This job might no longer be available.
Governance & Compliance Analyst (Remote - United States)
2 years ago
Company Overview:
Age of Learning is a leading education technology innovator based in Glendale, California, with a talented team of more than 600 individuals comprised of nationally-renowned educators, curriculum experts, developers, artists, writers, designers, engineers, producers, product managers, analysts and marketing experts! Together we develop engaging, effective digital learning technology and content to help children build a strong academic foundation for lifelong success.
Our flagship product
ABCmouse.com Early Learning Academy ® is a comprehensive online curriculum and the #1 digital learning product for young children. To-date, more than 30 million children worldwide have completed over 8 billion Learning Activities on ABCmouse. We recently launched Adventure Academy, the first massively multiplayer online (MMO) game designed specifically to help elementary- and middle-school-aged children learn. It features thousands of engaging Learning Activities—including minigames, books, original animated and live action series, and more—in a fun and safe virtual world. Other Age of Learning programs include immersive English language learning products for children in China and Japan; ReadingIQ, a digital library and literacy platform; and a groundbreaking personalized, adaptive digital learning system that individualizes math instruction for every child through AI-driven technology.
We are committed to helping all children succeed. We provide our educational programs at no cost to teachers, Head Start programs, public libraries, and other community organizations, and have served millions of children through these initiatives. We recently established the Age of Learning Foundation to expand this work globally.
As we expand our global reach and increase the educational impact of our programs, we’re looking for passionate, ambitious, and collaborative leaders to become a part of our growing team.
Summary:
Reporting to the Director of Information Security, we are seeking a full-time Governance & Compliance Analyst to help contribute, maintain, and support our Information Security Governance & Compliance Program, and support the maintenance and management of our IT Policies, PCI-DSS program, SOC-2 Program, GDPR, and other data and privacy frameworks, internal contract and security reviews, and our Supply Chain Security Program. As a member of the Information Security Department, you will be a hands-on contributor to day-to-day Governance and Compliance operations, who possesses a lean forward mentality, and an eagerness to solve complex issues and continuously learn and keep up with the ever-evolving landscape. The Governance & Compliance Analyst should possess an eagerness and motivation to learn diverse Information Security concepts, a foundational understanding of Information Security Frameworks, Governance Architectures, and have an overall understanding of industry best practices while demonstrating sound business acumen and communication skills.
Responsibilities:
- Manage and maintain our SOC-2 program and ensure alignment with all controls
- Manage and maintain our PCI-DSS Program
- Manage and Maintain the Supply Chain Security Program
- Manage and Maintain our Data Privacy Program
- Review legal documentation, partnership agreements, and other relevant documentation
- Create and review IT Policies and Procedures.
- Create documentation and presentations of technical data for non-technical audiences.
- Serve as the key member in Incident Response and Triage communications
- Stay current with evolving industry trends in security and compliance
- Conduct open-source threat research and analysis
- Help manage the Information Security Awareness Program, curate relevant content, and provide training and guidance to both technical and non-technical audiences
- Be a key contributor to the Data Management program, with the ability to identify, assess and ensure the proper handling, storage, usage, and classification of all data. Manage administrative controls and rulesets to ensure compliance with organizational Data Security requirements
- Manage the administration of the Vulnerability Management Program
- Conduct internal Information Security Risk Assessments, including the ability to analyze, and score detected vulnerabilities and security gaps to minimize the organizational threat footprint
- Develop and maintain documentation for all assigned responsibilities
- Perform other related duties and special projects as assigned
Required Qualifications:
- 2 years of experience working with Governance & Compliance frameworks or within Corporate Communications/legal/audit teams, and a proven ability to implement and get results in a fast-paced environment
- Ability to deliver results while collaboratively working with others, while fostering a team culture that is respectful and supports the values of excellence and integrity
- Exceptional problem solving, creative skills, and the ability to exercise sound judgment and make decisions based on accurate and timely analyses
- Exceptional written, verbal, and interpersonal communication skills along with the ability to present and explain Information Security Governance & Compliance concepts effectively for non-technical audiences
- Highly motivated self-starter who is an analytical thinker, possesses high attention to detail and is capable of translating business security requirements into effective solutions
- Strong desire to learn and obtain a basic understanding of the following Security functions, including but not limited to Application Security, Log Monitoring and Correlation, End Point Security, Mobile Device Management, Forensics, Penetration Testing, email security, System Hardening capabilities, Encryption, Cloud Security, secure system configuration, authentication solutions and Physical Security Control Systems.
- Basic understanding of Information Security & Compliance frameworks and their associated technical controls such as CIS Top 20, NIST, SOC 2, ISO 27001, MITRE ATT&CK Framework and how it is applicable to Governance and Compliance Requirements
- Basic understanding of Application Security Best Practices, OWASP Top 10, and the ability to identify and implement mitigation capabilities to address application and web-based threats Framework and how it is applicable to Governance and Compliance Requirements
- Working Comprehension of GDPR, CCPA, COPPA, PCI-DSS, SOX, and their associated technical requirements
- Understanding and knowledge of Supply Chain Security best practices
- Bachelor’s Degree or relevant working experience
Age of Learning currently provides:
• 90% - 100% of health and welfare benefit premiums
• A 401(k) program with employer match
• 15 paid vacation days, 11 observed national paid holidays plus 9 sick days
• Our flexible work culture means 2 or more days in the office (hybrid) or 100% fully remote options available for most positions
• Team bonding events and a highly collaborative environment
• Access to our internal DEI Task Force that focuses on ensuring our products represent all children on a global scale
• Opportunities for professional growth through professional learning and development programs
• Commitment to Equal Opportunity Employment in addition to an inclusive and supportive company culture
Create Your Profile — Game companies can contact you with their relevant job openings.