Information Security Analyst
Job in
Columbus, Franklin County, Ohio, 43224, USA
Listed on 2026-06-05
Listing for:
Factual Data
Full Time
position Listed on 2026-06-05
Job specializations:
-
IT/Tech
Information Security, Cybersecurity, Data Security, IT Business Analyst
Job Description & How to Apply Below
Founded in 1948, CBC Companies is a privately-held company headquartered in Columbus, Ohio, with operating entities including:
AmRent, Byte Software, Factual Data, Data Verify, Data Verify Flood Services, Ibbie, Innovis, and Select Business Services. CBC's portfolio of companies includes data repositories spanning the mortgage and credit markets in addition to hundreds of proprietary integrations across the broader credit ecosystem.
At CBC we are guided by our mission to serve our customers by providing them with products and services that ultimately empower economic opportunity for Americans. Using innovative technology and driven by integrity and a culture of compliance, CBC Companies delivers high quality products and services to help our customers manage risk.
About the Role:
Information Security Analyst supports enterprise risk management and third-party risk management (TPRM) initiatives by identifying, assessing, and mitigating information security risks across internal systems, business initiatives, third-party vendors, and emerging technologies including artificial intelligence (AI). This role requires strong analytical and communication skills, as well as expertise in security frameworks, regulatory compliance, vendor risk, and evolving technology risk domains. The ideal candidate is proactive, detail-oriented, and capable of translating technical risks into clear business impact and actionable mitigation strategies.
This is a hybrid role based in Columbus, Ohio. Candidates must reside in the Columbus area. In-office attendance will align with the department's schedule, which is determined collaboratively by the team.
What You'll Do:
- Conduct comprehensive security risk assessments for internal systems, projects, policy exceptions, AI/ML initiatives, and third-party vendors.
- Evaluate risk levels, document risk findings, and recommend effective remediation and mitigation strategies.
- Identify security control gaps across traditional and emerging technology environments, including AI systems, automation platforms and data pipelines.
- Apply established risk management, governance, and compliance processes across business operations and technology initiatives.
- Support all phases of the vendor risk lifecycle, including due diligence, on boarding, ongoing monitoring, reassessments, and on-site evaluations.
- Assess vendor use of AI and automation technologies and evaluate regulatory and security risks.
- Contribute to the enhancement of TPRM frameworks, risk methodologies, assessment workflows, and best practices.
- Provide risk advisory support to business units regarding security controls, information security policies, standards, and compliance requirements.
- Assist in the development, implementation, and maintenance of information security policies, standards, and procedures aligned with regulatory and industry frameworks.
- Communicate risk findings, recommendations, and priorities effectively to leadership, business stakeholders, and third parties
- Collaborate cross-functionally with Information Security, Legal, Compliance, and business teams to drive risk mitigation strategies and remediation efforts. Perform other duties as assigned.
- Perform other duties as assigned.
- Associate's degree required.
- 2+ years of experience in information security, IT risk management, or governance and compliance.
- Experience conducting security risk assessments and managing vendor risk assessment processes.
- Working knowledge of industry security frameworks and standards including PCI-DSS, NIST, and SOC.
- Foundational understanding of AI/ML technologies and associated security, privacy, governance risks.
- Strong analytical, organizational and problem-solving skills with the ability to manage multiple priorities independently.
- Excellent verbal and written communication skills with the ability to influence stakeholders and present technical risks in business terms.
- Experience developing documentation, reports, and using analytical tools.
- Experience with security control testing, audits, or compliance assessments.
- Ability to work effectively both independently and collaboratively.
- Strong attention to detail, time management, and prioritization skills.
- Bachelor's degree in Information Security, Cybersecurity, Information Technology, or a related field
- Certifications such as CISSP, CISA, CRISC, or similar.
CBC Companies offers comprehensive healthcare benefits to eligible employees including: medical, HSA, prescription, vision, dental. Our benefits also include life insurance, short & long-term disability, Roth and 401K with possible company match and profit sharing, an Employee Assistance Program (EAP), Time Away from Work (TAFW) and paid holidays - plus employee referral bonuses, and role-based professional development opportunities.
CBC Companies is committed to equal opportunity employment, and employment decisions are based on merit, qualifications, and abilities. Employment-related decisions are not…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×