Analyst, Information Security

The Role in Brief:
The Information Security Analyst will have a number of IT governance, risk and compliance management duties.  The Information Security Analyst will be responsible for conducting risk assessments that target internal Advisory Board initiatives as well as critical third party/vendor relationships.  The Information Security Analyst will also support managing an Enterprise Governance, Risk, and Compliance (eGRC) platform, contribute to business continuity management and planning activities, conduct information security audits, and support reporting of key risk indicators and metrics across the enterprise.

This position is located in Washington, DC. 

Specific Responsibilities:
– Perform IT risk assessments of internal initiatives and critical third party/vendor relationships against criteria descending from industry standard information security frameworks and industry regulations, such as ISO/IEC 27001:2013, NIST SP 800-53, HIPAA, FERPA, SOX, and PCI-DSS 3.0
– Support engineering and maintenance of an eGRC platform to support the risk management and security operations functions
– Assist in the development of risk treatment plans to address areas of strategic and tactical IT and information risks in both business operations and technology paradigms
– Assist with development and maintenance of information security policies and standards
– Support development and maintenance of an information security compliance and metrics program for consistent management reporting of risks to sensitive information and technology resources across the enterprise

Must Haves:
– Bachelor’s degree in Computer Science or equivalent professional experience
– Knowledge of information security and IT risk management concepts and practices including frameworks and regulatory regimes
– Ability to work in a fast-paced business environment with global, geographically-distributed teams
– At least 3-5 years of post-undergraduate experience

Even Better:
– Professional experience in conducting IT or operational risk assessments or IT auditing
– Knowledge of eGRC platforms to facilitate development of information asset inventories, risk and compliance assessments, risk metrics collection, and risk reporting
– Experience with enterprise business continuity planning and testing activities
– Experience developing information security policy, training content, and supporting materials
– Experience delivering information security policy training to technical and non-technical audiences
– CISSP, CISA, CISM, or other information security or IT auditing certifications

About The Advisory Board Company:
The Advisory Board Company is a best practices firm that uses a combination of research, technology, and consulting to improve the performance of 5,500+ health care organizations and educational institutions. Headquartered in Washington, D.C., with offices worldwide, The Advisory Board Company forges and finds the best new ideas and proven practices from its network of thousands of leaders, then customizes and hardwires them into every level of member organizations, creating enduring value. For more information, visit

We are a workplace that…
     Values and celebrates diversity of experience, culture, and opinion
Is committed to creating an inclusive environment to enhance our collective experience
Promotes a supportive community through staff-led affinity groups, events, and education

Our Culture & Values: 
We think Forbes said it best: “Making the world a better place is what The Advisory Board Company is all about.” We have a unique culture where employees are told to avoid after work emails, encouraged to take 10 hours per month of paid leave for community service, and are expected to add surplus value in every interaction with a member or colleague.

Over the past thirty years, we have developed a distinctive corporate culture based on our values and principles. We award,  promote, and praise based on individual performance, capabilities, and ambition. We provide ways for staff to share their time, talent, and passions in the community. We reward innovation and foster a collaborative environment. We have a performance-driven staff and peers that challenge one another in the workplace. And we want free-thinkers, agile speakers, witty writers, and team players to join the firm – at Advisory Board, your ideas are heard and your contributions matter.

Consistent with our belief that our employees are our most valuable resource, The Advisory Board Company offers a competitive benefits package.
– Medical, dental, and vision insurance, dependents eligible
– 401(k) retirement plan with company match
– 20+ days paid time off and 10+ paid company holidays
– Daytime leave policy for community service or fitness activities (up to 10 hours a month each)
– Wellness programs including gym discounts and incentives to promote healthy living
– Dynamic growth opportunities with merit-based promotion philosophy
– Benefits kick in day one, see the full details here

The Advisory Board Company is an Affirmative Action and Equal Opportunity Employer. EOE AA M/F/Vet/Disability.


Leave a Reply