ISACA® (www.isaca.org) champions the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members’ careers—helping them to thrive in a rapidly changing digital landscape, drive trusted innovation and ensure a more secure digital world. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.

A Principal Research Analyst - Information Security at ISACA leads the development, delivery, and continuous enhancement of high-quality forward-thinking content, guidance, and practitioner aids for their assigned area of expertise, ensuring alignment with ISACA’s Professional Practices Program Strategy and industry standards. This role partners closely with business units, marketing, events teams, and ISACA leadership to integrate practice-area content consistently across conferences, webinars, publications, and other member-facing initiatives. Serving as a subject matter expert in their assigned practice area. This Principal Research Analyst recruits, mobilizes, and guides volunteer SME groups to co-develop and validate content, while providing expert guidance throughout content and research project cycles. The position represents ISACA externally at industry events, panels, and webinars, evaluates conference proposals, and ensures presentations meet technical and strategic standards.

 

Additionally, the role supports knowledge advancement by responding to member inquiries, monitoring trends, and maintaining up-to-date expertise, and contributes to ISACA’s brand and marketing efforts to strengthen organizational visibility and credibility. This position requires consistent demonstration of critical thinking, collaboration, strong communication, analytical skills, and the ability to manage multiple priorities, embodying ISACA’s values of People First, Curiosity, Passion, and Collaboration.

Content Leadership & Development

• Lead the creation, review, and delivery of content including articles, audit programs, whitepapers, secondary research reports, and practitioner aids. 
• Ensure content aligns with ISACA’s Professional Practices Program Strategy and industry standards. 
• Provide input on materials, frameworks, and references to maintain high-quality outputs. 

Subject Matter Expertise & Volunteer Engagement 

• Serve as internal SME within assigned professional practice (e.g., audit, emerging tech, GRC, information security, privacy). 
• Recruit, mobilize, and manage volunteer SME groups to co-develop and validate ISACA content. 
• Provide guidance and leadership during content and research project cycles e.g., exam prep materials, journal articles. 

External Representation & Thought Leadership

• Represent ISACA at industry events, panels, podcasts, and webinars to promote the organization’s research and frameworks. 
• Evaluate conference proposals and review final presentations for technical and strategic accuracy. 

Knowledge Advancement & Inquiry Support 

• Respond to member and partner technical inquiries within area of practice. 
• Maintain up-to-date knowledge by attending professional seminars, reviewing literature, and monitoring trends. 

Cross-Functional Collaboration

• Partner with business units, marketing, and events teams to ensure consistent, relevant integration of practice-area content across conferences, webinars, podcasts, and publications. 
• Collaborate with ISACA leadership to align professional practice content with organizational messaging and priorities. 

Strategic and Brand Support 

• Support ISACA’s marketing and brand-building efforts through strategic communication and collaboration. 
• Participate in activities that foster partnerships and elevate ISACA’s visibility and credibility in the global ecosystem. 

Required Field of Study:

• Bachelor’s Degree in a relevant field of study from an accredited university, or an equivalent combination of education and experience.

Minimum Years of Experience Required:

• Minimum of 8 years of experience in a similar role or capacity, with a demonstrated record of success.
• Experience responding to stakeholder inquiries, providing expert guidance and practical interpretation of industry practices and trends.
• Proven experience collaborating cross-functionally with business teams

Description of Minimum Experience Required:

• Additional 5+ years of enterprise information security program experience; must include recent experience (within past 24 months) securing modern, hybrid enterprise environments.
• Familiarity with common frameworks and taxonomies (NIST CSF, MITRE ATT&CK, ISO 27001, CIS controls)
• Deep working knowledge of core cybersecurity domains (network, endpoint, IAM, cloud, application security, incident response)
• Knowledge of cloud platforms and cloud control frameworks (AWS/Azure/GCP and cloud audit considerations)
• Experience conducting secondary research and reporting
• Track record of public-facing thought leadership: conference speaking, webinars, podcasts, or published articles

Required Competencies/Skills:

• Vendor and market research – evaluating products, mapping capabilities, and performing competitive analysis
• Critical thinking, collaboration, and cross-functional stakeholder engagement
• Business writing
• Proven ability to translate research into content deliverables: verbal presentations or written reports

Preferred Field of Study:

• Master’s Degree in Cybersecurity, Computer Science, Information Systems, or related field from an accredited university.

Preferred Years of Experience:

• 10+ years of experience in a similar role or capacity, with a demonstrated record of success.

Description of Preferred Experience:

• Related experience in regulated industries (finance, healthcare, energy) or working with regulators and compliance programs
• Direct involvement with procurement, implementation, and operationalization of AI technologies
• Experience with threat intelligence, detection engineering, or malware/attack analysis
• Experience performing threat modeling

Required Certifications:

• CISM or CISSP

Travel of 15% or more may be required to attend industry conferences, professional events, workshops, and external meetings. Travel is primarily domestic, with occasional international travel depending on event participation and organizational priorities.

ISACA is proud to be an equal opportunity employer. ISACA is committed to building an environment of diversity, equity, and inclusion where equal employment opportunities are available to all applicants and employees without regard to race, color, religion, sex (including pregnancy and gender identity), national origin, age, ancestry, disability, genetic information, citizenship, sexual orientation, veteran status, marital status, familial status, military discharge status, or any other characteristic or status protected by federal, state, or local law. We support an inclusive workplace where employees excel based on merit, qualifications, experience, and ability.

USD $109,138.00 - USD $163,759.00 /Yr.

Benefits Information available below: 

ISACA Career Opportunities and Benefits