Senior Security & Compliance Specialist

New York, NY

Onsite  -  IT - Security  -  Contract  -  Job ID: 24-00593

Title: Security/Compliance Specialist
Location: New York City (On Site)
Duration: 6+ month contract

Interested and qualified candidates should send an updated resume to

Compliance Assessments

  • Manage risk assessment, scheduling, scoping, and execution of assessments.
  • For all IT security control domains, measure compliance with both external requirements (e.g., contractual requirements with business partners; the SWIFT Customer Security Program) and internal policies and standards. Sample domains include: Logical Access Control, Data Protection (e.g., Encryption), Logging and Monitoring, and System Hardening.
  • As part of scoping, identify and justify key control attributes for testing.
  • Conduct informational walkthroughs to clarify processes and architectures. Swiftly grasp the underlying technology stack and end-to-end service delivery flows.
  • Obtain artifacts to support the assessment of security controls and procedures, using a robust "trust but verify” approach. Proactively send and follow up on all requests.
  • Present assessment findings and recommendations to management, concluding on the effectiveness and efficiency of control mechanisms.
  • Document assessment results and cogent control process narratives in workpapers.

Compliance Advisory

  • Advise IT, Segment, and business partners on security-related risks and control weaknesses. For identified security gaps, contribute to performing business impact analyses and determining appropriate remedies that minimize security threats.
  • Articulate the elements of effective and sustainable control design to IT and business partners.
  • Design and implement continuous control monitoring mechanisms, collaborating with IT, Segment, and business partners to source and interpret data that reflects the current state of the control environment.
  • For targeted controls and systems, facilitate the collection of control attestations and questionnaires.
  • Manage inventories and tracking of remediation efforts and compensating controls.
  • Stay abreast of compliance and assessment trends within the organization, at suppliers, and from legislators and regulatory bodies.


  • IT Auditing experience – In this position, you will audit for regulatory compliance and for contractual compliance.
  • Testing the controls against the requirements, if not met work with the owner of the control and provide oversight on the remediation plan and timeline
  • This person will audit and test all IT security controls.