Senior Analyst, Information Security (R14050)

POSITION SUMMARY

The Information Security Governance & Awareness Senior Analyst supports and advances the organization's information security governance and security awareness programs through policy lifecycle management, governance analysis, regulatory mapping, metrics reporting, and targeted security education initiatives.

This role is responsible for coordinating and contributing to the development, maintenance, review, approval, and publication of information security policies, standards, procedures, and related governance documentation. The Senior Analyst applies critical thinking and sound judgment to assess governance documentation against regulatory and framework requirements and helps identify potential gaps, inconsistencies, or improvement opportunities.

The ideal candidate possesses strong technical writing and analytical skills, excellent English language comprehension, attention to detail, and the ability to translate complex security and regulatory concepts into clear, actionable governance documentation and awareness communications.

This role also supports organizational security culture initiatives through audience-appropriate awareness content, phishing simulation activities, and security education support aligned to organizational risks and business objectives.

RESPONSIBILITIES

Security Governance & Policy Management

• Manage and support the lifecycle of information security policies, standards, procedures, and related governance documentation.
• Coordinate document reviews, stakeholder collaboration, approvals, renewals, attestations, and publication timelines.
• Track policy review schedules, exceptions, approvals, versioning, and governance workflow activities.
• Interpret and map regulatory and framework requirements to organizational governance documents and controls.
• Support governance alignment efforts related to:
  • PCI-DSS v4.0.1
  • NIST Cybersecurity Framework (CSF) 2.0
  • SOC 2
  • SOX
  • FTC Safeguards Rule and related FTC requirements
• Review governance documentation for clarity, consistency, completeness, enforceability, and alignment with regulatory and organizational requirements.
• Identify potential governance gaps, conflicting requirements, outdated language, or process inconsistencies and recommend improvements.
• Ensure governance documentation appropriately distinguishes between policies, standards, procedures, guidelines, and supporting controls.
• Draft, edit, and maintain governance documentation using concise, professional, and active-voice writing principles.
• Support audit, assessment, and compliance activities through governance documentation review and evidence coordination.
• Maintain governance repositories, templates, and document management systems.

Security Awareness & Education

• Support the organization's security awareness and education initiatives for technical and non-technical audiences.
• Develop and maintain targeted awareness communications, training materials, and educational content aligned to organizational risks and emerging threats.
• Apply adult learning and communication principles to tailor awareness messaging to intended audiences and business contexts.
• Coordinate and support phishing simulation campaigns, including reporting, trend analysis, and user follow-up activities.
• Assist with measuring awareness participation, phishing resilience, and program effectiveness metrics.
• Collaborate with stakeholders to identify awareness gaps and support awareness improvement initiatives.

Metrics, Reporting & Program Support

• Develop and maintain governance and awareness program dashboards, recurring reports, and operational metrics.
• Produce reporting related to:
  • Policy lifecycle compliance
  • Review and approval timeliness
  • Governance exceptions
  • Security awareness participation
  • Phishing simulation trends
  • Governance process effectiveness
• Analyze governance and awareness trends to identify operational risks, recurring issues, or process improvement opportunities.
• Build and maintain reusable governance templates, reporting assets, and process documentation.
• Support governance committee preparation, leadership reporting, and cross-functional governance initiatives.
• Contribute to governance process improvement and operational efficiency efforts.

REQUIREMENTS

• Bachelor's degree in Information Security, Cybersecurity, Information Systems, Risk Management, English, Communications, or related field; or equivalent practical experience.
• 3-5 years of experience in information security governance, compliance, policy management, technical writing, security awareness, or related areas.
• Strong working knowledge of security and regulatory frameworks including PCI-DSS, NIST CSF, SOC 2, SOX, and FTC requirements.
• Demonstrated ability to read, interpret, and map regulatory requirements to governance documentation and organizational controls.
• Excellent technical writing, editing, and English language comprehension skills.
• Strong critical thinking and analytical skills, including the ability to identify governance gaps, inconsistencies, or improvement opportunities.
• Strong understanding of the distinctions between policies, standards, procedures, guidelines, and controls.
• Experience developing metrics, dashboards, and recurring governance or compliance reporting.
• Familiarity with phishing simulation platforms and security awareness practices.
• Strong organizational, stakeholder coordination, and project management skills.
• Ability to manage multiple priorities and deadlines in a cross-functional environment.

Preferred Qualifications

• Experience supporting governance, risk, and compliance (GRC) programs in regulated industries.
• Understanding of adult learning principles and audience-based communication strategies.
• Experience supporting audits, assessments, and evidence collection activities.
• Familiarity with GRC platforms, workflow management tools, or document management systems.
• Experience in financial services, fintech, or highly regulated environments preferred.
• Relevant certifications such as:
  • Security+
  • CISSP
  • CISA
  • CRISC
  • PCI ISA

#LI-REMOTE

#LI-SS1