Cybersecurity Analyst
Russell Investments, Seattle, WA, United States
Salary Range:
$90,000 USD - $100,000 USD
Specific compensation will be based on candidate's experience, skills, qualifications, commercial considerations, and other job-related factors permitted by law. At Russell Investments, salary is just one part of our compensation package. Our total rewards approach includes an annual performance bonus (subject to eligibility criteria) in addition to participation in our competitive benefits programs including healthcare, retirement, vacation, and wellbeing programs.
Job Description:
At Russell Investments, our purpose is to improve financial security for people.
We are seeking a
Cybersecurity Analyst
to advance our Human Cyber Risk Management program while supporting enterprise-wide risk and compliance efforts. This role is instrumental in strengthening the organization's security posture by promoting secure behaviors, managing user-centric risk initiatives, and addressing regulatory and client-facing cybersecurity requirements.
The ideal candidate combines expertise in security awareness with a strong understanding of human risk dynamics and core risk management practices and demonstrates the ability to collaborate effectively across global teams.
Key Responsibilities
Deliver and continuously enhance security awareness programs, including quarterly, threat-informed campaigns
Execute phishing simulations, including scenario design, targeting, and performance analysis
Support Cybersecurity Awareness Month and other enterprise-wide engagement initiatives
Maintain internal cybersecurity resources to promote accessible guidance and best practices
Contribute to external cyber trust centers/client assurance portals, ensuring accurate and current content
Monitor and report on human risk metrics, providing actionable insights to stakeholders
Partner with HR and Internal Communications to strengthen security culture and drive behavior change
Support user access reviews (UARs), service accounts and non-human identities review ensuring coordination, completion tracking, and audit readiness
Respond to client due diligence questionnaires (DDQs) on cybersecurity practices
Support audit activities, including evidence collection and remediation tracking
Support policy exceptions and technology risk issue tracking and remediation
Partner with IT, Risk, Legal, and Business teams to align security initiatives
Support client-facing teams with cybersecurity communications and inquiries
Qualifications and Experience
3+ years of experience in cybersecurity, with exposure to both security awareness and GRC functions
Demonstrated experience running security awareness programs and phishing simulations
Familiarity with user access, service accounts and non-human identities review processes and identity/access governance concepts
Experience completing or contributing to security questionnaires (e.g., DDQs, RFPs, client assessments)
Strong understanding of cybersecurity principles, threats, and human risk factors
Excellent written and verbal communication skills, with the ability to translate technical concepts for non-technical audiences
Technical Expertise
Experience with security awareness platforms, phishing simulation tools, and GRC systems
Understanding of Identity and Access Management (IAM), including authentication, authorization, and governance
Knowledge of Privileged Access Management (PAM) and least privileged principles
Familiarity with automation and scripting to support security and risk processes
Working knowledge of cybersecurity frameworks such as NIST, ISO 27001, and CIS Controls
Core Competencies
Drives behavior changes through effective, targeted communication
Applies a pragmatic approach to prioritize and manage cyber risk
Leverages data and metrics to inform decisions and improve programs
Partners effectively across global, cross-functional teams
Simplifies complex cybersecurity concepts for diverse audiences
Values & Culture
Acts with non-negotiable integrity and maintains the highest professional standards.
Demonstrates intellectual curiosity, seeking to continually advance the firm's cybersecurity engineering posture.
Embodies collaboration, transparency, and accountability in all engagements.
Dedicated to protecting client trust through security excellence and proactive risk management.
Special Requirements
Hybrid work model (4 days onsite preferred)
Occasional after-hours support for global operations
This role is not eligible for employment-based immigration sponsorship. Applicants must be legally authorized to work in the United States without employer sponsorship, now or in the future.
Equal Employment Opportunity
Russell Investments is committed to providing equal employment opportunities for all associates and employment applicants regardless of race, religion, ancestry, creed, color, gender (including gender identity which refers to a person's actual or perceived sex, and includes self-image, appearance, behavior or expression, whether or not different from that traditionally associated with a person's biological sex), age, national origin, citizenship status, disability, medical condition, military status, veteran status, marital status, sexual orientation, past or present unemployment status , or any other characteristic protected by law.
$90,000 USD - $100,000 USD
Specific compensation will be based on candidate's experience, skills, qualifications, commercial considerations, and other job-related factors permitted by law. At Russell Investments, salary is just one part of our compensation package. Our total rewards approach includes an annual performance bonus (subject to eligibility criteria) in addition to participation in our competitive benefits programs including healthcare, retirement, vacation, and wellbeing programs.
Job Description:
At Russell Investments, our purpose is to improve financial security for people.
We are seeking a
Cybersecurity Analyst
to advance our Human Cyber Risk Management program while supporting enterprise-wide risk and compliance efforts. This role is instrumental in strengthening the organization's security posture by promoting secure behaviors, managing user-centric risk initiatives, and addressing regulatory and client-facing cybersecurity requirements.
The ideal candidate combines expertise in security awareness with a strong understanding of human risk dynamics and core risk management practices and demonstrates the ability to collaborate effectively across global teams.
Key Responsibilities
Deliver and continuously enhance security awareness programs, including quarterly, threat-informed campaigns
Execute phishing simulations, including scenario design, targeting, and performance analysis
Support Cybersecurity Awareness Month and other enterprise-wide engagement initiatives
Maintain internal cybersecurity resources to promote accessible guidance and best practices
Contribute to external cyber trust centers/client assurance portals, ensuring accurate and current content
Monitor and report on human risk metrics, providing actionable insights to stakeholders
Partner with HR and Internal Communications to strengthen security culture and drive behavior change
Support user access reviews (UARs), service accounts and non-human identities review ensuring coordination, completion tracking, and audit readiness
Respond to client due diligence questionnaires (DDQs) on cybersecurity practices
Support audit activities, including evidence collection and remediation tracking
Support policy exceptions and technology risk issue tracking and remediation
Partner with IT, Risk, Legal, and Business teams to align security initiatives
Support client-facing teams with cybersecurity communications and inquiries
Qualifications and Experience
3+ years of experience in cybersecurity, with exposure to both security awareness and GRC functions
Demonstrated experience running security awareness programs and phishing simulations
Familiarity with user access, service accounts and non-human identities review processes and identity/access governance concepts
Experience completing or contributing to security questionnaires (e.g., DDQs, RFPs, client assessments)
Strong understanding of cybersecurity principles, threats, and human risk factors
Excellent written and verbal communication skills, with the ability to translate technical concepts for non-technical audiences
Technical Expertise
Experience with security awareness platforms, phishing simulation tools, and GRC systems
Understanding of Identity and Access Management (IAM), including authentication, authorization, and governance
Knowledge of Privileged Access Management (PAM) and least privileged principles
Familiarity with automation and scripting to support security and risk processes
Working knowledge of cybersecurity frameworks such as NIST, ISO 27001, and CIS Controls
Core Competencies
Drives behavior changes through effective, targeted communication
Applies a pragmatic approach to prioritize and manage cyber risk
Leverages data and metrics to inform decisions and improve programs
Partners effectively across global, cross-functional teams
Simplifies complex cybersecurity concepts for diverse audiences
Values & Culture
Acts with non-negotiable integrity and maintains the highest professional standards.
Demonstrates intellectual curiosity, seeking to continually advance the firm's cybersecurity engineering posture.
Embodies collaboration, transparency, and accountability in all engagements.
Dedicated to protecting client trust through security excellence and proactive risk management.
Special Requirements
Hybrid work model (4 days onsite preferred)
Occasional after-hours support for global operations
This role is not eligible for employment-based immigration sponsorship. Applicants must be legally authorized to work in the United States without employer sponsorship, now or in the future.
Equal Employment Opportunity
Russell Investments is committed to providing equal employment opportunities for all associates and employment applicants regardless of race, religion, ancestry, creed, color, gender (including gender identity which refers to a person's actual or perceived sex, and includes self-image, appearance, behavior or expression, whether or not different from that traditionally associated with a person's biological sex), age, national origin, citizenship status, disability, medical condition, military status, veteran status, marital status, sexual orientation, past or present unemployment status , or any other characteristic protected by law.