Junior Policy and Security Awareness Analyst

Junior Policy and Security Awareness Analyst     College Board – ISGRC,   Risk Management   Location :     This   is a remote role. Candidates who live near CB offices have the   option   of being fully remote or hybrid (Tuesday and Wednesday in office). All CB employees   are required to   occasionally travel to meet in person for business purposes.   Role Type :    This is a full-time position   About the Team     The Information Security Governance Risk and Compliance (ISGRC) team at the College Board works closely with other teams across the organization to assess and certify the security of  College  Board’s information systems and processes. This dedicated team facilitates information security governance and compliance by assessing College Board’s vendors, reviewing and negotiating contractual commitments to information security, planning for disaster response and recovery, testing system strength using industry-recognized frameworks (ISO 27001, PCI-DSS and SOC2) and obtaining related compliance certifications, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative training and phishing campaigns.        About the Opportunity      As the Jr. Policy and Security Awareness Analyst, support   College   Board’s Security Policy Management and Security Awareness programs. You will work   at   the direction of the Senior Director, Governance and Risk to coordinate policy reviews using the ISGRC tool, One Trust and security awareness activities using the ISGRC tool, KnowBe4 .    This role is designed as an entry point into Information Security Governance, Risk, and Compliance with   a possible opportunity   to develop into more advanced security, audit, or risk roles within the organization .     In this role, you will:     Security Policy (40%)   Assist   in planning, executing, and managing security policy reviews and approval activities to ensure alignment with industry standards and business   objectives .   Maintain and organize the enterprise policy library within One Trust and other designated repositories.   Research, interpret, and map policy requirements to compliance controls for audit readiness.   Conduct routine policy reviews to   identify   gaps or outdated content and recommend updates.   Support policy enforcement efforts   and work with   leadership to ensure consistent organization-wide compliance.   Maintain a Generative AI–powered chatbot built on Microsoft Copilot to answer common InfoSec policy questions.   Develop dashboards and reports that highlight training gaps, policy risks, and awareness trends.   Security Awareness (40%)   Support and continuously improve organization-wide security awareness training using KnowBe4.   Plan, execute, analyze, and report monthly phishing simulations.   Collaboration & Delivery (20%)   Support broader ISGRC initiatives designed to strengthen governance and risk management.   Develop dashboards, reports, and metrics to inform leadership about progress and effectiveness of policy and security awareness initiatives.    Perform other duties assigned to support ISGRC and enterprise security   objectives .   Contribute to automation or AI-enabled improvements in policy or security awareness workflows.   About You     Preferred backgrounds include Computer Science, Information Systems, Cybersecurity, Data Analytics, Public Policy (with quantitative or technology focus), or related disciplines.   Excellent communication (written and verbal) and effective interpersonal skills.   Strong planning, prioritization, and execution skills, capable of managing multiple projects in fast-paced, evolving environments.   Experience working with structured data (e.g., Excel, Google Sheets, SQL, or Python) to organize, analyze, or report on information is preferred.   Experience using AI tools to analyze, summarize, or extract insights from documents. Familiarity with prompt structuring, workflow automation, or API-based usage is strongly preferred.   A critical thinker, a solid drive to excellence, a strong attention to detail, an insatiable appetite for continuous improvement, and a constant need to learn, practice, and improve.   Enthusiasm to learn through a combination of structured, on-the-job, and self-directed training.   Desire to explore a career in Information Security or Information Security, Governance, Risk and Compliance   Interest in pursuing foundational security certifications such as ISC2 Certified in Cybersecurity (CC), CompTIA Security+, or ISO 27001, with longer-term development toward certifications like CISA or CISSP.   Ability to work efficiently and effectively in a remote team environment.   Ability to communicate the value of compliance work in clear business terms, helping stakeholders understand how audit readiness, effective controls, and   timely   remediation reduce risk, protect trust, and support College Board’s mission.   Preferred -   Working in a security environment with experience in security awareness or policy management.    Bachelor’s   degree   prefer red .    The ability to travel   3-4   times a year to College Board offices or on behalf of College Board business.   All roles at College Board require:   A passion for expanding educational and career opportunities and mission-driven work grounded in   our   Operating Principles and Manager Expectations .   Curiosity and enthusiasm for emerging technologies, with a willingness to experiment with and adopt new AI-driven solutions and comfort with learning and applying new digital tools independently and proactively.    Clear and concise communication skills, written and verbal   A learner's mindset and a commitment to growth: welcoming diverse perspectives, giving and receiving   timely , respectful feedback, and continuously impr