Senior Security Analyst -Technology Risk & Compliance

Location: Remote

Job Type: Full Time / Permanent

In this role on the Information Security Governance, Risk & Compliance team, the candidate will collaborate with technology and business teammates in the areas of security awareness, security governance documents, cybersecurity risk assessment, and other areas as required. The focus of this role will be leading the company’s holistic security awareness program, including: training content, ethical phishing exercise, security bulletins, and security policies/standards/guidelines. The candidate must be able to reliably achieve program objectives, address uncertainty, and act with integrity. The candidate will need to maintain an awareness of controls and existing/proposed security standards and how they affect the company environment. The candidate will identify areas of information security risk within the organization and assist in the translation of this risk to internal business partners. The candidate should have knowledge of information security governance, risk, control, PCI, SOX, and the ability to apply these concepts within their work environment. This is a full-time remote opportunity. We are looking to hire immediately.

Job Duties & Responsibilities:  Support the security awareness program through creation of training content, ethical phishing exercises, related communications, and overall compliance monitoring • Perform cybersecurity risk assessments of technology processes and platforms • Partner with business and technology teammates as a trusted advisor on information security governance, risk, and compliance matters as required.

What we are looking for:  Bachelor’s Degree in Management Information Systems, Computer Science, Business, or equivalent experience • 5-7 years of experience in security awareness training, technology governance, risk, and compliance, technology controls, security frameworks, risk assessment, security awareness training • CISA (preferred not required) • CRISC (preferred not required) • CISSP (preferred not required).