Senior Information Security Risk Analyst - Charlotte, NC (Hybrid)
Senior Information Security Risk Analyst
As the Senior Information Security Risk Analyst, you will play a critical role in AvidXchange's cybersecurity defense strategy. Collaborating daily with internal and external stakeholders, you will help shape our policy and procedures, spearhead IT risk assessments, track audit and compliance activities, monitor adherence to policy and standards, steer remediation efforts, and prepare routine reports for executive leadership. This role will act as a pivotal point of contact for cybersecurity risk and compliance initiatives, and actively support third-party risk management efforts.
What you'll do
- Lead and standardize Third Party risk management responses, while maintaining robust evidence documentation.
- Formulate technology and information security policies, standards, and controls to facilitate compliance with relevant regulations and industry standards, such as PCI DSS, SOC I & II, and Sarbanes Oxley (SOX).
- Conduct comprehensive security and IT risk assessments on various entities, including products, services, acquired companies, technologies, applications, and vendors.
- Compare and map compliance and regulations (including PCI DSS, SOC I & II, and SOX) to create an extensive control framework. Be forward-thinking and prepare for imminent audits by managing control documentation and evidence gathering.
- Perform continuous compliance monitoring, support risk and issue tracking, and provide regular updates to management on essential compliance metrics across IT, Information Security, BC/DR, and IT Service Management.
- Offer cross-functional expertise and support control development and issue remediation. Foster relationships across the organization, inclusive of business continuity planning, IT service management, and software engineering.
- Manage SaaS platforms that facilitate governance, risk, and compliance activities.
- Ensure strict compliance with business agreements, policies, procedures, and regulations, along with the capability to map controls and compliance requirements.
- Detect process and security gaps, propose enhancements, and assist in implementing corrective action.
- Anticipate risks/vulnerabilities/threats and propose requisite process improvements.
- Execute and manage Control/Risk Assessment, and remediate identified findings in accordance with process documents.
What we're looking for
- 6+ years of broad Information Technology experience, including a minimum of 2 years specializing in Information Security, Compliance, Fraud Prevention, Risk or Audit. Experience with PCI, SOX, SOC I, or SOC II is a plus.
- Certifications such as CISA, CRISC, CGEIT, GSEC, GSNA, GSEC, CISSP, CFE will be given preference
- A strong technical acumen with a keen interest in Information Security.
- Excellent verbal and written communication skills to effectively interact with internal customers and team members.
- Ability to operate independently, driving solutions with minimal guidance.
AvidXchange is a leading provider of accounts payable (“AP”) automation software and payment solutions for middle-market businesses and their suppliers. By trade, we are a technology company, but if you ask anyone who works here, they’ll tell you our people are at the core of who we are. We focus on creating a culture of Diversity, Inclusion & Belonging, and are proud to be a safe place where teammates can bring their whole selves to work. At AvidXchange, mindset is everything. We are Connected as People, Growth Minded, and Customer Obsessed. These three mindsets represent our culture – who we are, who we’ve always been, and they guide us to improve every day. Since our founding in 2000 in Charlotte, NC, we’ve created a company of over 1,600 teammates working in one of our 5 offices across the U.S., or remotely. AvidXchange is proud to be Certified™ as a Great Place to Work®. The prestigious recognition is based on anonymous data from our teammates and makes official what our teammates have known for years – that AvidXchange is a Great Place to Work®.
Who you are:
- A go-getter with an entrepreneurial mindset – that means you are not afraid of taking risks, winning big or facing the unknown.
- Someone who understands that business is people centric. Connecting with others as humans first allows you to develop mutually beneficial working relationships.
- Focused on making a difference for our customers. AvidXchange exists to help solve complex problems for our customers so we can all realize our potential.
What you’ll get:
AvidXchange teammates (we call them AvidXers) get the perks and prestige of a publicly traded tech company paired with the flexibility of a founder-led startup. We help our AvidXers develop as professionals and as human beings, providing work/life balance, development programs, competitive benefits and equity options. At AvidXchange, we are building more than a tech company – we are building an experience. We remain committed to a culture where you can fully be 'you’ – connected with others, chasing big goals, and making a meaningful impact. If you want to help us grow while realizing your potential and creating stories you’ll tell for years, you’ve come to the right place.
- 18 days PTO*
- 11 Holidays (8 company recognized & 3 floating holidays)
- 16 hours per year of paid Volunteer Time Off (VTO)
- Competitive Healthcare
- High Deductible Heath Plan Option that has $0 monthly premium for teammate-only coverage
- 100% AvidXchange paid Dental Base Plan Coverage
- 100% AvidXchange paid Life Insurance
- 100% AvidXchange paid Long-Term Disability
- 100% AvidXchange paid Short-Term Disability
- Employee Assistance Program (EAP) - Provides counseling services, legal and financial consultations and health advocacy for Teammates and their eligible dependents
- Onsite Health Clinic with Atrium Health** - available to Teammates and their eligible dependents
- Retirement 401k Match up to 4%
- Parental Leave: 8 weeks 100% paid by AvidXchange***
- Discounts on Pet, Home, and Auto insurance
- BrightDime Financial Wellness Tool, offered free to teammates
- WeeCare Childcare Service: helps teammates find affordable daycare, childcare, and tutors 40% less expensive than traditional daycare centers
- Perks at Work: free discount program that provides teammates the opportunity to save on items from electronics, movie tickets, car buying, vacations, and more
- Onsite gym fitness center, yoga studio, and basketball court****
- Tuition Reimbursement up to the federal maximum of $5,250*****
- Hybrid Workplace Flexibility
- Free parking
*Fully granted from beginning of year, pro-rated if hired mid-year
**Charlotte location only
***Must be full-time for at least 3 months
****Charlotte location only
*****Must be full-time for at least one year
Equal Employment Opportunity
AvidXchange is an equal opportunity employer. AvidXchange is committed to equal employment opportunity in accordance with applicable federal, state, and local laws. AvidXchange will not discriminate against applicants for employment on any legally recognized basis. This includes, but is not limited to veteran status, race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age and physical or mental disability.
- Job Family Information Technology
- Job Function IT Security
- Pay Type Salary
- Employment Indicator Professional