Information Security Analyst

Job Overview:

The Information Security Analyst will primarily support CAI’s Information Security program by ensuring and maintaining compliance with our current and anticipated commitments to external stakeholders and security frameworks. We have a mature program that is independently audited against various security standards, benchmarks, and industry best practices. The position requires coordination with CAI’s technical, security, business and project management teams.

Job Responsibilities:

• Maintain, mature, and take ownership of our program that ensures conformance to security standards. This includes but is not limited to conformance with ISO 27001, ISO 27018, Privacy laws, ISO 9001, StateRAMP, FedRAMP, NIST 800, SOC, and CIS Top Controls.
• Manage independent audits of our organization by third-party security and privacy experts. Create audit plan, co-ordinate with stakeholders, review reports and remediate audit findings.
• Responsible for managing document and record control processes and procedures, and maintain accurate inventories and records of all compliance/conformance artifacts
• Maintain processes, platforms and systems that support our Security Awareness and related training programs. Manage training campaigns that include content development, setting up campaigns, monitoring compliance and reporting.
• Support business development by responding to requests for security information that is included in proposals for new business.
• Perform Third Party security risk assessments including software acquisitions, technical services, business systems and new technologies.
• Own and administer a GRC tool to track security controls and current conformance status. Ensure that relevant security artifacts are recorded and updated.
• Conduct enterprise risk assessment reviews and report out to senior management regarding security issues and metrics – both as an ongoing process and on an as-needed basis.
• Examine our current security posture and security practices, identify risks or gaps, then recommend programs to address them.
• Manage privacy risks including exposures created by cookies and APIs. Maintain Privacy policies and ensure compliance.

Demonstrated working experience with:

• ISO security and privacy standards, StateRAMP/FedRAMP frameworks and/or industry best practice frameworks.
• Writing, developing, and maintaining official security and privacy-relevant records and documentation
• Reducing organizational risk by conducting risk assessments, gap analysis, improvement plans and tracking associated corrective actions or POAMs to closure
• Communicating and coordinating with senior business leaders, subject matter experts, technical leaders and third party consultants.

Job Requirements:

• 3- 5 years hands-on experience in the information security field
• Bachelor’s Degree in Information Security, Cybersecurity, computer science, engineering, Information Systems or related technical field
• Extensive and deep knowledge of security frameworks, standards, and industry best practices.
• Extensive and deep knowledge of tools and techniques used to protect against cybersecurity attacks and respond to incidents.
• Information Security Certifications such as CISSP, GIAC, ISACA, CompTIA Security+, AWS Security.
• Experience with GRC tools

Why Work With Us?

When you work with Cambium Assessment, you’ll be helping to design and build inspiring solutions that make a real impact on the online testing industry, as well as the educators and students we support.

Our ground breaking work includes:

• Advanced computer-adaptive algorithms

• Mobile support of user interfaces

• Learning management systems with social media features

• Universally accessible user interfaces

• Machine scorable items

In the 2024 school year, we delivered more than 126 million online tests, and successfully supported peak testing volumes exceeding 1.5 million simultaneous test takers. We have the most advanced features of any online testing system, and we continue to push boundaries to improve student performance measurement and enabling educators with actionable insights to drive better overall educational outcomes for our students. To learn more about our organization and the exciting work we do, visit www.cambiumassessment.com.

Remote First Work Environment 

Our Remote First approach gives employees the flexibility and trust they need to effectively balance work with life. It creates a culture in which all employees are valued and where success is measured in results. It allows us to work collaboratively, inclusively and for greater positive impact, regardless of our individual locations.

If you will be working remotely, either occasionally or on a permanent basis, you must have a reliable internet connection through a cable or fiber-optic broadband service with minimum speeds of 10 Mbps download and 5 Mbps upload.

The successful candidate will be expected to actively participate in video-based interviews during the recruiting process and ongoing virtual meetings with their camera on, as part of their role.

As part of our Remote-First benefits, Cambium offers reimbursement to help cover the cost of setting up your home or remote office.

An Equal Opportunity Employer

We are dedicated to fostering a culture that celebrates unique backgrounds, ideas, and experiences. All qualified applicants will receive consideration for employment without discrimination on the basis of race, color, age, religion, sex (including pregnancy, gender, gender identity/expression, or sexual orientation), national origin, protected veteran status, disability, or genetic information (including family medical history).

We will provide reasonable accommodations for qualified individuals with disabilities.  You may request an accommodation during the recruiting process with your Talent Acquisition team member.