Compliance and Information Security QA Lead

Position Type:
Full-time

 

CSI is seeking a highly organized, self-motivated, problem solver to join our team as a Compliance & Information Security QA Lead.

 

About CSI

Corporate Spending Innovations (CSI) provides innovative payment solutions to world-leading brands with highly secure corporate payment solutions. CSI customers can automate 100% of B2B payables including virtual credit card, ghost card, proprietary network, ACH, check, or FX with cross-border payments settled in local currency. CSI is a certified Mastercard processor and has obtained Visa Ready for Business Solutions approval and is a fully owned division of Edenred SA, the world leader in transactional solutions for companies, employees, and merchants.

CSI is more than just a virtual credit card provider. We are global leaders in FinTech (Financial Technology). That means we’ve built an elite crew of AP-certified payments experts, software developers, relationship managers, and integration specialists to solve corporate spending challenges across the globe.

 

Position Overview

The Compliance and Information Security QA Lead will support the transformation of the IT risk governance function and play a critical role in the refinement of the program. The incumbent will conduct periodic reviews of the existing program scope and identify areas for control rationalization, control enhancement, and testing approach. The Compliance and Information Security QA Lead will perform comprehensive reviews of IT processes to ensure appropriate controls and procedures are in place and operating effectively. The incumbent will play a key role in the execution of the IT Security Program and make recommendation to various levels of management for enhancing processes and controls and improving or creating documentation to meet SOC, PCI, HIPAA and other audit requirements. This role requires strong leadership and communication capabilities. Forming strong relationships with business partners and fostering a collaborative environment are critical to success in this role. This role will serve as a key contact for external auditors and will coordinate IT related audits, risk assessments and Business Continuity/Disaster Recovery, Incident Response projects. This position reports to the Compliance Officer.

 

Job Responsibilities
  • Coordinates and completes the following reports and audits:
    PCI-DSS
    SOC
    HIPAA
    Vendor and Partner Questionnaires
    Other related duties as assigned
  • Maintains a high level of visibility across the organization with various levels of management and serves as a key point of contact for the IT Dept.
  • Manages communications with key partners, including messaging of risk management objectives, requirements and facilitating discussions on controls.
  • Leads the walkthrough process with management and external audit.
  • Collaborates with IT partners to identify areas where control enhancements and/or documentation improvements are needed and coordinates initiatives to address areas of opportunity.
  • Reviews general IT controls, IT application controls, and key reports and makes recommendations for new processes or enhancements.
  • Reviews testing approach and aligns expectations with external auditors to ensure documentation and testing complies with industry standards and allows for reliance by the external auditors.
  • Leverages knowledge of audit and SOC methodology and industry requirements to ensure effective and efficient controls are in place.
  • Partners closely with the IT Department to achieve shared objectives.
  • Researches and assesses deficiencies identified and works with management to identify an appropriate solution. Follows up on remediation activities to verify appropriate resolution.
  • Facilitates the planning, risk assessment and scoping activities for IT processes.
  • Manages communication with external auditors and serves as a liaison between external audit and IT.
  • Reviews SOC report evaluations to ensure exceptions are appropriately addressed and appropriate complementary controls are in place and operating effectively.
  • Creates, maintains, and updates IT departmental procedures.

 

Experience and Qualifications
  • Bachelor’s degree in a related field required. Equivalent combination of education and experience will be considered.
  • A minimum of 5 years of related experience.
  • GSE, CISSP or similar designation or equivalent work experience
  • Self-starter with the ability to consistently execute on initiatives.
  • Strong verbal and written communication skills.
  • Strong ability to influence key stakeholders to prioritize and advance initiatives.
  • Demonstrated organization, time management, and project management skills.
  • Strong data analysis skills, with the ability to see draw insights and tell a story with data to key internal and external stakeholders.
  • Familiarity with a range of industry standard security tooling (e.g. email gateways, IDS/IPS cryptographic controls, PKI, etc).
  • Complies with all BSA/AML requirements.

 

Company Perks
  • 100% employer paid Health Insurance for employee
  • 401K
  • Paid Holidays
  • Paid Vacation
  • Catered lunches
  • Gym membership

 

This position is eligible for remote work. Remote incumbent may be expected to travel to Bonita Springs, FL infrequently for key meetings.

All applicants must successfully complete a background and drug test.

 

Equal Employment Opportunity

We are committed to leveraging the talent of a diverse workforce to create great opportunities for our business and our people. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state or local law.

 

  • Drop files here or
  • We take privacy and the security of your information seriously. Read our privacy policy to learn more.
  • This field is for validation purposes and should be left unchanged.
Recommended Posts