Cybersecurity Analyst

Specific compensation will be based on candidate’s experience, skills, qualifications, commercial considerations, and other job-related factors permitted by law. At Russell Investments, salary is just one part of our compensation package. Our total rewards approach includes an annual performance bonus (subject to eligibility criteria) in addition to participation in our competitive benefits programs including healthcare, retirement, vacation, and wellbeing programs.

At Russell Investments, our purpose is to improve financial security for people.

We are seeking a Cybersecurity Analyst to advance our Human Cyber Risk Management program while supporting enterprise-wide risk and compliance efforts. This role is instrumental in strengthening the organization’s security posture by promoting secure behaviors, managing user-centric risk initiatives, and addressing regulatory and client-facing cybersecurity requirements.

The ideal candidate combines expertise in security awareness with a strong understanding of human risk dynamics and core risk management practices and demonstrates the ability to collaborate effectively across global teams.

• Deliver and continuously enhance security awareness programs, including quarterly, threat-informed campaigns
• Execute phishing simulations, including scenario design, targeting, and performance analysis
• Support Cybersecurity Awareness Month and other enterprise-wide engagement initiatives
• Maintain internal cybersecurity resources to promote accessible guidance and best practices
• Contribute to external cyber trust centers/client assurance portals, ensuring accurate and current content
• Monitor and report on human risk metrics, providing actionable insights to stakeholders
• Partner with HR and Internal Communications to strengthen security culture and drive behavior change
• Support user access reviews (UARs), service accounts and non-human identities review ensuring coordination, completion tracking, and audit readiness
• Respond to client due diligence questionnaires (DDQs) on cybersecurity practices
• Support audit activities, including evidence collection and remediation tracking
• Support policy exceptions and technology risk issue tracking and remediation
• Partner with IT, Risk, Legal, and Business teams to align security initiatives
• Support client-facing teams with cybersecurity communications and inquiries

• 3+ years of experience in cybersecurity, with exposure to both security awareness and GRC functions
• Demonstrated experience running security awareness programs and phishing simulations
• Familiarity with user access, service accounts and non-human identities review processes and identity/access governance concepts
• Experience completing or contributing to security questionnaires (e.g., DDQs, RFPs, client assessments)
• Strong understanding of cybersecurity principles, threats, and human risk factors
• Excellent written and verbal communication skills, with the ability to translate technical concepts for non-technical audiences

• Experience with security awareness platforms, phishing simulation tools, and GRC systems
• Understanding of Identity and Access Management (IAM), including authentication, authorization, and governance
• Knowledge of Privileged Access Management (PAM) and least privileged principles
• Familiarity with automation and scripting to support security and risk processes
• Working knowledge of cybersecurity frameworks such as NIST, ISO 27001, and CIS Controls

• Drives behavior changes through effective, targeted communication
• Applies a pragmatic approach to prioritize and manage cyber risk
• Leverages data and metrics to inform decisions and improve programs
• Partners effectively across global, cross-functional teams
• Simplifies complex cybersecurity concepts for diverse audiences

• Acts with non-negotiable integrity and maintains the highest professional standards.
• Demonstrates intellectual curiosity, seeking to continually advance the firm’s cybersecurity engineering posture.
• Embodies collaboration, transparency, and accountability in all engagements.
• Dedicated to protecting client trust through security excellence and proactive risk management.

• Hybrid work model (4 days onsite preferred)
• Occasional after-hours support for global operations

This role is not eligible for employment-based immigration sponsorship. Applicants must be legally authorized to work in the United States without employer sponsorship, now or in the future.

Russell Investments is committed to providing equal employment opportunities for all associates and employment applicants regardless of race, religion, ancestry, creed, color, gender (including gender identity which refers to a person's actual or perceived sex, and includes self-image, appearance, behavior or expression, whether or not different from that traditionally associated with a person's biological sex), age, national origin, citizenship status, disability, medical condition, military status, veteran status, marital status, sexual orientation,  past or present unemployment status , or any other characteristic protected by law.