Senior Analyst, Information Security

About Oportun: Oportun (Nasdaq: OPRT) is a premier, internationally recognized financial services pioneer, inclusive fintech innovator, and responsible lending platform leader on an absolute mission to place affordable credit and sustainable financial goals within everyone’s reach. Power-routing automated borrowing, specialized savings, and intelligent budgeting capabilities straight to its global members, Oportun has responsibly distributed more than $21.3 billion in affordable credit, shielding members from billions in predatory interest and fees while fostering an average individual savings footprint of $1,800 annually. Built upon an award-winning, diverse corporate culture that unifies technological craftsmanship with mission-driven execution, the company utilizes employee resource groups to nurture a sense of belonging. Oportun provides high-agency risk specialists with an elite, remote-first environment to engineer secure governance patterns and optimize information safety across regulated digital networks.

Position Overview

We are seeking a highly analytical, detail-oriented Information Security Governance & Awareness Senior Analyst to join our core centralized Information Security division in a full-time remote capacity within India. In this critical compliance engineering seat, you will step up to claim individual strategic accountability for managing, drafting, and evolving the lifecycle of information security policies, standards, procedures, and cross-functional governance documentation. Shifting completely away from basic automated report generation or passive filing, you will apply rigorous critical thinking to analyze organizational frameworks against shifting international regulatory and framework metrics. This high-ownership role requires a seasoned technical writer with 3–5 years of information security governance history who interprets data control mappings fluidly, administers phishing simulation platforms smoothly under compressed timeline schedules, and shapes a robust security culture across technical and non-technical audiences alike.

Key Responsibilities

• Policy Lifecycle Management and Governance: Oversee and coordinate the complete development, review, approval, and publication schedules of information security policies, standards, and procedural controls.
• High-Impact Security Writing and Editing: Draft, refine, and maintain comprehensive compliance documentation natively utilizing active-voice and concise Technical Writer principles to turn complex security parameters into actionable guides.
• Regulatory Framework Mapping and Auditing: Interpret and map complex compliance dependencies to internal controls registries, checking alignment natively with Cybersecurity parameters including PCI-DSS v4.0.1, NIST CSF 2.0, SOC 2, SOX, and the FTC Safeguards Rule.
• Governance Repositories and System Maintenance: Maintain and optimize central data governance repositories, structured templates, and corporate document management systems to ensure data hygiene.
• Audit Evidence Coordination and Support: Assist with external assessments and internal technical audits, organizing documentation logs and verifying alignment across distributed platform groups.
• Targeted Security Awareness Initiatives: Develop and deliver tailored security education programs, communication content, and awareness messaging aligned directly to organizational risks and business objectives.
• Phishing Simulation Engine Governance: Coordinate, execute, and evaluate continuous internal phishing simulation campaigns, managing user trend tracking, follow-up actions, and operational reports.
• Program Metrics and Reporting Dashboards: Formulate and track operational metrics, compiling recurring dashboards related to policy lifecycle timelines, review exceptions, and employee training participation.

Required Skills & Qualifications

• 3–5 years of verified professional history running advanced information security governance, IT compliance coordination, policy management, security awareness administration, or technical writing within a regulated setting.
• Deep, authoritative conceptual understanding of the foundational distinctions separating policies, standards, procedures, guidelines, and localized infrastructure controls.
• Expert-tier background drafting high-quality corporate compliance text, technical summaries, or security communication copy natively using Technical Writer best practices.
• Hands-on production familiarity aligning enterprise environments and database nodes against Cybersecurity guidelines (PCI-DSS, NIST, SOC 2, or SOX regulations).
• Proven capability to read, interpret, and map abstract statutory or legal rules into concise, enforceable data definitions and organizational workflows.
• Outstanding verbal and written communication mechanics in fluent English, with an absolute capacity to translate complex digital threats into audience-appropriate educational material.
• Location Context: Parameters open exclusively to qualified information security analysts based permanently and resident within the United States or **India** to execute production and auditing duties under a 100% remote work-from-home layout.

Preferred Strategic Indicators (Nice to Have)

• Prior commercial history supporting Governance, Risk, and Compliance (GRC) workflows inside an international financial services enterprise, high-growth fintech startup, or online banking network.
• Practical operational familiarity navigating advanced enterprise GRC platforms, automated workflow software tools, or learning management directories.
• Possession of accredited industry ecosystem credentials, highlighting active Security+, CISSP, CISA, CRISC, or PCI ISA designation metrics.
• A baseline understanding of adult learning theory and audience-based communication methods to maximize training performance.

What We Offer

• The exceptional professional canvas to directly direct, shape, and code-engineer the compliance frameworks and technical governance safeguards protecting an elite Nasdaq-listed fintech serving millions of users.
• Highly competitive, capability-benchmarked full-time baseline compensation configurations tailored precisely to evaluate and reward your technical writing authority and security auditing speed.
• Profound work-from-home remote parameters offering total location flexibility across India, complete scheduling trust, and zero physical office geographical commuting friction.
• Immediate eligibility to enroll in comprehensive corporate **Personal and Family Health Insurance protection structures**.
• Access to robust internal mobility pathways, structured career development modules, and sponsored technical training and certification opportunities.
• Inclusion into a high-performance culture that actively nurtures diversity, equity, and inclusion across global technical networks, supported by employee resource groups.