This is a Remote position for a Security Risk Analyst, with company location in Jackson, MS. Summary: The Information Security Governance Risk and Compliance (ISGRC) team at the College Board checks and certifies the College Board’s Information Security Programs. Our mission is to provide our stakeholders with meaningful insights that continuously improve the risk posture across the organization. ISGRC partners with business leads to perform necessary security reviews of systems, contracts, and vendors to better understand and manage risk. The team also manages security policies, security awareness training, and industry-recognized certifications (ISO 27001, PCI-DSS and SOC2). As a Security Risk Analyst, you will tackle continually evolving security and data privacy challenges. You will collaborate and negotiate with diverse stakeholders at all levels. You will bring your passion for managing security risks to all parts of the organization. In this role, you will review the application of security requirements across a wide scope of customer contracts and third-party vendor contracts for all products and services at the College Board. You will leverage your IT and security experience and expertise to evaluate in-place controls and make recommendations to appropriately secure College Board information and services. You will build partnerships across the organization to reduce risk to the organization and ensure compliance. Duties and Responsibilities: Independently perform vendor risk assessments (risk identification, risk scoring, risk mitigation, and risk communication). Provide analysis of vendor responses and make recommendations for policy and contract and process enhancements. Support security contract negotiations to ensure appropriate security control requirements are embedded into proposals and contracts while maintaining positive working relationships with stakeholders, vendors, and business partners. Maintain a strong, ongoing understanding of security control requirements specific to College Board across a broad range of information security domains, including cloud, infrastructure, applications, and data. Understand the business context of College Board systems, data, and third-party relationships, to properly contextualize risk and requirements. Other systems assessments as needed. Manage risk treatments for the identified risks including recommendations and thresholds for risk transference, risk acceptance, and risk reduction. Develop and support risk metrics and reports. Identify process improvement needs and develop relevant automation requirements and documentation. Perform GRC tool configuration and testing work to support risk management projects. Other duties as assigned. Education and Experience: 5-7 years of experience in information security and/or information technology projects. 3-5 years of experience working with third party risk management. Excellent verbal and written communication skills, including the ability to negotiate and persuade business stakeholders to inform risk-based decisions and actions. Strong organization and prioritization skills and the proven ability to manage multiple tasks simultaneously, both independently and as a member of the team. Experience with governance, risk, and compliance tools (e.g., RSAM, RSA Archer) administration, configuration, and system integration techniques for risk data feed ingestion preferred. Strong understanding of risk management techniques and processes such as: risk identification, risk scoring, risk mitigation, and risk tracking. Experience with information security and privacy frameworks such as ISO 27001, NIST-CSF, NIST 800-53, FERPA, GDPR etc. Current Information Security Certification (e.g., CISSP, CRISC, CISM, CISA, or related security certification) preferred or the ability to attain one within 6 months of hire. Bachelor’s degree in science, cybersecurity, engineering, IT management or four years equivalent IT and security indust y experience. For remote positions, ability to travel 3-5 times a year to our Reston, VA office. We prioritize building a diverse and inclusive team where every employee can thrive, and every voice is heard. We welcome staff to join any or all six of our affinity groups: ARISE (Alliance for Asian Retention, Inclusion, Success, and Engagement; DIASPORA (Alliance for Pan-African Success and Achievement); Pride (alliance for LGBTQ+ staff and allies); Resilience (alliance for Native staff and advocates); SALSA (Staff Alliance for Latinx Success and Achievement); and WIN (Women’s Impact Network).
Information technology (IT) SOC2 GDPR Certified Information Security Manager (CISM) PCI DSS Certified Information Systems Security Professional (CISSP)