The Information Security Analyst will play a key role in overseeing and enforcing governance and security program initiatives, coordinating security committee meetings, and providing day-to-day guidance and support for both customer-facing and internal teams. You will be conducting business and security risk assessments, coordinating industry governance and certification audits, updating and maintaining policies and procedures documentation to ensure our security practice is evolving and compliant with changing data protection and privacy legislation. You’ll also be responsible for monitoring and investigating potential breaches as well as supporting in the investigation, triage, mitigation and response plans as necessary. You’ll serve as the internal lead for our compliance assessments, audits, and certifications, and will lead efforts to maintain the data privacy management process in support of GDPR and CCPA.
Why You'll Love This Role:
Reporting to the Director of Engineering Operations, you’ll be part of a highly collaborative Tech team focused on driving operational excellence and scalability in a fast-growing, mission-driven organization. Your work will be crucial in continuing to ensure our systems and teams are operating with the utmost security and upholding privacy standards best practices. Ultimately, your work will help ensure teachers and students are able to safely and securely access engaging, culturally responsive learning content in K-12 schools nationwide.
Why We’ll Love You:
With 5+ years of experience working in information security or compliance, you have a track record of delivering information security policies, processes and systems with a focus on security, performance and reliability. You have strong working knowledge of industry security frameworks and standards such as NIST, ISO27001, SOC, or other security standards and regulatory frameworks. You also have strong working knowledge of data privacy regulations and compliance requirements for GDPR, APP, CCPA and other regional compliance regulations. You’re experienced in creating, editing and working with security controls such as Access Management, Change Management, Business Continuity Plan, Disaster Recovery, Risk Management, Patch Management and others. You also have experience implementing SIEM systems for proactive response, and experience implementing zero-day mitigation solutions. In addition to your technical knowledge, you’re an excellent communicator who is able to explain, translate and enforce security policies, systems and measures across a variety of audiences. You’re excited to be part of a hyper-growth environment, and are skilled in managing your time and communicating the results of your work and assignment status.
One of the fastest growing tech companies in K-12 education, Newsela was founded on the principle that while every child may have unique learning preferences, they all deserve a rich learning experience that ignites a love of learning. We built our platform based on learning science research to deliver the most engaging, authentic content to modernize how teaching happens in the classroom. Along with interactive assessments and tools, we provide teachers with digital content at five reading levels -- from +100 of the best sources -- that is relevant to the diverse backgrounds and interests of their students. Since we started in 2013, we’ve established a presence in 90% of U.S. K-12 schools and over 2.5M teachers and 37M students have registered with Newsela.