Cyber security analyst jobs in New Windsor, NY

at Nuvance Health The Cyber Security Engineer will have responsibility for incident response along with a desire to relentlessly champion best practices. This role will perform all functions required to support day-to-day data security operations, supporting and maintaining a broad suite of cyber security operations infrastructure, serving as a tier 2 escalation point during incident response and investigations and monitoring compliance with IT security policy. Participate in the planning, design, installation, maintenance and tuning of security operations systems in support of security policies and best practice. Work with Information Technology staff and business units to assess risk and address security issues. Responsibilities: • Manage security responsibilities, including firewalls, proxy systems, SIEM, EDR and other security devices. 15% • Strong skills implementing and tuning security components. 15% • Server as an escalation point during incident response and investigations. 15% • Maintain cyber security operations tool to insure detection, response and remediation of latest security threats 15% • Create and review reports on event and incidents. 10% • Stay up to date with latest security threats and assist with developing defense strategy's to combat them. 10 % • Investigate and respond to security violations 10% • Ability to maintain in depth knowledge of security and networking infrastructure utilized by the company including the management and reporting of each. 10% Education Skills Experience • Bachelor's degree in computer science field required • 2 or more years Security Operations with a minimum of 4 years IT experience. • Demonstrated experience in Incident response investigations. • Working knowledge of EDR technologies. • Working knowledge of SIEM technologies. • Working knowledge of common vulnerability management tools. • Working knowledge of enterprise firewall technologies preferred. • Working knowledge of web filtering and proxies preferred. • Working knowledge of MDM solution preferred. • Experience with DLP and IPS/IDS systems preferred. • Working knowledge of email filtering product preferred. • Working knowledge of litigation hold processing and forensic investigations preferred. • Experience participating in Red/Blue/Purple team exercises. • Experience working with information security practices, networks, software, and hardware. Other Information: • CISSP, CEH, or other equivalent certification is a plus. • Disaster recovery and business continuity experience is a plus. • Working knowledge with HIPAA regulations as they pertain to the healthcare industry. Working Conditions: Manual: Some manual skills/motor coord & finger dexterity Occupational: Little or no potential for occupational risk Physical Effort: Sedentary/light effort. May exert up to 10 lbs. force Physical Environment: Generally pleasant working conditions Company: Nuvance Health Org Unit: 1795 Department: Information Security Exempt: Yes Salary Range: $40.43 - $75.10 Hourly

Information Security Analyst Duration : 12 Months Total Hours/week : 40.00 Client: Medical Device Company Job Category: Operations/Technical Level Of Experience: Senior Level Employment Type: Contract on W2 (Need US Citizens Or GC Holders Only) Job Description: Information Security Analyst, Threat and Vulnerability Management This role will focus on Tactical Intelligence and Vulnerability Management. Threat and Vulnerability Management This person has experience in risk prioritization, navigating sources for identification and assessment of threats, and conducting cross-functional awareness for addressing risk. They will have experience assisting with vulnerability scanning and analysis, threat intelligence tools and working across a matrixed environment to assess indicators and triage risk. You will leverage a broad array of threat information. Additionally, you will proactively drive hunting and analysis and conduct technical research and analysis on emerging threats. You are comfortable providing fact-based reports to various levels of the organization within a fast-paced environment. You have previous tactical intelligence or vulnerability management experience, understand the fundamentals of reducing attack surfaces, and possess effective analytical skills. You will be accountable for setting your own work direction and completing tasks. Key Responsibilities (Top Tasks & Outcomes for Which This Position Will be Accountable) Experience recognizing threats and conducting analysis on emerging threats and how they relate specifically to client Provide written analysis of findings to communicate potential risks and impact Experience in network security analysis and log-centric analysis (SIEM) Understanding and reporting of attacker Indicators of Compromise Monitoring intrusion detection systems and identifying host and network-based intrusions via intrusion detection technologies Provide attack surface management training and development Manage risk reporting and escalation to cross-functional teams in a cooperative manner Other responsibilities as necessary Perform risk identification and triage with incident management Assist with additional projects as needed Skills and Knowledge Required Strong communication and project management skills Requires a highly motivated, dynamic and customer-centric associate who thrives in a challenging and changing environment Working knowledge of crisis management communication, incident response and handling methodologies, NIST cybersecurity standards and FDA cybersecurity guidance Effective meeting management and group facilitation skills Experience: 2-3 years' experience in a security operations full-time role Educational A minimum of a bachelor's degree required. Ideal candidate will have a degree in computer science, communication, or other technical discipline. Knowledge, Skills & Abilities In-depth knowledge of computer operating systems, including Windows, IoS and Linux a plus Experience with intelligence tools and applications Knowledge of Healthcare rubrics for vulnerability scoring and threat modelling Preferred Certifications: CERT-Certified Computer Security Incident Handler Certification, CISSP, HCISSP Detail-oriented with the ability to promptly assess documents for accuracy as well as consistency Strong interpersonal skills with the ability to influence others in a positive and effective manner Ability to work in a team environment Excellent communication skills; both oral and written

Emergency Response Team (ERT) Security Analyst - (250000AB) Radware is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. At Radware, we live and breathe cybersecurity. It is our passion. Each day, our international team works to earn the trust of more than 12,500 organizations around the globe. Keeping them safe is our mission. To that end, we go head-to-head with politically motivated hacktivists, dangerous nation-state threat actors and other notorious cyber attackers - these are not your average adversaries. Backed by nearly 30 years of experience, Radware is best known for its technical excellence and innovative network and application security solutions. That is why it is so important that we build our team with bold and bright talent. About the Team: The Security Analyst will join the Emergency Response Team in Radware's Managed Services business unit. The ERT Team provides immediate and direct security support for customers under attack, ensuring the continued functioning of protected services and, ultimately, customer satisfaction. What is the job: The Emergency Response Team (ERT) Security Analyst fuels the success of customers by serving as the primary contact when timely assistance is needed the most. If you are an energetic, upstart engineer who enjoys working in a fast-paced environment and interacting with people under pressure, this could be the position for you. What you need: · At least 1 year experience in application security or Master's degree in Cyber Security· Good understanding of network design (e.g. LAN/WAN, switches/routers, routing protocols such as BGP and OSPF) and protocols (e.g., IPv4, TCP/IP, VPN, IPSec, HTTP, DNS)· Good understanding of and experience with security · Wireshark, Kali Linux· Customer and service oriented· Good troubleshooting and diagnosis capabilities· Willing to be on alert during off-work hours· Excellent communication skills and team work· Excellent time management, multi-tasking, and prioritization skills· Perceptive, fast learner, and able to perform well under pressure How can you stand out:· Experience in similar positions/companies· BSc/BA in Computer Science or equivalent· Knowledge in scripting language· Graduated Networking or Security courses Why you should join us:Employees from more than 40 countries have chosen Radware as a place where they can belong.Radware has been recognized by Glassdoor and BDI as one of the World's Best Places to Work, ranking among the top 100 companies across the globe in the IT category.Radware has also been named a Gold Winner for Application Security in the 2023 Globee Cybersecurity Awards, by Forrester a Leader in DDoS Protection, and has been named a Leader in WAF Market by Quadrant Knowledge Solutions.We are equally committed to our people. We strive to create a dynamic work environment that celebrates diversity, promotes equality, and thrives on the unique contributions of each individual.If you are ready to be part of a global-minded company that is inspired to create a better, safer future; and if and want to fight for the good guys and be at the forefront of helping companies protect their most critical assets from today's cyber adversaries, then you've found the right fit at Radware.Salary Range: $93k-$118k#LI-TM1Primary Location: US-NJ-MahwahWork Locations: Radware US, New Jersey Mahwah 575 Corporate Drive Lobby 1 Mahwah 07430Job: Cloud and ManagementRefer a friend for this job Tell us about a friend who might be interested in this job. All privacy rights will be protected.Refer a friend

**Duration: 12 months contract (with possible extension)** ***Note: Open to candidates who are willing to relocate at their own expense.** + The Workday Application Security Analyst is responsible for ensuring the confidentiality, integrity, and availability of data within the Workday system. + They design, implement, and maintain security configurations, including roles, permissions, and access controls, to protect organizational data and comply with company policies, industry standards, and regulatory requirements. **Job Functions & Responsibilities** + Develop and implement security roles, domain security policies, data and business process security within Workday + Ensure secure integration with other on‐premise and cloud applications like GRC tools + Configure and manage access permissions to ensure users have the appropriate level of access to data and functionality + Ensure compliance with company policies, industry standards (like SOC 2), and regulatory requirements (like GDPR) + Conduct regular security audits and assessments to identify vulnerabilities and areas for improvement + Assist in investigating and responding to security incidents, identifying root causes, and implementing preventive measures + Collaborate with IT, HR, and other stakeholders to align security efforts with business needs and ensure effective communication of security policies and procedures + Create and maintain documentation for security policies, procedures, and configurations, and provide training to users on security best practices + Stay abreast of Workday updates, industry trends, and emerging security threats to continuously improve security configurations and processes + Familiarity with other ERPs like SAP is preferred + Familiarity with GRC and Workday SoD (Segregation of Duties) management is desired **Skills** + SAP ERP (S/4 HANA is a plus) + Workday + Active Directory group management + GRC AC 10.1 and above + Microsoft Clienture + SuccessFactors + Applicable functional knowledge for SAP security areas like Finance, MM, ISU billing, etc. + SAP audit & compliance **Education & Certifications** + Bachelor's degree in engineering, IT, or related field + 7-10 years of hands‐on industry experience in Workday Security implementation and administration + Strong ITGC compliance knowledge for Workday + Familiarity with Workday risk management and GRC integration + Ability to identify, analyze, and resolve complex security and compliance issues + Strong interpersonal and communication skills, with the ability to effectively collaborate with diverse teams ** About US Tech Solutions:** US Tech Solutions is a global staff augmentation firm providing a wide range of talent on-demand and total workforce solutions. To know more about US Tech Solutions, please visit *********************** (*********************************** . US Tech Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, procedures, and approaches to patient care, producing stellar outcomes and raising the bar for academic medical centers in the region and around the world. Our work to improve health outcomes in underserved communities is unparalleled in the United States. Our workforce is among the most diverse in the US: Montefiore associates speak 60+ languages. This is a hybrid position requiring being on-site as needed. ________________________________________ We are seeking a skilled and detail-oriented CMDB Engineer to join our IT team. This role will be responsible for developing, managing, and optimizing our ServiceNow Configuration Management Database (CMDB), supporting Discovery, service graph connectors, third-party data integrations, and IRE configuration. This role is critical to ensuring visibility, accuracy, and reliability of Configuration Items (CIs) throughout their lifecycle using the ServiceNow platform. ________________________________________ Responsibilities include: • Manage and enhance the ServiceNow CMDB, ensuring accuracy, completeness, and alignment with ITIL standards. • Configure and extend ServiceNow Patterns to improve data ingestion and normalization. • Deep knowledge of how to troubleshoot ServiceNow Discovery-related issues. • Maintain and enhance the ServiceNow CMDB following the Common Service Data Model (CSDM) framework. • Collaborate with infrastructure, network, and application teams to ensure proper CI identification and relationships. • Manage integration with other technologies (e.g., SCCM, vCenter, SolarWinds, etc.) feeding the CMDB. • Create and maintain CMDB documentation, architecture diagrams, and training materials. • Manage and maintain the Identification and Reconciliation Engine (IRE) rules. • Monitor and improve the CMDB Health Dashboard, ensuring ongoing health and governance of the “3 C's” - Completeness, Correctness, and Compliance. • Audit and validate CI data regularly to ensure appropriate CI class assignments, relationships, and attributes. • Oversee and optimize MID server health and ensure discovery schedules are accurate and up to date by liaising with the Network team. • Support audits, compliance, and risk initiatives by ensuring the integrity and traceability of CMDB data. Requirements include: • 7+ years of experience in an enterprise IT organization • Minimum of 3-5 years of hands-on experience with ServiceNow CMDB and Discovery • ServiceNow Certified System Administrator (CSA) certification is required to be eligible for this role. • Strong knowledge and practical experience with ServiceNow CSDM framework and the IRE configuration. • Experience with CI data normalization, reconciliation, and health reporting • Experience with third-party integrations like AWS, SCCM and JAMF • Proficiency in CMDB data modeling, CI class categorization, and relationship mapping. • Strong analytical and troubleshooting skills to manage data quality and Discovery issues. • Experience configuring and maintaining MID Servers and Discovery Schedules. • Bachelor's degree or equivalent experience. Preferred: • Other ServiceNow certifications such as Certified Implementation Specialist - CMDB, Discovery Fundamentals, is a plus. Department: Montefiore Information Technology Bargaining Unit: Non Union Campus: YONKERS Employment Status: Regular Full-Time Address: 3 Odell Plaza, Yonkers Shift: Day Scheduled Hours: 8:30 AM-5 PM Req ID: 224883 Salary Range/Pay Rate: $112,500.00 - $150,000.00 For positions that have only a rate listed, the displayed rate is the hiring rate but could be subject to change based on shift differential, experience, education or other relevant factors. To learn more about the “Montefiore Difference” - who we are at Montefiore and all that we have to offer our associates, please click here. Montefiore is an equal employment opportunity employer. Montefiore will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law. SF-DICE-MIT; LI-SC1-REDIRECT

Introduction The CISO Cybersecurity Operations Platform (CSOP) team is looking to add an engineer to the Analytics and Data Exploitation team. The Platform provides the technology, services and expertise required by IBM's Cyber Threat Detection and Response teams. We support the Advanced Threat Detection (threat hunting, intelligence, incident response), Vulnerability Detection and Response, Innovation and Remediation, Security Operations Centers and Command Centers teams to deliver enterprise-wide security to one of the world's most established technology companies. We process tens of billions of events per day, meaning effective analysis and data exploitation practices are critical to our success. This is a technical position within the Analytics and Data Exploitation team who employ commercial, open source and in-house developed tools to deliver critical cybersecurity services such as event processing, automation, complex analytics and support to digital investigations. This role operates across our development, test, pre-production and production networks to create, maintain and improve our services -an important component of which is fault-finding and the ability to work within complex, dynamic environments. The right candidate thrives in high-pressure situations and has practical experience working with Big Data technologies -such as Spark, Hadoop and Elasticsearch. The role requires a proven, practical knowledge of container orchestration technologies -specifically Kubernetes and RedHat OpenShift. The work will include the design and optimization of container-deployed systems, as well as the day-to-day engineering and administration of the orchestration environment. This includes cluster management, Pod assignment / configuration, application virtual routing, security, container image registry management and optimization of the runtime engines. Wider knowledge of data ingestion, extraction, transformation and loading technologies is important - including Streamsets and Flink. The role is rounded-out by some software development tasks - all related to cyber security. These will involve Java, SQL, Python and automation scripting so experience with DevSecOps methods is highly advantageous. The Platform team employs hybrid cloud hosting and this includes provisioning, administration and management of services within environments spanning IBM Cloud, Amazon Web Services and Microsoft Azure. About the Team The CISO Cybersecurity Operations Platform (CSOP) team is looking to add an Email Security Engineer to the team. The CSOP provides the technology, services and expertise required by IBM's Cyber Threat Detection and Response teams. We support the Advanced Threat Detection (threat hunting, intelligence, incident response), Vulnerability Detection and Response, Remediation, Security Operations Center and Command Center teams to deliver enterprise-wide security to one of the world's most established technology companies. Your role and responsibilities Job Duties: * Contribute to the day-to-day work that supports our critical cybersecurity analysis and data processing workflows * Protect organization against phishing, spoofing, malware, and advanced threats while maintaining user experience and compliance * Familiarity with Exchange, ProofPoint Email Solutions, Powershell, Azure, and M365 suite * Design, implement and maintain secure email solutions within the Microsoft 365 tenant and related servces * Moniotr and respond to email-related security incidents, phishing attempts, and compromise events * Support the team leadership to improve overall exploitation of technologies that best serve our requirements * Partner with CIO and CISO teams to develop email security policies, rules, and playbooks * Work as part of a deeply technical, passionate team of engineers to tackle significant IT challenges Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise * 3 or more years' experience in an email security engineer or similar role * Experience with Microsoft 365 Exchange or Proofpoint email solutions * Hands on experience with SPF, DKIM, and DMARC configuration and rollout at an enterprise level * Experience with (or a proven aptitude for) working within a fast-paced environment where the success criteria are defined by external factors. This includes having to change course quickly, based on the evolving needs of a complex and dynamic environment * Strong experience with incident response processes for phishing and email-based threats * Experience with IBM Cloud, AWS, Azure or similar cloud environments * Strong understanding of email protocols ISMPT, IMAP, POP3) and security controls * Familiarity with SIEM tools for monitoring and automation on email threats * Excellent problem-solving, communication, and documentation skills Preferred technical and professional experience * Experience with secure email gateways (Proofpoint, M365, etc) * Microsoft certification * Knowledge of zero trust frameworks and modern authentication methods (MFA, conditional access) * Familiarity with cloud-native security tools (Sentinel, Defender, XDR) * Understanding of email encryption solutions (TLS, S/MIME, PGP) * Experience in large enterprise environments with hybrid Microsoft Exchange deployments * Ansible experience is a strong advantage ABOUT BUSINESS UNIT IBM Systems helps IT leaders think differently about their infrastructure. IBM servers and storage are no longer inanimate - they can understand, reason, and learn so our clients can innovate while avoiding IT issues. Our systems power the world's most important industries and our clients are the architects of the future. Join us to help build our leading-edge technology portfolio designed for cognitive business and optimized for cloud computing. YOUR LIFE @ IBM In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better. Being an IBMer means you'll be able to learn and develop yourself and your career, you'll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background. Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do. Are you ready to be an IBMer? ABOUT IBM IBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world. Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we're also one of the biggest technology and consulting employers, with many of the Fortune 500 companies relying on the IBM Cloud to run their business. At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it's time for you to join us on our journey to being a responsible technology innovator and a force for good in the world. IBM is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status. OTHER RELEVANT JOB DETAILS IBM offers a competitive and comprehensive benefits program. Eligible employees may have access to: * Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being * Financial programs such as 401(k), cash balance pension plan, the IBM Employee Stock Purchase Plan, financial counseling, life insurance, short & long- term disability coverage, and opportunities for performance based salary incentive programs * Generous paid time off including 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs. IBM also offers paid family leave benefits to eligible employees where required by applicable law * Training and educational resources on our personalized, AI-driven learning platform where IBMers can grow skills and obtain industry-recognized certifications to achieve their career goals * Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences We consider qualified applicants with criminal histories, consistent with applicable law. This position was posted on the date cited in the key job details section and is anticipated to remain posted for 21 days from this date or less if not needed to fill the role. IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship. The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience and location. Pay increment and frequency of pay will be in accordance with employment classification and applicable laws. For part time roles, your compensation and benefits will be adjusted to reflect your hours. Benefits may be pro-rated for those who start working during the calendar year.

The Information Security Analyst plays a key role in advancing the company's Governance, Risk & Compliance (GRC) program by protecting enterprise information assets and ensuring compliance with regulatory, contractual, and ethical standards. This position offers hands-on experience across multiple security domains including policy governance, risk management, AI governance, and data security, making it an excellent opportunity for early career professionals or recent graduates passionate about cybersecurity and emerging technology risks. In this role, you will collaborate with teams across Information Security, IT, and Legal to drive initiatives that safeguard sensitive data, maintain compliance obligations, and promote responsible use of artificial intelligence and other advanced technologies. Responsibilities Governance & Policy Management Assist in developing, maintaining, and aligning information security policies with frameworks such as NIST CSF, ISO 27001, SOC 2, CIS, and the NIST AI RMF. Contribute to documentation and control mapping for new or updated regulations related to AI, privacy, and data protection (e.g., GDPR, CCPA, NIST 800-53 Rev 5). Support internal policy review cycles, ensuring consistent version control and executive approval. Risk Management Participate in enterprise risk assessments, including third-party, application, and AI model risk reviews. Help identify, document, and track remediation of security and privacy risks within the GRC platform (e.g., Drata, ServiceNow GRC, OneTrust, Vanta, etc.). Support the development of risk metrics and dashboards for leadership reporting. Learn to evaluate AI-related risks such as model bias, data leakage, data lineage, model transparency, and unintended data exposure. Data Governance & Data Security Assist with data classification, retention, and handling standards, ensuring sensitive data is appropriately protected. Support data inventory and mapping efforts to improve visibility where critical data resides. Help review access controls, encryption standards, and secure data transfer processes in coordination with IT teams. Collaborate with the IT team to ensure alignment between data quality, privacy, and security controls. Compliance & Audit Support Gather and organize evidence for internal and external audits (ISO 27001, PCI, HIPAA, etc.). Maintain control documentation and track audit remediation activities. Support continuous monitoring of compliance requirements and updates to regulatory obligations, including emerging AI governance and data-related laws. AI Governance Support Contribute to inventories of AI tools and use cases across the enterprise. Assist in risk assessments for AI systems, ensuring they align with responsible AI principles such as fairness, accountability, and transparency. Collaborate with IT and legal teams to ensure that AI use complies with company policies. Security Awareness & Communication Help design and distribute training materials related to cybersecurity, data protection, and responsible AI practices. Support internal campaigns promoting secure data handling and ethical technology usage. Prepare metrics, dashboards, and presentations for leadership briefings. Continuous Improvement Participate in projects that automate or streamline GRC processes, such as policy lifecycle management or risk scoring. Stay informed about new threats, regulatory trends, and AI governance frameworks. Engage in ongoing professional development and certification opportunities. Qualifications Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Data Science, or a related field is preferred 0-2 years of experience in cybersecurity, risk management, compliance, or data governance (internship or coursework acceptable). Understanding of cybersecurity principles, risk management, and data privacy fundamentals. Basic familiarity with AI systems, data governance concepts, or information security practices. Strong analytical, communication, and documentation skills. Ability to manage multiple priorities in a fast-paced environment. Proficient in Microsoft Excel, PowerPoint, and data analysis or GRC tools. Exposure to frameworks such as NIST CSF, ISO 27001, SOC 2, NIST AI RMF, or COBIT. Must be able to work in the U.S. without sponsorship Per applicable state requirements, the annual pay range for this position ($60,500 - $84,000) which consists of base salary (subject to performance), reflects the hiring range for candidates. Also note, an individual's offer may vary from this range as it may be impacted by additional factors, including but not limited to the candidate's hiring location, qualifications, experience, and market factors.

SonSoft , Inc. is a USA based corporation duly organized under the laws of the Commonwealth of Georgia. SonSoft Inc is growing at a steady pace specializing in the fields of Software Development, Software Consultancy and Information Technology Enabled Services. Job Description LENGTH: 12 MONTHS, OPTION TO HIRE JOB ID: 1912185274 JOB TITLE: ACTIVE DIRECTORY ENGINEER - SME GC/EAD OR CITIZEN - OPTION TO HIRE POSITION SUMMARY: MUST HAVE a Security Background. Responsible for supporting and maintaining Microsoft Active Directory. Familiar with the Microsoft Windows Server Operating system, , and VMWare Virtualization technologies in the environment. This includes planning for and responding to service outages and other problems, and being a Tier 3 escalation point for moderately complex Active Directory problems beyond the knowledge of other technical support staff. Ensures customer satisfaction by advising customers on preventative maintenance and configurations which may impact product performance. Takes responsibility for potential or desired follow-up services or problem escalation. Fully qualified server engineer. High degree of troubleshooting. Self-starter needing little to no guidance. Additional Information NOTE : ONLY GCEAD , GC AND CITIZEN

One of the fastest growing technology companies in the world - even during the depths of the economic downturn. A micro-vertical strategy, built on strong domain expertise, ensures that no matter how complex a company's business problem, we can offer a solution that is sustainable and innovation-driven. Job Description Managing and implementing McAfee Anti-Virus and other security systems. Qualifications • Must have 7+ years' experience with McAfee anti-Virus Management and implementation • Good hands on exposure on McAfee end point DLP and HIPS • Experience in Symantec End point Encryption -PGP • Must have team management and customer interaction skills • Must have exposure in defining SLAs • Must have expertise in defining Standard Operating Procedures • Must have expertise in Remote Infrastructure management for network and information security • Basic Understanding of network and security concepts • Should have good understanding on Incident Management & Change Management and ticketing tools Primary Skill Set: Symantec/Mcafee antivirus, Symantec HIPS and Mcafee end point DLP, End Point Encryption • Should have good communication skills (verbal and written). • Should be comfortable working in 24*7 environments. • Should have team management skills Additional Information Ed Grajo Technical Recruiter -------------------------------------------------------------------- Hi-Tech Solutions, Inc. | Information Technology Consulting Two Mid America Plaza, Suite 630 | Oakbrook Terrace, IL 60181 Direct Phone: ************ ********************* Lets connect on LinkedIn - *********************************************************************************

Energy. It defines LanceSoft. Consider our unique ‘keep apace' operational culture, the spirited lot of hand-picked professionals, our ‘up-to-the-minute' knowledge base, together they form a dynamic mix of value-generating characteristics that help us delve into the heart of a problem to deliver precise services and solutions - repeatedly. In business since 2000, LanceSoft is a reputed and credible Contingent Workforce Management Services firm that has established itself as a pioneer in providing highly scalable workforce solutions and exceptionally competent global IT services to a diverse set of customers across various industries around the globe. LanceSoft is headquartered out of the Washington DC Metropolitan (Herndon, VA) and operates out of various locations in the US, Canada and India Job Description The associate would join a project team responsible for critical Identity and Access Management projects utilizing Forefront Identity Manager to facilitate process automation. - The team member would be responsible for: o Quickly learning BD's onboarding and termination automated procedures. o Providing End User Training and Support for Forefront Identity Manager processes. o Documenting and training IT staff on Forefront Identity Manager processes. o Facilitate and execute testing of new ForeFront Identity Manager functionality (additional source systems, workflows, roles and permissions). o Facilitate global Active Directory data integrity remediation of User and Group objects. Qualifications Strong Identity and Access Management foundation in Active Directory and Forefront Identity Manager. SAP GRC and ABAP security design is a nice to have. - Excellent Powershell, LDAP or equivalent scripting and reporting skills including heavy Microsoft Excel and CSV based Extract, Transform and Load operations. - Excellent verbal and written communication skills. - Must have hands on experience implementing large FIM projects - Must have strong technical writing capabilities related to FIM Additional Information Looking for a candidate who has strong Active Directory Reporting. BD is doing a massive clean up in Active Directory . Also this candidate must be able to do training for new customers and have good communication skills.

Responsible for the day-to-day security operations and ownership over one or more security practice areas at Columbia Bank. The individual will serve as a technical operations subject matter expert and will be responsible for the proper maintenance of security controls, detection of and response to potential threats, and remediation and escalation of incidents. Supports the cyber incident response team, vulnerability management, secure design, security platform support, data security, provides guidance to technology operators, and ensures execution of processes. Job Responsibilities: Security Operations * Executes, enhances, and creates/maintains documentation for security operations processes. * Responsible for ownership over one or more security practice areas and leads the assessment of security processes, platforms, and practices to identify areas for improvement. Incident Response Support * Supports incident response efforts by reviewing security events and escalations, performing investigations, and seeing matters through to resolution. * Collaborates with technology and business organizations as appropriate. Security Platform Management * Performs ongoing security platform maintenance including health monitoring, troubleshooting, tuning, and upgrades. * Assists in implementing and operationalizing new security solutions. Coordinates with internal and external resources as required. Analytical Responsibility * Develops and analyzes security related content - reports, alerts, dashboards, and metrics - to gain insights from the Bank's systems, platforms, and data. * Utilizes content outputs to drive subsequent action plan through to completion. Project Management * Assists in the management of small to medium sized projects according to project management schedules. Professional Development * Stays abreast of relevant industry related developments, trends, and threats. * Commits to ongoing professional education and development in the Information / Cyber Security field. Other Responsibilities * Performs other job related duties as assigned. Job Requirements: * Bachelor's degree in an IT related discipline required. * 5 - 10 years of experience in information technology, information security, risk, or similar field. * 5+ years of experience in an information security role. * 3+ years of engineering experience. * Relevant industry certifications and/or advanced degrees may be considered in lieu of experience. * Strong knowledge of one or more security practice areas including security architecture, identity and access management, asset management, vulnerability management, threat detection and response, endpoint security, network security, cloud security, web security, email security, data security, application security, threat intelligence. * Performs ongoing analysis of various security events, incident alerts, event notifications, health status from security tools, and additional detection and response activities. * Investigates security incidents and collaborates with the CISO and business organizations in response to detected threats. * Coordinates with internal and external resources for risk mitigation and service outage resolution. * Develops standard operating procedures for deployed security solutions, interfacing with managed security service providers, incident responses, review and escalation processes. * Communicates security warnings, ongoing awareness, and general best practices to end-users. * Develops performance metrics, trend statistical data, and customizes management reports for Risk, IT and Information Security. * Strong knowledge of securing network/infrastructure design and deployment. * Experience in conducting a daily assessment of vulnerabilities identified by infrastructure scans. * Evaluate, rate, and perform risk assessments on assets. * Prioritizing vulnerabilities discovered along with remediation timeline(s). * Knowledge of scripting languages and automation methodologies. * Deep knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions. * Experience with log analysis, packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions. * Deep knowledge of computer networking concepts and protocols, and network security methodologies. * Knowledge of cybersecurity management frameworks, regulatory requirements and industry leading practices. * Experience in conducting technical risk assessments. * Commits to ongoing professional education / training / certification in the Information / Cyber Security field. Columbia Bank offers the following benefits: * Medical, Dental, Vision and Rx which are contributory. * Bonus programs. * Employee Stock Option Program (ESOP). * Life Insurance, Long Term Disability and Accidental Death and Dismemberment (LTD&AD&D). * Paid Time Off (PTO) which includes Personal and Vacation Time. * Paid Sick Time. * Bank Holidays. * Employees may participate in the 401k program. Schedule: This role is eligible for a hybrid schedule; 3 days in the office and 2 days work from home based on business need. Columbia Bank and its affiliates is an Equal Opportunity Employer, including individuals with disabilities and veterans.

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Seramount, Fair360 and others. If you're as passionate about your future as we are, join our team. KPMG is currently seeking a Manager, Cyber Security Innovation Engineer to join our Global Technology & Knowledge Group which is part of KPMG International. Responsibilities: * Ensure continuous improvement to Global Security Operations Center (GSOC) processes and technology through automation * Support the Innovation Lead and liaise with KPMG teams, business stakeholders, and vendors to design and set up activities at different stages of a technical project * Conduct installation, management, maintenance, and support of GSOC technologies hosted on multiple environments including physical Data Centers, Azure public cloud and O365 * Monitor systems, identify/resolve issues, prepare status reviews and reports; compile and maintain the necessary documentation of all system designs, builds, and modifications * Accountable for coordination and delivery of user training and training material * Manage support cases to ensure issues are recorded, tracked, resolved, and follow-ups are done in a timely manner * Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment Qualifications: * Minimum three years of recent experience automating security workflows using scripting languages such as Python, PowerShell, or Bash; minimum three years of recent experience with Query Languages preferably KQL, and working as a Security Engineer or in a Security Operations Center (SOC) environment * Bachelor's degree, Master's, or PhD in computing, information security, or related field (or relevant work experience) * Certifications such as CISSP, CISM, AWS Certified Security - Specialty, Azure Security Engineer are a plus * Familiarity with threat intelligence platforms and SIEM tools; strong hands-on experience with automation and Azure Security technologies (including Azure Sentinel, Logic Apps, and more); expert in scripting or development languages for example, Python, and a query language for example, KQL * Deep understanding of security technologies, principles, and best practices related to incident response and threat detection * Proven expertise in DevOps tools and practices (for example: Git, Jenkins, Terraform, Docker, Kubernetes) * Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa) KPMG LLP and its affiliates and subsidiaries ("KPMG") complies with all local/state regulations regarding displaying salary ranges. If required, the ranges displayed below or via the URL below are specifically for those potential hires who will work in the location(s) listed. Any offered salary is determined based on relevant factors such as applicant's skills, job responsibilities, prior relevant experience, certain degrees and certifications and market considerations. In addition, KPMG is proud to offer a comprehensive, competitive benefits package, with options designed to help you make the best decisions for yourself, your family, and your lifestyle. Available benefits are based on eligibility. Our Total Rewards package includes a variety of medical and dental plans, vision coverage, disability and life insurance, 401(k) plans, and a robust suite of personal well-being benefits to support your mental health. Depending on job classification, standard work hours, and years of service, KPMG provides Personal Time Off per fiscal year. Additionally, each year KPMG publishes a calendar of holidays to be observed during the year and provides eligible employees two breaks each year where employees will not be required to use Personal Time Off; one is at year end and the other is around the July 4th holiday. Additional details about our benefits can be found towards the bottom of our KPMG US Careers site at Benefits & How We Work. Follow this link to obtain salary ranges by city outside of CA: ********************************************************************** KPMG offers a comprehensive compensation and benefits package. KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding KPMG's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please. KPMG recruits on a rolling basis. Candidates are considered as they apply, until the opportunity is filled. Candidates are encouraged to apply expeditiously to any role(s) for which they are qualified that is also of interest to them. Los Angeles County applicants: Material job duties for this position are listed above. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, and safeguard business operations and company reputation. Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

**Introduction** The CISO Cybersecurity Operations Platform (CSOP) team is looking to add an engineer to the Analytics and Data Exploitation team. The Platform provides the technology, services and expertise required by IBM's Cyber Threat Detection and Response teams. We support the Advanced Threat Detection (threat hunting, intelligence, incident response), Vulnerability Detection and Response, Innovation and Remediation, Security Operations Centers and Command Centers teams to deliver enterprise-wide security to one of the world's most established technology companies. We process tens of billions of events per day, meaning effective analysis and data exploitation practices are critical to our success. This is a technical position within the Analytics and Data Exploitation team who employ commercial, open source and in-house developed tools to deliver critical cybersecurity services such as event processing, automation, complex analytics and support to digital investigations. This role operates across our development, test, pre-production and production networks to create, maintain and improve our services -an important component of which is fault-finding and the ability to work within complex, dynamic environments. The right candidate thrives in high-pressure situations and has practical experience working with Big Data technologies -such as Spark, Hadoop and Elasticsearch. The role requires a proven, practical knowledge of container orchestration technologies -specifically Kubernetes and RedHat OpenShift. The work will include the design and optimization of container-deployed systems, as well as the day-to-day engineering and administration of the orchestration environment. This includes cluster management, Pod assignment / configuration, application virtual routing, security, container image registry management and optimization of the runtime engines. Wider knowledge of data ingestion, extraction, transformation and loading technologies is important - including Streamsets and Flink. The role is rounded-out by some software development tasks - all related to cyber security. These will involve Java, SQL, Python and automation scripting so experience with DevSecOps methods is highly advantageous. The Platform team employs hybrid cloud hosting and this includes provisioning, administration and management of services within environments spanning IBM Cloud, Amazon Web Services and Microsoft Azure. About the Team The CISO Cybersecurity Operations Platform (CSOP) team is looking to add an Email Security Engineer to the team. The CSOP provides the technology, services and expertise required by IBM's Cyber Threat Detection and Response teams. We support the Advanced Threat Detection (threat hunting, intelligence, incident response), Vulnerability Detection and Response, Remediation, Security Operations Center and Command Center teams to deliver enterprise-wide security to one of the world's most established technology companies. **Your role and responsibilities** Job Duties: · Contribute to the day-to-day work that supports our critical cybersecurity analysis and data processing workflows · Protect organization against phishing, spoofing, malware, and advanced threats while maintaining user experience and compliance · Familiarity with Exchange, ProofPoint Email Solutions, Powershell, Azure, and M365 suite · Design, implement and maintain secure email solutions within the Microsoft 365 tenant and related servces · Moniotr and respond to email-related security incidents, phishing attempts, and compromise events · Support the team leadership to improve overall exploitation of technologies that best serve our requirements · Partner with CIO and CISO teams to develop email security policies, rules, and playbooks - Work as part of a deeply technical, passionate team of engineers to tackle significant IT challenges **Required technical and professional expertise** · 3 or more years' experience in an email security engineer or similar role · Experience with Microsoft 365 Exchange or Proofpoint email solutions · Hands on experience with SPF, DKIM, and DMARC configuration and rollout at an enterprise level · Experience with (or a proven aptitude for) working within a fast-paced environment where the success criteria are defined by external factors. This includes having to change course quickly, based on the evolving needs of a complex and dynamic environment · Strong experience with incident response processes for phishing and email-based threats · Experience with IBM Cloud, AWS, Azure or similar cloud environments · Strong understanding of email protocols ISMPT, IMAP, POP3) and security controls · Familiarity with SIEM tools for monitoring and automation on email threats · Excellent problem-solving, communication, and documentation skills **Preferred technical and professional experience** · Experience with secure email gateways (Proofpoint, M365, etc) · Microsoft certification · Knowledge of zero trust frameworks and modern authentication methods (MFA, conditional access) · Familiarity with cloud-native security tools (Sentinel, Defender, XDR) · Understanding of email encryption solutions (TLS, S/MIME, PGP) · Experience in large enterprise environments with hybrid Microsoft Exchange deployments · Ansible experience is a strong advantage IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

One of the fastest growing technology companies in the world - even during the depths of the economic downturn. A micro-vertical strategy, built on strong domain expertise, ensures that no matter how complex a company's business problem, we can offer a solution that is sustainable and innovation-driven. Job Description Managing and implementing McAfee Anti-Virus and other security systems Qualifications • Must have 7+ years' experience with McAfee anti-Virus Management and implementation • Good hands on exposure on McAfee end point DLP and HIPS • Experience in Symantec End point Encryption -PGP • Must have team management and customer interaction skills • Must have exposure in defining SLAs • Must have expertise in defining Standard Operating Procedures • Must have expertise in Remote Infrastructure management for network and information security • Basic Understanding of network and security concepts • Should have good understanding on Incident Management & Change Management and ticketing tools Primary Skill Set: Symantec/Mcafee antivirus, Symantec HIPS and Mcafee end point DLP, End Point Encryption • Should have good communication skills (verbal and written). • Should be comfortable working in 24*7 environments. • Should have team management skills Additional Information Andy Bundad Technical Recruiter -------------------------------------------------------------------- Hi-Tech Solutions, Inc. | Information Technology Consulting Two Mid America Plaza, Suite 630 | Oakbrook Terrace, IL 60181 Direct Phone: ************ *********************

Energy. It defines LanceSoft. Consider our unique ‘keep apace' operational culture, the spirited lot of hand-picked professionals, our ‘up-to-the-minute' knowledge base, together they form a dynamic mix of value-generating characteristics that help us delve into the heart of a problem to deliver precise services and solutions - repeatedly. In business since 2000, LanceSoft is a reputed and credible Contingent Workforce Management Services firm that has established itself as a pioneer in providing highly scalable workforce solutions and exceptionally competent global IT services to a diverse set of customers across various industries around the globe. LanceSoft is headquartered out of the Washington DC Metropolitan (Herndon, VA) and operates out of various locations in the US, Canada and India Job Description The associate would join a project team responsible for critical Identity and Access Management projects utilizing Forefront Identity Manager to facilitate process automation. - The team member would be responsible for: o Quickly learning BD's onboarding and termination automated procedures. o Providing End User Training and Support for Forefront Identity Manager processes. o Documenting and training IT staff on Forefront Identity Manager processes. o Facilitate and execute testing of new ForeFront Identity Manager functionality (additional source systems, workflows, roles and permissions). o Facilitate global Active Directory data integrity remediation of User and Group objects. Qualifications Strong Identity and Access Management foundation in Active Directory and Forefront Identity Manager. SAP GRC and ABAP security design is a nice to have. - Excellent Powershell, LDAP or equivalent scripting and reporting skills including heavy Microsoft Excel and CSV based Extract, Transform and Load operations. - Excellent verbal and written communication skills. - Must have hands on experience implementing large FIM projects - Must have strong technical writing capabilities related to FIM Additional Information Looking for a candidate who has strong Active Directory Reporting. BD is doing a massive clean up in Active Directory . Also this candidate must be able to do training for new customers and have good communication skills.

Job Description Responsible for the day-to-day security operations and ownership over one or more security practice areas at Columbia Bank. The individual will serve as a technical operations subject matter expert and will be responsible for the proper maintenance of security controls, detection of and response to potential threats, and remediation and escalation of incidents. Supports the cyber incident response team, vulnerability management, secure design, security platform support, data security, provides guidance to technology operators, and ensures execution of processes. Job Responsibilities: Security Operations Executes, enhances, and creates/maintains documentation for security operations processes. Responsible for ownership over one or more security practice areas and leads the assessment of security processes, platforms, and practices to identify areas for improvement. Incident Response Support Supports incident response efforts by reviewing security events and escalations, performing investigations, and seeing matters through to resolution. Collaborates with technology and business organizations as appropriate. Security Platform Management Performs ongoing security platform maintenance including health monitoring, troubleshooting, tuning, and upgrades. Assists in implementing and operationalizing new security solutions. Coordinates with internal and external resources as required. Analytical Responsibility Develops and analyzes security related content - reports, alerts, dashboards, and metrics - to gain insights from the Bank's systems, platforms, and data. Utilizes content outputs to drive subsequent action plan through to completion. Project Management Assists in the management of small to medium sized projects according to project management schedules. Professional Development Stays abreast of relevant industry related developments, trends, and threats. Commits to ongoing professional education and development in the Information / Cyber Security field. Other Responsibilities Performs other job related duties as assigned. Job Requirements: Bachelor's degree in an IT related discipline required. 5 - 10 years of experience in information technology, information security, risk, or similar field. 5+ years of experience in an information security role. 3+ years of engineering experience. Relevant industry certifications and/or advanced degrees may be considered in lieu of experience. Strong knowledge of one or more security practice areas including security architecture, identity and access management, asset management, vulnerability management, threat detection and response, endpoint security, network security, cloud security, web security, email security, data security, application security, threat intelligence. Performs ongoing analysis of various security events, incident alerts, event notifications, health status from security tools, and additional detection and response activities. Investigates security incidents and collaborates with the CISO and business organizations in response to detected threats. Coordinates with internal and external resources for risk mitigation and service outage resolution. Develops standard operating procedures for deployed security solutions, interfacing with managed security service providers, incident responses, review and escalation processes. Communicates security warnings, ongoing awareness, and general best practices to end-users. Develops performance metrics, trend statistical data, and customizes management reports for Risk, IT and Information Security. Strong knowledge of securing network/infrastructure design and deployment. Experience in conducting a daily assessment of vulnerabilities identified by infrastructure scans. Evaluate, rate, and perform risk assessments on assets. Prioritizing vulnerabilities discovered along with remediation timeline(s). Knowledge of scripting languages and automation methodologies. Deep knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions. Experience with log analysis, packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions. Deep knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of cybersecurity management frameworks, regulatory requirements and industry leading practices. Experience in conducting technical risk assessments. Commits to ongoing professional education / training / certification in the Information / Cyber Security field. Columbia Bank offers the following benefits: Medical, Dental, Vision and Rx which are contributory. Bonus programs. Employee Stock Option Program (ESOP). Life Insurance, Long Term Disability and Accidental Death and Dismemberment (LTD&AD&D). Paid Time Off (PTO) which includes Personal and Vacation Time. Paid Sick Time. Bank Holidays. Employees may participate in the 401k program. Schedule: This role is eligible for a hybrid schedule; 3 days in the office and 2 days work from home based on business need. Columbia Bank and its affiliates is an Equal Opportunity Employer, including individuals with disabilities and veterans.

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Seramount, Fair360 and others. If you're as passionate about your future as we are, join our team. KPMG is currently seeking a Manager, Information Systems Security Officer to join our Global Technology & Group which is part of KPMG International team. Responsibilities: * Consolidate and maintain comprehensive risk registers across KPMG International Services Limited (KISL) business units and applications, ensuring accurate documentation and categorization of risks * Coordinate with business unit leaders and ISSOs to track risk resolution efforts and validate mitigation statements * Lead the documentation and monitoring of audit findings, ensuring proper follow-through on resolution plans * Develop and maintain relationships with stakeholders across KISL units to facilitate risk management activities * Prepare regular status reports and analytics on risk resolution progress and effectiveness * Execute risk management and audit processes * Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment Qualifications: * Minimum five years of recent experience in risk management or a related field * Bachelor's degree from an accredited college/university in business, IT, or a related field is required; relevant risk management certifications are preferred * Background in managing enterprise-wide risk programs, and experience with audit finding remediation processes * Great project management and documentation skills, with proficiency in risk management tools, as well as systems * Knowledge of risk assessment methodologies and frameworks, and an understanding of IT security controls * Strong stakeholder management capabilities and experience working with cross-functional teams. * Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa) KPMG LLP and its affiliates and subsidiaries ("KPMG") complies with all local/state regulations regarding displaying salary ranges. If required, the ranges displayed below or via the URL below are specifically for those potential hires who will work in the location(s) listed. Any offered salary is determined based on relevant factors such as applicant's skills, job responsibilities, prior relevant experience, certain degrees and certifications and market considerations. In addition, KPMG is proud to offer a comprehensive, competitive benefits package, with options designed to help you make the best decisions for yourself, your family, and your lifestyle. Available benefits are based on eligibility. Our Total Rewards package includes a variety of medical and dental plans, vision coverage, disability and life insurance, 401(k) plans, and a robust suite of personal well-being benefits to support your mental health. Depending on job classification, standard work hours, and years of service, KPMG provides Personal Time Off per fiscal year. Additionally, each year KPMG publishes a calendar of holidays to be observed during the year and provides eligible employees two breaks each year where employees will not be required to use Personal Time Off; one is at year end and the other is around the July 4th holiday. Additional details about our benefits can be found towards the bottom of our KPMG US Careers site at Benefits & How We Work. Follow this link to obtain salary ranges by city outside of CA: ********************************************************************** KPMG offers a comprehensive compensation and benefits package. KPMG is an equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding KPMG's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please. KPMG recruits on a rolling basis. Candidates are considered as they apply, until the opportunity is filled. Candidates are encouraged to apply expeditiously to any role(s) for which they are qualified that is also of interest to them. Los Angeles County applicants: Material job duties for this position are listed above. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, and safeguard business operations and company reputation. Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Responsible for the day-to-day security operations and ownership over one or more security practice areas at Columbia Bank. The individual will serve as a technical operations subject matter expert and will be responsible for the proper maintenance of security controls, detection of and response to potential threats, and remediation and escalation of incidents. Supports the cyber incident response team, vulnerability management, secure design, security platform support, data security, provides guidance to technology operators, and ensures execution of processes. Job Responsibilities: Security Operations Executes, enhances, and creates/maintains documentation for security operations processes. Responsible for ownership over one or more security practice areas and leads the assessment of security processes, platforms, and practices to identify areas for improvement. Incident Response Support Supports incident response efforts by reviewing security events and escalations, performing investigations, and seeing matters through to resolution. Collaborates with technology and business organizations as appropriate. Security Platform Management Performs ongoing security platform maintenance including health monitoring, troubleshooting, tuning, and upgrades. Assists in implementing and operationalizing new security solutions. Coordinates with internal and external resources as required. Analytical Responsibility Develops and analyzes security related content - reports, alerts, dashboards, and metrics - to gain insights from the Bank's systems, platforms, and data. Utilizes content outputs to drive subsequent action plan through to completion. Project Management Assists in the management of small to medium sized projects according to project management schedules. Professional Development Stays abreast of relevant industry related developments, trends, and threats. Commits to ongoing professional education and development in the Information / Cyber Security field. Other Responsibilities Performs other job related duties as assigned. Job Requirements: Bachelor's degree in an IT related discipline required. 5 - 10 years of experience in information technology, information security, risk, or similar field. 5+ years of experience in an information security role. 3+ years of engineering experience. Relevant industry certifications and/or advanced degrees may be considered in lieu of experience. Strong knowledge of one or more security practice areas including security architecture, identity and access management, asset management, vulnerability management, threat detection and response, endpoint security, network security, cloud security, web security, email security, data security, application security, threat intelligence. Performs ongoing analysis of various security events, incident alerts, event notifications, health status from security tools, and additional detection and response activities. Investigates security incidents and collaborates with the CISO and business organizations in response to detected threats. Coordinates with internal and external resources for risk mitigation and service outage resolution. Develops standard operating procedures for deployed security solutions, interfacing with managed security service providers, incident responses, review and escalation processes. Communicates security warnings, ongoing awareness, and general best practices to end-users. Develops performance metrics, trend statistical data, and customizes management reports for Risk, IT and Information Security. Strong knowledge of securing network/infrastructure design and deployment. Experience in conducting a daily assessment of vulnerabilities identified by infrastructure scans. Evaluate, rate, and perform risk assessments on assets. Prioritizing vulnerabilities discovered along with remediation timeline(s). Knowledge of scripting languages and automation methodologies. Deep knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions. Experience with log analysis, packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions. Deep knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of cybersecurity management frameworks, regulatory requirements and industry leading practices. Experience in conducting technical risk assessments. Commits to ongoing professional education / training / certification in the Information / Cyber Security field. Columbia Bank offers the following benefits: Medical, Dental, Vision and Rx which are contributory. Bonus programs. Employee Stock Option Program (ESOP). Life Insurance, Long Term Disability and Accidental Death and Dismemberment (LTD&AD&D). Paid Time Off (PTO) which includes Personal and Vacation Time. Paid Sick Time. Bank Holidays. Employees may participate in the 401k program. Schedule: This role is eligible for a hybrid schedule; 3 days in the office and 2 days work from home based on business need. Columbia Bank and its affiliates is an Equal Opportunity Employer, including individuals with disabilities and veterans.

Summary: The Information Security Officer will play a critical leadership role in our organization, reporting directly to the Senior Vice President (SVP) and Chief Information Security Officer (CISO). This individual will be instrumental in building and managing key security programs, including threat and vulnerability management, cyber incident response, data security, data protection, security engineering, and cyber risk management and governance. As the right hand to the SVP, the Information Security Officer will have a significant impact on our overall security posture and will be a key contributor to our mission of safeguarding our information assets. Job Responsibilities: Leadership and Collaboration * As a trusted advisor and right hand to the SVP and CISO, provide strategic direction and support in information security, offering technical leadership and mentorship to the security team. * Collaborate with IT, DevOps, and application teams to integrate security practices, act as a subject matter expert for threat detection and vulnerability management. * Represent the organization in cybersecurity audits, assessments, and compliance activities. Reporting * Work closely with other members of the Enterprise Technology Risk Management Team to develop metrics (KRI/KPI) reporting as it relates to Technology Risk Management adherence throughout the bank. Compliance and Continuous Improvement * Ensure compliance with relevant legal, regulatory, and industry standards related to information security. * Foster a culture of continuous improvement by staying up-to-date with the latest security trends, technologies, and best practices. Threat and Vulnerability Management * Develop and manage a comprehensive threat and vulnerability management program that identifies, assesses, and mitigates risks to our information systems. Security Engineering and Design * Lead the security engineering and design efforts to integrate security into the development lifecycle of our systems and applications Data Security and Protection * Establish and enforce robust data security and protection policies and procedures to safeguard sensitive information. Cyber Security Risk Management and Governance * Implement a comprehensive cyber risk management framework that includes risk assessment, risk mitigation, and governance policies. Other Responsibilities * Performs other job-related duties as assigned. Job Requirements: * Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience) required. * A Master's degree or a relevant advanced certifications (e.g., CISSP, CISM, OSCP, CEH, GIAC) are highly desirable. * Minimum of 10 years of experience in information security, with a proven track record of leadership and management in security roles. * Excellent leadership and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and senior executives. * Ability to think strategically and develop long-term plans for the organization's security posture. * Strong verbal and written communication skills, with the ability to present complex security information clearly and concisely. * Proven ability to analyze complex security issues and develop effective solutions. * Ability to adapt to changing security landscapes and emerging threats. * High ethical standards and a commitment to protecting the organization's information assets. * Deep understanding and experience with implementing or maintaining ISO 27001 cyber security framework. * Strong technical knowledge of security technologies, tools, and practices. Experience in threat and vulnerability management, incident response, data security, and security engineering. * Familiarity with frameworks such as MITRE ATT&CK, NIST CSF, ISO27001 CSF, and OWASP. * Knowledge of Cyber security risk assessment frameworks. * Strong analytical, problem-solving, and decision-making skills. * Excellent communication and leadership abilities. Columbia Bank offers the following benefits: * Medical, Dental, Vision and Rx which are contributory. * Bonus programs. * Employee Stock Option Program (ESOP). * Life Insurance, Long Term Disability and Accidental Death and Dismemberment (LTD&AD&D). * Paid Time Off (PTO) which includes Personal and Vacation Time. * Paid Sick Time. * Bank Holidays. * Employees may participate in the 401k program. Schedule: This role is eligible for a hybrid schedule; 3 days in the office and 2 days work from home based on business need. Columbia Bank and its affiliates is an Equal Opportunity Employer, including individuals with disabilities and veterans.