Security Assurance Specialist

Basic Function

The Security Assurance Specialist plays a key role in strengthening and maintaining Lumin’s security and compliance posture. This role owns the daily management of the vulnerability lifecycle, leads the configuration and continuous improvement of our GRC platform, and drives audit readiness and coordination activities for frameworks like SOC 2 and PCI. By bridging technical detail and regulatory expectations, this position ensures our controls are operating effectively,, and stakeholders—from auditors to customers—can trust the integrity of our security program.

Essential Functions and Responsibilities:

Own the vulnerability management lifecycle, including review of scanning results, coordination with technical teams for remediation, and oversight through closure or documented exceptions.

Evaluate and improve the design and effectiveness of security controls within Lumin’s GRC platform, identifying gaps, redundancies, and opportunities for streamlining.

Maintain real-time accuracy of control and risk records within the GRC platform to reflect the current state of program conformance with internal policies and external requirements.

Coordinate internal and external audits (e.g., SOC 2, PCI), including management of document request lists, evidence collection, stakeholder communication, and follow-up on outstanding items.

Conduct control testing through evidence review, system analysis, policy comparison, and interviews to assess compliance with defined standards and frameworks.

Track and report on issue status and trends, manage the POA&M process, and work with leadership to resolve overdue items and identify systemic root causes.

Develop and maintain dashboards and metrics that reflect the maturity, coverage, and effectiveness of security and risk programs.

Contribute to customer trust initiatives by supporting RFPs, due diligence questionnaires, and client meetings with clear, accurate, and up-to-date security documentation.

Monitor regulatory and industry frameworks to identify emerging changes and provide recommendations to maintain or exceed compliance expectations.

Perform other duties as assigned.

Position Specifications

Education: 

Bachelor’s degree in a relevant field such as Information Systems, Business, Risk Management preferred.

Experience:

Three (3) years of professional experience in information security, risk management, compliance, IT audit, or a related field required. 

Experience owning or administering GRC systems (TrustCloud, OneTrust, Drata, etc.) and workflows, including evaluating and improving control design required.

Hands-on experience with vulnerability management tools (e.g., Tenable, Synk, Rapid7) and understanding of common vulnerability types and remediation practices required.

Experience coordinating across cross-functional technical and non-technical teams is required.

Experience supporting audits or external assessments (e.g., SOC 2, PCI) preferred.

Knowledge, Skills, & Abilities:

Familiarity with audit frameworks and processes, especially SOC 2 and PCI.

Strong technical acumen with ability to understand systems, interpret vulnerability data, and assess control applicability in a SaaS environment.

Excellent project coordination and organizational skills, particularly in high-stakes, deadline-driven audit environments.

Ability to assess and improve business processes within technical platforms (especially GRC tools).

Clear, concise written and verbal communication skills, able to adapt messaging for technical and executive audiences.

Critical thinker with strong attention to detail and a proactive mindset for identifying and mitigating risks.

Knowledge of security standards and frameworks (e.g., NIST 800-53, ISO 27001, SOC 2, PCI-DSS).

Ability to design or improve security workflows within a GRC platform.

Familiarity with building or maintaining program-level dashboards or metrics.

Comfort engaging with customers or external auditors to explain security practices and documentation

Travel: 

Minimal, generally 12 days or less per year, ~2X team get togethers a year

LIFE AT LUMIN DIGITAL

Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.

At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.

All qualified applicants, including those with arrest or conviction records, will be considered for employment. Any conditional offer will include a notice regarding the review of the candidate’s criminal history as part of the hiring process.