logo inner

Compliance/Security Monitoring and Reporting Analyst

FinixSan Francisco, California, United StatesRemote, Onsite
About Us
Move money. Make money. Finix processes billions of dollars every year for leading SaaS, marketplace, and e-commerce platforms. With one developer-friendly API, Finix helps companies accept payments, manage payouts, and onboard merchants—everything you need to enable payment processing, and grow revenue.Finix has raised over $100M from American Express Ventures, Bain Capital Ventures, Homebrew, Inspired Capital, Lightspeed Venture Partners, Sequoia Capital, Visa, and others.

About the role 


The Compliance Monitoring Analyst will proactively execute and manage a risk monitoring program for testing all key compliance and security controls required to effectively administer the AML and Information Security programs and maintain preparedness for all internal and external audits of these programs. The most critical of these is maintaining audit readiness for the annual PCI and SOC certifications and AML independent review but will also include ongoing testing of controls as required by the Card Brands, Sponsor/Acquiring Banks, processing partners, and clients in fulfillment of our contractual requirements. This role is key to ensuring that we are operating the processes required by our AML and InfoSec programs effectively and can provide evidence of such when requested for audits.

It will also allow Finix to identify risks and gaps and remediate these in a timely manner, protecting us from possible security breaches, money laundering, or other suspicious activities. This analyst will be the foundation of our risk program which will grow as the business scales.

You Will


  • Identify and validate key controls from enterprise and functional risk assessments to mitigate risks.
  • Ensure annual updates to the Enterprise and functional risk assessments (Ops, Tech, People, Legal, IT) are completed and communicated to support SOC and InfoSec policy administration.
  • Manage key risk updates and remediation in our Drata GRC tool.
  • Develop and execute quarterly internal risk self-assessments and mini-audits of key controls, documenting required remediation to stay ahead of potential risks.
  • Oversee critical areas such as User Access reviews, Firewall rules reviews, Change Management, Vulnerability Management, Business Continuity/Disaster Recovery, and Employee training compliance.
  • Ensure compliance with PCI requirements for merchants, sub-merchants, and vendor PCI/SOC reports, and run OFAC sanctions screening during vendor approvals and contract renewals.
  • Conduct comprehensive compliance and risk reviews for all vendors and clients, ensuring they meet the corporate InfoSec program's requirements.
  • Operate the vendor re-review process, ensuring alignment with PCI, SOC, and Sponsor Bank requirements, and maintain thorough documentation for audits.
  • Gather evidence and documentation for external audits related to Compliance and InfoSec programs, including those by PCI QSA, SOC Audit firm, AML Independent Audit firm, Visa, Mastercard, American Express, Discover, and sponsor banks.
  • Track and document any required remediation from audit findings to ensure ongoing compliance.

You Have


  • Payments experience
  • An aptitude for digging deep into Information Security requirements
  • 3+ years of experience in PCI, SOC, security audits, AML audits or equivalent assessments (client-side, servicer, assessor, or industry consultant)
  • A talent for analyzing requirements of Information Security and Compliance frameworks, particularly as they relate to the payment industry, and crafting solutions for adherence
  • Knowledge of cloud computing and nuances of managing in an AWS/Microsoft/Google cloud vs. traditional on-premise data centers
  • Optional: Industry certifications (CRISC, CTPRP, SSCP, CISSP, CISA, CISM) that demonstrate your desire to be the best at what you do

You Are


  • Proactive and enthusiastic to build a Compliance and Information Security audit management program
  • Able to talk to technical, non-technical, and underwriting teams, translating complex concepts between the two and ensuring alignment between them
  • Keenly attuned to details, ensuring nothing is overlooked when it comes to protecting our information and representing this to auditors
  • Organized and able to manage multiple projects simultaneously, against deadlines, and within budget
  • Confident in your abilities but eager to learn and expand your knowledge

$0 - $0 a yearFinix is an equal opportunity employer and values diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or any other protected class.Role: Compliance/Security Monitoring and Reporting AnalystLevel: IC3Location: RemoteBase Salary Range: $95,000 - $120,000 + equity + benefitsOur salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries at our headquarters in San Francisco, California.

Individual pay is determined by work location, job-related skills, experience, and relevant education or training.#LI-RemoteApply for this job

Life at Finix

Formerly known as Auditrax, Finix is a supply chain consulting and improvement organization, looking to assist clients in a variety of areas. Our mobile team of expert consultants works beside you ? inside your buildings ? to discover areas of process improvement and make the delicate adjustments needed to the systems you already have in place. We not only identify what needs fine-tuning, we also help you implement the solutions. Finix has proven solutions to several common healthcare initiatives: 1. Supply chain assessments - Identifying opportunities for cost savings 2. Physician preference items - Cleaning data, integrating systems, reducing variation and lowering costs 3. Technology - Implementing new systems and optimizing legacy software 4. Cross-functional data - Cleaning and integrating essential supply chain and operational data 5. Inventory management - Using lean principles to reduce costs and shortages 6. Procure-to-pay - Optimizing buying at the lowest cost and ensuring accurate payment 7. Operating room capacity - Providing care to a greater number of patients 8. Recovery audits - Identifying over-payments to vendors on a contingent fee basis Visit www.useFinix.com for more information.
Thrive Here & What We Value* Equal Opportunity Employer* Values Diversity* No Discrimination Based on Protected Classes
View more
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2024