Company Summary:

With Alviere, organizations can offer financial products to drive customer engagement, generate new revenue streams, and improve existing financial flows. The Alviere HIVE platform offers an extensive range of configurable, branded financial products, including accounts & wallets, card issuance, streamlined payments, and global money transfers. Alviere brings together technology and program support with the trust of a licensed financial institution to assure the safety, flexibility, and long-term viability of client programs.

Job Summary:

Alviere is looking for a Risk Analyst, Enterprise Controls to own the operational backbone of our enterprise risk control environment. This individual contributor role, reporting directly to the CRCO, is responsible for maintaining Alviere's enterprise risk control framework, running the monthly and quarterly internal control testing program, and coordinating all external reviews of the control environment — including our annual SOC 1, SOC 2, and PCI audits. The right candidate is equally comfortable designing a testing methodology, managing a complex evidence campaign in Jira, and presenting residual risk findings to the Risk & Compliance Committee. This is a high-ownership role with direct visibility to senior leadership and meaningful impact on how Alviere manages its regulatory and operational risk posture.

Responsibilities include but are not limited to:

• Own and maintain Alviere's Enterprise Risk Control Framework — mapping identified risks across AML/CFT, cybersecurity, TPRM, consumer protection, fraud, and data privacy to applied controls and residual risk ratings; maintain the Risk Appetite Statement; and prepare KRI summaries and risk reports for the quarterly Risk & Compliance Committee and Board.
• Design and execute the internal control testing calendar — running scheduled monthly and quarterly tests (OFAC, access management, transaction monitoring, and other key controls), documenting results, opening corrective actions on exceptions, and tracking remediation to closure.
• Own the annual SOC 2 audit program end-to-end — standing up the AUDIT Jira project each cycle, routing 40+ individual evidence requests to Engineering, IT/Security, HR, Finance, and Operations, managing each ticket through all workflow stages, and interfacing directly with external auditors on review comments and re-evidence requests.
• Run the annual system access review program across 30+ in-scope platforms — coordinating with system owners to pull 100% population access lists, documenting review outcomes, ensuring required removals are executed and evidenced, and tying results into SOC 2 and PCI audit evidence.
• Manage Alviere's external auditor relationship, conducting the annual assessor qualification and independence review; serve as the primary internal operational point of contact for reviews and examinations including transaction population pulls and examination documentation.
• Track enterprise control findings and corrective action plans in Jira (CDCAP project), ensuring open items have documented owners, deadlines, and remediation progress for reporting to the CRCO and committee.

A successful Risk Analyst, Enterprise Controls will have the following:

• 3–6 years of experience in internal audit, IS audit, compliance testing, or risk control functions at a financial institution, fintech, payment company, or professional services firm serving such clients.
• Demonstrated experience contributing to or coordinating a SOC 2 audit evidence cycle — familiarity with Trust Services Criteria control categories, ability to read Type II reports critically, and comfort managing auditor interactions independently.
• Practical understanding of control testing methodology: how to design a test, document results, assess the significance of a control exception, and communicate findings to non-technical leadership.
• Strong operational discipline — experience managing Jira workflows, owning complex multi-stakeholder evidence campaigns, and meeting hard external deadlines without close supervision.
• Clear, analytical written communication skills — capable of producing board-quality risk summaries, committee materials, and control testing documentation.
• Preferred: CISA, CISSP, CRCM, or CIA certification; experience with PCI DSS compliance coordination; familiarity with state money transmitter regulatory examination processes.

We pride ourselves on developing and promoting talent as an Equal Employment Opportunity Employer - Veteran/Disability. All qualified applicants will receive consideration for employment without regard to race, national origin, gender, age, religion, disability, veteran status, or any other category protected by law. We are a true merit-based organization and work hard so there are no artificial barriers to one's potential success. Alviere is committed to a workforce where everyone's opportunities are limitless.

Consistent with this commitment, Alviere will endeavor to provide reasonable accommodation to otherwise qualified job applicants and employees with known physical or mental disabilities. Please contact recruiting@alviere.com for any assistance.