Information Security Technical Compliance Analyst

Array is revolutionizing how businesses leverage and enhance consumer data. Our platform enables innovative companies and developers to seamlessly integrate credit and identity data into their apps, websites or workflows. As a remote-first company, we’re focused on providing opportunities for autonomous individuals to have high levels of impact at the forefront of the fintech space. Continuous improvement, experimentation, and a clear mission stretch us individually and together in service of delivering the best products for our clients and users.

The Information Security Technical Compliance Analyst will proactively manage Array's information security risks. You will report to the Director of Information Security and is a hands-on technical role.

You Will:

• Maintain Array's Information Security Compliance program.
• Maintain a proactive & robust fintech control environment that meets/exceeds industry best practices, including PCI DSS and SOC 2, Type 2 compliance.
• Own the development & implementation of security compliance policies that govern Array's business operations, third party relationships, privacy, business continuity, and other business activities.
• Own and develop our security training program.
• Work with the engineering & IT teams to mitigate compliance risks and harden our overall risk posture.
• Collaborate with the legal & compliance team to integrate information security compliance policies into the broader set of compliance standards for the company.
• Maintain incident response procedural playbook.
• Produce & maintain compliance metrics & prioritize activities.

You Have:

• Degree in business IT, systems engineering, information systems, computer science, or other degree.
• 5+ years of work experience in IT Compliance, PCI/SOC Auditing, incident response, NIST & ISO 27001 standards.
• Development of SIEM analytics, dashboards, and virtual tripwires to ensure early detection of breaches and promote effectiveness of security controls as part of a proactive compliance program.
• End to end experience managing the vulnerability management lifecycle including configuring/developing the scans to interpreting and developing the remediation requirements
• Familiarity with DevSecOps concepts & best practices.
• Strong awareness of cybersecurity trends and hacking/exploitation techniques.
• Strong interest in securing cloud environments.
• Strong interest in developing 3rd party tools integration strategy/policies.
• Pristine attention to detail / analytical.
• Team player; works well with others; can build trust with external clients.

Nice to Haves:

• PCI SSC Internal Security Assessor (ISA) or Qualified Security Assessor (QSA)
• Knowledge of Cloud Security, Google Cloud Platform security & monitoring.
• Experience securing APIs and hosted infrastructure from cyber exploitation & attack.
• Knowledge of Security Across Multi-Vendor Platforms.
• Leverage DevSecOps automation to maintain effectiveness of technical security controls and conduct compliance audits of configurations, containers, clusters, and systems.
• Experience working in a startup or fast-paced environment
• Experience with ethical hacking.
• Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA),GIAC Certified Incident Handler, (GCIH), Certified Information Privacy Technologist (CIPT).
• Software development, IT/System administrator, cloud provisioning, cyber security analysis experience.

Array Offers All Employees the Following Benefits and Perks:

• Full medical, dental, and vision, premiums covered at 100% for employees and 50% for dependents
• Unlimited PTO and sick leave + 14 company holidays to encourage a healthy work-life blend
• In-house wellness concierge and partnership with TalkSpace to support mental health
• 100% 401k match with immediate vesting 
• Generous and competitive parental leave for all parents
• $2,000 medical travel coverage
• $1,000 desk setup subsidy to set-up your unique remote office 
• $100/month to subsidize wifi/cell phone expenses

One of our core values at Array is to care and support one another, and that’s why we strive to create an environment where everyone feels empowered to bring their full, authentic selves to work. Diversity, equity, and inclusion foster collaboration, comfort, and confidence.  We’re at our collective best when we each feel our best.  

We are proud to be an equal opportunity workplace, we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.