Information Security Risk Analyst, Bonterra

• 3-4 years’ experience performing information security risk and compliance activities or open to fewer years with addition of relevant course work/degrees
• Experience managing multiple priorities independently and in a team environment to achieve goals
• Excellent organizational, planning and time management skills
• Excellent research and analytical skills
• Excellent verbal and written communication skills
• Ability to exercise good judgement and tact in dealing with Bonterra senior management
• Ability analyze, classify, and assist in the creation of a response to cybersecurity risks
• Knowledge of and/or experience with designing, implementing, and supporting security controls related to vulnerability management, data encryption, data loss prevention, SIEM, intrusion prevention, anti-virus, and others for compliance with NIST, ISO, SOX, AICPA or PCI DSS standards
• Proficient with technology and ability to learn our software systems, including GRC, ticketing and project management software and workflows
• Proven track record of proactively identifying needs and implementing solutions

• The Bonterra Information Security Risk and Compliance department is looking to hire an Information Security Risk Analyst to our team. If you enjoy problem solving, are enthusiastic working in a team format and want to thrive in the ever-changing risk & compliance field while learning new concepts and principles as part of your continuing education, look no further!
• Works closely with other members of the Information Security, Risk, & Compliance team
• Gathers and synthesizes data; presents conclusions; and offers risk mitigation, remediation and process improvement solutions to management
• Works closely with control owners across the company and internal and external auditors to ensure requests are completed in a timely manner
• Identifies potential business risks, operational and regulatory process deficiencies and improvement opportunities
• Communicates information security risk findings and recommendations that are clear and actionable to all stakeholders
• Performs technical risk assessments of third party suppliers' security and privacy controls
• Maintains register of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities
• Assists in the initial triage of compliance, risk and security requests in the ticket management system to ensure efficiency and prioritization
• Assists in maintaining our overall security awareness, role-based security trainings and phishing simulation programs across the enterprise
• Assists in conducting user activity audits where required

• We will be accepting applications for this role until 2/25/2025

• Work in office: Join us in our Austin, Texas, or Washington, D.C. offices if you live nearby
• Work remotely: Enjoy the flexibility of remote work with our work-from-home option. No matter where you live, there's an opportunity for you at Bonterra
• Work hybrid: Reap the benefits of both remote and in-person work with a hybrid approach. Visit the office closest to you and work from home when your schedule allows it.
• Health & wellness: Our robust set of health insurance options will keep you and your loved ones ready for anything. And our holistic wellness program means you can create a plan tailored to what matters most to you
• Generous time off: Our flexible time off policy means you don’t have to worry about a limit on your vacation days. Plus, we offer 15 paid holidays with a focus on DEIB, social justice, and self-care
• Fully paid parental leave: We value your time spent with family. No matter your gender identity, all Bonterra employees can take fully paid parental leave after the birth or adoption of a child
• Development resources: We believe in fostering an environment that encourages growth and development. With access to learning resources, goal-setting activities, and networking opportunities, we work to ensure our workforce is positioned for success
• Giving opportunities: We know that it's imperative for us to live our purpose. Through our employee giving program, Doers of Good, employees have the opportunity to track volunteerism by logging hours and creating events

Bonterra is a social good software company supplying an array of solutions to make social impact organizations more efficient, effective, and user-friendly. The company combines products from CyberGrants, EveryAction, Network for Good, Social Solutions, and more into a comprehensive tool suite for everything from case and grant management to fundraising and volunteer work.