Founded in 1948, CBC Companies is a privately-held company headquartered in Columbus, Ohio, with operating entities including: AmRent, Byte Software, Factual Data, DataVerify, DataVerify Flood Services, Ibbie, Innovis, and Select Business Services. CBC’s portfolio of companies includes data repositories spanning the mortgage and credit markets in addition to hundreds of proprietary integrations across the broader credit ecosystem.
At CBC we are guided by our mission to serve our customers by providing them with products and services that ultimately empower economic opportunity for Americans. Using innovative technology and driven by integrity and a culture of compliance, CBC Companies delivers high quality products and services to help our customers manage risk.
About the Role:
Information Security Analyst supports enterprise risk management and third-party risk management (TPRM) initiatives by identifying, assessing, and mitigating information security risks across internal systems, business initiatives, third-party vendors, and emerging technologies including artificial intelligence (AI). This role requires strong analytical and communication skills, as well as expertise in security frameworks, regulatory compliance, vendor risk, and evolving technology risk domains. The ideal candidate is proactive, detail-oriented, and capable of translating technical risks into clear business impact and actionable mitigation strategies.
This is a hybrid role based in Columbus, Ohio. Candidates must reside in the Columbus area. In-office attendance will align with the department's schedule, which is determined collaboratively by the team.
What You’ll Do:
- Conduct comprehensive security risk assessments for internal systems, projects, policy exceptions, AI/ML initiatives, and third-party vendors.
- Evaluate risk levels, document risk findings, and recommend effective remediation and mitigation strategies.
- Identify security control gaps across traditional and emerging technology environments, including AI systems, automation platforms and data pipelines.
- Apply established risk management, governance, and compliance processes across business operations and technology initiatives.
- Support all phases of the vendor risk lifecycle, including due diligence, on boarding, ongoing monitoring, reassessments, and on-site evaluations.
- Assess vendor use of AI and automation technologies and evaluate regulatory and security risks.
- Contribute to the enhancement of TPRM frameworks, risk methodologies, assessment workflows, and best practices.
- Provide risk advisory support to business units regarding security controls, information security policies, standards, and compliance requirements.
- Assist in the development, implementation, and maintenance of information security policies, standards, and procedures aligned with regulatory and industry frameworks.
- Communicate risk findings, recommendations, and priorities effectively to leadership, business stakeholders, and third parties
- Collaborate cross-functionally with Information Security, Legal, Compliance, and business teams to drive risk mitigation strategies and remediation efforts. Perform other duties as assigned.
- Perform other duties as assigned.
What You’ll Need:
- Associate’s degree required.
- 2+ years of experience in information security, IT risk management, or governance and compliance.
- Experience conducting security risk assessments and managing vendor risk assessment processes.
- Working knowledge of industry security frameworks and standards including PCI-DSS, NIST, and SOC.
- Foundational understanding of AI/ML technologies and associated security, privacy, governance risks.
- Strong analytical, organizational and problem-solving skills with the ability to manage multiple priorities independently.
- Excellent verbal and written communication skills with the ability to influence stakeholders and present technical risks in business terms.
- Experience developing documentation, reports, and using analytical tools.
- Experience with security control testing, audits, or compliance assessments.
- Ability to work effectively both independently and collaboratively.
- Strong attention to detail, time management, and prioritization skills.
What Can Set You Apart:
- Bachelor’s degree in Information Security, Cybersecurity, Information Technology, or a related field
- Certifications such as CISSP, CISA, CRISC, or similar.
Benefits We Offer:
CBC Companies offers comprehensive healthcare benefits to eligible employees including: medical, HSA, prescription, vision, dental. Our benefits also include life insurance, short & long-term disability, Roth and 401K with possible company match and profit sharing, an Employee Assistance Program (EAP), Time Away from Work (TAFW) and paid holidays - plus employee referral bonuses, and role-based professional development opportunities.
CBC Companies is committed to equal opportunity employment, and employment decisions are based on merit, qualifications, and abilities. Employment-related decisions are not influenced or affected by an employee’s race, color, gender, age, religion, national origin, disability, citizenship, military status, sexual orientation, genetic information, or any other category protected by federal, state or local law. The Company endorses a work environment free from discrimination and harassment.
We are committed to providing reasonable accommodations to qualified individuals with disabilities. If you require a reasonable accommodation to complete the application process or perform the essential functions of the position, please let us know.
This posting will remain open until filled.
