This job was posted by https://www.kansasworks.com : For more information, please see: https://www.kansasworks.com/jobs/13075335

OFFICE LOCATION

United States

#PDN

#LI-REMOTE

\ WHO WE ARE

The mission of The Nature Conservancy (TNC) is to conserve the lands and waters upon which all life depends. As a science-based organization, we develop innovative, on-the-ground solutions to the world\'s toughest environmental challenges so that people and nature can thrive. Our work is guided by our values, which include acommitment to diversityand respect for people, communities, and cultures. From a rewarding mission to career development and flexible schedules, there are many reasons to love life #insideTNC. Want to know more? Check out ourTNC Talent playlist on YouTubeto hear stories from staff or visitGlassdoor.

One of TNC\'s primary goals is to cultivate an inclusive work environment so that employees around the globe have a sense of belonging and feel that their unique contributions are valued. We know we\'ll only achieve our mission by hiring and engaging a diverse staff that reflects the communities in which we work. Recognizing that people bring talent and skills that have been developed outside the scope of a job, we take a holistic approach to recruitment that considers life experience in addition to the professional requirements listed in our postings. Please apply - we\'d love to hear from you. To quote a popular saying at TNC, \"you\'ll join for the mission, and you\'ll stay for the people.\"

\ WHAT WE CAN ACHIEVE TOGETHER

The Information Security Analyst (ISA) is responsible for supporting information security and risk management activities centered around external party information and application security. You will be a member of the Information Security Risk Management Team - the Yellow Team. This team helps safely implement systems and integrate third party organizations into TNC\'s technology landscape, tracks information security risk, and manages human information security risk through a staff information security education and outreach program.

The Information Security Analyst will participate in the implementation, and maintenance of an external party information security risk management program. You will assess the information security risk profile of the Nature Conservancy\'s vendors, contractors and other external parties that have access to our data and systems and will work with affected business units to mitigate or accept the risks those external parties pose.

\ WE\'RE LOOKING FOR YOU

The Information Security Analyst is responsible for participating in information security-related activities. In pursuit of this mission, the ISA coordinates tactical information security activities with information technology and other staff in a complex, decentralized global organization.

The ISA performs the following activities:

• Act as a contact for all security review requests, both for internal and external party systems and services.
• Work with Privacy, and Legal teams to complete external party risk assessments.
• Perform technical assessments on both internal and external/third party systems and services.

This position requires routine contact with IT as well as non-technical staff. This position reports to a Director of Information Security and supervises no staff.\ In this position you will:

Participate in the implementation, and maintenance of the external party information security risk management program as part of TNC\'s overall external party due diligence review process.

Participate in the assessment, monitoring, and documentation of the securit posture and risk profile of external parties with access to TNC data, information, and records or to TNC systems.

Participate in the security-oriented reviews of contracting-related documentation and provide security guidance to RFI/RFP/RFQ processes.

Work with Privacy and Legal teams to document the classification of data, information, and records held or processed by external parties.

Work with Information Technology staff to document the specifics of implemented technology solutions.

Provide assessment of external party or internal system security based on provided architectural and operational documentation.

Perform technical testing to validate the security-related behavior of a system, service, or piece of software.

Work with business unit, IT staff, or external party to resolve any findings from security testing.

Provide other Information Security teams with documentation of system configuration and expected behavior for applications and services.

Provide advice and consultation to staff on information security-related policies, procedures, and best practices.

Write documents for and deliver presentations to both technical and non-technical audiences.

Participate in security incident response act