Information Security Risk and Compliance Analyst

The Information Security Risk and Compliance Analyst is responsible for supporting Avant’s security strategy within new and existing information security frameworks. The position requires both an understanding of compliance frameworks and is responsible for the planning and design of policies and process maintenance in addition to evaluation of internal and external partners against Avant’s control framework.

The ideal candidate is technical and possesses at least three years of experience in security,

compliance or risk management. The role oversees the business’ security requirements and

obligations mandated by standards and regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX) and Payment Card Industry Data Security Standard (PCI DSS) among other financial industry frameworks. In tandem with security leadership, the Information Security Risk and Compliance analyst consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the Information Security Risk and Compliance analyst monitors progress and enforces remediation of outstanding issues that may lead to non-compliance or unacceptable risks to the business. As a key member of the security team, the Information Security Risk and Compliance analyst must focus on holistic risk management and not be driven solely by compliance.

What you will do at Avant:

● Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and internal

audit.

● Maintain risk register and evidence archive in the Avant GRC platform.

● Document, formulate and enforce remediation activities that balance risk with business

operations and do not diminish efficiencies or innovation in the business.

● Partner with vendor management in oversight of third parties and business partners to

safeguard against undue risk presented by external entities.

● Analyze assessment findings, document, recommend and report remediation plans to

security leadership.

● Act as a key participant in incident response to track occurrence and resolution, with

strict documentation and reporting.

● Work in tandem with security engineering, internal audit and risk management

leadership to perform ongoing security program assessments .

● Attend and fully engage in change management meetings.

● Liaison with auditors, both internal and external, to attest and implement controls for

compliance and privacy laws.

● Perform other duties as assigned.

Why you are a fit for Avant:

● At least 3+ years’ experience in information security as a practitioner and with at least 2+

years exposure with various security frameworks.

● Knowledge of security technology skills for well-rounded proficiency, as well as proven

ability to align with security practices and compliance responsibilities.

● Experience and understanding of various regulatory requirements and laws, including

but not limited to PCI, GLBA, and NIST Security and Privacy Frameworks. Additional

experience in one or more of the following is a plus: ISO 27001/2, ITIL or FFIEC, FDIC

Regulatory Frameworks

● Exceptional written and verbal communication skills, and proven ability to translate

security and risk to business language.

● Working knowledge of technologies such as cloud computing, DevOps and

understanding of application security best practices as required.

● Up-to-date understanding of a wide-range of incident response, system configuration,

vulnerability management and hardening guidelines.

● Track record of acting with integrity, taking pride in work, seeking to excel, being curious

and adaptable, and communicating effectively.

● Preferred experience with cloud environments such Amazon Web Services (AWS),

Google Cloud and Microsoft Azure.

● Prior experience operating in a GRC system.

● Demonstrated problem-solving capabilities, and ability to manage complex local and

international security requirements.

● Self-motivated, directed and well-organized, with the anticipation to position controls in

anticipation of threats.

● Successful track record of managing relationships with external entities’ and mitigating

risks in business development opportunities.

● Familiarity with state, federal and international privacy laws.

● Highly trustworthy; leads by example.

● Bachelor’s degree in computer science, information assurance, MIS or related field, or

equivalent industry experience

● Hold or working toward one or more of the following a plus: CISSP, CRISC, or CISA,

CGRC

Check out our Avant Blog!

We believe that a diverse set of backgrounds and experiences helps us create the most innovative solutions for our customers. We invite you to apply to our positions even if you do not meet 100% of the qualifications listed in the description. If you’re passionate about our mission and aligned to our values, we hope you’ll come contribute to our awesome culture.

Why Avant is the place for you:

At Avant, we believe our values make a difference:

Authenticity. We show up to work as our whole selves and make sure others can too.

Collaboration. We can only succeed when we do so as a team.

Problem-Solving. The harder the problem, the more satisfying the solution.

Customer. We are all owners of the customer experience.

Initiative. Plan. Adapt. Get Sh!t Done.

We believe that great ideas come from anyone and anywhere, that everyone is an owner who drives change, and that we have more fun when we work together. We're problem solvers who love collaborating with intelligent and highly-motivated people to reshape the face of digital banking. Avant offers terrific perks and benefits, fun social events with employees who actually like hanging out together, and a flexible growth environment where trying your hand at new projects and being the active owner of your career path is encouraged and supported.

Some of our benefits include:

• Choice of great Medical, Dental, and Vision Insurance Plan options

• 401(k) Match

• Unlimited Paid Time Off

• Flexible Work Environment

• Generous Paid Parental Leave

• Lunch Allowance (Fooda) and In-office Snacks

• WFH Stipends for our Remote Employees

• Access to LinkedIn Learning for Professional Development

• No Meeting Wednesdays - (a.k.a. planned time to Get Sh!t Done)

• Summer Fridays

• Fun In-Office and Virtual Social Events

• And who doesn’t love the swag

This position may require you to be fully vaccinated against COVID-19. If required, you'll be asked to provide proof that you’re fully vaccinated upon your start date or before working in or visiting our Chicago office. You’re considered fully vaccinated two weeks after you receive the second dose of a two-dose vaccine series (e.g., Pfizer or Moderna) or two weeks after a single-dose vaccine (e.g., Johnson & Johnson/Janssen). Failure to provide proof of vaccination may result in termination. Subject to applicable law and requests for accommodation.