Talent.com
Information Security Analyst

Information Security Analyst

AchieveTempe, Arizona, United States
5 days ago
Job type
  • Full-time
Job description

Job Description

Information Security Analyst

This role is critical to maintaining and enhancing the organization's security posture. The Information Security Analyst will be responsible for a variety of functions, focusing on several key areas within information security, including security awareness program management, support for internal and external audits, and the development and reporting of security metrics. This position requires a blend of technical understanding, organizational skills, and effective communication to ensure compliance and mitigate risks. The Analyst will work closely with various teams, including Learning and Development, Corporate Communications, and the Enterprise Compliance Risk Management (Enterprise Compliance and Risk group) group, to achieve security objectives and contribute to a strong security culture.

Security Awareness Program

Serve as the platform administrator for managing ongoing training and phishing campaigns.

Review and approve quarterly training content and coordinate with the learning team to upload into the training platform.

Create communication plans with the corporate communication team to bring awareness of upcoming training to all employees.

Review the completion status of each campaign and send updates to management.

Organize incentive programs, including getting funds approved, creating a gifting campaign, and selecting random winners who have completed the training campaign.Oversee and manage the platform used for administering ongoing training and phishing campaigns, ensuring its optimal function and effectiveness.

Evaluate and approve quarterly training content, collaborating with the learning team to ensure its accuracy and relevance, and overseeing its seamless integration into the training platform.

Develop comprehensive communication plans in partnership with the corporate communication team to effectively promote upcoming training initiatives and foster awareness among all employees.

Monitor and track the completion status of each training and phishing campaign, generating regular progress reports and presenting them to management.

Spearhead the creation and implementation of incentive programs to encourage participation and recognize employees who successfully complete training campaigns. This includes securing funding, designing engaging gifting campaigns, and impartially selecting winners.

InfoSec / IT Audit Engagements

Organize and delegate audit requests to the appropriate business contacts.

Assist with the scheduling of all walkthrough meetings and follow-up discussions.

Understand how an audit is performed, what expectations the auditors have, and how to provide evidence that is easily understood and accepted by the auditors.

Assist on other questionnaires / examinations from third parties (i.e., state examinations, bank partner due diligence, etc.) that relate to Information Security.

Develop a knowledge bank of audit answers and control owners.Develop and maintain a comprehensive knowledge bank that contains meticulously documented answers to frequently asked audit questions and a clear identification of control owners for each relevant area. This resource will serve as a centralized repository of information, streamlining the audit process and ensuring quick access to essential details.

Document and map controls to system configurations.Develop and maintain comprehensive documentation that outlines the relationships between security controls and specific system configurations.

Regularly update documentation and diagrams to reflect changes in system configurations or security control implementations.

Ensure that documentation is easily accessible to relevant stakeholders, including system administrators, security engineers, and auditors.

Metrics Reporting

Communicate and clearly document various Security Metrics for the Enterprise Compliance Risk Group initiative. Ensure documentation aligns with the program’s objectives.

Collaborate closely with the Enterprise Compliance and Risk group to identify key security metrics and reporting requirements.

Develop and maintain dashboards and reports that track and visualize security metrics, providing insights to the Enterprise Compliance and Risk group group and other stakeholders.

Analyze security metrics data to identify trends, patterns, and potential risks, and provide recommendations to the Enterprise Compliance and Risk group group for mitigation strategies.

Identify and manage issues related to security metrics data, including data quality problems, reporting discrepancies, and deviations from expected thresholds. Work with relevant teams to resolve these issues promptly.

Participate in regular meetings with the Enterprise Compliance and Risk group group to review security metrics, discuss findings, and ensure alignment with overall compliance and risk management goals.

Ensure data accuracy and integrity in security metrics reporting, and implement data quality control measures as needed.

Preferred

Assist in the development of system configuration standards that align with security control requirements.

Monitor system configurations for compliance with security control requirements and identify any deviations.

Assist in the investigation and remediation of security incidents related to system misconfigurations.

Qualifications

Required :

Bachelor's degree in Information Technology, Business Administration, or a related field.

Minimum of 5 years of experience in information security or compliance related field

Excellent project management skills, including planning, scheduling, risk management, and stakeholder management.

Strong communication, interpersonal, and leadership skills.

Experience working with cross-functional teams and managing vendor and business relationships

Security+ Certification

Preferred :

Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM)

Experience in the Finance industry.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Achieve well-being with :

  • 401 (k) with employer match
  • Medical, dental, and vision with HSA and FSA
  • Sick time off
  • Access to wellness support through Employee Assistance Program, Talkspace.
  • Pet care discounts for your furry family members
  • Financial support in times of hardship with our Achieve Care Fund
  • A safe place to connect with other employees through our six employee resource groups

Join Achieve, change the future.

At Achieve, we’re changing millions of lives.

From the single parent trying to catch up on bills to the entrepreneur needing a loan for the next phase of growth, you’ll get to be a part of their journey to a better financial future. We’re proud to have over 3,000 employees in mostly hybrid and 100% remote roles across the United States with hubs in Arizona, California, and Texas. We are strategically growing our teams with more remote, work-from-home opportunities every day to better serve our members. A career at Achieve is more than a job—it’s a place where you can make a true impact, have a sense of belonging, establish a fulfilling career, and put your well-being first.

Attention Agencies & Search Firms :   We do not accept unsolicited candidate resumes or profiles. Please do not reach out to anyone within Achieve to market your services or candidates. All inquiries should be directed to Talent Acquisition only. We reserve the right to hire any candidates sent unsolicited and will not pay any fees without a contract signed by Achieve’s Talent Acquisition leader.

LI-KM1