Note: The job is a remote job and is open to candidates in USA. The College Board is a nonprofit organization that aims to expand educational and career opportunities. They are seeking a Security Risk Analyst to evaluate and manage exceptions to IT security policies, manage the Risk Register, and support vendor risk management efforts.
Responsibilities
- Leads the management of the issues and risks and quickly escalates any untimely completion of audit actions
- Works independently to communicate risks and works with others to problem-solve risks to tolerance levels based on data and evidence
- Maintains data quality of Risk Register and executes any required data clean-up exercises
- Understands College Board work to be able to drive Risk or Control Owners to ensure consistent application of policies and standards
- Raises awareness about Risk & Control Issues, Policy exceptions, and available risk reduction options
- Fosters a culture of risk awareness and compliance within the technology department and across the organization
- Independently analyzes policy exception submissions and provides risk assessment reports for critical service lines, applications, and infrastructure hosted on-prem and in the cloud
- Evaluates and manage exceptions to IT security policies
- Manages materials for the Exception Review Board and presents exception information to executive leadership and senior team members
- Maintains an up-to-date knowledge and understanding of IT security policies and principles
- Maintains a customer-focused attitude in all interactions with customers and colleagues
- Support the Vendor Risk Management program by understanding policies and procedures
- Perform New Vendor Risk Assessments and Reassessments
- Serve as backup to the Sr. Risk Analyst
- Provides weekly and monthly reporting for the Risk Register and policy exceptions
- Produces trending metrics and escalate exceptions
- Performs other duties as assigned
Skills
- 5-7 years of experience managing or supporting IT Security Risk and Control Risk Register and processing policy exceptions
- Strong understanding of risk management techniques such as risk identification, risk scoring, risk mitigation, and risk tracking
- Proven ability to lead conversations balancing risk and multiple business needs that result in positive outcomes with multiple stakeholders
- The capacity to assess risk information and make risk recommendations independently
- Strong organization and prioritization skills and the proven ability to manage multiple tasks simultaneously, both independently and as a member of the team
- Excellent verbal and written communication skills
- Bachelor's degree in computer science, cybersecurity, engineering, IT management or four years equivalent IT and security industry experience
- Vendor Risk Management policies and procedures
- Bachelor's degree required
- The ability to travel 2-4 times a year to College Board offices or on behalf of College Board business
- A passion for expanding educational and career opportunities and mission-driven work
- Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and comfort with learning and applying new digital tools independently and proactively
- Clear and concise communication skills, written and verbal
- A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input
- A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking
- A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success
- Authorization to work in the United States
- Experience with governance, risk, and compliance tools (e.g., OneTrust)
- Experience with information security and privacy frameworks such as ISO 27001, COBIT, NIST-CSF, NIST 800-53, GDPR etc
- Current Information Security Certification (e.g., CISSP, CRISC, CISM, CISA, or related security certification) preferred or the ability to attain one within 6 months of hire
Benefits
- A meaningful career
- A supportive team
- A comprehensive package designed to help you thrive
- Fair and competitive compensation grounded in your qualifications, experience, impact, and the market
- Open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process
Company Overview