Information Security Program Manager (Penetration Testing) - REMOTE

Join the People Helping People

Velera is the nation’s premier payments credit union service organization (CUSO) and an integrated fintech solutions provider. The company serves more than 4,000 financial institutions throughout North America, operating with velocity to help our clients keep pace with the rapid momentum of change and fuel growth in the new era of financial services. Our purpose: We accelerate partners’ success through innovative financial technology solutions and inspired service.

The Information Security Program Manager will be responsible for ensuring the organization meets information security standards and objectives to protect sensitive data and systems from threats. This includes assisting with setting security requirements and baselines, developing and implementing security policies, conducting risk assessments, and ensuring compliance with relevant regulations. They also work with various teams (internal and external) to mitigate risk, integrate security measures into business operations, and foster a security-conscious culture.

• Supports the development, implementation, monitoring and communication of the information security program and related activities
• Works in collaboration with key stakeholders and technical teams across the organization to ensure that the information security program and requirements aligns with business objectives, mission, and values by developing comprehensive processes, strategies and tactics
• Maintains a current understanding of emerging cyber threats, and new solutions which may impact cloud and on premises environments
• Maintains penetration testing program, conducts red team and blue team exercises, performs internal and external penetration testing, and application vulnerability assessments to identify potential threats
• Performs focused information security risk assessments of existing or new business processes, services and technologies, along with business counterparts
• Communicates security risk assessment findings to information stakeholders, security leadership, risk management, information governance, and internal audit as necessary
• Maintains strong working relationships with individuals and groups involved in managing information security risks across the organization
• Facilitate the organization by implementing the risk management process and assisting individuals in identifying, analyzing, and evaluating risks in accordance with policy
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
• Performs review and validation of all deliverables for SOC, Incident Response (IR), Threat Intelligence, Threat Hunting, to improve overall security posture
• Provides consultative advice to cybersecurity governance or security teams that enables them to suggest informed risk mitigation decisions
• Provides knowledge and expertise in government regulatory processes and documentation, including but not limited to Risk Management Approach (RMA), National Institute of Standards and Technology (NIST) standards, and policies and procedures
• Translates technical information security requirements into clear, actionable policies that employees can understand and follow
• Monitors and audits compliance of cybersecurity policies to identify gaps
• Perform all other duties as assigned

Qualifications

• BS or MA in Computer Science, Information Security, or equivalent combination of education and experience within Information Technology

• 8+ years of experience in cybersecurity, with focus in the areas of information risk analysis, security engineering or security architecture role

• 5+ years of experience with regulatory compliance and information security management frameworks (e.g., ISO 27000, COBIT, NIST CSF, PCI DSS)

• Must possess at least one of the following certifications CompTIA PenTest+, CEH, CPT, CEPT, or CCPT required
• Must possess the CISSP certification or equivalent information security certification or experience

• Experience in application development security and relevant tools such as SAST, DAST, SCA, RASP, and IAST

• Experience building, executing, managing, and maintaining a penetration testing program

• Experience in performing penetration testing, secure code review, static, dynamic and manual source code review

• Experience in program and project management

• Experience in cybersecurity strategy planning

• Experience identifying and assessing risks to the organization's business

• Experience crafting and executing Information Security initiatives, including capturing and redefining requirements into impactful work items

About Velera

At Velera we are committed to fostering a workplace where every employee feels valued, respected, and connected. We understand, attract and engage a diverse workforce where every employee can live up to their full potential; ensuring that our employee base reflects the consumers we serve. The result of this effort is an inclusive environment where diverse talent thrives. We strive to foster a safe and inclusive work environment for people to bring their authentic selves in order to build a better community within our company and with our partners. Learn more about our commitment to Diversity, Equity, and InclusionHERE!

Pay Equity

to

Actual Pay will be adjusted based on experience and other job-related factors permitted by law.

Great Work/Life Benefits!

• Competitive wages

• Medical with telemedicine

• Dental and Vision

• Basic and Optional Life Insurance

• Paid Time Off (PTO)

• Maternity, Parental, Family Care

• Community Volunteer Time Off

• 12 Paid Holidays

• Company Paid Disability Insurance

• 401k (with employer match)

• Health Savings Accounts (HSA) with company provided contributions

• Flexible Spending Accounts (FSA)

• Supplemental Insurance

• Mental Health and Well-being: Employee Assistance Program (EAP)

• Tuition Reimbursement

• Wellness program

• Benefits are subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions

Velera is an Equal Opportunity Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state or local law.

Velera is an Equal Opportunity Employer that complies with the laws and regulations set forth in the following "EEO is the Law" Poster. Velera will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the legal duty to furnish information.

Velera is an E-Verify Employer. Review the E-Verify Poster here. For information regarding your Right To Work, please click here.

As an ongoing commitment to reasonably accommodate individuals with disabilities please contact a recruiter at recruiters@velera.com for assistance.