Information Security Analyst
The Information Security Analyst will play a key role in overseeing and enforcing governance and security program initiatives, coordinating Security Committee meetings, and providing day-to-day guidance and support for both customer-facing and internal teams.
The position includes but is not limited to conducting business and security risk assessments, coordinating industry governance and certification audits, updating and maintaining policies and procedures documentation to ensure the company’s security practice is evolving and compliant with changing data protection and privacy legislation. The Information Security Analyst will monitor and investigate potential breaches and support in the investigation, triage, mitigation and plans.
Candidates should bring their comprehensive background and experience to help define worldwide compliance programs, have an appetite for a hyper-growth environment, and be skilled in managing their time and communicating the results of their work and assignment status.
- Coordinate a regular review of security policies and support the administrative members of the Security Committee, coordinating the group’s regular meetings and activities.
- Develop security standards and best practices including recommending security enhancements to engineering and technology management. Help the engineering, technology (and other organizations as necessary) define procedures in support of (and that have direct traceability to) the security policies and conduct internal reviews to assess compliance with those directives.
- Look for opportunities to implement a suite of security, IT and hosting best practices; contribute your experience with teams to select and implement software solutions and service delivery methodologies that allow for continual delivery and assessment of compliance, gap identification and further security-focused growth opportunities.
- Serve as an internal lead of our Compliance Assessments, Audits and Certifications.
- Lead efforts to maintain data privacy management processes in support of GDPR and CCPA.
- Maintain and continually assess Vendor Risk and Risk Management activities.
- Assist in developing and maintaining a list of security vulnerabilities as part of a vulnerability management program.
- Conduct penetration testing (with 3rd party vendors) to simulate attacks to look for vulnerabilities before they can be exploited, including responding to issues identified in 3rd party reports, mitigation and plans with the engineering and hosted operations teams to resolve.
- Maintain awareness of evolving regulation and classification of information, especially PII (and other sensitive personal data) and personal privacy as it relates to the different geographic regions business operations.
- Participate and be involved in the review and mitigation of any operational security vulnerabilities as necessary.
Education and Experience:
- 5+ years of work experience in information security or compliance.
- A track record of delivering information security policies, processes and systems with a focus on security, performance and reliability
- Solid understanding of security best practices, current vulnerabilities and attack vectors, cryptography, authentication, authorization and security protocols.
- Ability to interact with a broad cross-section of personnel to explain and enforce security policies, systems and measures.
- Strong working knowledge of industry security frameworks and standards such as NIST, ISO27001, SOC, or other security standards and regulatory frameworks.
- Strong working knowledge of data privacy regulations and compliance requirements for GDPR, APP, CCPA and other regional compliance regulations.
- Experience creating, editing and working with security controls such as Access Management, Change Management, Business Continuity Plan, Disaster Recovery, Risk Management, Patch Management and others.
- Experience implementing SIEM systems for proactive response, and experience implementing zero-day mitigation solutions.
- Excellent communication (oral and written) and time management skills.
One of the fastest growing tech companies in K-12 education, Newsela was founded on the principle that while every child may have unique learning preferences, they all deserve a rich learning experience that ignites a love of learning. We built our platform based on learning science research to deliver the most engaging, authentic content to modernize how teaching happens in the classroom. Along with interactive assessments and tools, we provide teachers with digital content at five reading levels -- from +100 of the best sources -- that is relevant to the diverse backgrounds and interests of their students. Since we started in 2013, we’ve established a presence in 90% of U.S. K-12 schools and over 2.5M teachers and 37M students have registered with Newsela.