Information Security Risk/Compliance Analyst

Are you a passionate innovator looking to harness the power of technology to do more good? You've come to the right place. At Bonterra, our purpose is to power those who power social impact. To that end, we serve the people who make social good possible-the doers behind the scenes across nonprofits, public agencies, corporations, philanthropic organizations, and foundations.
As the second-largest and fastest-growing social good software company in the world, Bonterra brings together leading solutions from CyberGrants, EveryAction, Network for Good, Social Solutions, and their respective entities. By bringing our intuitive technology and expertise together, Bonterra will enable unprecedented connectivity between social good organizations and their community of supporters and constituents. This will reshape philanthropic giving, empower digital transformation, and bring the social good sector the technology it needs to accelerate lasting social change.
We are looking to hire an Information Security Compliance Analyst to our team. Do you consider yourself to be analytical, super detail-oriented and data driven? Do you enjoy monitoring systems for anomalous behavior? How about creating complex phishing simulations for staff? Do you enjoy conducting detailed and comprehensive investigations, and drive issues to remediation and closure? Have you worked on reporting for security frameworks? If so, please keep reading!
Job Responsibilities:
- Work closely with other members of the Information Security, Risk, & Compliance team and report to the Director of Compliance.
- Assist in the analysis, classification, and strategy/response to the cybersecurity risks.
- Assist in the initial triage of compliance, risk and security requests in the ticket management system to ensure efficiency and prioritization.
- Monitor security systems and associated risk related to: access control, intrusion detection, endpoint protection, incident response, etc.
- Develop, implement, and maintain security processes, procedures, and guidelines that support the organization.
- Assist in maintaining our overall security awareness & role based security trainings and phishing simulation programs across the enterprise.
- Analyze and resolve security events and vulnerability issues in a timely and accurate manner, as well as conduct user activity audits where required.
- Assist in the vendor management and other compliance related programs.
Job Requirements:
- Knowledge of security concepts such as the cyber kill chain and techniques, threat vectors, risk management, incident management, etc.
- Hands-on knowledge and experience designing, implementing, and supporting vulnerability management, data encryption, data loss prevention, SIEM, intrusion prevention, anti-virus, and/or other security controls.
- Knowledge of various operating systems including but not limited to: Windows, macOS, iOS, Android, and Linux.
- Knowledge of TCP/IP Protocols, network analysis, and network/security applications.
- Ability to multi-task, prioritize, and manage time effectively. Strong attention to detail.
Job Qualifications:
- 2-4 years of professional IT Security experience
- Experience performing risk and compliance activities in a (SAAS) business
- Strong cross-functional engagement & communication skills
- Information systems security professional certifications (CRISC, CISA, CISSP, CISM, GSEC, GCFA, GCTI, CCSP, etc...)
- Proven track record of proactively identifying needs and implementing solutions
- Experience running security awareness, phishing, and other end user security training programs
- Knowledge of the intricacies related to Governance, Risk Management, and Compliance (GRC): NIST, SOX, SOC, ISO, PCI DSS, and/or state privacy laws
- Familiarity with the Secure Software Development Life Cycle (SSDLC)
Compensation
The range displayed on this job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and in addition to benefits this role may be eligible for discretionary bonuses/incentives, and equity.
US base salary range: $74,600 - $134,200.
Our Culture:
Our team is made up of industry experts and advocates who are 100% committed to supporting the doers of social good. We are currently undergoing an effort to create the vision and values that embody our collective organization and embrace the individuals who make up our community.
Our comprehensive and competitive benefits include:

• Generous Flexible Time Off (FTO) Policy
• Equity for ALL regular, full-time employees from individual contributors to management - share in our success!
• Up to 15 paid company holidays including some commemorating social justice events and self-care
• Paid volunteer time
• Resources for savings and investments
• Paid parental leave
• Paid sick leave
• Health, vision, dental, and life insurance with additional access to health and wellness programs.
• Opportunities to learn, develop, network, and connect

We are committed to being an equal opportunity employer and evaluate qualified applicants without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, diversity of thought and any other characteristic protected by applicable law.