This job listing has expired and the position may no longer be open for hire.

Information Security Policy & Education Analyst (Virtual) at K12, Inc

Posted in Other 30+ days ago.

Location: Herndon, Virginia





Job Description:

Description




Over 20 years ago, Stride was founded to provide personalized learning - powered by technology. We reached students where they were in their own journeys. We knocked down their barriers to great education. And we gave every learner equal opportunity to succeed - however they defined success. Stride innovated the learning experience with online and blended learning that prepared them for their lives ahead.


Stride is a community of passionate leaders. Whether teachers, engineers, curriculum writers, or financial managers - whatever your expertise or role, we all work to empower futures through learning. And changing the trajectory of learning itself is one of our greatest missions. Join us in developing more effective ways to learn and helping learners build the skills and confidence they need to make their way forward in life.


The Information Security Policy & Education Analyst will lead the development and management of information security policies and the security education & awareness training program. The Information Security Policy & Education Analyst will collaborate within the Information Security team, and business units, and partner organizations to evaluate the information security & privacy risk environment, assess key control appropriateness and effectiveness, determine information security risk, and provide direction on the development of appropriate security policies, standards, and education necessary to minimize risk exposure. The role will also work closely with IT & business partners to plan, manage, and maintain the organization-wide security awareness program to increase awareness of information security policies and standards through training and communication. This role is responsible for the development of, and adherence to, information security risk management objectives and solutions that protect the Company's information and resources while offering tangible business value.


Essential Functions: Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.



  • Mature, execute and maintain a policy management lifecycle process, including develop, implement, and manage communication of security policies, control standards, best practices, & guidance;

  • Provide support for security governance activities, including managing communication about security policies, standards, and control frameworks;

  • Continuously assess existing policies for relevancy and accuracy and partner with the business to identify and manage risks associated with policy violations and exceptions;

  • Identify, assess, track and report on security risks across the enterprise. Track risk decisions and remediation plans and communicate risks to both technical and non-technical audiences;

  • Develop reporting for management by analyzing IT security controls and risk exposure;

  • Identify IT security risks to the business, work with the security team on client security reviews, and drive the development of remediation plans for both when appropriate;

  • Plan, manage, and maintain the organization-wide security awareness program to increase awareness of information security policies and standards through training and communication;

  • Build a roadmap of communications, trainings, documentation, and events to educate employees on their role in protecting our systems and data;

  • Create and report on phishing simulations and other social engineering campaigns to heighten security awareness and engagement;

  • Develop compelling and effective security awareness content, trainings, and campaigns from concept to writing, editing, uploading, and publishing across multiple communication channels;

  • Develop, implement, and lead controls framework elements supporting IAM governance;

  • Maintain key metrics and leadership dashboards to assess and track the performance of the security awareness program. Regularly present the Security Awareness roadmap and metrics to leadership.


Supervisory Responsibilities: This position has no formal supervisory responsibilities.


Minimum Required Qualifications:



  • Bachelor's degree in Computer Science, Information Systems, Information Security & Assurance, Information Technology, Audit, or related field required AND

  • Three (3) years of experience in IT Audit, IT Governance, Risk, & Compliance, Policy Compliance OR

  • Equivalent combination of education and experience, including prior relevant military service experience.


Certificates and Licenses: None required.


OTHER REQUIRED QUALIFICATIONS:



  • Demonstrable experience with developing and maintaining information security policies and standards aligned to regulatory or other control frameworks such as NIST, SOX, HIPAA, FERPA, etc.

  • Strong experience initiating, facilitating, and promoting Cybersecurity awareness and education within the organization and collaborate with business partners to manage Cybersecurity needs.

  • Strong understanding of information security risk management and/or audit practices.

  • Strong ability to develop relationships across functions and inspire trust and confidence through effective communication and interpersonal skills.

  • Experience with managing cybersecurity controls based on a thorough understanding of industry standards and regulations to protect the company from external and internal threats.

  • Excellent communication and presentation skills (verbal and written).

  • Project management planning and organization skills.

  • Ability to identify, document, and communicate information security issues to business and information owners.

  • Ability to maintain confidentiality of sensitive information.

  • Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, Visio, etc.); Web proficiency.

  • Ability to clear required background check.


Desired Qualifications:



  • CISSP, CRISC, CISM, SANS, or other relevant information security certifications

  • Expertise in FERPA & SOX requirements and information security best practices.

  • Prior experience delivering training and education to a remote workforce.

  • Prior experience in the Education industry is a plus.

  • Knowledge and understanding of information technology and networking concepts.


Work Environment: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.




    • This is a home based position. This position is open to residents of, and may be performed remotely from Washington, D.C., and from any state except Colorado.


    The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. All employment is "at-will" as governed by the law of the state where the employee works. It is further understood that the "at-will" nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer.


    Stride, Inc. is a Federal Contractor, an Equal Opportunity/Affirmative Action Employer and a Drug-Free Workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected Veteran status age, or genetics, or any other characteristic protected by law.







    Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

    The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
    More jobs in Herndon, Virginia


    Watermark Risk Management

    Northwest Federal Credit Union

    Kforce Inc
    More jobs in Other


    American Cybersystems, Inc.

    American Cybersystems, Inc.

    American Cybersystems, Inc.