Information Security Analyst - Remote (in certain states)

Description
YOUR ROLE
The Information Security Analyst at Bold Penguin is pivotal in safeguarding our digital landscape, focusing on monitoring, analyzing, and responding to security threats. This role encompasses a blend of technical vigilance and strategic involvement in governance, risk management, and compliance (GRC) activities. As a key member of our cybersecurity team, you will be instrumental in the identification and assessment of security risks, the implementation of appropriate security measures, and the execution of response strategies to mitigate threats.
Within this capacity, you will work closely with various departments to enhance our security framework, ensuring that our policies, controls, and practices align with industry standards and regulatory requirements. Your contributions will extend to supporting the security aspects of third-party assessments, audit participation, and risk register management. The role demands a proactive approach to stay ahead of security trends and threats, with a keen focus on promoting a culture of security awareness throughout the organization.
WHAT YOU'LL DO

• Monitor security access, perform security log reviews, and evaluate existing security controls to identify suspicious activity and recommend enhancements to bolster security.
• Assist in the development, maintenance, and enforcement of the company's information security policies, procedures, and governance activities, including risk management and compliance with policy/standards.
• Participate in all aspects of security audits and risk assessments, from planning and execution to responding to findings and contributing to the implementation of recommended improvements.
• Support the investigation and response to security incidents and contribute to detailed post-incident analysis.
• Educate and train staff on information security standards, policies, and best practices, fostering a culture of security awareness throughout the organization.
• Collaborate with internal and external stakeholders, including corporate security team members on projects, assessments, and security-related activities, to ensure the security and compliance of all company-owned computing systems and applications.
• Develop, execute, and track the performance of security measures to protect information, network infrastructure, and cloud systems, ensuring a secure operational environment.
• Stay up-to-date with the latest security trends, threats, and technologies to proactively suggest improvements to the organization's security posture.
• Other duties and responsibilities as assigned.

Requirements
YOUR LOCATION
This is a fully remote role, with the exception of onboarding and optional in-office events. Candidates must reside in one of the states listed in the application questionnaire and/or below.
States in which we hire: Illinois, Massachusetts, Ohio
Skills & Experience

• 1-3 years of experience in an information security or related role.
• Bachelor's degree in Information Technology, Computer Science, Information Security, or a related field, or equivalent experience.
• Basic understanding of security principles and technologies (firewalls, VPNs, antivirus, etc.).
• Familiarity with industry standards and frameworks such as ISO 27001, NIST, or CIS Controls.
• Experience with security tools and products (SIEM, IDS/IPS, DLP, etc.) is a plus.
• Strong analytical skills and attention to detail.
• Effective communication skills, with the ability to articulate security and risk-related concepts to technical and nontechnical audiences.
• A proactive approach to tasks and a strong desire to learn and grow in the cybersecurity field.
• Any relevant certifications (e.g., CompTIA Security+, CEH) are desirable but not required.

Physical Requirements

• Must be able to sit/stand/walk for prolonged periods of time, (up to 8 hours per day) at a desk working on a computer.
• Must be able to use standard office equipment for extended periods of time, including but not limited to, a mouse, keyboard, phone and video conferencing.

Summary
Bold Penguin is a leading integrated digital solution platform dedicated to simplifying small commercial insurance. Our technology makes the quote and bind process quick, effortless, and profitable for all parties - agents, brokers, and carriers. Bold Penguin's innovative product suite has digitized and transformed a slow, manual process resulting in reduced costs, increased efficiency, and better overall outcomes. For more information, please visit www.boldpenguin.com .
Or, simply put.... We simplify commercial insurance.
Benefits
We offer competitive compensation and progressive benefits that include:

• Medical, Dental, and Vision
• Flexible PTO Policy
• 401(k) with a company match
• Employee Assistance Program
• Parental Leave
• Disability and Life Benefits

Stay connected to the Glacier. We have great SLACK channels for work and play. We also like to video conference and hold all-hands "Waddles" regularly.
Penguin bling. Like swag themed after a certain Antarctic bird? Just. You. Wait.
Bold Penguin believes in inclusion. That's why we're proud to be an equal opportunity employer that considers all qualified applicants regardless of race, color, religion, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. To learn more about our results-focused culture and employee-focused perks, read more on our careers page .