Junior Policy and Security Awareness Analyst

About the role

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of College Board's information systems and processes. This dedicated team facilitates information security governance and compliance by assessing College Board's vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2) and obtaining related compliance certifications, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative training and phishing campaigns. As the Jr. Policy and Security Awareness Analyst, support College Board's Security Policy Management and Security Awareness programs. You will work at the direction of the Senior Director, Governance and Risk to coordinate policy reviews using the ISGRC tool, One Trust and security awareness activities using the ISGRC tool, KnowBe4 . This role is designed as an entry point into Information Security Governance, Risk, and Compliance with a possible opportunity to develop into more advanced security, audit, or risk roles within the organization . In this role, you will: Security Policy (40%) Assist in planning, executing, and managing security policy reviews and approval activities to ensure alignment with industry standards and business objectives . Maintain and organize the enterprise policy library within One Trust and other designated repositories. Research, interpret, and map policy requirements to compliance controls for audit readiness. Conduct routine policy reviews to identify gaps or outdated content and recommend updates. Support policy enforcement efforts and work with leadership to ensure consistent organization-wide compliance. Maintain a Generative AI-powered chatbot built on Microsoft Copilot to answer common InfoSec policy questions. Develop dashboards and reports that highlight training gaps, policy risks, and awareness trends. Security Awareness (40%) Support and continuously improve organization-wide security awareness training using KnowBe4. Plan, execute, analyze, and report monthly phishing simulations. Collaboration & Delivery (20%) Support broader ISGRC initiatives designed to strengthen governance and risk management. Develop dashboards, reports, and metrics to inform leadership about progress and effectiveness of policy and security awareness initiatives. Perform other duties assigned to support ISGRC and enterprise security objectives . Contribute to automation or AI-enabled improvements in policy or security awareness workflows. About You Preferred backgrounds include Computer Science, Information Systems, Cybersecurity, Data Analytics, Public Policy (with quantitative or technology focus), or related disciplines. Excellent communication (written and verbal) and effective interpersonal skills. Strong planning, prioritization, and execution skills, capable of managing multiple projects in fast-paced, evolving environments. Experience working with structured data (e.g., Excel, Google Sheets, SQL, or Python) to organize, analyze, or report on information is preferred. Experience using AI tools to analyze, summarize, or extract insights from documents. Familiarity with prompt structuring, workflow automation, or API-based usage is strongly preferred. A critical thinker, a solid drive to excellence, a strong attention to detail, an insatiable appetite for continuous improvement, and a constant need to learn, practice, and improve. Enthusiasm to learn through a combination of structured, on-the-job, and self-directed training. Desire to explore a career in Information Security or Information Security, Governance, Risk and Compliance Interest in pursuing foundational security certifications such as ISC2 Certified in Cybersecurity (CC), CompTIA Security+, or ISO 27001, with longer-term development toward certifications like CISA or CISSP. Ability to work efficiently and effectively in a remote team environment. Ability to communicate the value of compliance work in clear business terms, helping stakeholders understand how audit readiness, effective controls, and timely remediation reduce risk, protect trust, and support College Board's mission. Preferred - Working in a security environment with experience in security awareness or policy management. Bachelo

Benefits

Additional Information

Junior Policy and Security Awareness Analyst College Board - ISGRC, Risk Management Location : This is a remote role. Candidates who live near CB offices have the option of being fully remote or hybrid (Tuesday and Wednesday in office). All CB employees are required to occasionally travel to meet in person for business purposes. Role Type : This is a full-time position

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at collegeboard? Share your experience