Senior Information Security Compliance Analyst
Guild is hiring for a Senior Information Security Compliance Analyst to manage Guild Education’s compliance program
As Guild Education’s Senior Information Security Compliance Analyst you will be responsible for contributing to, and improving, the operations of the Guild Security Governance Program. This position will assist with developing, maintaining and enforcing policies, procedures and training programs to meet compliance obligations. In addition, this position requires the ability to conduct ongoing research to stay current regarding new government regulations and updates as well as completing general administrative, communication, document maintenance activities. You will project manage the implementation of a SOC 1 program, and oversee Guild’s SOC audit.
As the Senior Information Security Compliance Analyst you will be solely responsible for the Guild Information Security training program and ongoing security training, including Cyber Security Awareness Month, Privacy Month, Annual Security Awareness Training, Phishing Awareness, Password Hygiene, Staying Secure while Traveling, Onboarding Security Awareness Training, and all Just in Time Training (email and security awareness posters). These trainings include monthly trainings on relevant security topics, and the creation of programming for major cyber security months.
As a Corporate Security Governance , you will:
- Contribute to, and improve, the operations of Guild’s Security Governance Program
- Make viable contributions towards policies, standards and procedures as they apply to security governance, risk, and compliance requirements
- Monitor regulatory, security, and contractual compliance requirements
- Develop project plans, estimations, specifications, flowcharts, and presentations
- Contribute to regular project reviews and accurately communicate the status of projects in both formal and informal settings throughout project lifecycle
- Contribute towards the execution of activities including the identification of compliance gaps, the development of remediation plans, documentation, monitoring compliance status, and ultimately provide attestation of compliance
- Play a part in the design and implementation of technical security safeguard architecture
- Build rapport, credibility, and cohesion across all business unit teams and IT teams in the course of managing the projects
- Periodically report progress to management, and assesses and measures results related to Information Security activities
- Assist in the design and implementation of compliance programs and initiatives
- Define metrics to track program progress and maturity for various stakeholders
- Help to choose, implement and maintain a GRC tool
- Create monthly security training to keep employees aware of the most common and relevant security threats
- Develop ways to make security “fun” and engaging
- Act as a backup for completing customer audits, and prospective RFP’s
- Build Security Awareness Program with requirements such as:
- Ensure that Guild’s security awareness program meets all industry regulations, standards, and compliance requirements.
- Ensure that Guild’s security awareness program identifies the scope of who needs to be trained in the program.
- Ensure that Guild’s security awareness program communicates Guild’s security policies and requirements so that people know, understand, and can easily follow them.
- Create a positive program that engages people to include focusing on changing behaviors both at home and at work. Ultimately, Guild wants it’s employees to demonstrate the same secure behaviors regardless of where they are or the devices they are using.
You are a strong fit for this role if you have:
- The ability to be reliable and adaptable
- Operated with high confidence and integrity
- Excellent written and verbal communication and organizational skills
- The ability to be a strong team player that collaborates well with others to solve problems and actively incorporates input from various sources
- Proficiency and experience in the execution of dynamic controls frameworks and regulatory standards such as: ISO, COBIT, NIST, CCPA, ISO 27001, CSAStar and other relevant industry regulations, standards, and guidelines
- Knowledge and experience, using IRM tools and related methodologies to include GRC tools and applications
- Ability to create professional documents using Excel, PowerPoint, Word, GSuite, Adobe Suite and other common industry tools
- Familiarity with current security frameworks such as ISO and NIST
- 2+ years of experience with a detailed understanding of information security principles and practices
- 2+ years of experience in a Cyber Security or Compliance role for regulated environments
Guild is increasing economic mobility for working adults by partnering with the largest employers in the country to offer education as a benefit to their employees via our marketplace of nonprofit universities and education institutions. Guild’s proprietary technology platform facilitates the administration of this innovative benefit and our team of coaches helps each employee navigate the path back to school, providing individualized support from day one through program completion.
We also just became the latest female-led company to hit a $1billion valuation and the only B-corp with those qualifications. Our Series D round was led by Ken Chenault, General Catalyst Partners chairman and former CEO of AMEX, and joined by Emerson Collective, LeadEdge Capital, and Iconiq.
Guild Education is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.