Senior Information Security Analyst

Job Description

ABOUT OPORTUN

Oportun (Nasdaq: OPRT) is a mission-driven financial services company that puts its members’ financial goals within reach. With intelligent borrowing, savings, and budgeting capabilities, Oportun empowers members with the confidence to build a better financial future. Since inception, Oportun has provided more than $21.3 billion in responsible and affordable credit, saved its members more than $2.5 billion in interest and fees, and helped its members set aside an average of more than $1,800 annually.

WORKING AT OPORTUN

Working at Oportun means enjoying a differentiated experience of being part of a team that fosters a diverse, equitable and inclusive culture where we all feel a sense of belonging and are encouraged to share our perspectives. This inclusive culture is directly connected to our organization’s performance and ability to fulfill our mission of delivering affordable credit to those left out of the financial mainstream. We celebrate and nurture our inclusive culture through our employee resource groups.

POSITION OVERVIEW

We are seeking a highly skilled and experienced Senior Information Security Analyst to join our Information Security Risk Management team within the GRC function. The ideal candidate will bring deep technical and domain expertise in information security risk management, strong information security knowledge across a range of cybersecurity domains (Network security, Vulnerability management, Threat modeling, Identity management, Application security, etc.), and hands-on experience with system automation, risk assessments. Familiar with frameworks such as NIST Cybersecurity Framework (CSF) and/or CIS Controls. Coding experience is desirable to support automated risk assessments in both development and deployment

RESPONSIBILITIES

• Conduct security risk assessments across infrastructure, applications, and other enterprise assets.
• Identifies and explains top risk drivers; scopes data-driven prioritization.
• Translate technical risks into business terms and advise stakeholders on appropriate risk mitigation strategies.
• Perform risk quantification analysis. Analyze the risk impact, vulnerability gaps, threat modeling, and control gaps.
• Support and enhance the implementation of cybersecurity risk management frameworks (NIST CSF, CIS Controls).
• Collaborate with IT, Engineering, Legal, and Compliance teams to ensure secure and compliant operations.
• Contribute to in-house developed applications with an emphasis on Java environments. Executes clean, reusable code and performs Quality Control on own work.
• Contribute to the development and maintenance of the organization’s information security policies, standards, and procedures. Modifies logic, metrics, or models to better reflect business needs.
• Contribute to the information security education of enterprise users through risk management activities.
• Contribute to the continuous improvement of the information security risk management program.

RESPONSIBILITIES

• 5+ years of experience in information security with at least 2 years focused on risk assessments.
• Strong understanding of information security principles, practices, and technologies.
• Proven experience conducting risk assessments and control assurance reviews.
• Solid understanding and application of NIST CSF and/or CIS Controls.
• Familiarity with regulatory standards and compliance frameworks (e.g., SOC 2, PCI-DSS).
• Security operation experience on operating security tools that detecting security threats or vulnerabilities.
• Great communication skills with the ability to explain technical risks to non-technical audiences. Shapes analyses with cross-functional input; advises on data-driven goals.
• Strong analytical, documentation, and reporting skills. Builds and shares reusable templates and dashboard modules. Links insight delivery to broader organizational metrics and risks.
• Experience with coding (prefer Java or Python).
• Self-motivated and disciplined with a proven ability to work independently in a remote work environment, including managing time effectively, maintaining communication, and delivering results without close supervision.

Preferred Qualifications

• Bachelor’s or Master’s degree in Information Security, Computer Science, or related field.
• Professional certifications such as CISSP, CRISC, CISA, or similar.
• Experience with GRC platforms (e.g., Audit Board, Jira, ServiceNow GRC, OneTrust).
• Exposure to secure SDLC, application development, or network configuration.
• A learning mindset to quickly adapt to a fast-paced environment.

What We Offer

• Competitive compensation and benefits package
• A collaborative team environment focused on innovation and risk reduction
• Top workplace with state-of-the-art technologies and processes.
• Opportunities for continued learning and career growth.

We are proud to be an Equal Opportunity Employer and consider all qualified applicants for employment opportunities without regard to race, age, color, religion, gender, national origin, disability, sexual orientation, veteran status or any other category protected by the laws or regulations in the locations where we operate.

California applicants can find a copy of Oportun’s CCPA Notice here:  https://oportun.com/privacy/california-privacy-notice/.

We will never request personal identifiable information (bank, credit card, etc.) before you are hired. We do not charge you for pre-employment fees such as background checks, training, or equipment. If you think you have been a victim of fraud by someone posing as us, please report your experience to the FBI’s Internet Crime Complaint Center (IC3).