Information Security Specialist

Description

The Cybersecurity Policy and Programs team is looking for a highly collaborative and detail-oriented Information Security Specialist supporting the execution of cybersecurity initiatives that strengthen the organization’s security posture. This role is ideal for a highly organized, collaborative professional with strong writing skills, critical thinking, and a foundational understanding of cybersecurity principles. The specialist will assist with policy development, regulatory support, client assurance, and play an active role in planning and executing security awareness events.

• Policy & Program Support: Assist in drafting, editing, and maintaining cybersecurity policies, standards, and procedures. Help ensure documentation is clear, consistent, and aligned with regulatory and organizational requirements.
• Inherent Risk Assessment Coordination: Support the facilitation and documentation of Information Security Business Impact Assessments by working with business units to gather and organize input.
• Client & Third-Party Requests: Help prepare responses to client security questionnaires and due diligence requests, ensuring timely and accurate information delivery.
• Cybersecurity Awareness: Contribute to the planning and execution of awareness campaigns, including drafting communications, coordinating logistics, and tracking engagement. This may include engaging with colleagues, facilitating sessions, and representing the security team in a visible, interactive role.
• Regulatory & Audit Support: Organize and maintain documentation to support audits, assessments, and regulatory reviews. Track deliverables and follow up with stakeholders as needed.
• Cyber Maturity Tracking: Assist in collecting and organizing data for cyber maturity assessments, helping to identify trends and support reporting.
• Collaboration & Communication: Work closely with internal teams including Privacy, Legal, Compliance, Third Party and Risk to ensure alignment and smooth execution of the Policy and Program teams initiatives.
• Documentation: Create clear, professional documentation to support transparency, accountability, and informed decision-making.

• Bachelor’s degree in Cybersecurity, Information Security, Communications, Business, or a related field (or equivalent experience).
• 3+ years of experience in a cybersecurity, risk, compliance, or program support role.
• Foundational understanding of cybersecurity principles, frameworks, and regulatory requirements (e.g., NIST, ISO, GLBA, FFIEC).
• Excellent writing, editing, and communication skills.
• Strong interpersonal and collaboration skills; able to work effectively with diverse teams and stakeholders.
• Critical thinking, attention to detail, and strong organizational skills.
• Experience supporting awareness or training programs is a plus.
• Familiarity with GRC tools or security documentation platforms is a plus.

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.

At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.