Information Security GRC Analyst I (Hybrid)

Job Title

Information Security GRC Analyst I (Hybrid)

Job Description

For more than 80 years, Kaplan has been a trailblazer in education and professional advancement. We are a global company at the intersection of education and technology, focused on collaboration, innovation, and creativity to deliver a best in class educational experience and make Kaplan a great place to work.

Our offices in India opened in Bengaluru in 2018. Since then, our team has fueled growth and innovation across the organization, impacting students worldwide. We are eager to grow and expand with skilled professionals like you who use their talent to build solutions, enable effective learning, and improve students’ lives.

The future of education is here and we are eager to work alongside those who want to make a positive impact and inspire change in the world around them.

The Information Security GRC Analyst I role will support and enhance IT governance, risk assessment, and compliance functions for the KNA organization. This position will be heavily involved in monitoring, maintaining, and improving elements of overall IT governance, enterprise risk management, and compliance with regulations and control frameworks such as ISO 27001, NIST, and COBIT. The Information Security GRC analyst I will focus on facilitating the review, development, implementation, and documentation supporting the ISMS policies, processes, procedures, and practices, while also identifying areas for improvement and efficiency.

Primary/Key Responsibilities

• Support the development, implementation, and maintenance of IT governance frameworks (e.g., COBIT, ITIL), ensuring alignment with organizational and regulatory requirements.
• Oversee the lifecycle of IT policies and standards, including creation, review, approval, communication, and monitoring for compliance.
• Manage third party vendor risk, including AI and cloud service providers, by conducting due diligence, security and compliance assessments, contract/control reviews, and ongoing performance and risk monitoring.
• Support IT risk management by identifying, assessing, and tracking technology risks, maintaining risk registers, and coordinating mitigation and monitoring activities with control owners.
• Perform internal audits and assist in evidence collection for client audits and compliance frameworks, including but not limited to ISO 27001, PCI, SOX, SOC 1 & 2, and other relevant standards.
• Conduct phishing simulation campaigns, perform meaningful analysis of results, and manage the overall security awareness program to drive continuous improvement in user security behaviour.
• Provide expert support in the assessment, design, implementation, and ongoing enhancement of technical controls and processes, including reviewing IT systems and tools to ensure appropriate controls are in place.
• Collaborate with control owners and system administrators to review test findings, remediate IT control gaps, and drive improvements that enhance the quality, consistency, and operability of new and existing controls.
• Lead the completion of client security questionnaires and RFPs, ensuring accurate and timely responses.
• Hybrid Schedule: 3 days remote / 2 days in office
• 30-day notification period preferred

Minimum Qualifications

• 1+ years of audit, technical compliance, or information security experience.
• Bachelor’s degree in information systems (IS), Cybersecurity, or related field; or an equivalent combination of training and progressively responsible experience that will result in the required specialized knowledge and abilities to perform the assigned work in lieu of degree.
• Strong understanding of IT governance, risk management, and compliance frameworks (e.g., ISO 27001, NIST, COBIT, PCI-DSS), with proven experience in conducting risk assessments, audits, and compliance initiatives.
• Self-motivated professional with excellent analytical, problem-solving, and communication skills, and the ability to work both independently and collaboratively in a fast-paced environment.
• Demonstrated ability to lead security projects and initiatives from conception to completion.
• Relevant certifications such as CISA, CISM, CRISC, or CISSP are highly desirable.

Preferred Qualifications

• Understanding of networking protocols, encryption algorithms, Cloud security concepts and familiarity with industry recognised security technologies.
• Foundational understanding of Gen AI concepts, AI-specific risks, to ensure that internal AI initiatives align with emerging governance frameworks and ethical guidelines.
• Ability to automate security and operational tasks using scripting languages (e.g., Python, PowerShell, Bash).

Beyond base salary, our comprehensive total rewards package includes:

Hybrid work model provides a flexible work/life balance

Voluntary Provident Fund is an additional voluntary contribution scheme associated with the statutory Employee Provident Fund (EPF)

Our Gift of Knowledge Program provides tuition assistance and substantial discounts for our employees and close family members

Comprehensive health benefits new hire eligibility starts on day 1 of employment

Generous Paid Time Off includes National holidays(10), Earned leaves(15), sick leave(12), plus one (1) volunteer day to participate and give back to our local communities

Gratuity is applicable upon completion of 5 years as per the Gratuity Act

We are committed to providing a supportive and rewarding work environment where every employee can thrive. You can learn more about our full benefits package and total rewards philosophy here.

At Kaplan, we believe in attracting, rewarding, and retaining exceptional talent. Our compensation philosophy is designed to be competitive within the market, reflecting the value we place on the skills, experience, and contributions of our employees, while taking into account labor market trends and total rewards. The specific compensation offered will be determined by a variety of factors, including but not limited to the candidate's qualifications, relevant experience, education, skills, and market data.

Location

Remote/Nationwide, USA

Additional Locations

Employee Type

Employee

Job Functional Area

Information Security

Business Unit

00091 Kaplan Higher ED

Diversity & Inclusion Statement:

Kaplan is committed to cultivating an inclusive workplace that values diversity, promotes equity, and integrates inclusivity into all aspects of our operations. We are an equal opportunity employer and all qualified applicants will receive consideration for employment regardless of age, race, creed, color, national origin, ancestry, marital status, sexual orientation, gender identity or expression, disability, veteran status, nationality, or sex. We believe that diversity strengthens our organization, fuels innovation, and improves our ability to serve our students, customers, and communities. Learn more about our culture here.

Kaplan considers qualified applicants for employment even if applicants have an arrest or conviction in their background check records. Kaplan complies with related background check regulations, including but not limited to, the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. There are various positions where certain convictions may disqualify applicants, such as those positions requiring interaction with minors, financial records, or other sensitive and/or confidential information.

Kaplan is a drug-free workplace and complies with applicable laws.