Senior Information Security Analyst - Technology Compliance (Remote) Draper, Utah
Progressive Leasing is a leading provider of in-store and e-commerce lease-to-own solutions. As an almost 20+ year old FinTech company that has gone from start-up to industry leader, we know how to innovate, simplify, and value all people. We are a company founded on our grit and we are constantly looking to the future. As an ever-evolving group of entrepreneurs and technologists, we strive to do the right thing period in all aspects of our work. We are a subsidiary of PROG Holdings (NYSE: PRG), an exciting FinTech holding company, with three business segments including Progressive, Financial, and Four, a Buy Now Pay Later (BNPL) platform.
Progressive Leasing is currently seeking a high energy technology professional looking to expand their career in the security space as a Senior Information Security Analyst - Technology Compliance (Remote). An ideal candidate will have a strong technology background and possess top notch communication, collaboration, and organizational skills. In this role you will be a member of a security team focused on delivering governance, risk, and compliance initiatives. This role will provide you with the opportunity to bring your skills to a growing team while being provided opportunities to learn and develop your security career.
This role is a work from home position and can be performed remotely anywhere in the continental US or in one of our corporate locations in Utah or Arizona.
Employee Value Proposition (EVP): PROG people with opportunity; opportunity for inclusive collaboration, opportunity for innovation, and opportunity for development.
- Assist in the testing and design of technology controls
- Collaborate with business and technology leaders to ensure the successful remediation of identified security weaknesses
- Contribute to the design and improvement of team processes and procedures
- Evaluate security controls to confirm there is adequate coverage of requirements from standards, policies, regulation, contracts, etc.
- Collaborate with external auditors to ensure security assessments are completed and compliance certifications achieved annually
- Demonstrate our security capabilities to business partners by responding to security assessments
- Work with policy owners to ensure policies adequately cover compliance and regulatory obligations
- Evaluate third parties for security risks stemming from the services they provide
- Identify and meticulously manage information security risks
- Ability to start and finish projects relating to internal controls testing and management
- Production and management of key program metrics
- Support the ongoing management and operations of a cybersecurity risk management program
- Provide analysis and continuous improvement of the GRC tool capability through lifecycle management best practices
- Strong documentation and communication skills
- Able to effectively give, receive, and respond to feedback
- Highly organized self-starter with the ability to effectively meet deadlines
- Ability to administrate technology solutions (e.g., firewalls, WAFs, databases, user endpoints, anti-virus, MDM applications, servers, etc.)
- General understanding of TCP/IP, the OSI model, DNS, HTTP, VPN, and routing/switching technologies.
- Knowledge of endpoint security technologies, e.g., antivirus, HIPS, FIM, etc.
- Knowledge of secure configuration management across multiple platforms
- Curious, inquisitive, innovative, lifelong learner and self-starter
- Clear on responsibilities yet flexible and willing to “carry water” during times of ambiguity
PREFERRED SKILLS & EXPERTISE
- Industry related Associate of Science /Associate of Arts preferred with 2+ years of overall information security and/or technology operations experience (or Bachelor of Science / Bachelor of Arts with some industry experience)
- General understanding of security standards and frameworks (I.e., PCI-DSS, ISO 27001, SOC2, etc., NIST CSF, NIST 800-53.)
- Solid understanding of security best practices and defense in depth strategies
- Usable understanding of Python or other scripting languages
- SQL and database management skills
- Solid understanding of information security risk management strategies
- Information security industry recognized certification(s) preferred – (Examples: GSEC, CISSP, CRISC, CISA)
- General understanding of threats to include common attack vectors and methodologies.
- Competitive Compensation; bonus eligibility
- Full Health Benefits; Medical/Dental/Vision/Life Insurance + Paid Parental Leave
- Company Matched 401k
- Paid Time Off + Paid Holidays + Paid Volunteer Hours
- Employee Resource Groups (Black Inclusion Group, Women in Leadership, PRIDE, Adelante)
- Employee Stock Purchase Program
- Tuition Reimbursement
- Charitable Gift Matching
- Job required equipment and services
Progressive Leasing welcomes and encourages diversity in the workplace. We do not discriminate in any aspect of employment race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by federal, state, or local employment discrimination laws where Progressive Leasing does business.