About the Role

Kurv is advancing its cybersecurity program in alignment with the NIST Cybersecurity Framework (CSF) while supporting and strengthening our existing PCI DSS 4.0 program through documentation, tracking, and operational coordination.

We are seeking a motivated, detail-oriented Cybersecurity Program Analyst to support both cybersecurity program development and day-to-day security operations. This role will focus initially on asset inventory, ownership, and risk classification (NIST Identify) while contributing to ongoing security and compliance activities.

This is a developmental role, designed to build foundational experience in cybersecurity governance, risk, and compliance, with mentorship from senior team members and exposure to real-world PCI and cloud security environments.

Key Responsibilities

Cybersecurity Program & Governance (Primary Focus)

• Build and maintain enterprise asset inventory (systems, applications, vendors, data flows)
• Document system ownership, classification, and risk tiering
• Support ongoing PCI scope validation and data flow documentation
• Support mapping and alignment of existing controls to NIST CSF and PCI DSS 4.0
• Assist in maintaining cybersecurity policies, standards, and documentation
• Track updates to the cybersecurity risk register and governance activities
• Contribute to reporting, metrics, and audit readiness

Security Operations & Control Support

• Support execution of core security controls, including:
  • Vulnerability scanning and remediation tracking
  • Log monitoring and alert review
  • File integrity and change validation
• Identify and escalate anomalies or control gaps

Access, Cloud & Incident Support

• Support user access reviews and identity governance activities
• Assist with cloud security monitoring and configuration tracking (AWS)
• Maintain and support incident response documentation and exercises

Compliance & Audit Support (High Visibility)

• Support ongoing PCI DSS compliance activities through documentation, evidence collection, and coordination
• Maintain organized audit evidence repositories and supporting artifacts
• Track audit requests, timelines, and deliverables
• Assist in preparing standard evidence submissions for audits and reviews

Security Awareness & Coordination

• Support security awareness and training tracking
• Partner cross-functionally with IT, Engineering, Compliance, and Operations teams
• Reinforce alignment between security controls and business processes
• Work under the guidance of senior team members to learn and contribute to PCI and cybersecurity program ownership over time

Qualifications

Required:

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Risk Management, or related field
• Strong analytical, organizational, and documentation skills
• High attention to detail and accountability
• Clear written and verbal communication skills
• Interest in cybersecurity governance, risk, and compliance

Preferred:

• Exposure to NIST, PCI DSS, SOC 2, or ISO 27001
• Familiarity with cloud environments (AWS preferred)
• Entry-level certification (or willingness to obtain) such as Security+

Professional Development

Kurv supports development in:

• NIST Cybersecurity Framework
• PCI DSS fundamentals
• Foundational cybersecurity certifications (e.g., Security+)
• Governance, Risk, and Compliance (GRC) career path

Why This Role Matters

This role strengthens the discipline, scalability, and audit readiness of our existing security and PCI program while supporting the build-out of a NIST-aligned cybersecurity framework—critical to enabling secure, compliant growth of the Kurv platform.