About the Company:

Ouro is dedicated to delivering financial empowerment to millions of Americans, leveraging a proprietary payments technology platform that fuels its fintech product innovations. From prepaid, credit and debit account solutions, to digital account and money movement services, Ouro has a broad suite of products and technologies that deliver exceptional experiences for its customers and business partners across co-branded, white label and banking-as-a service verticals. Since its founding in 1999, Ouro products have helped millions of consumers nationwide, and processed tens of billions of dollars.

Present day: Legendary Austin fintech Ouro has opened a new chapter in its role as market maker with the return of its visionary founders Roy and Bertrand Sosa. The combined company meshes Ouro’s customer and partner portfolios, payments platform and innovations with the international footprint and money movement capabilities of Rêv Worldwide, the company the Sosas founded after Ouro. The reunion creates a revitalized financial services innovator on a mission to reimagine financial services for consumers around the world and to redefine the industry once again.

Ouro fosters a high-performance culture and we are building a unified platform and product suite capable of bringing financial mobility and freedom to consumers around the world despite differences in language, currency, culture, and geography.

About the Role:

Leads all aspects of gathering and confirming evidence for PCI-DSS, SOC 2, and SOX audits to help achieve compliance with payment card industry standards, financial and data privacy regulations as they pertain to the IT environment. Ensures that appropriate IT policies and controls are in place and followed in accordance with corporate standards and processes. 

Serves in an evaluating role to our business challenges and applying recommended solutions through knowledge of the PCI-DSS and data privacy standards and controls.

Responsibilities

•  Leads collaboration efforts with stakeholders to define, execute, and track pre-audit preparation tasks to meet year-round compliance goals

•  Ensure timely completion of regulatory documentation, including compliance related to PCI-DSS and Data Privacy.

•  Ensures the audit scope is defined and substantiated by appropriate evidence

• Analyzes prior year’s audit for lesson’s learned value

•  Ensures compliance objectives are clearly communicated to stakeholders

•  Assist with tracking of, scheduling, and execution of SOX, SOC 2, Data Privacy and PCI DSS assessments

• Ensure adherence with IT policies, procedures, and processes in accordance with business and regulatory requirements, as well as updating existing and/or creating new documents as needed

•  Collates and review documentation or evidence for appropriateness prior to any given assessment

•  Perform business and technical analysis to identify and document appropriate compliance controls

•  Research project to define and document appropriate controls

• Log artifacts requested during interview sessions

• Maintain metrics showing status of assessments and audits.

• Derive new metrics to identify leading indicators of potential audit issues

• Gathers evidence from stakeholders, coordinating reviews, and uploading to assessors’ portals

• Analyze artifacts received to ensure they meet the intent of the assessment and demonstrate compliance

• Populate report templates with current status information and keep manager and team members informed of potential delays or issues with updates

• Support management programs to mature compliance posture

• Engage affiliate points of contact to promote corporate compliance best practices

• Implement continuous improvement around IT compliance and security best practices

•  Interface with internal and external PCI, SOC2, SOX and Data Privacy auditors to represent how compliance and security controls are applied and can be demonstrated in existing or planned processes

• Conduct compliance awareness programs for groups dealing with but not limited to PAN, PII, Confindential, Sensitive Data, developers, and administrators

• Must have technical understanding of network, systems, and other IT security protocols; i.e. segmentation, pen tests, vulnerability tests, etc.

• Self-disciplined and able to work on individual tasks, sometimes without clear requirements, and to work well in a team environment.

• Work with multiple groups/teams within our organization, as well as external vendors.

Requirements

• Expert understanding of PCI-DSS and underlying intent of requirements.

• Experience in recommending and evaluating compensating controls.

• 3 years of experience in the Payment Card Industry.

• 3 years documented experience in these areas: Change Management; Network Security; Application Security; Systems Integration and Security; Auditing Information Systems and Processes; Information Security; Segmentation, Pen, and Vulnerability testing; Risk Assessments; Risk Management; IT Policies and Processes

• Bachelor’s degree relevant to this field; or equivalent combination of knowledge and work experience; minimum 3 years related experience.

• ISA certification preferred

• Pen Testing certification preferred

• Excellent leadership, problem solving and time management skills.

• Excellent written and verbal communication skills

• Must interact professionally with a diverse group of executives, managers, and subject matter experts

• Ability to multi-task, elicit cooperation and communicate to all levels of management and all departments within the organization.

• Exercises good judgment and understanding of dependencies across multiple IT groups

• Must be a motivated, forward thinking individual who is able to work with minimal supervision.