Information Security Analyst – Strategic Services

Information Security Analyst - Strategic Services

at Tevora

Fairfax, VA or Irvine, CA

If you haven't heard of Tevora, it's because we've done our job!

Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.

What's the role?

Tevora's Strategic Services team is seeking a skilled and motivated consultant to join our team, specializing in privacy, risk management, and data governance. In this role, you will lead and support clients through impactful engagements, helping them navigate complex challenges and build scalable, future-ready programs.

A successful candidate for this role would have a strong ability to connect the dots between business objectives and technical requirements, providing tailored recommendations that drive meaningful results for our clients.

A day in the life could include

Client Engagements and Program Development:

• Lead and support various client engagements, including Enterprise Risk Assessments, Privacy Impact Assessments, and Risk/Privacy/Data Governance Program Buildouts.
• Collaborate with clients to design and implement data governance frameworks, policies, and workflows aligned with their business goals.
• Facilitate workshops and stakeholder discussions to develop tailored privacy and data governance solutions.
• Work closely with cross-functional client teams (IT, Security, Privacy) to understand key processes and dependencies.

Risk and Privacy Expertise:

• Leading comprehensive risk assessments to identify, evaluate, and prioritize risks across business-critical areas, including operational, IT, security, and compliance risks.
• Developing actionable recommendations to mitigate identified risks.
• Designing and implementing enterprise-wide risk management frameworks aligning with best practices such as NIST RMF and ISO 31000.
• Assess clients' data governance maturity and recommend strategies for improvement and scalability.
• Identify and analyze privacy-related gaps or risks, advising clients on remediation strategies and best practices in cybersecurity and compliance.
• Conduct data mapping exercises (manual or tool-based) to support privacy and governance objectives.

Collaboration & Leadership:

• Work closely with internal project management team to provide project status updates and key client-related communications
• Provide mentorship and guidance to junior team members, fostering growth and expertise within the team.
• Contribute to team initiatives and evolving best practices to continually improve service delivery

Necessary skills and qualifications:

• Bachelor's degree in information security or related discipline
• Excellent written and verbal skills
• Hold current standing with at least 1 industry-relevant certification such as CDPSE, CISM, CRISC, CIPM, CIPP
• Proven experience in building programs for Risk Management, Privacy, and Data Governance
• In-depth understanding of regulations/frameworks, including but not limited to CCPA/CPRA, GDPR, NIST CSF, NIST Privacy, NIST RMF, PCI, ISO, HIPAA
• Strong technical skills and understanding of industry-relevant tools
• Ability to coordinate and manage multiple priorities in a fast-paced environment, working both independently and collaboratively
• A high degree of motivation and work ethic, to meet defined internal and external timelines
• Ability to travel up to 10% for client-related or internal-related activities as needed

Bonus Points:

• At least 2 years' experience in a client-facing role (e.g., consulting or external auditor)
• Experience presenting findings to executive stakeholders or boards
• Experience operating industry-relevant tools (e.g., GRC platforms, and other privacy and risk management solutions)

We've got you covered!

• Comprehensive benefits offering
• Paid time off and holidays
• 401k with Company match
• Vibrant work culture

Additional requirements:

• A valid driver's license is required.
• Eligibility to work in the United States.

EEOC Statement

Tevora is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or other applicable legally protected characteristics.