.Department Overview:Overview:As a member of the Security Education & Engagement team at Oportun, the Security Education & Engagement Analyst develops, deploys, and enhances enterprise-wide cybersecurity awareness and training programs; helps establish standardized cybersecurity practices within the firm; and aids internal and external cybersecurity communications. Analysts are expected to stay up-to-date on the latest cybersecurity intelligence, regulations, standards, and compliance requirements to know, understand, and adhere to Oportun security education. This role requires the ability to work cross-functionally with business partners and upper management to deliver clear recommendations and solutions that drive results.By joining Oportun, the firm will invest in your personal growth in the areas of technical aptitude, leadership skills, and business acumen. This is an exciting opportunity to join an innovative organization where your contributions will have a meaningful impact on broadening access to financial products for consumers with little or no credit history.**Responsibilities**:- Support the Security Engagement & Education team with responsibilities that include: (1) Developing, implementing, and managing enterprise-wide cybersecurity awareness and training programs, (2) Leading external and internal cybersecurity communications, (3) Establishing and maintaining standardized cybersecurity practices within the organization, and (4) Ensuring all employees and related resources know, understand, and adhere to Oportun security requirement- Support the developing and maintaining of internal Cyber Awareness, Training and Comms programs (including onboarding, annual security training, etc.) that align with the organization's strategic plans and objectives- Support the development of clear and effective firm-wide communications regarding cybersecurity training, compliance, best practices, etc.- Support ensuring of internal security programs and practices meet all industry regulations, standards, and compliance requirements (e.G. GLBA, FFIEC, SOX, COBIT, ITIL, PCI-DSS, NIST, CIS Critical Security Controls, Regulation P, etc.)- Support developing and executing response plans related to internal and external cyber incidents- Research and identify top human risks to the organization and the behaviors that must change to mitigate those risks- Suport developing and updating a metrics framework that can effectively measure firm-wide cybersecurity requirements- Support developing and maintaining training programs, certification roadmaps, etc