Information Security Officer
Working at Avanti
Avanti is modernizing the legacy financial system and building the bank of the future by integrating legacy finance with cryptocurrencies such as Bitcoin and our "tokenized dollar" product, Avit.
We see a future where all banks will need to support digital assets and provide meaningful API capabilities to tech-savvy customers. Avanti is already a chartered bank, and we are building toward our launch as a US dollar clearing bank that provides custody services for bitcoin and other digital assets. Our flagship product will be a bank-issued tokenized dollar, allowing for faster, cheaper, and programmable U.S. dollar transactions. Our founders have deep experience in both bitcoin and traditional financial services. If you expect more from existing banks, join our team and help build a better one, from the ground up.
About the role
- Plan, execute and document ongoing IT compliance processes, such as security assessments, risk assessments, preparing for examinations and audits, certain aspects of vendor management, etc.
- Meet or exceed applicable regulations by maintain the bank’s Information Security Program and other policies and programs
- Properly design and implement internal controls by acting as a central point of contact/subject matter expert
- Establish formal compliance reporting program for senior leadership and the Audit committee
- Map ongoing information/security/data privacy laws, regulations, and frameworks into the bank’s existing processes and implement upgrades where necessary
- Apply all applicable industry regulations and standards, taking inspiration from those when not applicable (SOX, GLBA, SOCx, FFIEC, FDICIA, OCC, HIPAA, PCI DSS, NIST frameworks, ISO 27001 and other standards, OWASP)
- Coordinate auditing activities of the bank’s compliance program.
- Perform testing of internal controls and compliance programs based upon FFIEC, SOX, FDICIA, and banking industry standards.
- Collaborate with and facilitate as applicable the Company’s on-going audit and risk assessment processes between internal/external auditors and the internal team owners and stakeholders.
- Prior experience in a bank IT compliance role
- At least 3 years of recent experience in Information Security, IT audit, and/or IT risk management
- Experience and/or knowledge of governance, risk & compliance, including FFIEC guidelines, SOX, NIST frameworks, various cloud security standards and frameworks, GLBA standards.
- Experience with risk assessments and creating standards/policies/procedures as it pertains to information security, IT Ops and IT Risk and Compliance
- Understanding of security and controls for security infrastructure, endpoint, and data protection concepts
- Prior experience or knowledge of information security concepts, technologies, and processes such as endpoint protection, incident response planning, and etc.
- Experience implementing / operating in a SOC 2 Type II, ISO 27001/2 environment
- Knowledge of IT controls frameworks such as NIST 800:53, PCI, CIAQ, CIS, TSC
- Experience with IT Infrastructure systems management or development
- Excellent communication, problem solving, conflict / resolution management, active listening, time management, and interpersonal skills.
- Security certifications a plus: GRCP, CRISC, CGEIT, CISM, CISA, CISSP, QSA, CPISM, etc.