Senior Analyst, Information Security (R14050)

ABOUT OPORTUN Oportun (Nasdaq: OPRT) is a mission-driven financial services company that puts its members' financial goals within reach. With intelligent borrowing, savings, and budgeting capabilities, Oportun empowers members with the confidence to build a better financial future. Since inception, Oportun has provided more than $21.3 billion in responsible and affordable credit, saved its members more than $2.5 billion in interest and fees, and helped its members set aside an average of more than $1,800 annually. WORKING AT OPORTUN Working at Oportun means enjoying a differentiated experience of being part of a team that fosters a diverse, equitable and inclusive culture where we all feel a sense of belonging and are encouraged to share our perspectives. This inclusive culture is directly connected to our organization's performance and ability to fulfill our mission of delivering affordable credit to those left out of the financial mainstream. We celebrate and nurture our inclusive culture through our employee resource groups. POSITION SUMMARY The Information Security Governance & Awareness Senior Analyst supports and advances the organization’s information security governance and security awareness programs through policy lifecycle management, governance analysis, regulatory mapping, metrics reporting, and targeted security education initiatives. This role is responsible for coordinating and contributing to the development, maintenance, review, approval, and publication of information security policies, standards, procedures, and related governance documentation. The Senior Analyst applies critical thinking and sound judgment to assess governance documentation against regulatory and framework requirements and helps identify potential gaps, inconsistencies, or improvement opportunities. The ideal candidate possesses strong technical writing and analytical skills, excellent English language comprehension, attention to detail, and the ability to translate complex security and regulatory concepts into clear, actionable governance documentation and awareness communications. This role also supports organizational security culture initiatives through audience-appropriate awareness content, phishing simulation activities, and security education support aligned to organizational risks and business objectives. RESPONSIBILITIES Security Governance & Policy Management Manage and support the lifecycle of information security policies, standards, procedures, and related governance documentation. Coordinate document reviews, stakeholder collaboration, approvals, renewals, attestations, and publication timelines. Track policy review schedules, exceptions, approvals, versioning, and governance workflow activities. Interpret and map regulatory and framework requirements to organizational governance documents and controls. Support governance alignment efforts related to: PCI-DSS v4.0.1 NIST Cybersecurity Framework (CSF) 2.0 SOC 2 SOX FTC Safeguards Rule and related FTC requirements Review governance documentation for clarity, consistency, completeness, enforceability, and alignment with regulatory and organizational requirements. Identify potential governance gaps, conflicting requirements, outdated language, or process inconsistencies and recommend improvements. Ensure governance documentation appropriately distinguishes between policies, standards, procedures, guidelines, and supporting controls. Draft, edit, and maintain governance documentation using concise, professional, and active-voice writing principles. Support audit, assessment, and compliance activities through governance documentation review and evidence coordination. Maintain governance repositories, templates, and document management systems. Security Awareness & Education Support the organization’s security awareness and education initiatives for technical and non-technical audiences. Develop and maintain targeted awareness communications, training materials, and educational content aligned to organizational risks and emerging threats. Apply adult learning and communication principles to tailor awareness messaging to intended audiences and business contexts. Coordinate and support phishing simulation campaigns, including reporting, trend analysis, and user follow-up activities. Assist with measuring awareness participation, phishing resilience, and program effectiveness metrics. Collaborate with stakeholders to identify awareness gaps and support awareness improvement initiatives. Metrics, Reporting & Program Support Develop and maintain governance and awareness program dashboards, recurring reports, and operational metrics. Produce reporting related to: Policy lifecycle compliance Review and approval timeliness Governance exceptions Security awareness participation Phishing simulation trends Governance process effectiveness Analyze governance and awareness trends to identify operational risks, recurring issues, or process improvement opportunities. Build and maintain reusable governance templates, reporting assets, and process documentation. Support governance committee preparation, leadership reporting, and cross-functional governance initiatives. Contribute to governance process improvement and operational efficiency efforts. REQUIREMENTS Bachelor’s degree in Information Security, Cybersecurity, Information Systems, Risk Management, English, Communications, or related field; or equivalent practical experience. 3–5 years of experience in information security governance, compliance, policy management, technical writing, security awareness, or related areas. Strong working knowledge of security and regulatory frameworks including PCI-DSS, NIST CSF, SOC 2, SOX, and FTC requirements. Demonstrated ability to read, interpret, and map regulatory requirements to governance documentation and organi