Information security analyst jobs in Castaic, CA

We are seeking an Information Security Analyst to support enterprise security operations with a focus on vendor risk management, security control integration, and infrastructure security. This role is responsible for conducting security assessments, coordinating the implementation of core security services (including SSO, logging, IAM, and data protection), and supporting compliance activities aligned with frameworks such as NIST and ISO 27001. The ideal candidate has experience in cybersecurity risk management, cloud environments (AWS/Azure), and collaborating with technical teams to ensure the effective delivery of security controls. At least 2+ years of experience in the following: Security & Compliance Frameworks NIST CSF ISO 27001 CIS Controls ITIL SOC 2 PCI DSS FedRAMP GDPR / CCPA Vendor Risk & GRC Tools OneTrust SIG (Standardized Information Gathering) Other GRC/TPRM platforms Identity, SSO & Access Management SSO (PingFederate, SAML) Active Directory Azure AD AWS IAM

IT Security & Network Engineer - JM Eagle Los Angeles, CA | Onsite 4 Days / Remote Fridays | $150,000 - $170,000 + Comprehensive Benefits About Us JM Eagle is the world's largest manufacturer of plastic pipe, providing the infrastructure that keeps communities connected across North America. Behind every operation is a secure, stable IT environment supporting 1,000+ users across 20+ locations. We're strengthening that foundation - and seeking a hands-on IT Security & Network Engineer who can own our daily security operations and help modernize our network and cybersecurity posture. This is a high-impact, individual contributor role for a senior engineer who thrives in both the strategic and technical trenches. The Opportunity This role is ideal for a seasoned IT security professional who wants broad ownership without stepping into management. You'll work closely with the Director of IT Operations and outsourced partners to secure our enterprise, harden our infrastructure, and enhance our cybersecurity frameworks. Your time will be split approximately: 60% Cybersecurity: tools, monitoring, vulnerability management, incident response 40% Network Engineering: SD-WAN, firewalls, VPN, wireless, connectivity across 20+ sites You will be the technical driver behind our security improvement roadmap. What You'll Do Cybersecurity Operations Own day-to-day cybersecurity operations, including monitoring, threat response, and risk mitigation. Manage security tools and platforms: endpoint protection, SIEM, MFA, SSO, VPN, firewalls, and vulnerability management tools. Perform recurring vulnerability scans and penetration-testing coordination; track and validate remediation. Monitor security alerts using Fortinet, Darktrace, CrowdStrike, Nessus, Microsoft Defender, etc. Lead internal security awareness initiatives and social engineering simulations. Maintain documentation for configurations, policies, and security processes. Network Engineering Support secure network architecture across 20+ locations. Oversee SD-WAN, firewall policies, VPN configuration, internet filtering, and remote-access security. Support wireless infrastructure, site connectivity, and network performance monitoring. Partner with third-party providers to ensure uptime, reliability, and strong security posture. Governance & Collaboration Work with IT leadership to strengthen cybersecurity governance and reporting. Contribute to incident response planning, tabletop exercises, and monthly security briefings. Evaluate threats and emerging technologies; propose continuous improvements. What You Bring Bachelor's degree in Computer Science, Information Systems, or equivalent experience. 8+ years of experience in IT security and network engineering supporting 1,000+ users across distributed sites. 4+ years of hands-on experience with enterprise security tools and platforms. Deep experience with the Microsoft ecosystem: Azure, M365, Active Directory / Entra ID, SCCM / Intune. Strong working knowledge of: MFA, SSO, VPN Endpoint protection SIEM solutions Network segmentation, encryption, hardening Monitor and respond to security alerts using tools like Fortinet, Darktrace, CrowdStrike, Nessus, and Microsoft Defender. Familiarity with SD-WAN architectures, wireless networking, and network monitoring tools. Understanding of ITIL, ITSM, NIST frameworks; CISSP or similar preferred but not required. Excellent communication skills with the ability to work across teams. Comfort managing outsourced security and network service providers. A highly proactive, self-starting approach - someone who solves problems end-to-end. Why JM Eagle Directly influence and modernize the cybersecurity posture of the world's largest pipe manufacturer. Join an enterprise undergoing major IT transformation with full executive backing. Work with a Microsoft-centric environment supporting 1,000+ users and 20+ distributed locations. Competitive salary: $150K-$170K + bonus + excellent benefits. 4 days onsite in Los Angeles; remote Fridays. Work Environment Primarily a professional headquarters environment. Occasional travel to manufacturing and distribution facilities may be required. Some exposure to plant or outdoor areas during site visits.

Castelion is bringing a new approach to defense development and production: one that focuses on short, iterative design cycles, rapid testing in development, and modern commercial manufacturing strategies for production at scale. We're designing, building, and testing next generation long range strike weapons systems to give America and its Allies a definitive edge and deter future conflicts. Information Systems Security Manager (ISSM) *This position requires a TS/SCI Clearance and Special Access Program Experience* Castelion Corporation is looking for an experienced ISSM to manage and maintain the Classified Networks out of our Torrance location. The ideal candidate will be a dedicated security professional with a demonstrated ability to work independently and as a member of a team in a fast-paced, high-tech environment. The ISSM's primary function serves as a principal expert and manager on all matters, technical and otherwise, involving the security of information systems under his/her purview. Primary support will be working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, NAVY, Army, DARPA, etc. The position will provide "day-to-day" support, oversight, and maintenance for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities. As the site ISSM you will own the end-to-end Information Assurance Program for all classified and controlled information systems at our Torrance facility. You will partner with Program Management, Engineering, IT, Security, and the Cognizant Security Agency (DCSA/SAPCO) to obtain and sustain ATO on schedule, mentor a growing ISSO team, and keep our environment audit ready every day. Responsibilities Lead RMF/JSIG/DAAPM execution architect secure solutions, prepare authorization packages, brief Security Control Assessments, and drive POA&M closure. Own continuous monitoring vulnerability & patch management (ACAS/Nessus, SCAP, STIGs), log analysis (Splunk), account management, media control, incident response, and annual self-inspection. Shape early program decisions embed with PMO to define security requirements, supply secure-by-design input at PDR/CDR/TRR, and influence contract CDRLs. Develop people & process coach ISSOs/ISSEs, refine SOPs, track metrics, and present status to senior leadership and customers. Interface with external stakeholders act as the single voice to DCSA, SAPCO, and other Cognizant Security Agencies for all cybersecurity matters. Develop Assured File Transfer (AFT) in accordance with JSIG Conduct all self-inspections and report findings to Cognizant Security Agency annually Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media Develop and execute security assessment plans that include verification that the features and assurances required for each protection level functioning Maintain a and/or applicable repository for all system authorization documentation and modifications Develop policies and procedures for responding to security incidents, to include investigating and reporting security violations and incidents Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within a system Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling requirements Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting local cyber security training. Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed Assess changes in the system, its environment, and operational needs that could affect the authorization Ensure that authorization is accomplished a valid Authorization determination has been given for all authorization boundaries under your purview Review AIS assessment plans Coordinate with PSO or cognizant security official on approval of external information systems (e.g., guest systems, interconnected system with another organization) Conduct periodic assessments of the security posture of the authorization boundaries Institute and implement a Configuration Control Board (CCB) charter Ensure configuration management (CM) for security-relevant changes to software, hardware, and firmware and that they are properly documented. Ensure periodic testing is conducted to evaluate the security posture of IS by employing various intrusion/attack detection and monitoring tools (shared responsibility with ISSOs) Ensure that system recovery and reconstitution processes developed and monitored to ensure that the authorization boundary can be recovered based on its availability level determination Ensure all authorization documentation is current and accessible to properly authorized individuals Ensure that system security requirements are addressed during all phases of the system life cycle Basic Qualifications A degree in Science, Technology, Engineering or Mathematics (STEM), information technology and a minimum of 5 years of prior relevant experience. 5 years in DoD/IC Cybersecurity as ISSM and must meet position and certification requirements outlined in DoD Directive 8570.01-M for IAM-III within 6 months of the date of hire (CISSP, CISM, GSLC). Proven delivery of ATO for SAP or SCI systems; prior Enterprise ISSM experience. Active and transferable U.S. government issued Top Secret SCI (TS/SCI) security clearance required prior to start date. Finalized CI polygraph, or willingness to submit to one U.S. citizenship is required Preferred Skills and Experience Proven leadership of multi-disciplinary teams and successful ATO delivery for SAP or SCI systems Expert knowledge of NISPOM (32 CFR 117), JSIG, RMF (NIST 800-37/-53), ICD-503, and DAAPM, oversight/execution of A&A processes. Experience with DevSecOps pipelines, Zero Trust architecture, and Identity Access Management. Experience executing DISA STIG/SRG hardening across Linux and Windows. Background in network/systems security (architecture, topology, protocols, components, principles). Hands-on with ACAS, SCAP, STIG Viewer, DISA SRGs, and SIEM/Vulnerability Tools SPLUNK, NESSUS etc. Masters in Cybersecurity, Computer Science, or related engineering field. CISSP-ISSEP / ISSMP or PMP. Existing U.S. government issued Top Secret SCI (TS/SCI) security clearance within the last 24 months. Additional Information This is not designed to cover or contain all job duties required of the employee. There may be additional activities, duties and/or responsibilities that are required for this position that are not listed in this job description. All employees are granted long-term stock incentives as part of their employment as Castelion. All employees receive access to comprehensive medical, vision, and dental insurance, and the company offers three weeks of paid time off per year. Leadership Qualities Bias to Action and Creative Problem Solving. Desire and experience questioning assumptions in ways that lead to break through ideas that are ultimately implemented. Successfully bring in applicable processes/concepts/materials from other industries to achieve efficiency gains. Ability to personally resolve minor issues in development without requiring significant support. High Commitment, High Initiative. A successful candidate will have a genuine passion for Castelion's mission and consistently look for ways to contribute to the company's technical goals and prevent hardware blockers. Ability to work in a fast paced, autonomously driven, and demanding atmosphere. Strong sense of accountability and integrity. Clear Communicator. Proactively communicates blockers. Trusted in previous roles to be voice of company with regulators, suppliers, gate keepers and customers. Capable of tactfully managing relationships with stakeholders to achieve company-desired outcomes without compromising relationships. Emails, IMs and verbal interactions are logical, drive clarity, and detailed enough to eliminate ambiguity. ITAR Requirements: · To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Employment with Castelion is governed on the basis of competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

WHO WE ARE: Headquartered in Southern California, Skechers-the Comfort Technology Company -has spent over 30 years helping men, women, and kids everywhere look and feel good. Comfort innovation is at the core of everything we do, driving the development of stylish, high-quality products at a great value. From our diverse footwear collections to our expanding range of apparel and accessories, Skechers is a complete lifestyle brand. ABOUT THE ROLE: Skechers is seeking a passionate Application Security Engineer to join our team and serve as a security champion who bridges the gap between development and security operations. This role is critical to strengthening our security posture by embedding security practices throughout the software development lifecycle and fostering a security-first culture across our development teams. The ideal candidate will be a hands-on security professional who thrives on collaboration, enjoys mentoring developers, and has the technical expertise to identify vulnerabilities while providing practical remediation guidance. You will play a pivotal role in scaling our application security program and ensuring our applications are secure by design. WHAT YOU'LL DO: Successfully integrate security practices into development workflows, resulting in measurable reduction of security vulnerabilities in production applications Conduct thorough security-focused code reviews that identify critical vulnerabilities while providing actionable feedback to development teams Establish and implement efficient processes for triaging, prioritizing, and tracking remediation of security findings with clear SLAs and accountability measures Enhance developer engagement through proactive security awareness initiatives, building trusted relationships that enable developers to implement secure coding practices throughout the development process. Assist with management and optimization of SAST, DAST, OSS, WAF, and other application security tools to maximize coverage and minimize false positives Provide analysis and support as needed during security incidents to contribute to faster resolution times WHAT YOU'LL BRING: Proficiency with application security tools including SAST, DAST, dependency scanning, and WAF technologies Strong understanding of common web application vulnerabilities (OWASP Top 10) and secure coding practices Experience with at least one programming language (Java, Python, JavaScript, C#, or similar) Knowledge of API security, authentication mechanisms, and authorization frameworks Familiarity with DevSecOps practices and CI/CD pipeline integration REQUIREMENTS: 3-5 years of hands-on application security experience with demonstrated expertise in secure code review Retail or e-commerce experience a plus The pay range for this position is $110,000-$155,000/yr USD.

IDR is seeking a IT Procurement Analyst to join one of our top clients for an opportunity in Santa Monica, CA. This role is ideal for candidates with a strong background in IT procurement and a focus on hardware purchasing within a fast-paced environment. The organization specializes in media and entertainment, providing innovative solutions to industry challenges. Position Overview for the IT Procurement Analyst: Manage procurement processes related to IT hardware and software in a high-volume environment. Collaborate with internal teams to understand their procurement needs and ensure timely delivery. Utilize tools such as MS Excel and ServiceNow to track and report procurement activities. Maintain strong communication with vendors and stakeholders to ensure service levels are met. Support the procurement team with data analysis, reporting, and process improvements. Requirements for the IT Procurement Analyst: Good knowledge of MS Excel & Office (or similar) Strong customer service skills Good written and verbal communication Good understanding of IT Hardware Previous experience of IT Procurement or IT Buying Desk environment What's in it for you? Competitive compensation package Full Benefits; Medical, Vision, Dental, and more! Opportunity to get in with an industry leading organization. Why IDR? 25+ Years of Proven Industry Experience in 4 major markets Employee Stock Ownership Program Dedicated Engagement Manager who is committed to you and your success. Medical, Dental, Vision, and Life Insurance ClearlyRated's Best of Staffing Client and Talent Award winner 12 years in a row. $20.86/hr

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. Put your skills to the test by pushing the boundaries of what's possible. From global defense to sustainment and modernization to mission readiness, your experience and ability will make it a reality. Our programs are built on equal parts of curiosity and collaboration. Our combined effort means our customers can connect and defend millions of people around the world. With Northrop Grumman, you'll have the opportunity to be an essential part of projects that will define your career, now and in the future. Northrop Grumman Defense Systems is seeking an Principal or Sr. Principal Industrial Security Analyst (3/4) for our Northridge, CA location. **Roles and Responsibilities:** + Develops and administers physical security programs and procedures for classified or proprietary materials, documents, and equipment. Studies and implements federal security regulations that apply to company operations + Obtains rulings, interpretations, and acceptable deviations for compliance with regulations from government agencies + Prepares manuals outlining regulations, and establishes procedures for handling, storing, and keeping records, and for granting personnel and visitors access to restricted records and materials + Conducts security education classes and security audits + Ensures security compliance as a CSSO in accordance with DoDM 5205.07 + Responsible for offsite and subcontractor security standups and posture **ISA duties will include:** + CSSO for offsite and subcontractor sites associated with the program + Support a fast-paced, high-profile program; creating, maintaining, and leveraging working relationships with internal and external customers + Study and implement company and federal security policies, regulations, and procedures that apply to company operations + Obtain rulings, interpretations, and acceptable deviations for compliance with regulations from government agencies + Manage program security compliance and operations across multiple functions, including security SCIF and/or SAPF administration, PHYSEC, COMSEC, PERSEC, OPSEC, Contract Security, Security Education, Investigations, Visitor Control, and Document Control Management + Develop and implement a security education and awareness program + Conduct internal security audits. Investigate security violations and prepare reports specifying preventive action to be taken + Ensure adherence to contractual guidance for classified programs and cleared facilities in accordance with the Security Statements of Work, DD Form 254, DoD Contract Security Classification Specifications guidance + Assist program managers and professional staff in interpreting, applying, and complying with program Security Classification Guides (SCG) + Provide personnel security (PERSEC) support to include but not limited to reviewing and processing required documentation in support of SCI and SAP nomination processes; maintain PERSEC databases; prepare and administer program indoctrination and debriefings; access, review, and submit clearance and access information using the appropriate government database and other information systems + Provide facility security administration, documentation, and support: implement Standard Operating Procedures (SOP); conduct SCI and SAP security program self-inspections + Provide security support for Sensitive Compartmented Information Facility (SCIF) and Special Access Program Facility (SAPF) build construction projects to include obtaining customer accreditation in accordance with SCI and SAP DoD Manuals, ICD, ICS Tech Spec, and other government requirements + Manage and maintain UL-2050 Compliant Intrusion Detection Systems (IDS) and automated Access Control Systems (ACS) + Other duties as assigned **Basic Qualifications:** **Principal Industrial Security Analyst (level 3)** + Must have a high school diploma or GED with at least 9 years of related experience; OR 5 year of experience with a bachelor's degree + Experience with any of the following: Government manuals (32 CFR Part 117, NISPOM, DODM 5205.07, etc.) + Strong working knowledge of basic office automation tool suites such as MS Office (Word, Excel, PowerPoint) + Excellent customer service and communication skills + Must have an active Secret clearance + Ability to maintain flexibility to deal with changing priorities and deadlines. + Ability to work extended hours, in a fast paced, deadline driven environment, excellent communication skills speaking, writing skills and organized skills enabling effective communications + CSSO Experience + Ability to travel **Basic Qualifications:** **Sr. Principal Industrial Security Analyst (level 4)** + Must have a high school diploma or GED with at least 12 years of related experience; OR 8 year of experience with a bachelor's degree + Experience with any of the following: Government manuals (32 CFR Part 117, NISPOM, DODM 5205.07, etc.) + Strong working knowledge of basic office automation tool suites such as MS Office (Word, Excel, PowerPoint) + Excellent customer service and communication skills + Must have an active Secret clearance + Ability to maintain flexibility to deal with changing priorities and deadlines. + Ability to work extended hours, in a fast paced, deadline driven environment, excellent communication skills speaking, writing skills and organized skills enabling effective communications + CSSO Experience + Ability to travel **Preferred Qualifications:** + Experience Leading Security Teams from Subcontractors and Offsite + Ability to work independently and follow projects through to completion. + Current Top-Secret clearance + Self-starter with minimal supervision + Security experience in a manufacturing environment + Supply Chain Security Experience Primary Level Salary Range: $94,200.00 - $141,200.00 Secondary Level Salary Range: $117,500.00 - $176,300.00 The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business. The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit *********************************** U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.

at The Azoff Music Company LLC Information Security Analyst About the RoleWe are looking for an Information Security Ånalyst to operate and maintain our information security systems. As a mid-size entertainment company with global reach, we manage sensitive intellectual property and digital assets that demand the highest level of security. This role will be responsible for helping to design, implement, and maintain a robust information security program that aligns with business objectives and compliance requirements. Key Responsibilities Governance, Risk Management, and Compliance Establish and maintain security policies, standards, and procedures that comply with applicable regulations (e.g., GDPR, CCPA, SOC 2, ISO 27001, PCI-DSS). Oversee risk assessments and audits, ensuring remediation plans are executed effectively. Manage vendor security evaluations and third-party risk management programs. Operational Security Oversee incident detection, response, and recovery processes to ensure rapid containment and resolution of security events. Implement and monitor security controls across endpoints, networks, and cloud infrastructure. This may include selecting, implementing, and monitoring security software, reviewing network settings like firewall rules and access policies, inspecting hardware and software for vulnerabilities. Lead vulnerability management, penetration testing, and threat intelligence initiatives. Awareness and Culture Develop and deliver ongoing security training and awareness programs for all employees. Champion a culture of security across departments, ensuring staff understand their role in protecting company assets. Mentor junior technical staff on information security best practices, operations, and technology. Technology and Innovation Partner with IT and digital teams to integrate security into technology architecture and workflows. Evaluate and implement advanced security tools, automation, and analytics for proactive threat management. Stay current with emerging threats, trends, and technologies in cybersecurity and the entertainment industry. Qualifications Bachelor's degree in Computer Science, Information Security, or a related field. 5+ years of progressive experience in information security. Proven experience supporting enterprise security programs, preferably in media, entertainment, or technology environments. Strong knowledge of cloud security, identity and access management, and data loss prevention. Strong knowledge of Conditional Access Policies and Device Compliance in Microsoft Entra ID. Experience implementing and managing SSO and SCIM configurations. Familiarity managing PAM solutions like Microsoft Privileged Identity Management. Strong programming (Python) and/or scripting skills (PowerShell/Bash) Familiarity with common device management tools like Intune, Jamf, Mosyle, Addigy, etc. Professional certifications such as Security +, Network +, CISSP, CCSP or CASP, or similar highly desired. Excellent communication and stakeholder management skills - able to translate complex technical risks into clear business implications. The base salary range for this role is $120,000 - $150,000 depending upon experience.Our offices are located in Westwood Village, Los Angeles, CA. Employees work in the office Monday through Thursday and from home on Fridays. We offer a very competitive benefits package, annual bonus, and a creative and dynamic working environment. We are a fully vaccinated workforce. Successful candidates will be required to show proof of being vaccinated against COVID-19. You are up to date when you have received a two-dose series and a booster, or a single dose series and a booster. Reasonable accommodations will be considered on a case-by-case basis for exemptions to this requirement in accordance with applicable law. Disclaimer: This job description only provides an overview of job responsibilities that are subject to change. We are an Equal Opportunity Employer

Job Description Forhyre is seeking a talented individual that will be able to provide security architecture support and interface across the program as needed. This support includes, but is not limited to, cybersecurity solutions, providing technical strategy for solutions, guidance, policy, and implementations. The successful candidate for this position is a highly motivated individual, with a strong IT security background who excels integrating, operating, and deploying security technology and solutions and interacts well with both internal teams and clients. Note: U.S. citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time. Responsibilities: Engineer, implement and monitor security measures for the protection of computer systems, networks and information Develop and implement security policies and controls to support the Cyber Security framework Manage the existing cyber security training program across global, multilingual business Assists in ensuring global Information security program meets all industry regulations, standards, and compliance requirements Drive adoption of infrastructure security best practices and work with Information Technology teams to ensure security standards are maintained Implement technology to proactively scan Information Technology environment for security breaches and suspicious activity Continuous improvement in the areas of Information Security technologies, techniques and processes Develops and maintains an effective system for the distribution of regular key performance indicator reports and dashboard Ability to interpret penetration test results and describe issues and fixes to non-security expert Responsible for leading an accurate & comprehensive status reporting to the executive steering committee Create and implement SOP/ process improvement initiatives to achieve outcomes that align or exceed the expectations of strategic roadmap Skills & Experience Bachelor's degree and 12+ years of experience; additional years of directly applicable experience may be accepted in lieu of a degree. Certified Information Systems Security Professional (CISSP) 8+ years hands-on experience designing or implementing security solutions, including all related documentation and artifacts Analytical ability, problem-solving skills, and ability to break down complex problems into actionable steps Extensive experience in design and development of enterprise security architectures. Experience must include a wide range of work in creating diagrams and documentation with all components that comprise IT systems including network topology. Strong knowledge and experience in secure enterprise architecture design, especially with regard to IAM, NDR, EDR, SIEM, AI/ML, and other cybersecurity tools and resultant applications Experience selecting effective methods, techniques, and evaluation criteria to achieve desired outcomes Previous experience developing architectures, strategies, strategic plans, roadmaps, and technical standards for the federal IT enterprise environment. Vulnerability Assessment testing and/or Penetration Testing (preferred) Robotic Process Automation/Intelligent Automation (preferred) Business case development supporting security technology solutions (preferred) Additional certifications demonstrating cybersecurity/technical mastery (preferred)

THE COMPANY Silvus Technologies is dedicated to one mission: connecting those who keep us safe. We do so by delivering the most advanced Mobile Ad-hoc Network (MANET) radios powered by our custom and ever-evolving Mobile-Networked MIMO waveform. Together, our radios and waveform provide the vital communications for mission critical applications in the harshest environments from underground tunnels to high altitude balloons. Silvus StreamCaster radios are being rapidly adopted by customers all over the world ranging from the U.S Departments of Defense, to International, Federal, State and Local Law Enforcement agencies, all the way to the Super Bowl, Grammys and industry-leading drone, robot, and other unmanned systems manufacturers. Wouldn't you like to join an incredibly talented group of people, doing very challenging work, with the prime directive of “ Keeping Our Heroes Connected ”? Silvus' rapid growth is fueled by a focus on research and innovation and a team of the most passionate, skilled, and creative thinking individuals. If you are looking for a challenging experience, you owe it to yourself to learn how Silvus can provide a rewarding opportunity that creates a pathway to a fulfilling career. THE OPPORTUNITY Silvus is seeking a Linux System and Security Analyst to analyze, troubleshoot, automate, and conduct CyberSecurity activities based on Cybersecurity Maturity Model Certification (CMMC) and maintain the company's IT infrastructure. The position will exercise full ownership and decision-making authority over the resolution of end-user technical challenges, including hardware failures and software anomalies. This position's primary duty is to perform high-level systems analysis, security architecture, and risk assessment in support of organizational objectives. This includes exercising discretion and independent judgment on matters of significance to company-wide IT security and compliance. This position requires a DCSA clearance to be obtained within 12 months of employment. This position is fully onsite, Monday through Friday at Silvus Technologies' HQ in the heart of vibrant West Los Angeles. The following is a list of at least some of the current essential job functions of the position. Management may assign or reassign duties and responsibilities at any time at its discretion. ROLE AND RESPONSIBILITIES Act as the primary technical advisor for diagnosing and resolving complex infrastructure issues, with autonomy to escalate or implement system-level changes to maintain Production department continuity. Responsible for evaluating risks, designing secure systems in compliance with Cybersecurity Maturity Model Certification (CMMC) standards, and making strategic recommendations. Provide Linux and Windows system desktop and server support, as well as network administration for the entire company based on the NIST CyberSecurity Framework. For individuals with Security Clearance, apply Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG) to secure and maintain IT infrastructure, providing the necessary documentation and technical support required for continuous Authorization to Operate (ATO). Responsible for Automated Deployment and monitoring of computer systems. Oversee the planning and implementation of hardware lifecycle management for Windows and Linus-based servers and VMs. Support vulnerability and patch management processes, ensuring all Linux vulnerabilities are remediated in accordance with NIST CyberSecurity Framework. Support Engineering and R&D teams to ensure strict IT compliance with the CMMC framework, specifically with security controls. This role is critical in protecting Controlled Unclassified Information (CUI) and maintaining our accredited environment. Develop and maintain documentation related to the company's IT infrastructure and support processes. Oversee the governance and accuracy of the company's hardware and software asset inventory, ensuring appropriate lifecycle management and compliance with security and audit requirements. May occasionally require on-call coverage overnight, on weekends, and on holidays. Perform other related duties of which the above are representative. REQUIRED QUALIFICATIONS Bachelor's degree or equivalent in an IT-related field. 3 years of Linux-related work experience. Experience with installing, troubleshooting, and/or maintaining Linux-based software and hardware installations. Fluency in Linux CLI, TCP/IP, LAN/VLAN Networking, Patch Management, and Backup. Highly proficient in Google Suite and MS Office (Excel, Word, PowerPoint). Strong interpersonal skills with a positive and enthusiastic attitude. Demonstrated ability to operate as a team member, supporting departmental decisions, policies, and procedures with a positive and communicative attitude with company colleagues. Must be a U.S. Citizen due to clients under U.S. government contracts. Must be able to obtain DCSA clearance within 12 months of employment. All employment is contingent upon the successful clearance of a background check. PREFERRED KNOWLEDGE, SKILLS AND ABILITIES Prior experience in a fast-paced office environment is a plus. WORKING CONDITIONS & PHYSICAL REQUIREMENTS Office environment. Occasional exposure to heat, cold, and allergens while performing tests or demonstrations in the field. While performing the duties of this job, the employee is required to do the following: Perform bending and reaching movements to place items on lower and higher shelves. Kneeling or squatting to access lower shelves. Must be able to lift up to 50 lbs. Walking/Moving in the labs. COMPENSATION The pay range is NOT a guarantee. It is based on market research and peer data, and will vary depending on the candidate's experience and qualifications. CA Pay Range$80,000-$90,000 USD NOTE - As a U.S. Federal Contractor, Silvus Technologies requires that ALL candidates being considered for employment for any position (regardless of level) MUST be a U.S. Person (permanent resident or citizen). Stricter U.S. Citizen ONLY requirements are needed for some Engineering or R&D roles. This generally does NOT apply to International positions; only job postings for positions located in the U.S. Exceptions will be included in the Required Qualifications section of the posted position. All Employment is contingent upon the successful clearance of a background check. Silvus is proud to be an equal-opportunity employer, and we value diversity. We do not discriminate on the basis of race, color, age, religion or belief, ancestry, national origin, sex (including pregnancy), sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, physical or mental disability, protected veteran status, genetic information, political affiliation, or any other factor protected by applicable federal, state, or local laws. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive benefits and privileges of employment. Please contact us to request accommodation. *Silvus does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to Silvus Technologies.

Job Description Mount Indie is seeking a highly skilled and experienced Cyber Accreditation Specialist with 5+ years of experience for Department of Defense (DoD) programs at the Naval Base Point Mugu located near Camarillo, CA. The Cyber Accreditation Specialist will be responsible for the development, coordination, and maintenance of cyber accreditation packages, primarily focusing on Risk Management Framework (RMF) artifacts, inheritance mapping, and Plan of Action & Milestones (POA&M) management supporting the Navy's Authority To Operate initiatives. This role ensures compliance with relevant DoD and federal cybersecurity guidelines and contributes to our organization's mission support objectives by securing critical Navy information systems. Responsibilities Cyber Accreditation Package Development: Develop and maintain RMF artifacts, including System Security Plans (SSP), generate & control implementation evidence, inheritance maps, and POA&Ms Coordination and Compliance: Coordinate with Authorizing Officials (AO) and Information System Security Managers (ISSM) to define an Authority to Operate (ATO) plan, develop an interim risk acceptance strategy, and manage control inheritance from enterprise services and range systems Reference Compliance: Ensure that all activities and documentation are compliant with the latest DoD and federal cybersecurity standards, such as: DoDI 8510.01 Risk Management Framework (RMF) NIST SP 800-53 Rev. 5 NIST SP 800-171 (CUI) DoD Zero Trust Reference Architecture DoD Cloud Security Requirements Guide (SRG) / FedRAMP baselines (aligned to IL5 unless otherwise directed) Qualifications 5+ years of experience in cybersecurity, specifically in the development and coordination of cyber accreditation packages BS or BA degree in Cybersecurity, Information Technology, or a related field. An additional 6 years of relevant work experience may be substituted for a bachelor's degree, or 4 additional years of work experience with a relevant associate degree. Active Secret Clearance Demonstrated experience with RMF, SSP development, and POA&M management Familiarity with DoD and federal cybersecurity guidelines, including DoDI 8510.01, NIST SP 800-53 Rev. 5, NIST SP 800-171, DoD Zero Trust Reference Architecture, and DoD Cloud SRG/FedRAMP baselines Strong analytical and problem-solving skills Ability to effectively coordinate and communicate with various stakeholders, including AO, ISSM, and other cybersecurity professionals Current Security+ Certificate IAM Level 2 as per DoD Directive 8570.01; and experience working with the DIACAP/Risk Management Framework processes Excellent communication and interpersonal skills-verbal, non-verbal, written, and listening-for staff, customer and organizational level communications, both formal and informal Ability to work independently, self-starter Working knowledge and use of Microsoft Office suite programs, MS Word, Excel, Access, and PowerPoint Preferred Qualifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certification Experience with cloud security and FedRAMP compliance

The Information Security organization at Sony Pictures Entertainment is responsible for protecting our content, systems, and data from being stolen, damaged, or destroyed. To do so, we are continuously improving our tools, capabilities, and processes to stay ahead of evolving threats. The Manager, Information Security Productions is accountable for operationalizing the Information Security Productions program across all SPE U.S. productions. This includes driving consistent implementation of approved security standards, tools, and controls; ensuring data-driven visibility into production security risk; and supporting compliance and readiness reporting to leadership. Success in this role requires strong cross-functional collaboration across Information Security, IT, S3, and production teams to embed security into creative workflows without friction, while ensuring protection of SPE's most valuable assets-our stories and intellectual property. This role will also ensure program consistency with regional and global counterparts, contribute to automation and standardization of key controls, and support ongoing improvement of information security for productions practices across the production lifecycle. Key indicators of success in this role will be: + Business leaders have near real-time visibility into production information security risk using meaningful, actionable metrics that drive timely and effective decision-making. + Consistent application of approved tools, workflows, and controls across productions, ensuring compliance and readiness reporting aligns with studio KPIs. + Production teams trust SPE to provide a secure, highly available, and easy-to-use digital production environment that safeguards our content and data. + Information Security, Physical Security, and IT operate as unified partners to protect SPE productions from concept to archive. Within this organization, we value learning, agility, and collaboration. The Manager, Information Security Productions (CC, US) will be a key contributor to Sony Pictures Entertainment's goal of being the most trusted studio in the industry. Responsibilities Provide visibility and actionable insight into Information Security risk across active U.S. productions. + Monitor, analyze, and report on production security posture and key control performance metrics for each production. + Partner with global InfoSec, Risk, Threat Intelligence, Incident Response, Training, and Governance teams to align production needs with enterprise programs. + Prepare and present dashboards and reports on security trends, compliance status, and improvement opportunities. + Support the development of production-specific metrics and KPIs to measure control effectiveness. + With IT and Physical Security, maintain security controls in place for productions to most effectively meet our business goals. Operationalize the Production Information Security Program across U.S. productions. + Ensure consistent implementation of approved security tools, policies, and workflows within productions. + Coordinate adoption of automated controls with productions, such as provisioning, watermarking, and access telemetry. + Support the standardization and scalability of production security practices across production titles and business units. Ensure and track production security culture, awareness, and response readiness. + Amplify the reach of security training and awareness initiatives by coordinating rollout to productions, ensuring consistent messaging and participation tracking. + Gather feedback from productions to help refine information security for productions training and awareness efforts. + Partner with Incident Response to ensure clear communications, timely follow-up, and closure of corrective actions. + Track cultural and operational readiness indicators (e.g., onboarding rates, reporting engagement, post-incident improvements) to measure program maturity and continuous improvement. Qualifications + 5+ Years of experience in Information Security, Information Technology or a related field + 5+ Years of experience in an organization directly involved in movie, television and/or other entertainment production, or equivalent educational experience. + Bachelor's degree preferred + Strong understanding of the technologies, tools and processes used in production of movies and/or television. + Knowledge of Information Security frameworks, standards and best practices and their relevance to business success + Specific knowledge of processes, tools and practices used to maintain confidentiality in the context of movie and television productions. + Ability to develop and maintain meaningful metrics to track program and process effectiveness. + Strong planning and analytical skills + Strong communications skills Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics. To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.

**Department Description** At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: + Secure the Magic by protecting information systems and platforms. + Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. + Strengthen the business through optimizing execution, application, and technology used to protect the Company. + Innovate by investing in core capabilities to enhance operational efficiency. **Team Description:** Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. **What You'll Do:** + Independent audit support for: + SOX 404 ITGCs + PII + PCI + ISPS + Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. + Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. + Develop and lead the Control Assurance Programs (ISPS and SOX). + Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. + Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. + This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. + Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. + Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) + Ensure for timely management response of audit findings into our corporate SOCD/SAD. + Oversee ISPS Management Audit coordination and open action plans. + Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. + Management of GRC workflows around coordination of certifications and attestations. + Partner with leadership to support the PCI-DSS compliance program. + Develop training materials, coordinate training sessions, and monitor compliance with training requirements. + Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. + Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. + Provide executive level updates on Compliance programs **Must Haves (Years of Experience, languages, programs, tools, etc.):** + Minimum of 8 years of related work experience, with 3 in management roles + IT SOX experience and proven experience in supporting IT audit/compliance functions + Experience in managing people + Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives + Interpersonal skills with the ability to work with teams cross-functionally + Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators + Detail-oriented but able to understand the big picture. Highly organized and efficient + Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments + Experience with cloud-based services, specifically AWS **Nice To Haves (see above):** + Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR + Experience working with companies that have a heavy microservice architecture **Education:** Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. **Job ID:** 10135782 **Location:** Glendale,California **Job Posting Company:** The Walt Disney Company (Corporate) The Walt Disney Company and its Affiliated Companies are Equal Employment Opportunity employers and welcome all job seekers including individuals with disabilities and veterans with disabilities. If you have a disability and believe you need a reasonable accommodation in order to search for a job opening or apply for a position, email Candidate.Accommodations@Disney.com with your request. This email address is not for general employment inquiries or correspondence. We will only respond to those requests that are related to the accessibility of the online application system due to a disability.

Department Description At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: Secure the Magic by protecting information systems and platforms. Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. Strengthen the business through optimizing execution, application, and technology used to protect the Company. Innovate by investing in core capabilities to enhance operational efficiency. Team Description: Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. What You'll Do: Independent audit support for: SOX 404 ITGCs PII PCI ISPS Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. Develop and lead the Control Assurance Programs (ISPS and SOX). Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) Ensure for timely management response of audit findings into our corporate SOCD/SAD. Oversee ISPS Management Audit coordination and open action plans. Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. Management of GRC workflows around coordination of certifications and attestations. Partner with leadership to support the PCI-DSS compliance program. Develop training materials, coordinate training sessions, and monitor compliance with training requirements. Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. Provide executive level updates on Compliance programs Must Haves (Years of Experience, languages, programs, tools, etc.): Minimum of 8 years of related work experience, with 3 in management roles IT SOX experience and proven experience in supporting IT audit/compliance functions Experience in managing people Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives Interpersonal skills with the ability to work with teams cross-functionally Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators Detail-oriented but able to understand the big picture. Highly organized and efficient Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments Experience with cloud-based services, specifically AWS Nice To Haves (see above): Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR Experience working with companies that have a heavy microservice architecture Education: Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. Job Posting Segment: Enterprise Technology Job Posting Primary Business: Corporate Global Information Security Primary Job Posting Category: Security Governance Employment Type: Full time Primary City, State, Region, Postal Code: Glendale, CA, USA Alternate City, State, Region, Postal Code: USA - CA - 2450 Broadway, USA - NY - 7 Hudson Square Date Posted: 2025-11-21

Loyola Marymount University (LMU) is seeking an experienced leader to serve as Director of Information Security & Compliance within our Information Technology Services (ITS) team. This role offers a strategic opportunity to shape and safeguard the university's digital environment, drive proactive risk management, and embed a culture of security across the organization. Reporting directly to the CIO/VP of IT, the Director will architect and manage a best-in-class information security and compliance program that supports LMU's mission of learning, holistic education, service, and justice. Under the general direction of the CIO/Vice President for Information Technology, the Director of Information Security and Compliance will serve as the University's Cybersecurity leader. The Director will create a modern and effective Information Security and Compliance Program that will drive the university's efforts to protect its information assets and ensure compliance with relevant regulations and standards. This role is pivotal in creating a secure and compliant digital environment that supports LMU's mission, values, and goals. The Director will leverage partnerships and collaboration to lead initiatives that result in measurable improvements in information security and compliance, fostering a culture of security awareness and proactive risk management. The Director will serve as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by LMU in compliance with regulatory and university requirements. The Director will oversee the university's compliance with applicable laws, regulations, and policies related to information security and privacy. Position Specific Responsibilities/Accountabilities * Enhance Security Posture: Develop and implement a comprehensive cybersecurity program that significantly reduces risks and vulnerabilities across the university's digital landscape. * Ensure Regulatory Compliance: Achieve and maintain compliance with relevant regulations and standards, ensuring that LMU meets all legal and regulatory requirements. * Collaborative Protection: Work closely with various campus partners, external stakeholders, and community partners to ensure that information assets and associated technologies are protected, resulting in a cohesive, unified, and well understood approach to information security and compliance. * Risk Management: Conduct thorough risk assessments and implement effective mitigation strategies, leading to a demonstrable reduction in potential threats. * Incident Response: Oversee and improve incident response and recovery efforts, ensuring swift and effective investigation and resolution of security incidents. * Policy Development: Create and enforce robust policies and procedures that safeguard information assets, leading to a well-documented and easily accessible framework for cybersecurity. * Training and Awareness: Provide comprehensive training and guidance to staff on cybersecurity best practices, resulting in a well-informed and vigilant workforce. * Monitoring and Reporting: Continuously monitor and report on the effectiveness of the cybersecurity program, providing clear metrics and insights that demonstrate progress and areas for improvement. * Leadership and Strategy: Plan and manage the strategy, people, processes, tools, services, and resources necessary to effectively support the program and meet strategic goals. * Business Continuity and Disaster Recovery: Orchestrate a secure, robust, and highly reliable approach to providing ITS services, during and after a disaster or disruption, to minimize negative impacts to business operations and maintain essential services. * Data Governance: Oversee the university's data governance efforts, ensuring that data is managed securely and in compliance with university policies and legal requirements. * Perform other related duties. Loyola Marymount University Expectations Exhibit behavior that supports the mission, vision, and values of the university. Communicate and employ interpersonal actions that model high standards of professional, responsible, accountable, and ethical conduct. Demonstrate a commitment to outstanding customer service. Requisite Qualifications * Typically a Bachelor's Degree from an accredited four-year institution in Computer Science, Information Technology, or Cybersecurity. * Seven years of experience in information security, with at least three years in a management role. * Experience in developing and implementing technology policy, especially in a University environment is desirable. * Professional certifications such as CISSP, CISM, or CISA are highly desirable. * Experience in developing and implementing technology policy, preferably in a University environment.\ * Strong knowledge of frameworks, standards, and best practices relating to Information Security, Privacy, Data Governance, and Business Continuity and Disaster Recovery Experience with regulatory compliance requirements (e.g., i.e. FERPA, HIPAA, GDPR, CCPA, and PCI-DSS). * Demonstrated excellent verbal and written communication skills, as well as presentation skills. Writing samples may be required. * Excellent analytical, problem-solving, and decision-making skills. * Strong communication and interpersonal skills, with the ability to effectively collaborate with diverse stakeholders. * Demonstrated ability to lead and manage a team of security professionals. The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of this position. #HERC# #HEJ# Staff Regular Salary range $146,800.00 - $205,500.00 Salary commensurate with education and experience. Please note that this position is not eligible for visa sponsorship now or in the future. Loyola Marymount University, a Carnegie classified R2 institution in the mainstream of American Catholic higher education, seeks outstanding applicants who value its mission and share its commitment to inclusive excellence, the education of the whole person, and the building of a just society. LMU is an equal opportunity employer committed to providing an environment free from discrimination and harassment as defined by federal, state and local law. We invite all persons in the full diversity of their being, life experience, and beliefs to apply. (Visit *********** for more information.)

RELOCATION ASSISTANCE: No relocation assistance available CLEARANCE TYPE: SecretTRAVEL: Yes, 25% of the TimeDescriptionAt Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. Put your skills to the test by pushing the boundaries of what's possible. From global defense to sustainment and modernization to mission readiness, your experience and ability will make it a reality. Our programs are built on equal parts of curiosity and collaboration. Our combined effort means our customers can connect and defend millions of people around the world. With Northrop Grumman, you'll have the opportunity to be an essential part of projects that will define your career, now and in the future. Northrop Grumman Defense Systems is seeking an Principal or Sr. Principal Industrial Security Analyst (3/4) for our Northridge, CA location. Roles and Responsibilities: Develops and administers physical security programs and procedures for classified or proprietary materials, documents, and equipment. Studies and implements federal security regulations that apply to company operations Obtains rulings, interpretations, and acceptable deviations for compliance with regulations from government agencies Prepares manuals outlining regulations, and establishes procedures for handling, storing, and keeping records, and for granting personnel and visitors access to restricted records and materials Conducts security education classes and security audits Ensures security compliance as a CSSO in accordance with DoDM 5205.07 Responsible for offsite and subcontractor security standups and posture ISA duties will include: CSSO for offsite and subcontractor sites associated with the program Support a fast-paced, high-profile program; creating, maintaining, and leveraging working relationships with internal and external customers Study and implement company and federal security policies, regulations, and procedures that apply to company operations Obtain rulings, interpretations, and acceptable deviations for compliance with regulations from government agencies Manage program security compliance and operations across multiple functions, including security SCIF and/or SAPF administration, PHYSEC, COMSEC, PERSEC, OPSEC, Contract Security, Security Education, Investigations, Visitor Control, and Document Control Management Develop and implement a security education and awareness program Conduct internal security audits. Investigate security violations and prepare reports specifying preventive action to be taken Ensure adherence to contractual guidance for classified programs and cleared facilities in accordance with the Security Statements of Work, DD Form 254, DoD Contract Security Classification Specifications guidance Assist program managers and professional staff in interpreting, applying, and complying with program Security Classification Guides (SCG) Provide personnel security (PERSEC) support to include but not limited to reviewing and processing required documentation in support of SCI and SAP nomination processes; maintain PERSEC databases; prepare and administer program indoctrination and debriefings; access, review, and submit clearance and access information using the appropriate government database and other information systems Provide facility security administration, documentation, and support: implement Standard Operating Procedures (SOP); conduct SCI and SAP security program self-inspections Provide security support for Sensitive Compartmented Information Facility (SCIF) and Special Access Program Facility (SAPF) build construction projects to include obtaining customer accreditation in accordance with SCI and SAP DoD Manuals, ICD, ICS Tech Spec, and other government requirements Manage and maintain UL-2050 Compliant Intrusion Detection Systems (IDS) and automated Access Control Systems (ACS) Other duties as assigned Basic Qualifications: Principal Industrial Security Analyst (level 3) Must have a high school diploma or GED with at least 9 years of related experience; OR 5 year of experience with a bachelor's degree Experience with any of the following: Government manuals (32 CFR Part 117, NISPOM, DODM 5205.07, etc.) Strong working knowledge of basic office automation tool suites such as MS Office (Word, Excel, PowerPoint) Excellent customer service and communication skills Must have an active Secret clearance Ability to maintain flexibility to deal with changing priorities and deadlines. Ability to work extended hours, in a fast paced, deadline driven environment, excellent communication skills speaking, writing skills and organized skills enabling effective communications CSSO Experience Ability to travel Basic Qualifications: Sr. Principal Industrial Security Analyst (level 4) Must have a high school diploma or GED with at least 12 years of related experience; OR 8 year of experience with a bachelor's degree Experience with any of the following: Government manuals (32 CFR Part 117, NISPOM, DODM 5205.07, etc.) Strong working knowledge of basic office automation tool suites such as MS Office (Word, Excel, PowerPoint) Excellent customer service and communication skills Must have an active Secret clearance Ability to maintain flexibility to deal with changing priorities and deadlines. Ability to work extended hours, in a fast paced, deadline driven environment, excellent communication skills speaking, writing skills and organized skills enabling effective communications CSSO Experience Ability to travel Preferred Qualifications: Experience Leading Security Teams from Subcontractors and Offsite Ability to work independently and follow projects through to completion. Current Top-Secret clearance Self-starter with minimal supervision Security experience in a manufacturing environment Supply Chain Security Experience Primary Level Salary Range: $94,200.00 - $141,200.00Secondary Level Salary Range: $117,500.00 - $176,300.00The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit *********************************** U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.

**THE COMPANY** **Silvus Technologies** is dedicated to one mission: connecting those who keep us safe. We do so by delivering the most advanced Mobile Ad-hoc Network (MANET) radios powered by our custom and ever-evolving Mobile-Networked MIMO waveform. Together, our radios and waveform provide the vital communications for mission critical applications in the harshest environments from underground tunnels to high altitude balloons. Silvus StreamCaster radios are being rapidly adopted by customers all over the world ranging from the U.S Departments of Defense, to International, Federal, State and Local Law Enforcement agencies, all the way to the Super Bowl, Grammys and industry-leading drone, robot, and other unmanned systems manufacturers. _Wouldn't you like to join an incredibly talented group of people, doing very challenging work, with the prime directive of "_ Keeping Our Heroes Connected (************************************** P0GLc) _"?_ Silvus' rapid growth is fueled by a focus on research and innovation and a team of the most passionate, skilled, and creative thinking individuals. _If you are looking for a challenging experience, you owe it to yourself to learn how Silvus can provide a rewarding opportunity that creates a pathway to a fulfilling career._ **THE OPPORTUNITY** Silvus is seeking a **Linux System and Security Analys** **t** to analyze, troubleshoot, automate, and conduct CyberSecurity activities based on Cybersecurity Maturity Model Certification (CMMC) and maintain the company's IT infrastructure. The position will exercise full ownership and decision-making authority over the resolution of end-user technical challenges, including hardware failures and software anomalies. This position's primary duty is to perform high-level systems analysis, security architecture, and risk assessment in support of organizational objectives. This includes exercising discretion and independent judgment on matters of significance to company-wide IT security and compliance. This position requires a DCSA clearance to be obtained within 12 months of employment. This position is fully onsite, Monday through Friday at Silvus Technologies' HQ in the heart of vibrant **West Los Angeles.** The following is a list of at least some of the current essential job functions of the position. Management may assign or reassign duties and responsibilities at any time at its discretion. **ROLE AND RESPONSIBILITIES** + Act as the primary technical advisor for diagnosing and resolving complex infrastructure issues, with autonomy to escalate or implement system-level changes to maintain Production department continuity. + Responsible for evaluating risks, designing secure systems in compliance with Cybersecurity Maturity Model Certification (CMMC) standards, and making strategic recommendations. + Provide Linux and Windows system desktop and server support, as well as network administration for the entire company based on the NIST CyberSecurity Framework. + For individuals with Security Clearance, apply Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG) to secure and maintain IT infrastructure, providing the necessary documentation and technical support required for continuous Authorization to Operate (ATO). + Responsible for Automated Deployment and monitoring of computer systems. + Oversee the planning and implementation of hardware lifecycle management for Windows and Linus-based servers and VMs. + Support vulnerability and patch management processes, ensuring all Linux vulnerabilities are remediated in accordance with NIST CyberSecurity Framework. + Support Engineering and R&D teams to ensure strict IT compliance with the CMMC framework, specifically with security controls. This role is critical in protecting Controlled Unclassified Information (CUI) and maintaining our accredited environment. + Develop and maintain documentation related to the company's IT infrastructure and support processes. + Oversee the governance and accuracy of the company's hardware and software asset inventory, ensuring appropriate lifecycle management and compliance with security and audit requirements. + May occasionally require on-call coverage overnight, on weekends, and on holidays. + Perform other related duties of which the above are representative. **REQUIRED QUALIFICATIONS** + Bachelor's degree or equivalent in an IT-related field. + 3 years of Linux-related work experience. + Experience with installing, troubleshooting, and/or maintaining Linux-based software and hardware installations. + Fluency in Linux CLI, TCP/IP, LAN/VLAN Networking, Patch Management, and Backup. + Highly proficient in Google Suite and MS Office (Excel, Word, PowerPoint). + Strong interpersonal skills with a positive and enthusiastic attitude. + Demonstrated ability to operate as a team member, supporting departmental decisions, policies, and procedures with a positive and communicative attitude with company colleagues. + **Must be a U.S. Citizen** due to clients under U.S. government contracts. + **Must be able to obtain DCSA clearance within 12 months of employment.** + **All employment is contingent upon the successful clearance of a background check.** **PREFERRED KNOWLEDGE, SKILLS AND ABILITIES** + Prior experience in a fast-paced office environment is a plus. **WORKING CONDITIONS & PHYSICAL REQUIREMENTS** + Office environment. + Occasional exposure to heat, cold, and allergens while performing tests or demonstrations in the field. + While performing the duties of this job, the employee is required to do the following: + Perform bending and reaching movements to place items on lower and higher shelves. + Kneeling or squatting to access lower shelves. + Must be able to lift up to 50 lbs. + Walking/Moving in the labs. **COMPENSATION** _The pay range is NOT a guarantee. It is based on market research and peer data, and will vary depending on the candidate's experience and qualifications._ CA Pay Range $80,000-$90,000 USD **NOTE - As a U.S. Federal Contractor, Silvus Technologies requires that ALL candidates being considered for employment for any position (regardless of level) MUST be a U.S. Person (permanent resident or citizen). Stricter U.S. Citizen ONLY requirements are needed for some Engineering or R&D roles. This generally does NOT apply to International positions; only job postings for positions located in the U.S. Exceptions will be included in the Required Qualifications section of the posted position.** **_All Employment is contingent upon the successful clearance of a background check._** Silvus is proud to be an equal-opportunity employer, and we value diversity. We do not discriminate on the basis of race, color, age, religion or belief, ancestry, national origin, sex (including pregnancy), sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, physical or mental disability, protected veteran status, genetic information, political affiliation, or any other factor protected by applicable federal, state, or local laws. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive benefits and privileges of employment. Please contact us to request accommodation. _*Silvus does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to Silvus Technologies._

Department Description At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: * Secure the Magic by protecting information systems and platforms. * Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. * Strengthen the business through optimizing execution, application, and technology used to protect the Company. * Innovate by investing in core capabilities to enhance operational efficiency. Team Description: Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. What You'll Do: * Independent audit support for: * SOX 404 ITGCs * PII * PCI * ISPS * Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. * Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. * Develop and lead the Control Assurance Programs (ISPS and SOX). * Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. * Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. * This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. * Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. * Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) * Ensure for timely management response of audit findings into our corporate SOCD/SAD. * Oversee ISPS Management Audit coordination and open action plans. * Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. * Management of GRC workflows around coordination of certifications and attestations. * Partner with leadership to support the PCI-DSS compliance program. * Develop training materials, coordinate training sessions, and monitor compliance with training requirements. * Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. * Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. * Provide executive level updates on Compliance programs Must Haves (Years of Experience, languages, programs, tools, etc.): * Minimum of 8 years of related work experience, with 3 in management roles * IT SOX experience and proven experience in supporting IT audit/compliance functions * Experience in managing people * Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives * Interpersonal skills with the ability to work with teams cross-functionally * Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators * Detail-oriented but able to understand the big picture. Highly organized and efficient * Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments * Experience with cloud-based services, specifically AWS Nice To Haves (see above): * Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR * Experience working with companies that have a heavy microservice architecture Education: Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. About The Walt Disney Company (Corporate): At Disney Corporate you can see how the businesses behind the Company's powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you'll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe. About The Walt Disney Company: The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney's stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished. This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate). Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, religion, color, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information or disability, or any other basis prohibited by federal, state or local law. Disney champions a business environment where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a constantly evolving world. Apply Now Apply Later Current Employees Apply via My Disney Career Explore Location

The Information Security organization at Sony Pictures Entertainment is responsible for protecting our content, systems, and data from being stolen, damaged, or destroyed. To do so, we are continuously improving our tools, capabilities, and processes to stay ahead of evolving threats. The Manager, Information Security Productions is accountable for operationalizing the Information Security Productions program across all SPE U.S. productions. This includes driving consistent implementation of approved security standards, tools, and controls; ensuring data-driven visibility into production security risk; and supporting compliance and readiness reporting to leadership. Success in this role requires strong cross-functional collaboration across Information Security, IT, S3, and production teams to embed security into creative workflows without friction, while ensuring protection of SPE's most valuable assets-our stories and intellectual property. This role will also ensure program consistency with regional and global counterparts, contribute to automation and standardization of key controls, and support ongoing improvement of information security for productions practices across the production lifecycle. Key indicators of success in this role will be: Business leaders have near real-time visibility into production information security risk using meaningful, actionable metrics that drive timely and effective decision-making. Consistent application of approved tools, workflows, and controls across productions, ensuring compliance and readiness reporting aligns with studio KPIs. Production teams trust SPE to provide a secure, highly available, and easy-to-use digital production environment that safeguards our content and data. Information Security, Physical Security, and IT operate as unified partners to protect SPE productions from concept to archive. Within this organization, we value learning, agility, and collaboration. The Manager, Information Security Productions (CC, US) will be a key contributor to Sony Pictures Entertainment's goal of being the most trusted studio in the industry. Responsibilities Provide visibility and actionable insight into Information Security risk across active U.S. productions. Monitor, analyze, and report on production security posture and key control performance metrics for each production. Partner with global InfoSec, Risk, Threat Intelligence, Incident Response, Training, and Governance teams to align production needs with enterprise programs. Prepare and present dashboards and reports on security trends, compliance status, and improvement opportunities. Support the development of production-specific metrics and KPIs to measure control effectiveness. With IT and Physical Security, maintain security controls in place for productions to most effectively meet our business goals. Operationalize the Production Information Security Program across U.S. productions. Ensure consistent implementation of approved security tools, policies, and workflows within productions. Coordinate adoption of automated controls with productions, such as provisioning, watermarking, and access telemetry. Support the standardization and scalability of production security practices across production titles and business units. Ensure and track production security culture, awareness, and response readiness. Amplify the reach of security training and awareness initiatives by coordinating rollout to productions, ensuring consistent messaging and participation tracking. Gather feedback from productions to help refine information security for productions training and awareness efforts. Partner with Incident Response to ensure clear communications, timely follow-up, and closure of corrective actions. Track cultural and operational readiness indicators (e.g., onboarding rates, reporting engagement, post-incident improvements) to measure program maturity and continuous improvement. Qualifications 5+ Years of experience in Information Security, Information Technology or a related field 5+ Years of experience in an organization directly involved in movie, television and/or other entertainment production, or equivalent educational experience. Bachelor's degree preferred Strong understanding of the technologies, tools and processes used in production of movies and/or television. Knowledge of Information Security frameworks, standards and best practices and their relevance to business success Specific knowledge of processes, tools and practices used to maintain confidentiality in the context of movie and television productions. Ability to develop and maintain meaningful metrics to track program and process effectiveness. Strong planning and analytical skills Strong communications skills The anticipated base salary for this position is $115,000-$150,000. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position. Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics. SPE will consider qualified applicants with arrest or conviction records in accordance with applicable law. To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.

Department Description At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: Secure the Magic by protecting information systems and platforms. Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. Strengthen the business through optimizing execution, application, and technology used to protect the Company. Innovate by investing in core capabilities to enhance operational efficiency. Team Description: Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. What You'll Do: Independent audit support for: SOX 404 ITGCs PII PCI ISPS Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. Develop and lead the Control Assurance Programs (ISPS and SOX). Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) Ensure for timely management response of audit findings into our corporate SOCD/SAD. Oversee ISPS Management Audit coordination and open action plans. Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. Management of GRC workflows around coordination of certifications and attestations. Partner with leadership to support the PCI-DSS compliance program. Develop training materials, coordinate training sessions, and monitor compliance with training requirements. Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. Provide executive level updates on Compliance programs Must Haves (Years of Experience, languages, programs, tools, etc.): Minimum of 8 years of related work experience, with 3 in management roles IT SOX experience and proven experience in supporting IT audit/compliance functions Experience in managing people Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives Interpersonal skills with the ability to work with teams cross-functionally Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators Detail-oriented but able to understand the big picture. Highly organized and efficient Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments Experience with cloud-based services, specifically AWS Nice To Haves (see above): Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR Experience working with companies that have a heavy microservice architecture Education: Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. Job Posting Segment: Enterprise Technology Job Posting Primary Business: Corporate Global Information Security Primary Job Posting Category: Security Governance Employment Type: Full time Primary City, State, Region, Postal Code: Glendale, CA, USA Alternate City, State, Region, Postal Code: USA - CA - 2450 Broadway, USA - NY - 7 Hudson Square Date Posted: 2025-11-21