Information Security Analyst

  • Foster City, CA
  • Full-time

Job Description

This position will serve as part of Visa's Information Security Audit, Compliance, and Regulatory team, providing
oversight, coordination, and delivering the activities supporting successful internal audits and external compliance, and regulatory activities. This role ensures the ongoing effectiveness of Information Security controls (automated, manual, and needing development), working with a variety of control owners within the Information Security organization, and evaluating control design and standards in a variety of program areas. Areas of focus include ongoing internal audits, annual compliance and regulatory activities with QSAs,
Global Compliance, and Enterprise Risk. This position requires an individual that can effectively balance the individual elements of each of these activities, while keeping the overall program on track for annual
certification. This position will also support the sharing/dissemination of this information to external customers and clients, upon request, following Visa's requirements and representing Information Security as a strong and
effective communicator and liaison.


  • Must have 3+ years of work experience in Information Security, Audit, Risk, and/or Compliance. Open to experience in other relevant fields (i.e., finance, business administration, information technology, etc.) as
    along as candidate can demonstrate relevancy to this Information Security based role.

  • Must have 3+ years direct participation and experience across common industry security policy areas, including, but not limited to ISO, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, and others

  • Bachelor’s Degree in Business, Information Systems Management (or related field) or equivalent work experience

  • Proven experience working with multiple individuals on internal and external delivery and communication initiatives.

  • Ability to synthesize a variety of data points into comprehensive and effective execution and risk mitigation plans.

  • Strong executive presence and communication skills - experience in Audit/Compliance/Regulatory discussions and proactive readiness activities with internal partners and external customers/clients.

  • Delivers effective and strong documentation to support compliance and certification audits.

  • Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.

  • CISSP, CISA Certifications preferred

Additional Information


  • Support Audit, Compliance, and Regulatory programs for Information Security and its Technology organization internal business partners

  • Participate in a primary capacity for audits, compliance, and regulatory activities,
    including, but not limited to: FFIEC, GLBA, SSAE16, PCI, Sarbanes-Oxley (SOX), Internal Audit, & Customer/Client Inquiry

  • Possess knowledge of the information security, financial, and/or technology regulatory environment and risk management practices

  • Provide oversight and align resources for program activities across a global security organization

  • Work collaboratively with corporate compliance, internal audit, enterprise risk management and various technical teams in the design and implementation of audit, regulatory, and compliance practices for Information Security

  • Promote proactive readiness activities and enhancement of Information Security-based internal controls to support future internal and external reviews
  • Develop data points into Information Security risk management reporting activities, including dashboards, metrics, and executive reporting content

  • Advises Information Security leadership on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems.

This role will be an I5

Privacy Policy