Senior Security Compliance Manager

Own bank compliance and controls testing, monitoring and issue management

Manage ongoing investor audits like SOC2, PCI DSS, SOX ITGC, GLBA and security due diligence questionnaires

Serve as the primary liaison between internal stakeholders (i.e. Cybersecurity,

Technology, Product, Risk, Privacy, Internal Audit, HR, Legal, Sales etc…) and external auditors, regulators, and third-party assessors

Monitor compliance with cybersecurity policies and standards and assess security compliance risks for bank scoped products, processes and technologies in a cloud environment

Partner with stakeholders to conduct walkthroughs and create process maps for critical cybersecurity processes, facilitating in risk and control identification and ensure the environment is operating safely and in control

Translate technical controls and requirements into audit-ready evidence, and work with technical teams to align implementations with compliance expectations

Support regulatory, third party attestation, and Internal Audit, audit readiness activities, ensuring control design and execution meet internal policy and external regulatory standards

Communicate clearly and effectively with both technical and non-technical audiences, including executives, control owners, and external assessors.

BS degree in Computer Information Systems or related field

7+ years of experience with security GRC initiatives Experience with regulatory cybersecurity compliance examinations

Substantive and current knowledge of transaction banking compliance, consumer and commercial lending, deposit, wires, cards and privacy regulations applicable to banks

Experience with onboarding and monitoring cybersecurity controls in cloud environments specifically AWS

Experience with AI governance and risk assessments using frameworks like NIST AI RMF, ISO42001, ISO 38507 and other privacy regulations like CCPA, GDPR etc

Strong knowledge of security risk management and running audits/certification programs

Self-starter with strong interpersonal and communication skills

Demonstrate ability to assimilate new knowledge quickly

Comfortable working in a fast-paced, dynamic environment, and managing multiple projects concurrently

Experience with managing programs in GRC tools

Banking/Fintech, Big 4, or management/IT consulting experience

Strong risk management and governance experience KRI’s/KPI’s reporting

Familiarity with CSPM, AWS security, CI/CD, SAST/DAST, SIEM and vulnerability

management tools

Strong JIRA and workflow management and agile project management experience

Direct experience with regulatory cybersecurity compliance examinations

Relevant certification (e.g. CISA, CISSP, PCI QSA, AWS certifications) or equivalent expertise

Have risk assessment expertise with PCI DSS 4.0.1, SOX, NIST 800-53/800-37, NIST CSF, SOC 2, PCI, NYDFS NYCRR PART 500 and/or ISO 27001 standards, integrated controls framework, and evaluating design and effectiveness of IT controls working directly with auditors, regulators, investors

Experience in building successful compliance programs for banks or fintech

Experience defining compliance roadmaps based on customer requirements,

compliance documentation, and ensuring that committed assessments are delivered on schedule

Technical fluency; comfortable understanding and discussing technology concepts, experience evaluating tradeoffs and new opportunities with technical team members