Information Security Analyst - Temporary

Job Description
This Information Security Analyst - Temporary role is critical to maintaining and enhancing the organization's security posture. The Information Security Analyst will be responsible for a variety of functions, focusing on several key areas within information security, including security awareness program management, support for internal and external audits, and the development and reporting of security metrics. This position requires a blend of technical understanding, organizational skills, and effective communication to ensure compliance and mitigate risks. The Analyst will work closely with various teams, including Learning and Development, Corporate Communications, and the Enterprise Compliance Risk Management (Enterprise Compliance and Risk group) group, to achieve security objectives and contribute to a strong security culture.
This is a temporary role that we expect to last approximately 20 weeks.
What you'll do:
InfoSec / IT Audit Engagements

• Organize and delegate audit requests to the appropriate business contacts.
• Assist with the scheduling of all walkthrough meetings and follow-up discussions.
• Understand how an audit is performed, what expectations the auditors have, and how to provide evidence that is easily understood and accepted by the auditors.
• Assist on other questionnaires/examinations from third parties (i.e., state examinations, bank partner due diligence, etc.) that relate to Information Security.
• Develop a knowledge bank of audit answers and control owners. Develop and maintain a comprehensive knowledge bank that contains meticulously documented answers to frequently asked audit questions and a clear identification of control owners for each relevant area. This resource will serve as a centralized repository of information, streamlining the audit process and ensuring quick access to essential details.
• Document and map controls to system configurations. Develop and maintain comprehensive documentation that outlines the relationships between security controls and specific system configurations.
• Regularly update documentation and diagrams to reflect changes in system configurations or security control implementations.
• Ensure that documentation is easily accessible to relevant stakeholders, including system administrators, security engineers, and auditors.

Metrics Reporting

• Communicate and clearly document various Security Metrics for the Enterprise Compliance Risk Group initiative. Ensure documentation aligns with the program's objectives.
• Collaborate closely with the Enterprise Compliance and Risk group to identify key security metrics and reporting requirements.
• Develop and maintain dashboards and reports that track and visualize security metrics, providing insights to the Enterprise Compliance and Risk group group and other stakeholders.
• Analyze security metrics data to identify trends, patterns, and potential risks, and provide recommendations to the Enterprise Compliance and Risk group group for mitigation strategies.
• Identify and manage issues related to security metrics data, including data quality problems, reporting discrepancies, and deviations from expected thresholds. Work with relevant teams to resolve these issues promptly.
• Participate in regular meetings with the Enterprise Compliance and Risk group group to review security metrics, discuss findings, and ensure alignment with overall compliance and risk management goals.
• Ensure data accuracy and integrity in security metrics reporting, and implement data quality control measures as needed.

Preferred

• Assist in the development of system configuration standards that align with security control requirements.
• Monitor system configurations for compliance with security control requirements and identify any deviations.
• Assist in the investigation and remediation of security incidents related to system misconfigurations.

Qualifications
What you'll bring:

• Required:
  
  • Bachelor's degree in Information Technology, Business Administration, or a related field.
  • Minimum of 5 years of experience in information security or compliance related field
  • Excellent project management skills, including planning, scheduling, risk management, and stakeholder management.
  • Strong communication, interpersonal, and leadership skills.
  • Experience working with cross-functional teams and managing vendor and business relationships
  • Security+ Certification
• Preferred:
  
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM)
  • Experience in the Finance industry.

Additional Information
All your information will be kept confidential according to EEO guidelines.
Achieve well-being with:

• Hybrid and remote work opportunities for certain roles
• 401 (k) with employer match
• Medical, dental, and vision with HSA and FSA options
• Competitive vacation and sick time off, as well as dedicated volunteer days
• Access to wellness support through Employee Assistance Program, physical and mental health wellness programs
• Up to $5,250 paid back to you on eligible education expenses
• Pet care discounts for your furry family members
• Financial support in times of hardship with our Achieve Care Fund
• A safe place to connect and a commitment to diversity and inclusion through our six employee resource groups

Join Achieve, change the future.
At Achieve, we're changing millions of lives. From the single parent trying to catch up on bills to the entrepreneur needing a loan for the next phase of growth, you'll get to be a part of their journey to a better financial future. We're proud to have over 3,000 employees in mostly hybrid and 100% remote roles across the United States with hubs in Arizona, California, and Texas. We are strategically growing our teams with more remote, work-from-home opportunities every day to better serve our members. A career at Achieve is more than a job-it's a place where you can make a true impact, have a sense of belonging, establish a fulfilling career, and put your well-being first.
Attention Agencies & Search Firms: We do not accept unsolicited candidate resumes or profiles. Please do not reach out to anyone within Achieve to market your services or candidates. All inquiries should be directed to Talent Acquisition only. We reserve the right to hire any candidates sent unsolicited and will not pay any fees without a contract signed by Achieve's Talent Acquisition leader.
#LI-KM1
Company Description
Achieve is a leading digital personal finance company. We help everyday people move from struggling to thriving by providing innovative, personalized financial solutions. By leveraging proprietary data and analytics, our solutions are tailored for each step of our member's financial journey to include personal loans, home equity loans, debt consolidation, financial tools and education. Every day, we get to help our members move their finances forward with care, compassion, and empathetic touch. We put people first and treat them like humans, not account numbers.