Information Security Analyst

Information Security Analyst

This role is critical to maintaining and enhancing the organizations security posture. The Information Security Analyst will be responsible for a variety of functions focusing on several key areas within information security including security awareness program management support for internal and external audits and the development and reporting of security metrics. This position requires a blend of technical understanding organizational skills and effective communication to ensure compliance and mitigate risks. The Analyst will work closely with various teams including Learning and Development Corporate Communications and the Enterprise Compliance Risk Management (Enterprise Compliance and Risk group) group to achieve security objectives and contribute to a strong security culture.

Security Awareness Program

• Serve as the platform administrator for managing ongoing training and phishing campaigns.

• Review and approve quarterly training content and coordinate with the learning team to upload into the training platform.

• Create communication plans with the corporate communication team to bring awareness of upcoming training to all employees.

• Review the completion status of each campaign and send updates to management.

• Organize incentive programs including getting funds approved creating a gifting campaign and selecting random winners who have completed the training and manage the platform used for administering ongoing training and phishing campaigns ensuring its optimal function and effectiveness.

• Evaluate and approve quarterly training content collaborating with the learning team to ensure its accuracy and relevance and overseeing its seamless integration into the training platform.

• Develop comprehensive communication plans in partnership with the corporate communication team to effectively promote upcoming training initiatives and foster awareness among all employees.

• Monitor and track the completion status of each training and phishing campaign generating regular progress reports and presenting them to management.

• Spearhead the creation and implementation of incentive programs to encourage participation and recognize employees who successfully complete training campaigns. This includes securing funding designing engaging gifting campaigns and impartially selecting winners.

InfoSec / IT Audit Engagements

• Organize and delegate audit requests to the appropriate business contacts.

• Assist with the scheduling of all walkthrough meetings and followup discussions.

• Understand how an audit is performed what expectations the auditors have and how to provide evidence that is easily understood and accepted by the auditors.

• Assist on other questionnaires/examinations from third parties (i.e. state examinations bank partner due diligence etc. that relate to Information Security.

• Develop a knowledge bank of audit answers and control and maintain a comprehensive knowledge bank that contains meticulously documented answers to frequently asked audit questions and a clear identification of control owners for each relevant area. This resource will serve as a centralized repository of information streamlining the audit process and ensuring quick access to essential details.

• Document and map controls to system and maintain comprehensive documentation that outlines the relationships between security controls and specific system configurations.

• Regularly update documentation and diagrams to reflect changes in system configurations or security control implementations.

• Ensure that documentation is easily accessible to relevant stakeholders including system administrators security engineers and auditors.

Metrics Reporting

• Communicate and clearly document various Security Metrics for the Enterprise Compliance Risk Group initiative. Ensure documentation aligns with the programs objectives.

• Collaborate closely with the Enterprise Compliance and Risk group to identify key security metrics and reporting requirements.

• Develop and maintain dashboards and reports that track and visualize security metrics providing insights to the Enterprise Compliance and Risk group group and other stakeholders.

• Analyze security metrics data to identify trends patterns and potential risks and provide recommendations to the Enterprise Compliance and Risk group group for mitigation strategies.

• Identify and manage issues related to security metrics data including data quality problems reporting discrepancies and deviations from expected thresholds. Work with relevant teams to resolve these issues promptly.

• Participate in regular meetings with the Enterprise Compliance and Risk group group to review security metrics discuss findings and ensure alignment with overall compliance and risk management goals.

• Ensure data accuracy and integrity in security metrics reporting and implement data quality control measures as needed.

Preferred 

• Assist in the development of system configuration standards that align with security control requirements.

• Monitor system configurations for compliance with security control requirements and identify any deviations.

• Assist in the investigation and remediation of security incidents related to system misconfigurations.

Qualifications :

• Required:

  • Bachelors degree in Information Technology Business Administration or a related field.

  • Minimum of 5 years of experience in information security or compliance related field

  • Excellent project management skills including planning scheduling risk management and stakeholder management.

  • Strong communication interpersonal and leadership skills.

  • Experience working with crossfunctional teams and managing vendor and business relationships

  • Security Certification

• Preferred:

  • Certified Information Systems Security Professional (CISSP) Certified Information Security Auditor (CISA) Certified Information Security Manager (CISM)

  • Experience in the Finance industry.

Additional Information :

All your information will be kept confidential according to EEO guidelines.

Achieve wellbeing with:

• 401 (k) with employer match
• Medical dental and vision with HSA and FSA
• Sick time off
• Access to wellness support through Employee Assistance Program Talkspace.
• Pet care discounts for your furry family members
• Financial support in times of hardship with our Achieve Care Fund
• A safe place to connect with other employees through our six employee resource groups

Join Achieve change the future.

At Achieve were changing millions of lives.
From the single parent trying to catch up on bills to the entrepreneur needing a loan for the next phase of growth youll get to be a part of their journey to a better financial future. Were proud to have over 3000 employees in mostly hybrid and 100 remote roles across the United States with hubs in Arizona California and Texas. We are strategically growing our teams with more remote workfromhome opportunities every day to better serve our members. A career at Achieve is more than a jobits a place where you can make a true impact have a sense of belonging establish a fulfilling career and put your wellbeing first.

Attention Agencies & Search Firms: We do not accept unsolicited candidate resumes or profiles. Please do not reach out to anyone within Achieve to market your services or candidates. All inquiries should be directed to Talent Acquisition only. We reserve the right to hire any candidates sent unsolicited and will not pay any fees without a contract signed by Achieves Talent Acquisition leader.

#LIKM1

Remote Work :

No

Employment Type :

Fulltime