Finix is hiring a
Compliance/Security Monitoring and Reporting Analyst

Summary

The Compliance Monitoring Analyst will proactively manage a risk monitoring program for testing all key compliance and security controls required to effectively administer the AML and Information Security programs. The role involves identifying and validating key controls, managing risk updates and remediation, developing and executing internal risk assessments, overseeing critical areas such as User Access reviews, Firewall rules reviews, Change Management, Vulnerability Management, Business Continuity/Disaster Recovery, and Employee training compliance. The analyst will ensure compliance with PCI requirements for merchants, sub-merchants, and vendor PCI/SOC reports, conduct comprehensive compliance and risk reviews for all vendors and clients, gather evidence and documentation for external audits related to Compliance and InfoSec programs, and track and document any required remediation from audit findings.

Responsibilities

• Identify and validate key controls from enterprise and functional risk assessments to mitigate risks
• Ensure annual updates to the Enterprise and functional risk assessments (Ops, Tech, People, Legal, IT) are completed and communicated to support SOC and InfoSec policy administration
• Manage key risk updates and remediation in our Drata GRC tool
• Develop and execute quarterly internal risk self-assessments and mini-audits of key controls, documenting required remediation to stay ahead of potential risks
• Oversee critical areas such as User Access reviews, Firewall rules reviews, Change Management, Vulnerability Management, Business Continuity/Disaster Recovery, and Employee training compliance
• Ensure compliance with PCI requirements for merchants, sub-merchants, and vendor PCI/SOC reports, and run OFAC sanctions screening during vendor approvals and contract renewals
• Conduct comprehensive compliance and risk reviews for all vendors and clients, ensuring they meet the corporate InfoSec program's requirements
• Operate the vendor re-review process, ensuring alignment with PCI, SOC, and Sponsor Bank requirements, and maintain thorough documentation for audits
• Gather evidence and documentation for external audits related to Compliance and InfoSec programs, including those by PCI QSA, SOC Audit firm, AML Independent Audit firm, Visa, Mastercard, American Express, Discover, and sponsor banks
• Track and document any required remediation from audit findings to ensure ongoing compliance