is the first step in seizing your moment. This position will provide support for PSCU's Information Technology Compliance Programs and will be responsible for the execution of the IT controls program and established processes to meet stated priorities, including leading, developing, and maintaining the IT controls program. The Sr. IT Security Compliance Analyst develops and maintains standards, processes, and procedures to assess, monitor, report, escalate, and manage remediation of IT control and compliance related issues. This individual will work collaboratively with internal audit, enterprise risk management, and technical teams in the design and implementation of IT controls. This function will include strong collaboration with functional ITS and business leaders to drive IT control and compliance practices and adoption across the company. Essential Functions & Responsibilities Provide ongoing training, guidance, support and IT control and compliance status reporting to the company to build awareness of and promote a progressive and sustainable compliance culture Design, implement, and oversee execution of the IT controls program including periodic control testing (e.g., design and effectiveness) sufficient to meet regulatory requirements and to satisfaction of internal/external auditors Implement and maintain IT controls catalogue and related documentation sufficient to ensure compliance with regulatory requirements and internal policies and procedures Verify user and system security configurations for compliance with internal and external requirements; Collect and maintain appropriate evidence and supporting documentation Build and maintain effective working relationships and liaise with ITS and business unit control owners to collect, report, and retain compliance documentation Identify control gaps and potential remediation steps; lead and/or assist process re-design and coordination of remediation efforts Collaborate with and advise ITS and business unit resources on implementing IT controls that achieve risk and control objectives while striking a balance between costs vs. benefits Respond to internal and external (clients and business partners) due diligence inquiries and requests for information related to information technology controls and security Identify and report on IT control program status and metrics; Assist with Audit Committee and Board reporting Document and maintain risk-based compliance policies and procedures; Develop and maintain IT controls related content for the Information Security & Compliance intranet site Assist in effective management of internal and external audit efforts and partnership; Drive for timely submission of critical audit and compliance deliverables Some supervisory or team-lead experience required of company personnel and/or external consultants on a periodic basis. Performing QA reviews of IT controls related work products (e.g., user attestations packages) and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners. Lead and/or participate in special project teams supporting general business initiatives outside of the primary Information Security & Compliance function Maintain knowledge of legislation and regulation changes related to the financial industry; understanding of applicable finance industry security and privacy regulations, procedures and issues, and assist in ensuring the organization remains compliant with such laws and regulations. Assist in the creation of and updates to department documentation including operating procedures, RACI charts, and process diagrams Assist with IT-related aspects of vendor risk management program functions (e.g., risk assessments, due diligence documentation reviews, control testing, contract reviews). Perform other duties as assigned Experience Eight (8) years of related work experience in a public accounting firm and/or consulting experience A combination of at least three (3) years of progressively responsible experience in IT Internal/External Auditing and five (5) years of experience in internal control projects in the private industry. Education Bachelor's Degree in Accounting, Management Information Systems, Computer Science or related discipline required. Risk management, governance or IT control certification (e.g., CISA, CRISC, CGEIT) or ability to obtain within six months. Other relevant professional certifications such as Certified Internal Auditor (CIA), Certified Fraud Examiner (CFE), Certified Public Accountant (CPA) or Certified ScrumMaster(CSM) are desirable. Knowledge, Skills, & Abilities Demonstrate behaviors based on PSCU values: Excellence, Innovation, Leadership, Passion and Trust Theoretical knowledge and practical application of major risk and IT control frameworks, IT industry standards, and financial services regulations surrounding IT (e.g., PCI, NIST, ISO27000 series of standards, FFIEC, CMM, COBIT, ITIL, COSO) Ability to apply understanding of IT security/controls risk vs. business impact in decision making Ability to influence without authority Ability to be flexible and work under high pressure in a complex environment with frequently shifting priorities Strong organizational and time management skills; Ability to multi-task and juggle competing tasks under strict deadlines Self-starter with minimal management supervision; Ability to take ownership, seeing tasks and projects through to satisfaction and completion Project management skills including ability to manage multiple projects and work effectively with ITS and business resources to drive internal control, process improvement, and remediation efforts Ability to communicate effectively, both verbally and in written formats Solid knowledge of SSAE18 internal control reports (e.g., SOC1, SOC2) Proficiency in using word processing, flow charting (e.g., Visio) and advanced features of spreadsheet computer software applications Ability to travel as needed to successfully perform position responsibilities Ability to maintain confidentiality of materials handled All applications are reviewed by an AIRS Certified Diversity and Inclusion Recruiter. Learn more about our commitment to Diversity, Equity, and Inclusion HERE! PSCU is an Equal Opportunity Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status or membership in any other group protected by federal, state or local law. PSCU is an Equal Opportunity Employer that complies with the laws and regulations set forth in the following "EEO is the Law" Poster and the "EEO is the Law" Poster Supplement . PSCU will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the legal duty to furnish information. For positions based out of our Phoenix, Arizona location, PSCU is an E-Verify Employer. Please click here for the E-Verify Poster in English or Spanish . For information regarding your Right To Work, please click here for English or Spanish . As an ongoing commitment to reasonably accommodate individuals with disabilities, PSCU has established alternative methods to complete the application process. Disabled applicants needing assistance are encouraged to submit resumes via our careers page submission button If further assistance is required.

Keywords: PSCU, St. Petersburg , Sr. IT Security Compliance Analyst, Professions , Saint Petersburg, Florida