Security Assurance Specialist

at Lumin Digital
  • $105k-$115k
  • Remote - United States

Remote

Cybersecurity

Mid-level

Job description

Basic Function

The Security Assurance Specialist plays a key role in strengthening and maintaining Lumin’s security and compliance posture. This role owns the daily management of the vulnerability lifecycle, leads the configuration and continuous improvement of our GRC platform, and drives audit readiness and coordination activities for frameworks like SOC 2 and PCI. By bridging technical detail and regulatory expectations, this position ensures our controls are operating effectively,, and stakeholders—from auditors to customers—can trust the integrity of our security program.

Essential Functions and Responsibilities:

Own the vulnerability management lifecycle, including review of scanning results, coordination with technical teams for remediation, and oversight through closure or documented exceptions.

Evaluate and improve the design and effectiveness of security controls within Lumin’s GRC platform, identifying gaps, redundancies, and opportunities for streamlining.

Maintain real-time accuracy of control and risk records within the GRC platform to reflect the current state of program conformance with internal policies and external requirements.

Coordinate internal and external audits (e.g., SOC 2, PCI), including management of document request lists, evidence collection, stakeholder communication, and follow-up on outstanding items.

Conduct control testing through evidence review, system analysis, policy comparison, and interviews to assess compliance with defined standards and frameworks.

Track and report on issue status and trends, manage the POA&M process, and work with leadership to resolve overdue items and identify systemic root causes.

Develop and maintain dashboards and metrics that reflect the maturity, coverage, and effectiveness of security and risk programs.

Contribute to customer trust initiatives by supporting RFPs, due diligence questionnaires, and client meetings with clear, accurate, and up-to-date security documentation.

Monitor regulatory and industry frameworks to identify emerging changes and provide recommendations to maintain or exceed compliance expectations.

Perform other duties as assigned.

Position Specifications

Education:

Bachelor’s degree in a relevant field such as Information Systems, Business, Risk Management preferred.

Experience:

Three (3) years of professional experience in information security, risk management, compliance, IT audit, or a related field required.

Experience owning or administering GRC systems (TrustCloud, OneTrust, Drata, etc.) and workflows, including evaluating and improving control design required.

Hands-on experience with vulnerability management tools (e.g., Tenable, Synk, Rapid7) and understanding of common vulnerability types and remediation practices required.

Experience coordinating across cross-functional technical and non-technical teams is required.

Experience supporting audits or external assessments (e.g., SOC 2, PCI) preferred.

Knowledge, Skills, & Abilities:

Familiarity with audit frameworks and processes, especially SOC 2 and PCI.

Strong technical acumen with ability to understand systems, interpret vulnerability data, and assess control applicability in a SaaS environment.

Excellent project coordination and organizational skills, particularly in high-stakes, deadline-driven audit environments.

Ability to assess and improve business processes within technical platforms (especially GRC tools).

Clear, concise written and verbal communication skills, able to adapt messaging for technical and executive audiences.

Critical thinker with strong attention to detail and a proactive mindset for identifying and mitigating risks.

Knowledge of security standards and frameworks (e.g., NIST 800-53, ISO 27001, SOC 2, PCI-DSS).

Ability to design or improve security workflows within a GRC platform.

Familiarity with building or maintaining program-level dashboards or metrics.

Comfort engaging with customers or external auditors to explain security practices and documentation

Travel:

Minimal, generally 12 days or less per year, ~2X team get togethers a year

$105,000 - $115,000 a year

LIFE AT LUMIN DIGITAL

Lumin Digital is a trailblazer in digital banking solutions, driven by a unique approach to technology, service, and people. We empower credit unions and banks by creating cutting-edge digital experiences that continuously serve, engage, and grow their membership base. Lumin is 100% cloud-native, purpose-built to unlock the full advantages of the cloud for financial institutions and their users.

At Lumin, we thrive on curiosity and innovation. Our culture fosters trust - in our expertise and decisions, respect - for diverse perspectives and talents, and boldness - in pursuing innovative paths. These values guide us, shaping a workplace where collaboration thrives, ideas flourish, and new possibilities are discovered. Focused on continuous improvement and innovation, we encourage our team to explore, experiment, and put new ideas into action, challenging the usual way of doing things.

All qualified applicants, including those with arrest or conviction records, will be considered for employment. Any conditional offer will include a notice regarding the review of the candidate’s criminal history as part of the hiring process.

Share this job:
Please let Lumin Digital know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Lumin Digital

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply