Senior Information Security Analyst

Work for a first-class institution that is innovative, multi-dimensional, and dynamic by joining AIR as a Senior Information Security Analyst .

We hire talented and forward-thinking professionals to build our cross-functional teams and support our clients in solving complex problems. Our people-problem-solvers, changemakers, and creative thinkers-are experts in their craft who rise to meet today's challenges.

The Senior Information Security Analyst will play an integral role in delivering on some of the most meaningful projects in communities across the United States and the world. You'll collaborate with our teams of motivated and passionate visionaries, where your input will be valued and your contributions vital to our success.

AIR's Information Security Office is seeking a motivated Senior Information Security Analyst to join the Information Security team. In this role, you will be part of the security team responsible for coordinating, planning, and organizing information security activities throughout the institution. We are seeking a security professional with practical experience in all phases of security assessment and authorization, particularly in federal agency work. You will perform internal audits of a full range of information security controls and help AIR maintain compliance with both internal and external security requirements. You will lead continuous monitoring compliance and third-party risk management activities to maintain an effective security posture, safeguard AIR's information technology assets, and ensure alignment with relevant compliance frameworks. If you are excited to be part of a winning team and want to roll up your sleeves and work on leading-edge information security work, this role is for you. This position reports to the Head of Information Security.

Periodic travel will be required to attend in-person events and meetings, attend industry conferences, meet with clients, and visit AIR offices, etc. based on business needs.

We value the experiences of every member of our institution, from entry level to executive. As part of our collaborative, learning-oriented team, you'll be encouraged to grow in your career, develop additional skills, and progress professionally.

Candidates hired for the position may work remotely within the United States (U.S.) or from one of ourU.S. office locations.This does not include U.S. territories.

About AIR :

Established in 1946, with headquarters in Arlington, Virginia, AIR is a nonpartisan, not-for-profit institution that conducts behavioral and social science research and delivers technical assistance to solve some of the most urgent challenges in the U.S. and around the world. We advance evidence in the areas of education, health, the workforce, human services, and international development to create a better, more equitable world.

AIR's commitment to diversity goes beyond legal compliance to its full integration in our strategy, operations, and work environment. At AIR, we define diversity broadly, considering everyone's unique life and community experiences.We believe that embracing diverse perspectives, abilities / disabilities, racial / ethnic and cultural backgrounds, styles, ages, genders, gender identities and expressions, education backgrounds, and life stories drives innovation and employee engagement. Learn more aboutAIR's Diversity, Equity, and Inclusion Strategyand hear from our staff byclicking here.

Essential job functions include but are not limited to-

• Execute internal controls assessments for AIR web applications, secure data enclaves, general support systems, and other key systems to support internal and external client security requirements.
• Perform continuous monitoring activities to ensure compliance with internal and external requirements.
• Assist with the development and maintenance of security authorization package deliverables that include the system security plan, risk assessment, contingency plan, configuration management, system design, and privacy impact threshold / assessment documents.
• Perform and support third-party risk assessments and risk monitoring activities, including vetting new software and artificial intelligence (AI) use cases.
• Oversee the remediation of findings utilizing standard Plan of Action and Milestones (POA&M) processes resulting from both internal and external security controls assessment, vulnerability assessments, and penetration testing.
• Support annual contingency plan and incident response testing for AIR's federal agency work.
• Analyze and respond to vulnerability and application assessment reports.
• Duties, responsibilities, and activities may change, or new ones may be assigned at any time based on business needs.

Education, Knowledge, and Experience :

Skills :

Disclosures :

Applicants must be currently authorized to work in the U.S. on a full-time basis. Employment-based visa sponsorship (including H-1B sponsorship) is not available for this position. Depending on project work, qualified candidates may need to meet certain residency requirements.

All qualified applicants will receive consideration for employment without discrimination on the basis of age, race, color, religion, sex, gender, gender identity / expression, sexual orientation, national origin, protected veteran status, or disability.

AIR adheres to strict child safeguarding principles. All selected candidates will be expected to adhere to these standards and principles and will therefore undergo reference and background checks.

AIR maintains a drug-free work environment.

Fraudulent Job Scams Warning & Disclaimer :

AIR is aware of individuals falsely presenting themselves as AIR representatives.Fraudulent job scams seek to extract sensitive information or money from victims. To protect yourself, please be aware that AIR recruitment will only email you from an "@air.org" domain. Please take extra caution while examining the email address, for example jdoe @air.org is correct and jdoe @aircareers.org is not a legitimate AIR email address . If you are unsure of the legitimacy of a communication you have received, please reach outtorecruitment@air.org.

If you see a job scam, or lose money to one,report it to the Federal Trade Commission (FTC) atReportFraud.ftc.gov. You can also report it toyour state attorney general. Find out more about how to avoid scams atftc.gov / scams.

LI-MP1 #LI-Remote

AIR's Total Rewards Program, is designed to reward our staff competitively and motivate them to achieve our critical mission. This position offers the anticipated annual salary as listed. Salary offers are made based on internal equity within the institution and external equity with competitive markets. Please note this is the annual salary range for candidates that are based in the United States.

Anticipated Annual Salary Range $141,000—$146,000 USD

Salary : $141,000 - $146,000