Information Security Analyst (55703-MN)

OFFICE LOCATION United States #PDN #LI-REMOTE WHO WE ARE The mission of The Nature Conservancy (TNC) is to conserve the lands and waters upon which all life depends. As a science-based organization, we develop innovative, on-the-ground solutions to the worlds toughest environmental challenges so that people and nature can thrive. Our work is guided by our values, which include a commitment to diversity and respect for people, communities, and cultures. From a rewarding mission to career development and flexible schedules, there are many reasons to love life #insideTNC. Want to know more? Check out our TNC Talent playlist on YouTube to hear stories from staff or visit Glassdoor. One of TNCs primary goals is to cultivate an inclusive work environment so that employees around the globe have a sense of belonging and feel that their unique contributions are valued. We know well only achieve our mission by hiring and engaging a diverse staff that reflects the communities in which we work. Recognizing that people bring talent and skills that have been developed outside the scope of a job, we take a holistic approach to recruitment that considers life experience in addition to the professional requirements listed in our postings. Please apply – wed love to hear from you. To quote a popular saying at TNC, “youll join for the mission, and youll stay for the people.” WHAT WE CAN ACHIEVE TOGETHER The Information Security Analyst (ISA) is responsible for supporting information security and risk management activities centered around external party information and application security. You will be a member of the Information Security Risk Management Team – the Yellow Team. This team helps safely implement systems and integrate third party organizations into TNCs technology landscape, tracks information security risk, and manages human information security risk through a staff information security education and outreach program. The Information Security Analyst will participate in the implementation, and maintenance of an external party information security risk management program. You will assess the information security risk profile of the Nature Conservancys vendors, contractors and other external parties that have access to our data and systems and will work with affected business units to mitigate or accept the risks those external parties pose. WERE LOOKING FOR YOU The Information Security Analyst is responsible for participating in information security-related activities. In pursuit of this mission, the ISA coordinates tactical information security activities with information technology and other staff in a complex, decentralized global organization. The ISA performs the following activities: Act as a contact for all security review requests, both for internal and external party systems and services. Work with Privacy, and Legal teams to complete external party risk assessments. Perform technical assessments on both internal and external/third party systems and services. This position requires routine contact with IT as well as non-technical staff. This position reports to a Director of Information Security and supervises no staff. In this position you will: Participate in the implementation, and maintenance of the external party information security risk management program as part of TNCs overall external party due diligence review process. Participate in the assessment, monitoring, and documentation of the security posture and risk profile of external parties with access to TNC data, information, and records or to TNC systems. Participate in the security-oriented reviews of contracting-related documentation and provide security guidance to RFI/RFP/RFQ processes. Work with Privacy and Legal teams to document the classification of data, information, and records held or processed by external parties. Work with Information Technology staff to document the specifics of implemented technology solutions. Provide assessment of ext rnal party or internal system security based on provided architectural and operational documentation. Perform technical testing to validate the security-related behavior of a system, service, or piece of software. Work with business unit, IT staff, or external party to resolve any findings from security testing. Provide other Information Security teams with documentation of system configuration and expected behavior for applications and services. Provide advice and consultation to staff on information security-related policies, procedures, and best practices. Write documents for and deliver presentations to both technical and non-technical audiences. Participate in security incident response activities. Resolve issues independently within program area. Willing to work flexible hours. Work environment involves only infrequent exposure to disagreeable elements and minor physical exertion and/or strain. WHAT YOULL BRING Bachelors degree in relevant technical discipline and 3 years of experience in an information technology department in any role, or seven years of experience without a degree. Experience having a strong customer service orientation Experience with Microsoft Office 365 programs DESIRED QUALIFICATIONS Experience working in a decentralized global organization, supporting staff and/or systems located in multiple states and/or countries. Multi-lingual skills and multi-cultural or cross-cultural experience appreciated. Time management and attention to detail. Experience in defining and documenting complex systems requirements. Experience in communicating effectively with internal and external audiences. Proficient with a written language other than English, particularly Spanish or Portuguese. Experience working with a Third-Party Risk Management platform. Experience with Cloud technology including AWS or Microsoft/Azure offerings for Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS). Experience with security-related aspects of information systems including endpoint security products, client operating system configuration and networking technologies. Experience with Agile tools and concepts. Certifications such as Security, GISF, Associate of (ISC)2, CIPP, CRISC, or PCIP WHAT WE BRING Since 1951, TNC has been doing work you can believe in. Through grassroots action, we have grown from a small non-profit into one of the most effective and wide-reaching environmental organizations in the world. Thanks to more than 1 million members, over 400 scientists, and the dedicated efforts of our diverse staff and partners, we impact conservation around the world! TNC offers a competitive, comprehensive benefits package including health care benefits, flexible spending accounts, a 401(k) plan with an 8% employer match, parental leave, accrued paid time off, life insurance, disability coverage, employee assistance program, other life and work well-being benefits. Learn more about our benefits on our Culture Tab on nature.org/careers. Were proud to offer a flexible work environment that supports of the health and well-being of the people we employ.