Information Security Analyst Jobs

At Ascensus, technology is more than just a solution. It powers the business that helps millions of people save for what matters—retirement, education, and healthcare. Our technology experts tackle exciting challenges in collaborative teams, but work in an environment where individual and career development is always valued. Technology associates leverage their talents and passion, building new and innovative platforms, creating programs founded in automation in agile frameworks, and driving existing and new markets—all of which supports the rapid growth of a dynamic industry leader.

Section 1: Position Summary

The Information Security Analyst will be a member of the Information Security team, leading cyber security-related analytical and compliance-focused efforts. This role will balance business priorities, information security risks, emerging threats and compliance-related best security practices when pursuing appropriate mitigation strategies ensuring the confidentiality, integrity, and availability of information assets. The Security Analyst will develop and maintain relationships with multiple areas of the business to include risk management, compliance, legal, facilities, and all areas of IT.

Section 2: Job Functions, Essential Duties and Responsibilities

• Review vendor’s attestation documents to confirm required security controls are in place and tested properly. Confirm compliance in alignment with Ascensus’ vendor risk management program.
• Organize materials used for assessment to be reused for future assessments to improve efficiency and expedience.
• Participate in the business RFP process to help attract, win, and retain business, acting as the SME for Information Security-related inquiries.
• Responsible for protecting, securing, and proper handling of all confidential data held by Ascensus to ensure against unauthorized access, improper transmission, and/or unapproved disclosure of information that could result in harm to Ascensus or our clients.
• Review individual answers from vendors and determine if company policy and contractual requirements are being met.
• Process requests for new and existing vendors, handling the information security tasks associated with the vendor review and certification process.
• Map controls to roles and policy within the Governance Risk and Compliance (GRC system
• Lead the Information Security portion(s) of the SOC2 and ISO recertification processes: monitor, test, and report on design and effectiveness of internal controls.
• Participate in industry-related organizations such as ISACA, FS-ISAC, IANS, etc. to gain knowledge and experience.
• Assist with other tasks and projects as assigned.
• Our I-Client service philosophy and our Core Values of People Matter, Quality First and Integrity Always® should be visible in your actions on a day-to-day basis showing your support of our organizational culture.
• Coordinate and process policy updates from BISOs and present to risk management policy review committee.
• Responsible for gathering and processing Information Security scorecard metrics.
• Lead increasingly complex efforts to enhance processes & procedures within the Information Security function.
• Identify exception requests and escalate to assigned BISO as needed.
• Performing gap assessments against existing or prevailing information security controls to decide whether or not a control is satisfactory. Communicate results across teams and work to improve or develop controls.
• Collaborate with business relationship managers in all divisions to answer client-initiated audit requests.

Supervision

• N/A

Section 3: Experience, Skills, Knowledge Requirements

• Experience managing projects, creating plans, tracking tasks, and escalating issues.
• Experience in security industry knowledge that evolves with current and emerging threats, as well as an ongoing understanding of key business and technological processes.
• Strong written and oral communication skills. The ability to communicate effectively (clear, concise, and professionally) with all levels within Ascensus.
• Bachelor’s degree or Associate degree plus equivalent work experience required.
• Self-starter and able to work independently.
• Knowledge of information security policies, controls, and processes.
• Knowledge infrastructure (networks, servers), databases and internet technologies.
• Persistence and strength to champion initiatives.
• Knowledge or experience working with Governance Risk & Compliance (GRC) systems such as LogicManager, eGRC, RSA Archer etc.
• Excellent analytical and problem resolution skills.
• Understanding of application platforms including web, mobile, and cloud.
• A minimum of 3 years of experience.
• Proficiency in MS Office software applications, specifically Word, Excel, and Power Point.
• Familiarity with the audit processes for information systems and security.
• Security Certifications like Security+, Network+ or Associate of ISC2.
• Highly organized and able to process and manage inventories of controls and findings.

For virtual remote positions, we require an uninterrupted workspace during business hours and an internet work speed of 25 Mbps or better. If you are unsure of your internet speed before applying, please check with your service provider.

We are proud to be an Equal Opportunity Employer