Senior Information Security Risk Analyst

About AvidXchange

AvidXchange is a leading provider of accounts payable ("AP") automation software and payment solutions for middle market businesses and their suppliers. By trade, we are a technology company, but if you ask anyone that works here, they'll tell you our people are at the core of who we are. We are all entrepreneurs who love to innovate and win with a passion for serving our customers. While we take personal ownership of our everyday work, we recognize that we only win as a team.

Since our founding in 2000 in Charlotte, NC, we've created a company of over 1,600 teammates working in one of our 7 offices across the U.S., or remotely. We're building more than a tech company - we're building an experience. We remain committed to a culture where you can fully be 'you' - connected with others, chasing big goals and making a meaningful impact. If you want to help us grow while realizing your potential and creating stories you'll tell for years, you've come to the right place.

AvidXchange is proud to be Certified™ as aGreat Place to Work®. The prestigious recognition is based on anonymous data from our teammates and makes official what our teammates have known for years - that AvidXchange is a Great Place to Work®.

Job Overview

As the Senior IT Security Risk Analyst, you will serve on AvidXchange's second line of defense for cyber security. You will be working daily with internal and external stakeholders to craft policy and procedures, drive IT risk assessments, track audit and compliance activities, monitor adherence to policy and standards, inform and guide remediation efforts, and prepare regular reporting for senior leadership. This role will also be a point of contact for cyber risk and compliance initiatives and will support third party risk management efforts.

Responsibilities

• Lead Third Party risk management inquiries and responses while standardizing and maintaining evidence
• Develop technology and information security policies, standards, and controls to enable compliance with applicable regulations and industry standards, including PCI DSS, SOC I & II, and Sarbanes Oxley (SOX)
• Drive security and IT risk assessments on products, services, acquired companies, technologies, applications, and vendors.
• Map compliance and regulations (including PCI DSS, SOC I & II, and SOX) against one another to establish comprehensive control frameworks. Anticipate and prepare for upcoming audits through control documentation and evidence gathering.
• Conduct ongoing compliance monitoring and support risk and issue tracking with periodic updates to management on key compliance metrics across IT, Information Security, BC/DR, and IT Service Management.
• Provide cross-functional expertise and support control development and issue remediation. Maintain relationships across the enterprise including business continuity planning, IT service management, and software engineering.
• Administer SaaS platforms that facilitate governance, risk, and compliance activities.
• Ensure compliance to the business agreement, policies, procedures, & regulations along with ability to map controls and compliance requirements
• Identify process and security gaps, recommend improvements, and assist to implement corrective action
• Identify required process improvements to proactively address risks/vulnerabilities/threats
• Perform and manage Control/Risk Assessment and remediation of identified findings as per process documents

Required Experience, Qualifications, and Skills

• 6+ years of general Information Technology experience including 2 years of Information Security, Compliance, Fraud Prevention, Risk or Audit experience. Experience with PCI, SOX, SOC I, or SOC II preferred

Preferred Experience, Qualifications, and Skills

• Typically requires a University Degree in Cyber Security, Information Systems, Computer Science, or Business Administration, or equivalent experience
• Security certifications such as CISA, CRISC, CGEIT, GSEC, GSNA, GSEC, CISSP, CFE preferred
• Strong technical aptitude and interest in Information Security
• Excellent oral and written communication skills to effectively interact with internal customers and department staff
• Ability to operate with autonomy, driving solutions with little input

Equal Employment Opportunity

AvidXchange is an equal opportunity employer.AvidXchange is committed to equal employment opportunity in accordance withapplicable federal, state, and local laws. AvidXchange will not discriminateagainst applicants for employment on any legally recognized basis. Thisincludes, but is not limited to veteran status, race, color, religion, sex,sexual orientation, gender identity, gender expression, national origin, ageand physical or mental disability.

Other details

• Job Family Information Technology
• Job Function IT Security
• Pay Type Salary
• Employment Indicator Professional