Information Security Policy Analyst

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.

Facebook is seeking an Information Security Policy Analyst to join the Information Security team. This position will be responsible for developing, driving adoption of, and interpreting pragmatic Information Security policies, standards, and guidelines. The InfoSec Policy and Awareness Analyst is someone that has a passion for dissecting complex Information Security challenges, analyzing varieties of data, and designing pragmatic policies to protect the data and information of over 2 billion users. This role is located at our headquarters in Menlo Park, CA.


  • Information Security Policy Development, Update, and Review
  • -Drive consensus across cross-functional partners to determine new policy feasibility and impact, balancing business needs, culture, and required protections
  • -Design pragmatic and consistent Information Security policies based on data available to determine negative impact and technical enforcement feasibility
  • -Continuously assess existing policies for relevancy and accuracy
  • -Maintain and implement a policy management lifecycle processes that scale to the Facebook environment
  • Information Security Policy Enforcement and Exception Processing
  • -Evaluate and prioritize policies that require preventative, detective, and awareness-only enforcement
  • -Develop novel and scalable ways with a cross-functional team to proactively enforce high priority policies while reactively responding to violations of lower priority policies
  • -Drive efforts to automate and scale through tooling to detect and prevent or respond when individuals are about to violate key policies
  • -Work with partners to identify and manage risks associated with policy violations and exceptions
  • Information Security Awareness and Education
  • -Develop and implement real-time delivery of policies through tooling
  • -Design, build, and review relevant training content to increase awareness of Information Security policies, programs, and practices
  • -Conduct planned and ad-hoc training across the portfolio of Information Security policies
  • B.S. in a technical discipline or equivalent experience
  • 5+ years experience in Information Security, business analysis, or similar services consulting experience
  • Experience managing priorities and projects simultaneously
  • Experience leading through influence
  • Communication experience, interpersonal experience, and experience working cross-functionally with various teams
  • Analytical and problem-solving experience, including knowledge of data analysis techniques

Back to top