Information Security Analyst

Job Overview

The Information Security Analyst will primarily support CAI’s Information Security program by ensuring and maintaining compliance with our current and anticipated commitments to external stakeholders and security frameworks. We have a mature program that is independently audited against various security standards, benchmarks, and industry best practices. The position requires coordination with CAI’s technical, security, business, and project management teams.

Job Responsibilities

1. Maintain, mature, and take ownership of our program that ensures conformance to security standards, including but not limited to ISO 27001, ISO 27018, Privacy laws, ISO 9001, StateRAMP, FedRAMP, NIST 800, SOC, and CIS Top Controls.
2. Manage independent audits by third-party security and privacy experts, including creating audit plans, coordinating with stakeholders, reviewing reports, and remediating findings.
3. Manage document and record control processes, maintaining accurate inventories and records of all compliance artifacts.
4. Maintain processes and systems supporting Security Awareness and training programs, including content development, campaign setup, compliance monitoring, and reporting.
5. Support business development by responding to security information requests in proposals for new business.
6. Perform third-party security risk assessments for software acquisitions, technical services, business systems, and new technologies.
7. Administer a GRC tool to track security controls and conformance status, ensuring security artifacts are recorded and updated.
8. Conduct enterprise risk assessments and report security issues and metrics to senior management regularly and as needed.
9. Assess current security posture, identify risks or gaps, and recommend programs to address them.
10. Manage privacy risks, including exposures from cookies and APIs, and maintain privacy policies to ensure compliance.

Demonstrated Working Experience With

• ISO security and privacy standards, StateRAMP/FedRAMP frameworks, and industry best practices.
• Writing and maintaining security and privacy documentation.
• Reducing organizational risk through risk assessments, gap analysis, improvement plans, and tracking corrective actions.
• Communicating with senior leaders, subject matter experts, technical teams, and third-party consultants.

Job Requirements

• 3-5 years of hands-on experience in information security.
• Bachelor’s Degree in Information Security, Cybersecurity, Computer Science, Engineering, or related field.
• Deep knowledge of security frameworks, standards, and industry best practices.
• Experience with tools and techniques for cybersecurity defense and incident response.
• Relevant certifications such as CISSP, GIAC, ISACA, Security+, AWS Security.
• Experience with GRC tools.

Why Work With Us?

Join Cambium Assessment to help design and build innovative solutions impacting online testing, educators, and students. Our work includes advanced algorithms, mobile interfaces, learning management systems, accessible UI, and machine-scorable items. In 2024, we delivered over 126 million online tests, supporting peak volumes exceeding 1.5 million simultaneous test-takers. We continue to innovate to improve educational outcomes.

Remote First Work Environment

We offer a flexible, inclusive culture valuing results. Remote candidates need reliable internet (minimum 10 Mbps download, 5 Mbps upload). Participation in virtual interviews and meetings with camera on is expected. We reimburse home office setup costs.

An Equal Opportunity Employer

We celebrate diversity and are committed to equal opportunity. Accommodations are available for qualified individuals with disabilities.

• Mid-Senior level

• Full-time

• Information Technology

• Education Administration Programs