Information Security Analyst

Information Security Analyst

This role is critical to maintaining and enhancing the organization's security posture. The Information Security Analyst will be responsible for a variety of functions, focusing on several key areas within information security, including security awareness program management, support for internal and external audits, and the development and reporting of security metrics. This position requires a blend of technical understanding, organizational skills, and effective communication to ensure compliance and mitigate risks. The Analyst will work closely with various teams, including Learning and Development, Corporate Communications, and the Enterprise Compliance Risk Management (Enterprise Compliance and Risk group) group, to achieve security objectives and contribute to a strong security culture.

Security Awareness Program

• Serve as the platform administrator for managing ongoing training and phishing campaigns.

• Review and approve quarterly training content and coordinate with the learning team to upload into the training platform.

• Create communication plans with the corporate communication team to bring awareness of upcoming training to all employees.

• Review the completion status of each campaign and send updates to management.

• Organize incentive programs, including getting funds approved, creating a gifting campaign, and selecting random winners who have completed the training campaign.Oversee and manage the platform used for administering ongoing training and phishing campaigns, ensuring its optimal function and effectiveness.

• Evaluate and approve quarterly training content, collaborating with the learning team to ensure its accuracy and relevance, and overseeing its seamless integration into the training platform.

• Develop comprehensive communication plans in partnership with the corporate communication team to effectively promote upcoming training initiatives and foster awareness among all employees.

• Monitor and track the completion status of each training and phishing campaign, generating regular progress reports and presenting them to management.

• Spearhead the creation and implementation of incentive programs to encourage participation and recognize employees who successfully complete training campaigns. This includes securing funding, designing engaging gifting campaigns, and impartially selecting winners.

InfoSec / IT Audit Engagements

• Organize and delegate audit requests to the appropriate business contacts.

• Assist with the scheduling of all walkthrough meetings and follow-up discussions.

• Understand how an audit is performed, what expectations the auditors have, and how to provide evidence that is easily understood and accepted by the auditors.

• Assist on other questionnaires/examinations from third parties (i.e., state examinations, bank partner due diligence, etc.) that relate to Information Security.

• Develop a knowledge bank of audit answers and control owners.Develop and maintain a comprehensive knowledge bank that contains meticulously documented answers to frequently asked audit questions and a clear identification of control owners for each relevant area. This resource will serve as a centralized repository of information, streamlining the audit process and ensuring quick access to essential details.

• Document and map controls to system configurations.Develop and maintain comprehensive documentation that outlines the relationships between security controls and specific system configurations.

• Regularly update documentation and diagrams to reflect changes in system configurations or security control implementations.

• Ensure that documentation is easily accessible to relevant stakeholders, including system administrators, security engineers, and auditors.

Metrics Reporting

• Communicate and clearly document various Security Metrics for the Enterprise Compliance Risk Group initiative. Ensure documentation aligns with the program’s objectives.

• Collaborate closely with the Enterprise Compliance and Risk group to identify key security metrics and reporting requirements.

• Develop and maintain dashboards and reports that track and visualize security metrics, providing insights to the Enterprise Compliance and Risk group group and other stakeholders.

• Analyze security metrics data to identify trends, patterns, and potential risks, and provide recommendations to the Enterprise Compliance and Risk group group for mitigation strategies.

• Identify and manage issues related to security metrics data, including data quality problems, reporting discrepancies, and deviations from expected thresholds. Work with relevant teams to resolve these issues promptly.

• Participate in regular meetings with the Enterprise Compliance and Risk group group to review security metrics, discuss findings, and ensure alignment with overall compliance and risk management goals.

• Ensure data accuracy and integrity in security metrics reporting, and implement data quality control measures as needed.

Preferred 

• Assist in the development of system configuration standards that align with security control requirements.

• Monitor system configurations for compliance with security control requirements and identify any deviations.

• Assist in the investigation and remediation of security incidents related to system misconfigurations.

• Required:

  • Bachelor's degree in Information Technology, Business Administration, or a related field.

  • Minimum of 5 years of experience in information security or compliance related field

  • Excellent project management skills, including planning, scheduling, risk management, and stakeholder management.

  • Strong communication, interpersonal, and leadership skills.

  • Experience working with cross-functional teams and managing vendor and business relationships

  • Security+ Certification

• Preferred:

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM)

  • Experience in the Finance industry.

All your information will be kept confidential according to EEO guidelines.

Achieve well-being with:

• 401 (k) with employer match
• Medical, dental, and vision with HSA and FSA
• Sick time off
• Access to wellness support through Employee Assistance Program, Talkspace.
• Pet care discounts for your furry family members
• Financial support in times of hardship with our Achieve Care Fund
• A safe place to connect with other employees through our six employee resource groups

Join Achieve, change the future.

At Achieve, we’re changing millions of lives.
From the single parent trying to catch up on bills to the entrepreneur needing a loan for the next phase of growth, you’ll get to be a part of their journey to a better financial future. We’re proud to have over 3,000 employees in mostly hybrid and 100% remote roles across the United States with hubs in Arizona, California, and Texas. We are strategically growing our teams with more remote, work-from-home opportunities every day to better serve our members. A career at Achieve is more than a job—it’s a place where you can make a true impact, have a sense of belonging, establish a fulfilling career, and put your well-being first.

Attention Agencies & Search Firms: We do not accept unsolicited candidate resumes or profiles. Please do not reach out to anyone within Achieve to market your services or candidates. All inquiries should be directed to Talent Acquisition only. We reserve the right to hire any candidates sent unsolicited and will not pay any fees without a contract signed by Achieve’s Talent Acquisition leader.

#LI-KM1

Achieve is a leading digital personal finance company. We help everyday people move from struggling to thriving by providing innovative, personalized financial solutions. By leveraging proprietary data and analytics, our solutions are tailored for each step of our member's financial journey to include personal loans, home equity loans, debt consolidation, financial tools and education. Every day, we get to help our members move their finances forward with care, compassion, and empathetic touch. We put people first and treat them like humans, not account numbers.