Senior ITS Security Compliance Analyst - REMOTE

Join the People Helping People

Velera is the nation’s premier payments credit union service organization (CUSO) and an integrated fintech solutions provider. The company serves more than 4,000 financial institutions throughout North America, operating with velocity to help our clients keep pace with the rapid momentum of change and fuel growth in the new era of financial services. Our purpose: We accelerate partners’ success through innovative financial technology solutions and inspired service.

The Opportunity:

The Senior IT Security Compliance Analyst provides support for technology compliance programs, including leading and executing functions and duties that may include: consulting and collaborating with business and technology stakeholders at all levels on control design and remediation to migitigate technology risks; participating on large-scale projects; maintaining IT control library/testing general computer and application controls; coordinating and supporting technology components of onsite and virtual audits/assessments, NCUA examinations and client due diligence reviews; performing segregation of duties reviews and user attestations; documenting process flows and compliance-related deliverables; assisting with creation and maintenance of IT and information security policies and standards required to maintain company certifications (e.g., PCI DSS, NIST CSF); coaching and cross-training technology compliance staff. The individual will execute assigned duties to meet stated priorities and SLAs. The individual plays a critical role in driving technology control and compliance practices and adoption across the company. This role directs and advises technical SMEs in the design, implementation, monitoring and reporting of technology control and compliance processes and documentation on premise and in the Cloud.

Day in the Life:

• With minimal oversight, execute technology compliance and governance duties as assigned to meet company information security & technology compliance standards, industry requirements, and applicable laws and regulations (e.g., PCI DSS, NIST CSF, NIST AI Risk Mgt).

• Participate on strategic business and client commercialization projects (e.g., consulting, documenting, validating, and testing Blueprint controls); Review, test, and validate user account and security configurations for compliance with information security and technology policies/standards; Collect and maintain appropriate evidence and supporting documentation.

• Collaborate with and advise technical and business unit resources at all levels on designing, implementing, and remediating technology controls that achieve risk and control objectives and meet compliance requirements while striking a balance between costs vs. benefits.

• Execute segregation of duties (SOD) reviews and user attestations of internal/business partner systems and client online banking platforms.

• Document, maintain, and facilitate technology compliance deliverables (e.g., PCI Scope Validation, Targeted Risk Assessments, Compensating Control Worksheets, Shared Responsibility Matrices, process flows, department procedures).

• Identify and report on technology control status and metrics; Assist with Audit Committee and Board reporting.

• Coordinate and support technology components of internal/external audits and assessments (e.g., SOC1/2, PCI DSS, NIST CSF, NIST AI Risk Mgt, NACHA) and onsite/virtual client reviews; Drive for timely submission of critical audit and compliance deliverables.

• Perform QA reviews of technology compliance work products (e.g., user attestation packages) and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners.

• Cross-train, coach, and mentor technology compliance team members in performing job functions.

• Support vendor risk governance program, RFPs, and client due diligence responses (e.g., SIG questionnaires, cybersecurity risk assessments).

• Perform other duties as assigned.

Qualifications:

• Bachelor’s degree in computer science, information systems, cybersecurity, or related field, or equivalent combination of education and experience required. Cybersecurity risk management, governance, and control professional certification required (e.g., CISA, CRISC, CGEIT).

• Other relevant professional certifications preferred (e.g., PCI Internal Security Assessor (ISA), PCI Qualified Security Assessor (QSA), Certificate of Cloud Security Knowledge (CCSK), Project Management Professional (PMP), Certified ScrumMaster (CSM)).

• Eight (8) years of relevant work experience in public accounting firm, IT controls consulting/testing, PCI/NIST CSF assessments, IT internal/external auditing, and technology risk management required. Experience in identification, validation, design, and testing operating effectiveness of general computer and application controls. Experience assessing cloud security and controls required. Experience in financial services required.

• Demonstrate behaviors based on Velera values: Dedication, Collaboration, Belonging, Curiousity, & Integrity

• Theoretical knowledge and practical application of major risk and IT control frameworks, IT industry standards, and financial services regulations surrounding IT (e.g., PCI, NIST CSF, NIST AI Risk Management, FFIEC, NACHA, CMM, COBIT, ITIL, COSO)

• Solid knowledge of independent audit and assessment reports per job function (e.g., SOC1/2, PCI DSS AOC/ROC

• Ability to work with cross-functional technology and business teams

• Ability to apply understanding of IT security/controls risk vs. business impact in decision making

• Ability to influence without authority

• Ability to be flexible and work under high pressure in a complex environment with frequently shifting priorities

• Strong organizational and time management skills; Ability to multi-task and juggle competing tasks under strict deadlines

• Self-starter with minimal management supervision; Ability to take ownership, seeing tasks and projects through to satisfaction and completion

• Interpersonal skills necessary to interact with executive management and to obtain cooperation from all levels of management and other company personnel

• Solid understanding and ability to apply security concepts across a broad scope of information technology areas including cloud, data communications, network design, operations, database structures, operating systems, application development, security risk assessment, and disaster recovery

• Solid knowledge of and experience with various operating system and database platforms (e.g. Windows AD, Azure, Unix, Oracle, SQL)

• Project management skills including ability to manage multiple projects and work effectively with technology and business resources to drive internal control, process improvement, and remediation efforts

• Strong business acumen; ability to communicate compliance and technical requirements into relevant and understandable terms for business personnel and vice versa for technology personnel

• Ability to communicate effectively, both verbally and in written formats

• Demonstrated strong analytical, problem solving, and critical thinking skills

• Ability to work well in team environment

• Ability to exercise discretion, situational awareness, and good judgment in making decisions

• Proficiency in Word, flow charting (e.g., Visio) and advanced features of spreadsheets (Excel)

• Ability to travel as needed to successfully perform position responsibilities, less than 25%

• Ability to maintain confidentiality of materials handled

About Velera

At Velera, inclusion isn’t an initiative – it’s how we work. Guided by a people‑helping‑people philosophy, we cultivate a culture where every employee feels valued, respected and empowered to do their best work. We’re committed to building a diverse workforce and fostering meaningful connection across our teams. Through a remote‑first, flexible environment, we prioritize psychological safety, wellbeing and belonging so individuals and teams can collaborate to thrive. Together, we’re shaping a new era of secure, innovative solutions for the clients and communities we serve. Learn more about what it’s like to work at Velera.

Pay Equity

Actual Pay will be adjusted based on experience and other job-related factors permitted by law.

Great Work/Life Benefits!

• Competitive wages

• Medical with telemedicine

• Dental and Vision

• Basic and Optional Life Insurance

• Paid Time Off (PTO)

• Maternity, Parental, Family Care

• Community Volunteer Time Off

• 12 Paid Holidays

• Company Paid Disability Insurance

• 401k (with employer match)

• Health Savings Accounts (HSA) with company provided contributions

• Flexible Spending Accounts (FSA)

• Supplemental Insurance

• Mental Health and Well-being: Employee Assistance Program (EAP)

• Tuition Reimbursement

• Wellness program

• Benefits are subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions

Velera is an Equal Opportunity Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state or local law.

Velera is an Equal Opportunity Employer that complies with the laws and regulations set forth in the following "EEO is the Law" Poster. Velera will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the legal duty to furnish information.

Velera is an E-Verify Employer. Review the E-Verify Poster here. For information regarding your Right To Work, please click here.

This role is currently not eligible for sponsorship.

As an ongoing commitment to reasonably accommodate individuals with disabilities please contact a recruiter at recruiters@velera.com for assistance.