College Board logo
College Board

At College Board, we offer more than a paycheck- we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive.

Junior Policy and Security Awareness Analyst

Security AnalystSecurity AnalystFull TimeRemoteJuniorTeam 1,001-5,000

Location

United States

Posted

11 days ago

Salary

$48K - $75K / year

Seniority

Junior

Job Description

Junior Policy and Security Awareness Analyst

College Board

Role Description As the Jr. Policy and Security Awareness Analyst, support College Board’s Security Policy Management and Security Awareness programs. You will work at the direction of the Senior Director, Governance and Risk to coordinate policy reviews using the ISGRC tool, One Trust and security awareness activities using the ISGRC tool, KnowBe4. This role is designed as an entry point into Information Security Governance, Risk, and Compliance with a possible opportunity to develop into more advanced security, audit, or risk roles within the organization. In this role, you will: - Security Policy (40%) - Assist in planning, executing, and managing security policy reviews and approval activities to ensure alignment with industry standards and business objectives. - Maintain and organize the enterprise policy library within One Trust and other designated repositories. - Research, interpret, and map policy requirements to compliance controls for audit readiness. - Conduct routine policy reviews to identify gaps or outdated content and recommend updates. - Support policy enforcement efforts and work with leadership to ensure consistent organization-wide compliance. - Maintain a Generative AI–powered chatbot built on Microsoft Copilot to answer common InfoSec policy questions. - Develop dashboards and reports that highlight training gaps, policy risks, and awareness trends. - Security Awareness (40%) - Support and continuously improve organization-wide security awareness training using KnowBe4. - Plan, execute, analyze, and report monthly phishing simulations. - Collaboration & Delivery (20%) - Support broader ISGRC initiatives designed to strengthen governance and risk management. - Develop dashboards, reports, and metrics to inform leadership about progress and effectiveness of policy and security awareness initiatives. - Perform other duties assigned to support ISGRC and enterprise security objectives. - Contribute to automation or AI-enabled improvements in policy or security awareness workflows. Qualifications - Preferred backgrounds include Computer Science, Information Systems, Cybersecurity, Data Analytics, Public Policy (with quantitative or technology focus), or related disciplines. - Excellent communication (written and verbal) and effective interpersonal skills. - Strong planning, prioritization, and execution skills, capable of managing multiple projects in fast-paced, evolving environments. - Experience working with structured data (e.g., Excel, Google Sheets, SQL, or Python) to organize, analyze, or report on information is preferred. - Experience using AI tools to analyze, summarize, or extract insights from documents. Familiarity with prompt structuring, workflow automation, or API-based usage is strongly preferred. - A critical thinker, a solid drive to excellence, a strong attention to detail, an insatiable appetite for continuous improvement, and a constant need to learn, practice, and improve. - Enthusiasm to learn through a combination of structured, on-the-job, and self-directed training. - Desire to explore a career in Information Security or Information Security, Governance, Risk and Compliance. - Interest in pursuing foundational security certifications such as ISC2 Certified in Cybersecurity (CC), CompTIA Security+, or ISO 27001, with longer-term development toward certifications like CISA or CISSP. - Ability to work efficiently and effectively in a remote team environment. - Ability to communicate the value of compliance work in clear business terms, helping stakeholders understand how audit readiness, effective controls, and timely remediation reduce risk, protect trust, and support College Board’s mission. Requirements - Preferred - Working in a security environment with experience in security awareness or policy management. - Bachelor’s degree preferred. - The ability to travel 3-4 times a year to College Board offices or on behalf of College Board business. Benefits - At College Board, we offer more than a paycheck- we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. - We’re a self-sustaining nonprofit that believes in fair and competitive compensation grounded in your qualifications, experience, impact, and the market. - The hiring range for this role is $48,000 – $75,000. Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board. - We aim to make our best offer upfront, rooted in fairness, transparency, and market data. - We adjust salaries by location to ensure fairness, no matter where you live. - You’ll have open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process.

Related Job Pages

More Security Analyst Jobs

First Citizens Bank logo

Cyber Security Analyst III - App Security & Vulnerability

First Citizens Bank

First Citizens Bank offers a full line of financial services and focuses on individuals, as well as small to medium-sized businesses. As an employer, the compan

Security Analyst11 days ago

Role Description This is a remote role in NC, AZ, and TX. We are seeking a highly skilled Cyber Security Analyst with a strong background in application security and vulnerability management. This role focuses on identifying, analyzing, and mitigating security risks across software development pipelines using SAST, DAST, and SCA tools. The ideal candidate combines hands-on technical expertise with knowledge of modern security practices and emerging technologies, including AI/ML. Responsibilities - Application Security & Code Analysis - Perform static (SAST), dynamic (DAST), and software composition analysis (SCA) to identify vulnerabilities in applications and third-party components. - Analyze scan results, triage findings, and prioritize remediation efforts based on risk. - Partner with development teams to remediate vulnerabilities and improve secure coding practices. - Vulnerability Management - Conduct regular security assessments and vulnerability scans across applications and environments. - Validate and reproduce vulnerabilities, including false positive elimination. - Track and report vulnerability metrics, risk trends, and remediation progress. - Security Tools & Automation - Configure, deploy, and maintain security scanning tools (e.g., Checkmarx, Veracode, Fortify, Snyk, Burp Suite, OWASP ZAP). - Automate security testing processes using scripting or APIs. - Improve scanning efficiency and coverage through tuning and optimization. Qualifications - Bachelor's Degree and 6 years of experience in Information Security OR High School Diploma or GED and 10 years of experience in Information Security. - Hands-on experience with SAST, DAST, and SCA tools. - Web application security testing (OWASP Top 10, API security). - Strong understanding of secure software development lifecycle (SDLC / DevSecOps) and common vulnerabilities (e.g., injection, XSS, authentication flaws). - Proficiency in one or more programming/scripting languages (e.g., Python, Java, JavaScript, Bash). - Experience interpreting and prioritizing scan results and remediation plans. Preferred Qualifications - Experience integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, Azure DevOps). - Familiarity with container and cloud security (AWS, Azure, GCP). - Familiarity with AI/ML concepts and security implications. - Industry certifications such as CEH, Security+, SSCP, GIAC or comparable. Key Skills - Strong analytical and problem-solving skills. - Provide risk-based recommendations to stakeholders. - Ability to communicate technical findings to both technical and non-technical stakeholders. - Experience working cross-functionally with development and engineering teams. - Attention to detail with a risk-based security mindset. Nice-to-Have Experience - API security testing tools (Postman, SoapUI). - AI-assisted security tooling (e.g., anomaly detection, code analysis assistants). - Knowledge of regulatory frameworks (NIST, ISO 27001, SOC 2). AI/ML & Emerging Technologies - Leverage AI/ML-based security tools for enhanced detection and analysis. - Assess risks related to AI/ML models (e.g., data poisoning, model inversion, adversarial attacks). - Participate in securing AI-driven applications and data pipelines. Threat Analysis & Risk Management - Assess potential threats and attack vectors relevant to applications and APIs. - Apply threat modeling techniques (e.g., STRIDE) during development lifecycle. Benefits - Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. - More information can be found at https://jobs.firstcitizens.com/benefits .

United States

IT Security & Compliance Analyst

Mission Critical Group

Mission Critical Group (MCG) is an end-to-end power solutions and services provider that accelerates time-to-power and delivers scalable, resilient infrastructure for mission critical environments. By integrating engineering, manufacturing, modular deployment, and lifecycle services under one platform, we streamline execution and bring complex projects online faster - without compromising performance. With more than 1.5 million square feet of U.S. manufacturing capacity, MCG supports data centers, power generation, healthcare, oil & gas, pharmaceuticals, semiconductors, and industrial facilities where uptime is non-negotiable. Mission Critical Group designs, manufactures and provides value-added services for customers requiring critical power solutions. Powering a new electric world for a brighter, more secure future.

Security Analyst11 days ago

Role Description The IT Security & Compliance Analyst is responsible for supporting the organization's cybersecurity program, regulatory compliance initiatives, risk management activities, and security governance processes. This role helps protect company information systems and data by monitoring security controls, assessing risks, ensuring compliance with industry standards, and supporting audits and remediation efforts. The ideal candidate combines technical security knowledge with a strong understanding of compliance frameworks, policies, and risk management practices. Key Responsibilities - Security Operations - Monitor security alerts, vulnerabilities, and incidents across enterprise systems. - Assist in investigating and responding to cybersecurity events and security breaches. - Support vulnerability management programs, including scanning, assessment, remediation tracking, and reporting. - Review security logs and reports to identify potential threats or compliance gaps. - Participate in security awareness and training initiatives. - Compliance & Governance - Maintain compliance with regulatory and industry standards such as: - NIST Cybersecurity Framework (CSF) - NIST 800-53 - ISO 27001 - SOC 2 - CIS Controls - HIPAA (if applicable) - PCI-DSS (if applicable) - CMMC (if applicable) - Assist with internal and external audits. - Develop, review, and maintain security policies, standards, procedures, and documentation. - Track compliance requirements and remediation activities. - Support third-party risk management and vendor security assessments. - Risk Management - Conduct security risk assessments and document findings. - Evaluate security controls and recommend improvements. - Assist business units in identifying and mitigating cybersecurity risks. - Maintain risk registers and track remediation plans. - Reporting & Documentation - Prepare security and compliance reports for management and stakeholders. - Document audit evidence and compliance artifacts. - Maintain accurate records of security incidents, risk assessments, and compliance activities. - Develop metrics and dashboards to measure security program effectiveness. - Collaboration - Work closely with IT, infrastructure, application, and business teams to implement security controls. - Support project teams by providing security and compliance guidance. - Participate in change management and system implementation reviews. Qualifications - Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Computer Science, or related field. - 3–5 years of experience in information security, IT compliance, risk management, or related roles. - Knowledge of cybersecurity principles, security technologies, and regulatory requirements. - Experience supporting audits and compliance assessments. - Familiarity with security tools such as: - SIEM platforms - Vulnerability management tools - Endpoint security solutions - Identity and Access Management (IAM) systems - Strong analytical, problem-solving, and documentation skills. - Excellent written and verbal communication skills. Preferred Qualifications - Professional certifications such as: - CompTIA Security+ - Certified Information Systems Security Professional (CISSP) - Certified Information Security Manager (CISM) - Certified Information Systems Auditor (CISA) - Certified in Risk and Information Systems Control (CRISC) - Certified Ethical Hacker (CEH) - Experience with cloud security platforms (Microsoft Azure, AWS, Google Cloud). - Experience with governance, risk, and compliance (GRC) tools. - Knowledge of industrial, utility, or critical infrastructure environments. Key Competencies - Cybersecurity Risk Assessment - Regulatory Compliance - Security Governance - Audit Support - Incident Response - Vulnerability Management - Policy Development - Vendor Risk Management - Security Awareness Training - Technical Documentation - Communication and Stakeholder Management Additional Information A Note to our Recruitment Partners: We really appreciate the interest, but MCG currently manages hiring through our internal team. We love getting to know our candidates directly! Because of this, we don’t accept unsolicited resumes from agencies at this time. If we ever need an extra hand, we’ll be sure to reach out to the community. Thanks for understanding! MCG is an equal opportunity employer prohibiting discrimination based on race, color, creed, religion, sex, marital status, physical or mental disability, and any other protected classes stated by applicable federal and state laws. DVM is committed to providing equal employment opportunities to qualified individuals with disabilities and to act in accordance with regulations and guidance issued by the Equal Employment Opportunity Commission (EEOC).

United States
Job Closed

Product Security Analyst

HackerOne

HackerOne, founded in 2012 and headquartered in San Francisco, California, is a leading cybersecurity company specializing in human-powered security solutions,

Security Analyst11 days ago

• Evaluate vulnerability reports submitted by security researchers to determine validity, severity, exploitability, and business impact for HackerOne customers using Data-Driven Decision Making and established security frameworks such as CVSS. • Independently reproduce reported vulnerabilities across web and mobile applications, applying First Principles Problem Solving to validate findings, identify root causes, and clearly communicate impact. • Collaborate directly with security researchers to gather missing information, clarify technical details, and improve report quality while maintaining clear and professional communication with customers. • Create concise, technically accurate summaries for validated findings, including reproduction steps, impact analysis, and remediation guidance. • Demonstrate Change Agility by adapting to evolving customer environments, changing program scopes, emerging attack techniques, and shifting operational priorities. • Contribute to an AI-First approach by leveraging automation and AI-enabled workflows to improve operational efficiency, report analysis, and vulnerability triage quality. • Partner cross-functionally with Technical Services teammates and customer-facing teams to ensure timely handling of vulnerabilities and a high-quality customer experience. • Proactively identify opportunities to improve internal processes, documentation, tooling, and triage workflows to enhance scalability and consistency across the Technical Services organization.

California + 4 moreAll locations: California | District Of Columbia | Massachusetts | Texas | Washington
$120K - $155K / year
Full TimeRemoteTeam 11-50H1B No Sponsor

• Leverage various security tools to perform monitoring and analysis of security events/data to identify security risks and threats on customer networks. • Utilize cyber hunt techniques to discover violations or threats. • Implement, administer, and use cybersecurity tools, systems and applications; develop policies, standards, and guidelines to ensure secure enterprise-wise operations, performance and resiliency. • Deploy and secure security systems, application layer and traditional firewalls, vulnerability management and forensics utilities, and other infrastructure deployed and maintained by the Information Security Office. • Develop plans to safeguard information against unauthorized access modification, and destruction, and ensure organizational continuity of operations. • Work with SIEM solutions such as Splunk and others to perform investigation and triage of incidents. • Working with your team and broader True Zero community to stay up to date on the latest security trends and threats to improve the effectiveness of security programs for our customers. • Following processes and procedures and providing refinement suggestions for them. • Performing detailed documentation efforts to report on all investigative steps performed and coordinating with external teams/personnel.

Virginia