Information Security Risk Analyst

Job Category: Technology and IT
Job Type: Full Time
Job Location: USA
Salary: $75K/yr - $100K/yr
Company Name: Bonterra

Company Overview

At Bonterra, our mission is to empower every changemaker to maximize their impact. We are committed to driving meaningful progress by working toward our ambitious goal: increasing the giving rate as a percentage of GDP from 2.5% to 3% by 2033.

We believe that with the right technology and expertise, we can strengthen trust in the social good sector, accelerating its growth and impact. Bonterra’s solutions support a diverse network of over 16,000 nonprofit organizations and more than 50% of Fortune 100 companies, helping them drive positive change at scale.

Job Responsibilities

  • Collaborate closely with the Information Security, Risk, and Compliance team to support security initiatives.
  • Collect, analyze, and interpret data to provide risk mitigation, remediation, and process improvement recommendations to management.
  • Partner with control owners across the organization and liaise with internal and external auditors to ensure timely completion of requests.
  • Identify business risks, regulatory process gaps, and opportunities for operational improvements.
  • Clearly communicate information security risk findings and actionable recommendations to stakeholders.
  • Conduct technical risk assessments of third-party suppliers’ security and privacy controls.
  • Maintain a vendor risk management register, tracking relevant suppliers, controls, and associated risks.
  • Assist in triaging and prioritizing compliance, risk, and security requests in the ticket management system.
  • Support enterprise-wide security awareness programs, including role-based security training and phishing simulations.
  • Conduct user activity audits as required.

Desired Qualifications

  • 3-4 years of experience in information security risk and compliance, or fewer years with relevant coursework or degrees.
  • Ability to manage multiple priorities independently and within a team environment.
  • Strong organizational, planning, and time management skills.
  • Exceptional research and analytical abilities.
  • Excellent verbal and written communication skills.
  • Strong judgment and discretion when interacting with senior management.
  • Ability to assess, classify, and contribute to cybersecurity risk mitigation strategies.
  • Familiarity with security controls related to vulnerability management, data encryption, DLP, SIEM, intrusion prevention, anti-virus, and compliance with NIST, ISO, SOX, AICPA, and PCI DSS standards.
  • Proficiency in technology systems, including GRC, ticketing, and project management software.
  • Proven ability to proactively identify needs and implement effective solutions.
APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx