AvidXchange is a leader in automating invoice and payment processes for mid-market businesses. Last year, we processed 53 million transactions across our network of more than 700,000 suppliers, transforming the way 7,000+ customers in North America pay their bills. By trade, we are a technology company, but if you ask anyone that works here, they'll tell you our people are at the core of who we are. We are all entrepreneurs who love to innovate and win with a passion for serving our customers. While we take personal ownership of our everyday work, we recognize that we only win as a team. At AvidXchange, it's not a "me" thing, it's a "we" thing.

Founded in 2000 and headquartered in Charlotte, North Carolina, we have over1,500employees working in one of our seven offices or remotely. At AvidXchange, you'll have the opportunity to tackle tough, complex challenges, working side-by-side with amazing talented teammates. And in doing so, our goal is to enable you to discover your maximum potential - while being your unique, authentic self at work. If that sounds like you, come join the team!

Overview

The Senior Information Security Risk Analyst will serve as a point of contact for cyber risk and compliance initiatives while also driving continuous process improvement.This role works as an intermediary between internal and external stakeholders, which will partner closely with technology teams and lines of business to drive adherence to technology and security standards, identify and solve for risks, support third party risk management, and proactively manage security audits.

Responsibilities

• Lead third party risk management inquiries and responses, while standardizing and maintaining ongoing evidence and responses
• Drive security and IT risk assessments on new or existing products, services, acquired companies, technologies, applications and vendors, maintaining risk registers, and leading management action plans as appropriate
• Track and coordinate audit and compliance activities, across PCI, SOC I, SOC II, SOX, maintaining up-to-date records of requirements and corresponding mitigating controls
• Map various compliance and regulations against one another, establishing a forward schedule of audit activity and simplifying evidence gathering across the various regulations and contractual obligations
• Conduct ongoing compliance monitoring, providing periodic updates to management on key compliance metrics across IT, Information Security, BC/DR, and IT Service Management
• Develop and update technology and information security policies, standards, and control procedures to enable compliance with applicable regulations and industry standards, including PCI DSS, SOC1 & 2, and Sarbanes Oxley (SOX).
• Provide guidance in the areas of risk management, technology and business process security controls, enabling informed cyber risk decisions and development of acceptable risk mitigation strategies
• Maintain cross-functional relationships with individuals and groups involved in managing IT security risks across the organization, including business continuinty planning, IT service management, and software engineering
• Administer SaaS platforms that facilitate governance, risk, and compliance activities

Required Skills

• 5 or more years of general Information Technology including 2 or more years of Information Security, Compliance, Fraud Prevention, Risk or Audit experience
• Functional knowledge of best practices and experience with information technology tools
• Strong technical aptitude and interest in Information Security
• Excellent oral and written communication skills to effectively interact with internal customers and department staff
• Ability to effectively communicate and collaborate with others in a team environment
• Ability to operate with autonomy, driving solutions with little input

Preferred Education & Experience

• Previous experience that provides the knowledge, skills and abilities to perform the job (comparable to 5 years).
• Typically requires a University Degree or equivalent experience and less than 3 years of prior relevant experience
• Bachelor's degree in Risk Management, Cyber Security, Information Systems, Computer Science, or Business Administration
• Security certifications such as CISA, CRISC, CGEIT, GSEC, GSNA, GSEC, CISSP, CFE, or other
• Experience working with SaaS solutions and software development
• Experience with PCI, SOX, SOC I, or SOC II compliance

Equal Employment Opportunity Statement

AvidXchange is an equal opportunity employer. AvidXchange is committed to equal employment opportunityin accordance with applicable federal, state and local laws.AvidXchange will not discriminate against applicants for employment on anylegally recognized basis. This includes, but is not limited to veteran status, race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age and physical or mental disability.

Other details

• Job Family Information Technology
• Job Function IT Security
• Pay Type Salary
• Employment Indicator Professional