IT Security Risk and Compliance Specialist

Posted about a day ago Apply by January 19, 2026
Hybrid-Remote Waterloo & Cedar Falls, IA
Full-Time
Apply Now

Summary

The IT Security Risk and Compliance Specialist is responsible for supporting and maintaining Veridian's Information Security and Privacy compliance programs. This role ensures adherence to regulatory, industry, and internal requirements through monitoring controls, conducting assessments, managing evidence, and partnering with business units to strengthen the organization’s security posture.

Essential Functions

  • Maintain and support  Veridian's Information Security compliance frameworks (e.g. ISO 27001, PCI DSS v4, CSF 2.0, CIS Controls) and ensure alignment with industry best practices.
  • Oversee ongoing compliance activities, including evidence collection, control testing, documentation updates, and remediation tracking.
  • Administer the IT Security Compliance/GRC (Auditboard CrossComply) platform and partner with Enterprise Risk to align controls with KPIs and reporting requirements.
  • Assist with mapping data flows across the organization ensuring compliance with privacy, security, and regulatory obligations.
  • Support standards and procedure development to ensure they reflect regulatory  requirements and organizational objectives.
  • Serve as the primary internal subject matter expert for PCI DSS. Coordinate and validate evidence, support annual PCI assessments, assist with compensating controls, and interface with external QSAs and auditors.
  • Perform periodic assessments of technical and administrative   controls to evaluate  compliance effectiveness and identify gaps or deficiencies.
  • Conduct control testing, reviews, and continuous monitoring activities to ensure systems and processes meet regulatory expectations.
  • Partner with internal and external auditors or assessors to prepare assessments, gather required artifacts, respond to inquiries, and track remediation activities. Provide regular, clear, and concise reporting to IT Security Management communicating the effectiveness of standards and compliance requirements.
  • Communicate compliance gaps, control weakness, or control risks. Provide guidance and support to stakeholders in understanding compliance findings, resolve audit exceptions, and implement corrective actions. 
  • Support IT Security Team with risk reduction  initiatives, compliance-driven projects, and continuous improvement activities that strengthen the organization’s security posture.
  • Perform due diligence on third-party vendors to assess security posture, compliance with regulatory requirements, and alignment with organizational standards.

Key Attributes

  • Oral and written communication skills.
  • Member service focus.
  • Attention to detail and accuracy.
  • Positive attitude that supports a team environment.
  • Dependable and punctual; flexible during peak times.
  • High level of confidentiality.
  • Organizational skills.
  • Self-motivated; ability to work without close supervision.
  • Problem solving; analysis.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job:
  • Occasionally lift and/or move items over 50 pounds.
  • Remain sedentary (seated) for extended periods of time.

Working Conditions

This job operates in a professional office environment and routinely uses standard office equipment.

Travel

Limited travel expected.

Required Education And Experience

  • Bachelor's Degree in Computer Science, Information Systems, or related field or equivalent combination of education, training, and experience of 8+ years.
  • 3+ years of experience with practical knowledge of regulatory standards such as NCUA, FFIEC, HIPAA, GLBA and PCI DSS.
  • Strong 1+ years of experience with IT Security frameworks such as NIST, CSF, CIS, and ISO 27001:2022.
  • 1+ years of experience conducting control assessments, managing compliance evidence, or supporting audit support.

Preferred Education And Experience

  • 5+ years of experience working with information security compliance standards.
  • 3+ years of experience working with privacy regulations.
  • Knowledge of 3 or more key compliance or regulatory standards related to financial institutions.
  • Certification in audit practices, security, or privacy standards such as CISA, PCI IAS, and CISM.

Other Duties

Veridian Credit Union is a PCI compliant financial institution to ensure the security of member information. As such, all employees are expected to ensure security measures are in place and adhered to regarding PCI and other highly secure data compliance requirements.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Apply Now