Information Assurance (IA) Analyst

About EAB

At EAB, our mission is to make education smarter and our communities stronger. We work with more than 2,800 institutions to drive transformative change through data-driven insights and best-in-class capabilities. From kindergarten to college to career, EAB partners with leaders and practitioners to accelerate progress and drive results across enrollment, student success, institutional strategy, data analytics, and advancement. We work with each partner differently, tailoring our portfolio of research, technology, and marketing and enrollment solutions to meet the unique needs of every leadership team, as well as the students and employees they serve.

At EAB, we serve not only our partner institutions but each other—that's why we are always working to make sure our employees love their jobs and are invested in their communities. See how we've been recognized for this dedication to our employees by checking out our recent awards.

For more information, visit our Careers page.  

The Role in Brief:

Information Assurance (IA) Analyst

The Information Assurance (IA) Analyst will be responsible for assessing the risks associated with EAB technology applications and platforms and/or third-party service providers that support those platforms. The IA Analyst will also support and contribute to business continuity management and planning activities, support and conduct information security audits, assess risks associated with third-party service providers, develop and deliver security awareness training content, and participate in the measurement and reporting of key risk indicators and metrics across the organization. This role is designed for an early-career professional looking to build a foundation in cybersecurity governance, risk management, compliance, and information assurance.

This individual will be a valued member of the EAB Information Security team and will work closely with IT, Legal, Commercial, Product, and various other business stakeholders. We work to keep our partners and EAB colleagues safe from cyber-attacks and prevent the theft of data and intellectual property. We think big and strategic but aren’t afraid to get into the weeds. Relationship building and stakeholder management across teams are integral to our continued success. We believe that diversity makes for better, more creative solutions to tough problems. We’re easy to work with and eager to help. Most importantly, we work every day to contribute to the mission of making education smarter and our communities stronger. If this sounds like you, we’d love to talk to you. 

This position is located in Washington, D.C. or Richmond, VA.

Primary Responsibilities:

• Participate in the day-to-day execution of Information Technology (IT) audit engagements, including supporting audit scoping activities and annual audit planning
• Perform IT risk assessments of internal initiatives and critical third-party vendor relationships against criteria from information security frameworks and industry regulations, such as ISO/IEC 27001, NIST SP 800-53, SSAE 18 SOC II Type I and Type II, DoD compliance frameworks (e.g., NIST 800-171, CMMC, FedRAMP), NIST CSF, FERPA, and privacy regulations like GDPR and CCPA
• Review vendor security documentation, questionnaires, and attestations; assess risk impact and recommend risk treatment options
• Support RFPs/security questionnaires (HECVATs, CAIQ, custom questionnaires) from clients with clear SLAs and maintain upkeep of Security & Compliance Trust portals
• Evaluate the design and effectiveness of technology controls throughout the business cycle
• Support assessments of emerging technologies, including AI-enabled systems, to identify security, privacy, and compliance risks
• Assist in the development and delivery of security awareness training content to new hires and existing employees including security newsletters, Lunch & Learns, online training modules, etc.
• Identify control gaps and risks, recommend mitigation strategies, and track remediation activities through closure
• Communicate IT audit findings and mitigation strategies to senior management, technology leaders, and the CISO
• Assist in the development of risk treatment plans to address areas of strategic and tactical IT and information risks in both business operations and technology paradigms
• Assist with the development and maintenance of information security policies and standards
• Participate in mentoring opportunities as the program scales and grows
• Stay informed on cybersecurity trends, threats, and emerging technologies

Basic Qualifications:

• Bachelor’s degree in computer science, information systems, information technology, or equivalent professional experience
• 0-2+ years of experience in cybersecurity, IT audit, or related field
• Foundational knowledge of information security and IT risk management concepts and practices including frameworks and regulatory requirements
• Ability to work in a fast-paced business environment with global, geographically distributed teams
• Basic understanding of cloud infrastructure and cloud-based SaaS environments
• Exceptional interpersonal skills with ability to gain the confidence and respect of technology leaders and senior-level executives
• Excellent organizational, time management, problem-solving, prioritization, leadership, and interpersonal skills while proactively seeking input
• Strong verbal and written communication skills, technical knowledge, and the ability to write at a publication quality level to communicate findings and recommendations to EAB's senior management team
• Comfortable collaborating with IT, Product, Legal, and Commercial teams to support sales enablement opportunities
• Willingness to learn new skills, research new technologies, frameworks, and get better every day

Ideal Qualifications:

• Professional experience in conducting IT or operational risk assessments or IT auditing through examination and analysis of internal controls and business risks
• Experience in supporting security compliance as the internal compliance resource of physical and cloud-based infrastructure
• Experience with planning internal audit procedures and preparing final reports for senior management and the CISO.
• Familiarity with the usage of modern GRC tooling (i.e., Drata, Vanta, ServiceNow, Whistic, RSA Archer) to facilitate development of information asset inventories, risk and compliance assessments, risk metrics collection, and risk reporting
• Experience with building out and managing an organization’s Security and Compliance Trust Centers and responding to client security questionnaires
• Experience developing information security policy, security awareness and training content, and supporting materials
• Experience delivering information security awareness training to technical and non-technical audiences
• Willingness to learn new things and take on additional responsibilities across multiple information security and privacy domains
• Security+, SSCP, AWS or GCP cloud certifications, other information security or IT auditing certifications
• Familiarity or experience with risk and controls frameworks including (ISO 27001, NIST CSF, NIST RMF, FAIR, COBIT, NIST SP 800-53, SSAE 18 SOC II Type I and Type II audits, DoD compliance frameworks (e.g., NIST 800-171, CMMC, FedRAMP), FERPA, and privacy regulations like GDPR and CCPA)
• Familiarity with the FAIR (Factor Analysis of Information Risk) model for quantifying information risk
• Commitment to embracing a continual learning environment and contributing to a dynamic and welcoming culture of fairness, authenticity, and belonging in support of EAB’s mission, values, and aspiration

If you’ve reached this section of the job description and are unsure of whether to apply, please do! At EAB, we welcome new perspectives and learn from each other’s unique experiences. We would encourage you to submit an application if this is a role you would be passionate about doing every day.

Compensation:

The anticipated starting salary range for this role is $65,000 - $80,000 per year. Actual salary varies due to factors that may include but not be limited to relevant experience, skills, and location. At EAB, it is not typical for an individual to be hired at or near the top of the starting salary range for their role. 

This hire will additionally be eligible for discretionary bonus or incentive compensation. Variable compensation may depend on various factors, including, without limitation, individual and organizational performance.

Benefits:

Consistent with our belief that our employees are our most valuable resource, EAB offers a competitive and inclusive benefits package. Our benefits currently include:

• Medical, dental, and vision insurance plans; dependents and domestic partners eligible
• 20+ days of PTO annually, in addition to paid firm and floating holidays
• Daytime leave policy for community service and flextime for fitness activities (up to 10 hours per month each)
• 401(k) retirement savings plan with annual discretionary company matching contribution
• Health savings account, healthcare and dependent care flexible spending account, and pre-tax commuter plans
• Employee assistance program with counseling services and resources available to all employees and immediate family
• Wellness programs including gym discounts, incentives to promote healthy living, and family access to the leading app for sleep, meditation, and relaxation
• Fertility treatment coverage and adoption or surrogacy assistance
• Paid parental leave with phase back to work program for birthing and non-birthing parents
• Access to milk shipping service to support nursing employees during business travel
• Discounted pet health insurance coverage for dog and cat family members
• Company-provided life, AD&D, and disability insurance
• Financial wellness resources and membership in a robust employee discount program
• Access to employee resource groups, merit-based advancement, and dynamic professional growth opportunities

Benefits kick in day one; learn more at eab.com/careers/benefits.

This opening is not eligible for visa sponsorship at this time; EAB will thus consider candidates who possess U.S. work authorization that does not require employment-based visa sponsorship now or in the future.

At EAB, we believe that to fulfill our mission to “make education smarter and our communities stronger” we need team members who bring a diversity of perspectives to the table and are committed to fostering a workplace where each team member is valued, respected and heard.

To that end, EAB is an Equal Opportunity Employer, and we make employment decisions on the basis of qualifications, merit and business need. We don’t discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law.