Junior Policy and Security Awareness Analyst

College Board – ISGRC, Risk Management

Location: This is a remote role. Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office). All CB employees are required to occasionally travel to meet in person for business purposes.

Role Type: This is a full-time position

About the Team

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of College Board’s information systems and processes. This dedicated team facilitates information security governance and compliance by assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2) and obtaining related compliance certifications, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative training and phishing campaigns.

About the Opportunity

As the Jr. Policy and Security Awareness Analyst, support College Board’s Security Policy Management and Security Awareness programs. You will work at the direction of the Senior Director, Governance and Risk to coordinate policy reviews using the ISGRC tool, One Trust and security awareness activities using the ISGRC tool, KnowBe4. This role is designed as an entry point into Information Security Governance, Risk, and Compliance with a possible opportunity to develop into more advanced security, audit, or risk roles within the organization.

In this role, you will:

Security Policy (40%)

• Assist in planning, executing, and managing security policy reviews and approval activities to ensure alignment with industry standards and business objectives.
• Maintain and organize the enterprise policy library within One Trust and other designated repositories.
• Research, interpret, and map policy requirements to compliance controls for audit readiness.
• Conduct routine policy reviews to identify gaps or outdated content and recommend updates.
• Support policy enforcement efforts and work with leadership to ensure consistent organization-wide compliance.
• Maintain a Generative AI–powered chatbot built on Microsoft Copilot to answer common InfoSec policy questions.
• Develop dashboards and reports that highlight training gaps, policy risks, and awareness trends.

Security Awareness (40%)

• Support and continuously improve organization-wide security awareness training using KnowBe4.
• Plan, execute, analyze, and report monthly phishing simulations.

Collaboration & Delivery (20%)

• Support broader ISGRC initiatives designed to strengthen governance and risk management.
• Develop dashboards, reports, and metrics to inform leadership about progress and effectiveness of policy and security awareness initiatives.
• Perform other duties assigned to support ISGRC and enterprise security objectives.
• Contribute to automation or AI-enabled improvements in policy or security awareness workflows.

About You

• Preferred backgrounds include Computer Science, Information Systems, Cybersecurity, Data Analytics, Public Policy (with quantitative or technology focus), or related disciplines.
• Excellent communication (written and verbal) and effective interpersonal skills.
• Strong planning, prioritization, and execution skills, capable of managing multiple projects in fast-paced, evolving environments.
• Experience working with structured data (e.g., Excel, Google Sheets, SQL, or Python) to organize, analyze, or report on information is preferred.
• Experience using AI tools to analyze, summarize, or extract insights from documents. Familiarity with prompt structuring, workflow automation, or API-based usage is strongly preferred.
• A critical thinker, a solid drive to excellence, a strong attention to detail, an insatiable appetite for continuous improvement, and a constant need to learn, practice, and improve.
• Enthusiasm to learn through a combination of structured, on-the-job, and self-directed training.
• Desire to explore a career in Information Security or Information Security, Governance, Risk and Compliance.
• Interest in pursuing foundational security certifications such as ISC2 Certified in Cybersecurity (CC), CompTIA Security+, or ISO 27001, with longer-term development toward certifications like CISA or CISSP.
• Ability to work efficiently and effectively in a remote team environment.
• Ability to communicate the value of compliance work in clear business terms, helping stakeholders understand how audit readiness, effective controls, and timely remediation reduce risk, protect trust, and support College Board’s mission.
• Preferred - Working in a security environment with experience in security awareness or policy management.
• Bachelor’s degree preferred.
• The ability to travel 3-4 times a year to College Board offices or on behalf of College Board business.

All roles at College Board require:

• A passion for expanding educational and career opportunities and mission-driven work grounded in our Operating Principles and Manager Expectations.
• Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and comfort with learning and applying new digital tools independently and proactively.
• Clear and concise communication skills, written and verbal.
• A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving timely, respectful feedback, and continuously improving through iterative learning and user input.
• A drive for impact and excellence: solving complex problems, making data-informed decisions, prioritizing what matters most, and continuously improving through learning, user input, and external benchmarking.
• A collaborative and empathetic approach: working across differences, fostering trust, and contributing to a culture of shared success.
• Authorization to work in the United States.

About Our Process

• Application review will begin immediately and will continue until the position is filled. This role is expected to accept applications for a minimum of 5 business days.
• While the hiring process may vary, it generally includes: resume and application submission, recruiter phone/video screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks.

What We Offer

At College Board, we offer more than a paycheck - we provide a meaningful career, a supportive team, and a comprehensive package designed to help you thrive. We’re a self-sustaining nonprofit that believes in fair and competitive compensation grounded in your qualifications, experience, impact, and the market.

A Thoughtful Approach to Compensation

• The hiring range for this role is $48,000 – $75,000.
• Your exact salary will depend on your location, experience, and how your background compares to others in similar roles at the College Board.
• We aim to make our best offer upfront, rooted in fairness, transparency, and market data.
• We adjust salaries by location to ensure fairness, no matter where you live.

You’ll have open, transparent conversations about compensation, benefits, and what it’s like to work at College Board throughout your hiring process. Check out our careers page for more.

LI - MD1

LI - remote