Information Security Officer

Cheyenne, WY /
Legal & Compliance /
Full-time
We see a future where all banks will need to support digital assets and provide meaningful API capabilities to tech-savvy customers. Avanti is already a chartered bank, and we are building toward our launch as a US dollar clearing bank that provides custody services for bitcoin and other digital assets. Our flagship product will be a bank-issued digital dollar, allowing for faster, cheaper, and programmable U.S. dollar transactions. Our founders have deep experience in both bitcoin and traditional financial services. If you expect more from existing banks, join our team and help build a better one, from the ground up.

***REMOTE ROLE WILL BE CONSIDERED FOR THE RIGHT CANDIDATE***

About the Role
The Information Security Officer or IT Compliance Analyst will help carry out certain aspects of the IT compliance mission of the bank. This work includes audits, examinations, risk assessments, vendor management, controls, and policy review and development, among other work. This role will frequently work with the engineering, security and compliance teams to orchestrate the various IT compliance processes and functions of the bank. An ideal candidate would have experience performing these duties, with detailed knowledge of running programs that conform to FFIEC expectations; an exceptional candidate would have that same experience and also a deep knowledge of banking compliance rules and regulations.

Responsibilities

    • Plan, execute and document ongoing IT compliance processes, such as security assessments, risk assessments, preparing for examinations and audits, certain aspects of vendor management, etc.
    • Meet or exceed applicable regulations by maintain the bank’s Information Security Program and other policies and programs 
    • Properly design and implement internal controls by acting as a central point of contact/subject matter expert
    • Establish formal compliance reporting program for senior leadership and the Audit committee
    • Map ongoing information/security/data privacy laws, regulations, and frameworks into the bank’s existing processes and implement upgrades where necessary
    • Apply all applicable industry regulations and standards, taking inspiration from those when not applicable (SOX, GLBA, SOCx, FFIEC, FDICIA, OCC, HIPAA, PCI DSS, NIST frameworks, ISO 27001 and other standards, OWASP)
    • Coordinate auditing activities of the bank’s compliance program.
    • Perform testing of internal controls and compliance programs based upon FFIEC, SOX, FDICIA, and banking industry standards.
    • Collaborate with and facilitate as applicable the Company’s on-going audit and risk assessment processes between internal/external auditors and the internal team owners and stakeholders.

Qualifications

    • Prior experience in a bank IT compliance role
    • At least 3 years of recent experience in Information Security, IT audit, and/or IT risk management
    • Experience and/or knowledge of governance, risk & compliance, including FFIEC guidelines, SOX, NIST frameworks, various cloud security standards and frameworks, GLBA standards.
    • Experience with risk assessments and creating standards/policies/procedures as it pertains to information security, IT Ops and IT Risk and Compliance
    • Understanding of security and controls for security infrastructure, endpoint, and data protection concepts
    • Prior experience or knowledge of information security concepts, technologies, and processes such as endpoint protection, incident response planning, and etc.
    • Experience implementing / operating in a SOC 2 Type II, ISO 27001/2 environment
    • Knowledge of IT controls frameworks such as NIST 800:53, PCI, CIAQ, CIS, TSC
    • Experience with IT Infrastructure systems management or development
    • Excellent communication, problem solving, conflict / resolution management, active listening, time management, and interpersonal skills.
    • Security certifications a plus: GRCP, CRISC, CGEIT, CISM, CISA, CISSP, QSA, CPISM, etc.