Associate Cybersecurity Analyst – Audit & Compliance (GRC)

  • Full-time
  • Job Family Group: Technology and Operations

Job Description

Job Description

This Associate Cybersecurity Analyst position will serve as part of Visa's Cybersecurity Audit and Compliance (A&C) function within the Cybersecurity Governance Risk and Compliance and M&A Integration (GRC) team, reporting to Director/Sr. Director. This position will provide oversight, coordination, and delivering the activities that support successful internal audits, external audits and compliance, regulatory activities, and external customer/client requests while effectively balancing the individual elements of these activities.

 

Essential Functions

  • Support the delivery of successful internal audits, external audits and compliance, regulatory activities, and external customer/client requests

  • Assist with validating the ongoing effectiveness of Cybersecurity controls across Visa (both automated and manual), working with a variety of control owners within the Cybersecurity organization, and evaluating control design and standards in a variety of program areas. You will be assessing the security on various platforms and technologies from attacks like:

    • Payment processing platforms, Payment Wallet solutions, Consumer facing applications, COTS products deployed in house,

    • SaaS, PaaS, and IaaS public cloud offerings

    • Mainframe, Linux, Windows, and virtual machines

    • IDS, SIEM, WAF, Firewalls

    • HSMs, Tokenization systems, data encryption solutions

    • APIs, Web technologies,

    • Relational and noSQL databases

    • Access Management solutions

  • Stay up to date on new security tools & techniques in the information security space

  • Familiarity with regulatory standards that will help Cyber teams to achieve various compliance certifications like PCI, RBI, etc.

  • Assist in developing data points into Information Security risk management reporting activities, including dashboards, metrics, and executive reporting content

  • Assist in developing dashboards and automate tasks to increase efficiency and reduce redundancy

  • Document assessment findings, prepare workpapers, and support assessment conclusions

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

Qualifications

Basic Qualifications:
• Bachelors degree, OR 2+ years of relevant work experience

Preferred Qualifications:
• 0-1 or more years of work experience in Information Security, Assurance, Audit, Risk, and/or Compliance
o Open to experience in other relevant fields (e.g., finance, business administration, information technology, etc.) if candidate can demonstrate relevancy to this Information security-based role
• Bachelor’s degree in Computer Science, Information Systems, Management Information Systems, or Business Administration or another related field
• Experience working with multiple individuals on internal and external delivery
• Exceptional communication skills - both written and verbal to support compliance and certification audits
• Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines
• Experience in Audit/Compliance/Regulatory discussions and proactive readiness activities in a large global financial institution or a matrix organization
• 1+ years direct participation and experience across common industry security policy areas, including, but not limited to ISO, NIST, COSO, COBIT, PCI, RBI Regulations, SOX, SSAE16/ISAE3402, SOC 2 and others
• Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by Industry standards
• Demonstrated ability to create, manage, and share interactive dashboards and reports using Microsoft PowerBI or other data analysis tool.
• Working knowledge in extracting, cleaning, and processing data from various sources including databases, APIs, and flat files
• Familiarity in Risk and Control Self-Assessment activities related to Cybersecurity function
• High level of integrity and professionalism CISSP, CISA, CISM, PCI QSA/ISA Certifications preferred

Privacy Policy