InfoSec GRC Specialist

Currency Exchange International (CXI) is a Financial Services and Technology Provider based in Orlando, Florida.

Currency Exchange International, Corp. is a publicly traded company on the Toronto Stock Exchange (CXI) and OTC (CURN). CXI provides a wide range of foreign exchange services to customers in both the United States and in Canada. CXI’s primary business channels to service customers are through its company-owned branch locations and foreign exchange partnerships with financial institutions and corporations. CXI has been providing global payment solutions for clients that span wide-ranging industries. As one of North America's leading foreign exchange wholesalers, CXI can provide personalized and efficient service, competitive rates, as well as a number of settlement options. Visit our website to learn more about life at CXI: https://www.ceifx.com/about/life-at-cxi

Our Value Statement: We help our clients identify and create foreign exchange solutions, delivering a best practices approach through unparalleled customer service and integrated technology to create significant financial and operational efficiencies.

Our Values

• Customer First - We earn the right to be our clients’ first choice.
• Integrity - We hold ourselves to the highest standard to build trust.
• Collaborative - We always win as a team.
• Innovative - We find new methods to deliver change and advance technology to the industry.
• Passionate - We are driven to be the best in class.
  
  

Currency Exchange International is looking for a skilled and motivated InfoSec GRC Specialist to join our GRC Team! This is a hybrid position based in Orlando, FL.

The InfoSec GRC Specialist supports IT and Information Security in governance, risk management, compliance, “GRC,” and security awareness practices.

With the support of the Cyber Security Risk Manager, the IS GRC Specialist will foster strong working relationships with business leaders and drive the development of a security-aware culture throughout the enterprise. The InfoSec GRC Specialist will collaborate with key stakeholders to evaluate the technology footprint and determine systems and processes in scope for various regulatory requirements.

The IS GRC Specialist will assist in improving the security posture of the company and audit readiness through the evaluation of internal and external risk, tracking resolutions, performing policy reviews, and assisting in security testing.

The successful candidate has a strong interest in security regulations, thinks strategically, is intellectually curious, and is comfortable working in undefined problem spaces. The IS GRC Specialist is expected to contribute to the innovation of the enterprise information security and GRC programs. As a member of a growing enterprise, the IS GRC Specialist will help shape the risk program and will have the opportunity to operate with empowerment from leadership.

The IS GRC Specialist will be cross-trained to support all GRC functions.

Essential Functions

• Evaluate the implementation of security controls and frame security risk in terms of business objectives.
• Maintain an up-to-date common control library.
• Develop and deliver security awareness training.
• Evaluate the security posture of third parties.
• Review and improve security and infosec policies.
• Support evidence collection of various audits and regulatory exams.
• Support and improve the InfoSec Risk Management lifecycle.
• Lead one or more of the IS GRC programs.
• Report on KPIs and KRIs
• Support the development and maintenance of the IS GRC program, framework, and methodologies.
• Maintain up-to-date knowledge on security techniques, regulatory landscapes, and best practices.
  
  

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time, with or without notice.

Competencies

• Thinks critically and analytically with the ability to express a point of view supported by data (for both technical and non-technical audiences)
• Raises concerns early and facilitates constructive problem-solving at all levels of the enterprise; knows when to escalate.
• Exhibits passion for learning in technology and cybersecurity domains .
• Collaborates effectively with colleagues, stakeholders, and leaders across multiple organizations to get consensus, socialize strategy, and achieve objectives.
• Displays the ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions.
• Manages multiple parallel initiatives.
• Is execution-oriented and self-motivated.
  
  

Required Education/Skills

• Bachelor’s Degree in information security, Information Technology, or similar field.
• 3-5 years experience in Information Security or Information Technology.
  
  

Preferred Qualifications

• Experience with security frameworks and audits (SOC, ISO, regulatory)
• Security certification such as Security , CySA , SSCP, CRISC, CGRC, CSAP, CISA
• Familiarity with cloud computing concepts
  
  

Benefits

• Commuter Reimbursement - CXI will pay the driving toll, bus or metro cost in and out of work
• Holiday Pay – 11 days of paid designated holidays annually
• Vacation Pay – 10 days of paid vacation time off annually
• Sick/Personal Days – 5 days of paid sick/personal time off annually
• 401K Plan - Company matches at 5%
• Health/Dental/Vision - 60% payment of the Health/Dental/Vision Insurance premiums
• Short and Long-Term Disability - Plan premiums are fully covered by CXI
  
  

Currency Exchange International is committed to providing a fair and inclusive interview process for all candidates. We invite and support applications from individuals with disabilities. Accommodations are readily available upon request to ensure that candidates can fully participate in every stage of the selection process.