Information security analyst jobs in Greenburgh, NY - 115 jobs

Information Security Analyst Duration : 12 Months Total Hours/week : 40.00 Client: Medical Device Company Job Category: Operations/Technical Level Of Experience: Senior Level Employment Type: Contract on W2 (Need US Citizens Or GC Holders Only) Job Description: Information Security Analyst, Threat and Vulnerability Management This role will focus on Tactical Intelligence and Vulnerability Management. Threat and Vulnerability Management This person has experience in risk prioritization, navigating sources for identification and assessment of threats, and conducting cross-functional awareness for addressing risk. They will have experience assisting with vulnerability scanning and analysis, threat intelligence tools and working across a matrixed environment to assess indicators and triage risk. You will leverage a broad array of threat information. Additionally, you will proactively drive hunting and analysis and conduct technical research and analysis on emerging threats. You are comfortable providing fact-based reports to various levels of the organization within a fast-paced environment. You have previous tactical intelligence or vulnerability management experience, understand the fundamentals of reducing attack surfaces, and possess effective analytical skills. You will be accountable for setting your own work direction and completing tasks. Key Responsibilities (Top Tasks & Outcomes for Which This Position Will be Accountable) Experience recognizing threats and conducting analysis on emerging threats and how they relate specifically to client Provide written analysis of findings to communicate potential risks and impact Experience in network security analysis and log-centric analysis (SIEM) Understanding and reporting of attacker Indicators of Compromise Monitoring intrusion detection systems and identifying host and network-based intrusions via intrusion detection technologies Provide attack surface management training and development Manage risk reporting and escalation to cross-functional teams in a cooperative manner Other responsibilities as necessary Perform risk identification and triage with incident management Assist with additional projects as needed Skills and Knowledge Required Strong communication and project management skills Requires a highly motivated, dynamic and customer-centric associate who thrives in a challenging and changing environment Working knowledge of crisis management communication, incident response and handling methodologies, NIST cybersecurity standards and FDA cybersecurity guidance Effective meeting management and group facilitation skills Experience: 2-3 years' experience in a security operations full-time role Educational A minimum of a bachelor's degree required. Ideal candidate will have a degree in computer science, communication, or other technical discipline. Knowledge, Skills & Abilities In-depth knowledge of computer operating systems, including Windows, IoS and Linux a plus Experience with intelligence tools and applications Knowledge of Healthcare rubrics for vulnerability scoring and threat modelling Preferred Certifications: CERT-Certified Computer Security Incident Handler Certification, CISSP, HCISSP Detail-oriented with the ability to promptly assess documents for accuracy as well as consistency Strong interpersonal skills with the ability to influence others in a positive and effective manner Ability to work in a team environment Excellent communication skills; both oral and written

Why us? You will be part of a team that believes that believes in employees success! They are a dynamic, fast growing company with great opportunities and an employee focused company culture. Join this fantastic team today and make a difference in your life and the lives of those around you! They are an equal opportunity employer and value diversity at our company. Job Description Strong knowledge of Information Security concepts such as: •Encryption, Cloud and Mobile Device Security •Data Loss and Prevention tools and solutions •Risk-Threat Analysis and Vulnerability Assessments •Enterprise Security Monitoring, Role-Based Access Control (RBAC) •Identity and Access Management, Computer Forensic •IT Audit and Compliance, Regulatory Requirements (HIPAA, CMS, FISMA, et. al.) •Knowledge of common vulnerability tools, and the ability to identify basic categories of vulnerability. Sounds like you? then ping us with your most updated resume. We'd love to talk to you! We are excited about the companies growth and the role you will play with them. Qualifications Desired Skills & Experience: You hold a Bachelor's degree in any domain. You are certified in CISSP, or CISA, or CEH, required. You have more than 1 year experience working in the IT security function. You have good experience with Operating System, Database, Network and Application Security . Additional Information All your information will be kept confidential according to EEO guidelines. Ping me at **********************

The Information Security Analyst plays a key role in advancing the company's Governance, Risk & Compliance (GRC) program by protecting enterprise information assets and ensuring compliance with regulatory, contractual, and ethical standards. This position offers hands-on experience across multiple security domains including policy governance, risk management, AI governance, and data security, making it an excellent opportunity for early career professionals or recent graduates passionate about cybersecurity and emerging technology risks. In this role, you will collaborate with teams across Information Security, IT, and Legal to drive initiatives that safeguard sensitive data, maintain compliance obligations, and promote responsible use of artificial intelligence and other advanced technologies. Responsibilities Governance & Policy Management Assist in developing, maintaining, and aligning information security policies with frameworks such as NIST CSF, ISO 27001, SOC 2, CIS, and the NIST AI RMF. Contribute to documentation and control mapping for new or updated regulations related to AI, privacy, and data protection (e.g., GDPR, CCPA, NIST 800-53 Rev 5). Support internal policy review cycles, ensuring consistent version control and executive approval. Risk Management Participate in enterprise risk assessments, including third-party, application, and AI model risk reviews. Help identify, document, and track remediation of security and privacy risks within the GRC platform (e.g., Drata, ServiceNow GRC, OneTrust, Vanta, etc.). Support the development of risk metrics and dashboards for leadership reporting. Learn to evaluate AI-related risks such as model bias, data leakage, data lineage, model transparency, and unintended data exposure. Data Governance & Data Security Assist with data classification, retention, and handling standards, ensuring sensitive data is appropriately protected. Support data inventory and mapping efforts to improve visibility where critical data resides. Help review access controls, encryption standards, and secure data transfer processes in coordination with IT teams. Collaborate with the IT team to ensure alignment between data quality, privacy, and security controls. Compliance & Audit Support Gather and organize evidence for internal and external audits (ISO 27001, PCI, HIPAA, etc.). Maintain control documentation and track audit remediation activities. Support continuous monitoring of compliance requirements and updates to regulatory obligations, including emerging AI governance and data-related laws. AI Governance Support Contribute to inventories of AI tools and use cases across the enterprise. Assist in risk assessments for AI systems, ensuring they align with responsible AI principles such as fairness, accountability, and transparency. Collaborate with IT and legal teams to ensure that AI use complies with company policies. Security Awareness & Communication Help design and distribute training materials related to cybersecurity, data protection, and responsible AI practices. Support internal campaigns promoting secure data handling and ethical technology usage. Prepare metrics, dashboards, and presentations for leadership briefings. Continuous Improvement Participate in projects that automate or streamline GRC processes, such as policy lifecycle management or risk scoring. Stay informed about new threats, regulatory trends, and AI governance frameworks. Engage in ongoing professional development and certification opportunities. Qualifications Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Data Science, or a related field is preferred 0-2 years of experience in cybersecurity, risk management, compliance, or data governance (internship or coursework acceptable). Understanding of cybersecurity principles, risk management, and data privacy fundamentals. Basic familiarity with AI systems, data governance concepts, or information security practices. Strong analytical, communication, and documentation skills. Ability to manage multiple priorities in a fast-paced environment. Proficient in Microsoft Excel, PowerPoint, and data analysis or GRC tools. Exposure to frameworks such as NIST CSF, ISO 27001, SOC 2, NIST AI RMF, or COBIT. Must be able to work in the U.S. without sponsorship Per applicable state requirements, the annual pay range for this position ($60,500 - $84,000) which consists of base salary (subject to performance), reflects the hiring range for candidates. Also note, an individual's offer may vary from this range as it may be impacted by additional factors, including but not limited to the candidate's hiring location, qualifications, experience, and market factors.

We are seeking a Senior Security DevOps Engineer who will be responsible for a variety of objectives resulting in risk mitigation and remediation of internal & external security threats. This role performs advanced threat analysis, threat intelligence gathering & reporting, incident response activities, improves accuracy of security systems, improves existing processes, and works on Cybersecurity focused projects. Contract to hire Onsite 2 days a week located in New York Cybersecurity - Cyber Intelligence & Incident Response Responds to and remediates email, endpoint, threat intelligence, and network-based threats; provides forensic investigation and support. Provides after-hours support as needed for response activities. Integration experience. Collaborates with cross divisional and Cybersecurity teams to continuously improve security capabilities and response to threats in the most efficient and effective manner. Assists with projects to implement advanced technologies to prevent & identify malicious behavior within cloud environments, networks, endpoints, and email technologies. Operates products such as SIEM, SOAR, threat intelligence platforms, advanced email protection, EDR, cloud security products, IDS/IPS, Zero Trust tooling, and other security technologies. Scripting experience. Implements and performs threat analysis utilizing industry standard frameworks (kill chain/diamond model) and techniques. Proposes and helps review security plans and policies to improve environmental security. Maintains and produces metrics, operational playbooks, process diagrams and documentation for the Cybersecurity program. AWS and/or Azure knowledge. Produces and distributes operational and tactical threat intelligence reports. Other duties may be assigned as needed to address new security threats facing the enterprise. Ability to: Demonstrate great teamwork and partnership with internal teams for resolution of security-based issues. Python programming tasks and understand of programming in general. Perform security event correlation, triage, and analysis. Apply security Threat Intelligence while responding to and investigating security events or Incidents. Identify when an application, network, system, or user has been compromised by an internal or external threat. Work on multiple projects to improve security capabilities. Exercise strong understanding of defense-in-depth security best practices. Apply security engineering and architecture concepts to best understand how to employ the most effective security monitoring, response, and threat reporting. Demonstrate effective communication of security issues and topics to management and others. Work well under pressure and within a high paced environment. Maintain operational guidelines and standards for Cybersecurity.

Radware is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. At Radware, we live and breathe cybersecurity. It is our passion. Each day, our international team works to earn the trust of more than 12,500 organizations around the globe. Keeping them safe is our mission. To that end, we go head-to-head with politically motivated hacktivists, dangerous nation-state threat actors and other notorious cyber attackers - these are not your average adversaries. Backed by nearly 30 years of experience, Radware is best known for its technical excellence and innovative network and application security solutions. That is why it is so important that we build our team with bold and bright talent. About the Team\: The Security Analyst will join the Emergency Response Team in Radware's Managed Services business unit. The ERT Team provides immediate and direct security support for customers under attack, ensuring the continued functioning of protected services and, ultimately, customer satisfaction. What is the job\: The Emergency Response Team (ERT) Security Analyst fuels the success of customers by serving as the primary contact when timely assistance is needed the most. If you are an energetic, upstart engineer who enjoys working in a fast-paced environment and interacting with people under pressure, this could be the position for you. What you need: · At least 1 year experience in application security or Master's degree in Cyber Security · Good understanding of network design (e.g. LAN/WAN, switches/routers, routing protocols such as BGP and OSPF) and protocols (e.g., IPv4, TCP/IP, VPN, IPSec, HTTP, DNS) · Good understanding of and experience with security · Wireshark, Kali Linux · Customer and service oriented · Good troubleshooting and diagnosis capabilities · Willing to be on alert during off-work hours · Excellent communication skills and team work · Excellent time management, multi-tasking, and prioritization skills · Perceptive, fast learner, and able to perform well under pressure How can you stand out: · Experience in similar positions/companies · BSc/BA in Computer Science or equivalent · Knowledge in scripting language · Graduated Networking or Security courses Why you should join us: Employees from more than 40 countries have chosen Radware as a place where they can belong. Radware has been recognized by Glassdoor and BDI as one of the World's Best Places to Work, ranking among the top 100 companies across the globe in the IT category. Radware has also been named a Gold Winner for Application Security in the 2023 Globee Cybersecurity Awards, by Forrester a Leader in DDoS Protection, and has been named a Leader in WAF Market by Quadrant Knowledge Solutions. We are equally committed to our people. We strive to create a dynamic work environment that celebrates diversity, promotes equality, and thrives on the unique contributions of each individual. If you are ready to be part of a global-minded company that is inspired to create a better, safer future; and if and want to fight for the good guys and be at the forefront of helping companies protect their most critical assets from today's cyber adversaries, then you've found the right fit at Radware. Salary Range\: $93k-$118k #LI-TM1

**Duration: 12 months contract (with possible extension)** ***Note: Open to candidates who are willing to relocate at their own expense.** + The Workday Application Security Analyst is responsible for ensuring the confidentiality, integrity, and availability of data within the Workday system. + They design, implement, and maintain security configurations, including roles, permissions, and access controls, to protect organizational data and comply with company policies, industry standards, and regulatory requirements. **Job Functions & Responsibilities** + Develop and implement security roles, domain security policies, data and business process security within Workday + Ensure secure integration with other on‐premise and cloud applications like GRC tools + Configure and manage access permissions to ensure users have the appropriate level of access to data and functionality + Ensure compliance with company policies, industry standards (like SOC 2), and regulatory requirements (like GDPR) + Conduct regular security audits and assessments to identify vulnerabilities and areas for improvement + Assist in investigating and responding to security incidents, identifying root causes, and implementing preventive measures + Collaborate with IT, HR, and other stakeholders to align security efforts with business needs and ensure effective communication of security policies and procedures + Create and maintain documentation for security policies, procedures, and configurations, and provide training to users on security best practices + Stay abreast of Workday updates, industry trends, and emerging security threats to continuously improve security configurations and processes + Familiarity with other ERPs like SAP is preferred + Familiarity with GRC and Workday SoD (Segregation of Duties) management is desired **Skills** + SAP ERP (S/4 HANA is a plus) + Workday + Active Directory group management + GRC AC 10.1 and above + Microsoft Clienture + SuccessFactors + Applicable functional knowledge for SAP security areas like Finance, MM, ISU billing, etc. + SAP audit & compliance **Education & Certifications** + Bachelor's degree in engineering, IT, or related field + 7-10 years of hands‐on industry experience in Workday Security implementation and administration + Strong ITGC compliance knowledge for Workday + Familiarity with Workday risk management and GRC integration + Ability to identify, analyze, and resolve complex security and compliance issues + Strong interpersonal and communication skills, with the ability to effectively collaborate with diverse teams ** About US Tech Solutions:** US Tech Solutions is a global staff augmentation firm providing a wide range of talent on-demand and total workforce solutions. To know more about US Tech Solutions, please visit *********************** (*********************************** . US Tech Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Procom is a leading provider of professional IT services and staffing to businesses and governments in Canada. With revenues over $500 million, the Branham Group has recognized Procom as the 3rd largest professional services firm in Canada and is now the largest “Canadian-Owned” IT staffing/consulting company. Procom's areas of staffing expertise include: • Application Development • Project Management • Quality Assurance • Business/Systems Analysis • Datawarehouse & Business Intelligence • Infrastructure & Network Services • Risk Management & Compliance • Business Continuity & Disaster Recovery • Security & Privacy Specialties• Contract Staffing (Staff Augmentation) • Permanent Placement (Staff Augmentation) • ICAP (Contractor Payroll) • Flextrack (Vendor Management System) Job Description Intranet/Firewall Security Analyst On behalf of our client, Procom Services is searching for a Intranet/Firewall Security Analyst for a contract opportunity in Jersey City, New Jersey. Intranet/Firewall Security Analyst Job Details • Analyze data and identify patterns to uncover risk attributes • Assist with the development of Key Risk Indicator Dashboards • Monitor various internal reporting channels for relevant events • Maintain & Update Information Security Policy & Standard Library • Maintain Information Security Intranet Portal • Other duties as required Intranet/Firewall Security Analyst Mandatory Skills A solid knowledge of metric and KRI development is necessary. • Basic understanding of common information security risks and control processes • Basic understanding of modern technical security controls (i.e. firewalls, SIEMS, IPS, HIPS, web proxies). • Strong verbal and written communication skills, interpersonal and collaborative skills • Minimum of five experience in the financial services industry and IT Security, Audit or Risk field • CISSP, CISA, CEH certifications a plus • Knowledge of several information security frameworks including: FFIEC, ISO 27001, COBIT, NIST 500 & 800 • Bachelor's degree in Computer Systems preferred • Must exhibit poise and the ability to act calmly and competently in high pressure situations • High level of personal integrity, as well as, the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity • A consummate team player Intranet/Firewall Security Analyst Start Date ASAP Intranet/Firewall Security Analyst Assignment Length 5+ months Additional Information All your information will be kept confidential according to EEO guidelines. Please send your resume in Word format only.

Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded. The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details. Job Summary: The Assistant Vice President in Security Engineering will be responsible for supporting and enhancing Unix-based security infrastructure across enterprise environments. This role requires deep technical expertise in AIX and RedHat Linux systems, along with strong scripting skills in Bash, Korn, Shell, and Python to automate security tasks and streamline operations. The candidate should be proficient in using Ansible for configuration management and have a solid understanding of TCP/IP networking principles. Key responsibilities include analyzing system logs to identify and resolve issues, utilizing Splunk and SIEM platforms for threat detection, and ensuring secure configurations across Unix systems. The role also involves working with threat detection tools and file integrity monitoring solutions, as well as managing SSH protocols and secure key access. Responsibilities: * Administer and secure Unix-based systems (AIX, RedHat Linux) across enterprise environments, ensuring compliance with internal security policies and external regulatory standards * Develop and maintain automation scripts using Bash, Korn, Shell, and Python to support security operations and system hardening * Assist in improving Ansible playbooks for secure configuration deployment and infrastructure consistency * Monitor and analyze system logs to identify anomalies, troubleshooting issues, and supporting incident response efforts * Utilize SIEM platforms such as Splunk to detect threats, correlate events, and support forensic investigations * Evaluate and remediate insecure configurations across Unix systems, contributing to continuous improvement of security posture * Support threat detection and file integrity monitoring initiatives, integrating tools and processes into Unix environments * Secure SSH configurations, including key management, access controls, and audit logging * Collaborate with cross-functional teams to support secure application deployments and infrastructure changes * Contribute to the development of security metrics and reporting to track system health, compliance, and risk indicators Qualifications: * 3 to 5 years background in IT administration with emphasis on Unix systems, including AIX and RedHat Linux * Proficient in scripting languages such as Bash, Korn, Shell, and Python, with a focus on security automation and tooling. * Experience with Ansible is a plus, but not required * Familiarity with TCP/IP networking, including secure configuration and troubleshooting * Skilled in log analysis and issue identification using native Unix tools and centralized logging platforms * Hands-on experience with Splunk and other SIEM technologies for monitoring and threat detection * Ability to identify and remediate insecure configurations across Unix-based systems * Exposure to threat detection methodologies and file integrity monitoring tools * Deep understanding of SSH, including secure key management and access control Education: * Bachelor's degree in Computer Science or a closely-related discipline, or an equivalent combination of formal education and experience "Visa sponsorship/support is based on business needs. We do not anticipate providing visa sponsorship/support for this position." The typical base pay range for this role is between $113k - $146k depending on job-related knowledge, skills, experience, and location. This role may also be eligible for certain discretionary performance-based bonuses and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below. MUFG Benefits Summary We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any. The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified. We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.

Your opportunity As an Information Security Engineer, you play a critical role in designing and implementing security mechanisms to protect Vytalize data and information systems. Responsibilities involve assessing risks, designing information system security architecture. Performing regular control assessments to identify control deficiencies and coordinating security risk assessments across the ecosystem, audits or information security program certifications. Conducting third party information security risk assessments. Working as a team to respond and manage information security events. What You Will Do Incident Response Assist in the testing of the incident response plans to effectively address and mitigate security breaches or compliance violations. Assist in the testing of the business continuity plans and disaster recovery plan to effectively sustain business process and to effectively restore the operability of a system, application, or infrastructure to effectively restore the operability of a system, application, or infrastructure during and after a cyber incident disruption. Responding and resolving information security events and escalation. Security Architecture Design Evaluate and assess security technologies, tools, and solutions to determine their suitability and effectiveness in addressing the organization's security needs. Design cloud security strategies, and implement controls to protect data, applications, and infrastructure hosted in the cloud. In coordination with the information security team, design security architecture to protect an organization's entire IT infrastructure, including networks, systems, applications, and data that align with business objectives and compliance requirements. Risk Assessment and Audits Maintain and monitor the cyber security risk register with the risks, risk ratings, risk mitigation strategies and action plans. Assist with data gathering and coordination with the various teams for audits and risk assessments. Training and Awareness Monitor the training campaigns to demonstrate the effectiveness of the training program and improve phishing detection and response. Supplier Risk Conduct vendor risk assessments to identify and document potential supplier cyber security risks, threats, and vulnerabilities for management approval. Develop a process for third-party compliance requests monitoring and tracking and ensure timely completion Compliance Oversight Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to the information security policies. Develop and maintain a cyber security framework continuous assessment process to provide assurances that the controls in place are operating effectively. Vulnerability Management Monitor remediation of the vulnerability assessment findings, including penetration test, Collaboration and Communication Collaborating with cross-functional teams Communicate security risks, issues, and recommendations to senior management and stakeholders. What will make you successful here Work experience in the healthcare information security field. Previous Health Information Technology (HIT) experience implementing controls to meet federal security and privacy regulations. 3+ years of relevant work experience in IT security in a complex enterprise environment, preferred. Demonstrated knowledge of information technology processes, risks, infrastructure, and information security. Experience with incident response and vulnerability management. Knowledge of Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), and Payment Card Industry Data Security Standards (PCI DSS). Experience with information security assessments and audits. Strong written and verbal communication skills Effective collaboration with stakeholders across departments and affiliated organizations. Ability to analyze information system security design and recommended configuration. Detailed oriented. Preferred expertise in security assessment methodologies. Ability to work effectively in a complex enterprise environment. Perks/Benefits Competitive base compensation Annual bonus potential Health benefits effective on start date Health & Wellness Program; up to $300 per quarter for your overall well-being available on start date 401K plan effective on the first of the month after your start date; 100% of up to 4% of your annual salary Unlimited (or generous) paid "Vytal Time", and 5 paid sick days after your first 90 days Company paid STD/LTD Technology setup Ability to help build a market leader in value-based healthcare at a rapidly growing organization *Please note at no time during our screening, interview, or selection process do we ask for additional personal information (beyond your resume) or account/financial information. We will also never ask for you to purchase anything; nor will we ever interview you via text message. Any communication received from a Vytalize Health recruiter during your screening, interviewing, or selection process will come from an email ending in @ vytalizehealth.com *We fully embrace the power of AI and encourage innovative, responsible use of emerging technologies in our work. However, during the interview and assessment process, it's essential that we evaluate your individual skills, problem-solving ability, and technical mastery without external assistance. Candidates must complete all interviews and assessments independently. Use of AI tools, platforms, or automated assistance during interviews or assessments is not permitted. Unauthorized use will result in immediate disqualification from the hiring process and withdrawal of employment consideration. Our goal is to ensure a fair and accurate assessment of your true capabilities-the same creativity and critical thinking we value once you join our team.

Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies. As a Lead Security Engineer at JP Morgan Chase within the Cybersecurity & Technology Controls, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions. Job responsibilities Lead and manage the security engineering team, providing guidance, mentorship, and support. Oversee the design, implementation, and maintenance of security solutions for enterprise-scale deployments. Specific experience deploying commercial software at scale into an enterprise environment. Develop and enforce robust change management practices to ensure system integrity and security. Show strong experience defining and implementing infrastructure as Code (IaC), working with CI/CD pipelines, and associated automation tooling. Function in systems engineering, systems integrations, and systems administration roles. Demonstrate strong working knowledge of Windows and Linux systems internals. Execute on key deliverables in the security engineering space. Design and develop production deployments with the ability to think beyond routine or conventional approaches in order to deliver technology solutions for key stakeholders. Develop secure and high-quality production code and review and debug code written by others. Able to implement complex business logic in Python, Bash, PowerShell, and other scripting languages. Engage effectively with third-party vendors and communicate and collaborate with a broad range of internal teams. Minimize security vulnerabilities by following industry insights and government regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls. Work with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability. Add to team culture of diversity, equity, inclusion, and respect. Required qualifications, capabilities, and skills Formal training or certification on Engineering and/or Cybersecurity concepts and 5+ years applied experience as a software engineer, cloud engineer, DevOps engineer, or equivalent role. Demonstrated skills in planning, designing, and implementing enterprise level security solutions. Commanding knowledge of a programming/scripting language for automation and integration tasks. Proficiency in all aspects of the Software Development Life Cycle. Strong analytical experience with problem solving mindset and the ability to solve complex challenges. Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security. Preferred qualifications, capabilities, and skills Cloud computing related certifications with an AWS focus are strongly preferred, such as Certified Solutions Architect, DevOps Engineer, or similar. Experience effectively communicating with senior business leaders.

Energy. It defines LanceSoft. Consider our unique ‘keep apace' operational culture, the spirited lot of hand-picked professionals, our ‘up-to-the-minute' knowledge base, together they form a dynamic mix of value-generating characteristics that help us delve into the heart of a problem to deliver precise services and solutions - repeatedly. In business since 2000, LanceSoft is a reputed and credible Contingent Workforce Management Services firm that has established itself as a pioneer in providing highly scalable workforce solutions and exceptionally competent global IT services to a diverse set of customers across various industries around the globe. LanceSoft is headquartered out of the Washington DC Metropolitan (Herndon, VA) and operates out of various locations in the US, Canada and India Job Description The associate would join a project team responsible for critical Identity and Access Management projects utilizing Forefront Identity Manager to facilitate process automation. - The team member would be responsible for: o Quickly learning BD's onboarding and termination automated procedures. o Providing End User Training and Support for Forefront Identity Manager processes. o Documenting and training IT staff on Forefront Identity Manager processes. o Facilitate and execute testing of new ForeFront Identity Manager functionality (additional source systems, workflows, roles and permissions). o Facilitate global Active Directory data integrity remediation of User and Group objects. Qualifications Strong Identity and Access Management foundation in Active Directory and Forefront Identity Manager. SAP GRC and ABAP security design is a nice to have. - Excellent Powershell, LDAP or equivalent scripting and reporting skills including heavy Microsoft Excel and CSV based Extract, Transform and Load operations. - Excellent verbal and written communication skills. - Must have hands on experience implementing large FIM projects - Must have strong technical writing capabilities related to FIM Additional Information Looking for a candidate who has strong Active Directory Reporting. BD is doing a massive clean up in Active Directory . Also this candidate must be able to do training for new customers and have good communication skills.

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Sr. Information Security Officer - Gen AI will be a member of the Business Information Security Office (BISO) residing within the Global Information Security (GIS) organization. In this role you will work closely with the line of business, their Chief Operating Officer (COO) and supporting technology teams from the Chief Information Officer (CIO)/Chief Technology Officer (CTO). This job is responsible for partnering with senior leaders to balance the needs of the business while ensuring information security risk are appropriately identified and managed to mitigate risk to the organization and drive uncompromising cyber security protection. The role will also support a group/team to develop a deep understanding of the business to lead specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities and enable you to provide guidance on information security topics, policies, and controls. Job expectations include acting as an integrated business partner with cross-functional senior leaders to provide blended security and business expertise to ensure appropriate business management of information security risks. This position will be integral to activities establishing and maintaining a strong security posture with respect to Generative Artificial Intelligence (AI) applications and workloads both internal and external to Bank of America. Key Responsibilities in order of criticality: * Leads cybersecurity risk assessments of Generative AI use cases, including assessment of the inherent risk and control effectiveness * Guides business leaders and technology organizations on initiatives requiring Global Information Security engagement and/or manage problem resolution on cyber security related issues * Serves as a common risk control partner to identify emerging security risks in the portfolio * Drives adherence and appropriate risk tolerance levels, operating in accordance with the information security policies defined to protect against threats to data confidentiality, integrity, and availability * Promotes awareness of current and emerging cybersecurity threats and advise on potential information security exposure * Facilitates risk reviews across logical and physical boundaries to identify gaps and recommend secure designs * Interprets the information security requirements outlined in policy, standards and procedures as well as reinforces requirements through education and awareness * Leads as a "security ambassador" to help business leaders drive strategic and innovative risk mitigation priorities and navigate the Global Information Security organization Required Qualifications: * 8+ years of experience in cybersecurity, with at least 2 years focused on cyber assessment of Artificial Intelligence or Machine Learning systems * A deep understanding of Generative AI/Large Language Models and assessment frameworks including MITRE ATLAS, OWASP Top 10 for LLM and GenAI, and NIST AI RMF * In-depth knowledge of cybersecurity threats, controls and technologies, with a deep understanding/experience with software developer experiences to bridge the gap between the theoretical and practical application * Ability to apply knowledge of internal and external information vulnerabilities to evaluate the degree of threat to an information system and answer tactical questions about current operations, predict future behavior or recommend appropriate mitigation countermeasures * Ability to manage and design controls that may contribute to a remediation plan developed to address policy, technology, environmental, and/or operational gaps * Ability to bring multiple stakeholders together, including senior business and technology leaders, and cut to the heart of issues to reach consensus * Ability to decompose complex issues and drive timely decisions, knowing when to engage others for additional input, and when to act independently * Bias for action and a commitment to build partnerships in a dynamic risk & threat driven environment * Strong interpersonal skills; ability to make effective presentations and communicate technical concepts to non-technical parties * Ability to identify, measure, monitor, and control risk as part of daily business activities, with a focus on specific risk types (e.g., Strategic, Credit, Market, Liquidity, Operational, Compliance, Reputational) * Ability to design, architect, analyze, support, and secure cloud-based workloads * Excellent communication, influencing and facilitation skills Shift: 1st shift (United States of America) Hours Per Week: 40

Salary: $90,000-$130,000 + 5% Annual Bonus + Benefits Benefits: Medical, Dental, Vision, Life & Disability, 401K w/ 4% Match, PTO Job Type: Full-Time, 2-3 days on site in Stamford, CT Core Hours: Monday-Friday, 8:00am-5:00pm Start Date: ASAP Sponsorship: Not available Relocation Assistance: Not Available Travel: Up to 15% Domestic Strategic IT Analyst/Internal Consultant Description Our client in the manufacturing industry is seeking a Strategic IT Analyst to join their team in Stamford, CT, supporting the company's ongoing growth and digital transformation. This is an excellent opportunity for a candidate with a growth mindset and strong interest in technology who can bring curiosity, flexibility, and problem-solving skills to a wide variety of projects. Under the guidance of the Director of Business Applications, you will be supported as you take on initiatives such as streamlining and automating processes, evaluating technology tools to drive efficiency across the business, and interfacing with stakeholders to identify pain points and craft technology solutions. To succeed, you must be comfortable stepping into unstructured problems, asking thoughtful questions, considering dependencies and impacts, and proposing creative solutions. Prior IT or consulting experience is a plus, but openness, adaptability, and motivation are even more important. This is a great opportunity to play a key role in the digital transformation of a profitable and growth-focused organization. Strategic IT Analyst/Internal Consultant Responsibilities • Collaborate with business users to capture pain points and requirements • Document current and future-state business processes for digital transformation initiatives • Explore new technology tools and develop business cases for their implementation • Translate requirements into clear functional specs for software and data teams • Facilitate discussions to align business and technical stakeholders • Identify gaps and recommend process and system improvements • Support continuous improvement efforts for the corporate technology organization • Assist with user acceptance testing and validate business needs • Prepare training materials and support user onboarding Strategic IT Analyst/Internal Consultant Qualifications • Bachelor's degree is required • 1+ years of strategic problem-solving experience is required • Strong interest in technology and willingness to take on a broad range of projects is required • Solid skills in documentation and stakeholder communication are required • Ability to work on-site in Stamford, CT (2-3 days per week) and travel up to 15% is required

This is a hybrid role with 1-3 days in the office in Irvington, NY. We are seeking candidates who will not require sponsorship now or in the future We are seeking a Security Engineer to join our team and protect the systems, networks, and data essential to our business. In this position, you will focus on securing our corporate IT infrastructure, maintaining regulatory compliance, and ensuring the safety of our e-commerce platforms. Dimensions and Contacts Internal Collaboration The Security Engineer collaborates extensively with various cross-functional teams within the organization. These include IT Operations, Network Engineering, Software Development, Cloud Infrastructure, and Governance, Risk, and Compliance (GRC). In this capacity, the Security Engineer offers technical security guidance, supports project teams during the solution design phase, and works directly with system owners to implement secure configurations and controls. Business Stakeholders This role involves frequent interaction with product managers, business analysts, and departmental leaders to fully understand business requirements. The Security Engineer assesses the potential security impacts of business initiatives and communicates related risks in clear and actionable terms, ensuring all stakeholders remain informed and engaged. Security and Incident Response The Security Engineer coordinates closely with the Cybersecurity team, Security Operations Center (SOC) analysts, and incident responders during threat investigations, vulnerability remediation, and security events. The individual may also serve as a technical escalation point for security-related issues, providing expertise and leadership during critical incidents. External Contacts Interaction with external parties is a key aspect of this role. The Security Engineer engages with vendors, managed service providers, penetration testers, and auditors to evaluate new technologies, validate security controls, and support both security assessments and compliance activities for the organization. Cross-Organizational Influence The Security Engineer plays an influential role across the enterprise by providing security training, raising awareness, and offering consultation to various teams. Additionally, the individual contributes to architectural decisions and participates in the development of security policies and standards. Summary of Responsibilities * Ensure that Eileen Fisher, Inc. consistently upholds PCI compliance across both retail and e-commerce channels. * Establish protection goals, objectives, and metrics in alignment with the corporate strategic plan and IT governance requirements. Lead the annual risk assessment and policy review processes. * Work with 3rd-party providers and vendors to configure, monitor, and optimize Web Application Firewalls (WAFs) to protect e-commerce and customer-facing websites. * Direct the development, implementation, and maintenance of IT security policies, standards, and procedures to support ongoing security efforts. * Provide day-to-day management for operational security responsibilities, including network, email, endpoint, application systems security, and system access controls. * Supervise incident response activities and investigations of security breaches, ensuring the appropriate dissemination of information related to such events. * Oversee patch management and additional security operations functions, including sensitive data handling and certificate management. * Review and analyze data from various security logging systems, scanners, and tools to identify potential threats and incidents. * Collaborate with IT infrastructure and application teams to embed security best practices within development and deployment workflows. * Maintain comprehensive security documentation, encompassing policies, standards, and procedures. * Design, implement, and sustain security technologies, tools, and processes (e.g., IDS/IPS, honeypot, SIEM, endpoint protection) PERFORMS OTHER RELATED DUTIES AND ASSIGNMENTS AS REQUIRED. Required Experience * Minimum of 3-5 years of experience with managing all aspects of PCI Compliance * Experience with e-commerce security, including securing payment gateways, APIs, and customer data * Knowledge of web application security (OWASP Top 10, WAF, bot mitigation) * Experience configuring and managing honeypots, IDS/IPS, and endpoint protection * Familiarity with cloud security (AWS IAM, Microsoft Defender, Azure Defender, GCP Security Command Center) * Conducting penetration testing, vulnerability management, and remediation. * Experience with identity and access management (IAM) and SSO/MFA integrations (Okta, Azure AD,) * Strong understanding of encryption, TLS/SSL, PKI, and key management. * Scripting/automation skills in Python, Bash, or PowerShell. * Hands-on experience with SIEM solutions * Experience with securing AWS and Linux environments, preferably in a regulated environment subject to HIPAA or PCI-DSS * An automation-first mindset * Preferred certifications include: o PCIP o Security+ or SSCP o Firewall/network o Cloud security certification Education: Bachelors degree or equivalent experience. The salary range for this position is $80,000 - 100,000/year depending on relevant experience. We offer a competitive total package, including health benefits, generous paid time off, wellness reimbursement, etc. EILEEN FISHER, Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status.

* Managed IT Desktop's asset inventory and portfolio, including purchase, deployment, utilization tracking, redeployment, maintenance coverage plans/agreements, retirement, disposal of software and hardware. * Provides day-to-day consultation, training, instruction and troubleshooting or problem-solving to technical staff and end users for hardware, software, and related computer systems. * Perform reconciliation with the Procurement team on Cost Center. * Research & update new hardware and/or vendor for IT Desktop * End user support for handheld and peripheral devices. * Create SNOW ticket to update or improve the current or new process with the automation. * Implement performance upgrades to PCs, including the installation of CPUs, I/O and NIC cards, ribbon cables, hard drives, RAM, CD-ROMs, etc. * Maintain IT inventory. * Document instances of desktop equipment or component failure, repair, installation, and removal. * Onsite branch/ department support. * Handle the ticketing system, phone and email support. * Support may be required in emergencies, either in-person or remotely, and sometimes after normal business hours. Job Qualifications/Requirements * Fundamental understanding of IT Asset Procurement & Tracking * Fundamental understanding of Inventory Management & Analysis * Basic knowledge of IT Desktop's Vendor Management * Compliance Tracking and management * Basic knowledge of Service Now & Visio * Required: Ability to troubleshoot PC problems & basic network issues. * Required: Intermediate Microsoft product knowledge (OS & Office suite). * Required: Strong customer service skill. * Required: Strong foundation of MS Windows OS which include AD and GPO * Required: Familiarity with various MS products which include MS O365 The salary range for this full-time position is $20.20 Hourly - $21.64 Hourly + bonus + benefits Salary ranges are determined based on qualifications, level, and location. Exact compensation may vary based on your skills and experience. Bank of Hope is an equal employment opportunity employer and does not discriminate on the basis of race, color, gender, religion, age, sexual orientation, genetic information, national or ethnic origin, disability, marital status, veteran status or any other basis protected by federal, state, or local law.

Emergency Response Team (ERT) Security Analyst - (250000AB) Radware is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. At Radware, we live and breathe cybersecurity. It is our passion. Each day, our international team works to earn the trust of more than 12,500 organizations around the globe. Keeping them safe is our mission. To that end, we go head-to-head with politically motivated hacktivists, dangerous nation-state threat actors and other notorious cyber attackers - these are not your average adversaries. Backed by nearly 30 years of experience, Radware is best known for its technical excellence and innovative network and application security solutions. That is why it is so important that we build our team with bold and bright talent. About the Team: The Security Analyst will join the Emergency Response Team in Radware's Managed Services business unit. The ERT Team provides immediate and direct security support for customers under attack, ensuring the continued functioning of protected services and, ultimately, customer satisfaction. What is the job: The Emergency Response Team (ERT) Security Analyst fuels the success of customers by serving as the primary contact when timely assistance is needed the most. If you are an energetic, upstart engineer who enjoys working in a fast-paced environment and interacting with people under pressure, this could be the position for you. What you need: · At least 1 year experience in application security or Master's degree in Cyber Security· Good understanding of network design (e.g. LAN/WAN, switches/routers, routing protocols such as BGP and OSPF) and protocols (e.g., IPv4, TCP/IP, VPN, IPSec, HTTP, DNS)· Good understanding of and experience with security · Wireshark, Kali Linux· Customer and service oriented· Good troubleshooting and diagnosis capabilities· Willing to be on alert during off-work hours· Excellent communication skills and team work· Excellent time management, multi-tasking, and prioritization skills· Perceptive, fast learner, and able to perform well under pressure How can you stand out:· Experience in similar positions/companies· BSc/BA in Computer Science or equivalent· Knowledge in scripting language· Graduated Networking or Security courses Why you should join us:Employees from more than 40 countries have chosen Radware as a place where they can belong.Radware has been recognized by Glassdoor and BDI as one of the World's Best Places to Work, ranking among the top 100 companies across the globe in the IT category.Radware has also been named a Gold Winner for Application Security in the 2023 Globee Cybersecurity Awards, by Forrester a Leader in DDoS Protection, and has been named a Leader in WAF Market by Quadrant Knowledge Solutions.We are equally committed to our people. We strive to create a dynamic work environment that celebrates diversity, promotes equality, and thrives on the unique contributions of each individual.If you are ready to be part of a global-minded company that is inspired to create a better, safer future; and if and want to fight for the good guys and be at the forefront of helping companies protect their most critical assets from today's cyber adversaries, then you've found the right fit at Radware.Salary Range: $93k-$118k#LI-TM1Primary Location: US-NJ-MahwahWork Locations: Radware US, New Jersey Mahwah 575 Corporate Drive Lobby 1 Mahwah 07430Job: Cloud and ManagementRefer a friend for this job Tell us about a friend who might be interested in this job. All privacy rights will be protected.Refer a friend

Procom is a leading provider of professional IT services and staffing to businesses and governments in Canada. With revenues over $500 million, the Branham Group has recognized Procom as the 3rd largest professional services firm in Canada and is now the largest “Canadian-Owned” IT staffing/consulting company. Procom's areas of staffing expertise include: • Application Development • Project Management • Quality Assurance • Business/Systems Analysis • Datawarehouse & Business Intelligence • Infrastructure & Network Services • Risk Management & Compliance • Business Continuity & Disaster Recovery • Security & Privacy Specialties• Contract Staffing (Staff Augmentation) • Permanent Placement (Staff Augmentation) • ICAP (Contractor Payroll) • Flextrack (Vendor Management System) Job Description Security Analyst - ISF Healthcheck On behalf of our client, Procom Services is searching for a Security Analyst - ISF Healthcheck for a contract opportunity in New Jersey, Jersey City . Security Analyst - ISF Healthcheck Job Details • Understand and become fluent in the Risk Assessment tool (ISF HealthCheck) • Enhance procedures for performing and reporting of the annual Information Security Risk Assessment • Perform information security risk assessments to ensure appropriate information security controls exist to protect sensitive information • Identify and evaluate technology risks, mitigating controls, and opportunities for control improvement • Ensure identified issues are managed to closure and deadlines are met in a timely fashion • Other duties as required Security Analyst - ISF Healthcheck Mandatory Skills • Basic understanding of common information security risks and control processes • Basic understanding of modern technical security controls (i.e. firewalls, SIEMS, IPS, HIPS, web proxies). • Strong verbal and written communication skills, interpersonal and collaborative skills • Minimum of five experience in the financial services industry and IT Security, Audit or Risk field • CISSP, CISA, CEH certifications a plus • Knowledge of several information security frameworks including: FFIEC, ISO 27001, COBIT, NIST 500 & 800 • Bachelor's degree in Computer Systems preferred • Must exhibit poise and the ability to act calmly and competently in high pressure situations • High level of personal integrity, as well as, the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity • A consummate team player Security Analyst - ISF Healthcheck Start Date ASAP Security Analyst - ISF Healthcheck Assignment Length 5+ months Additional Information All your information will be kept confidential according to EEO guidelines. Please send your resume in Word format only.

Energy. It defines LanceSoft. Consider our unique ‘keep apace' operational culture, the spirited lot of hand-picked professionals, our ‘up-to-the-minute' knowledge base, together they form a dynamic mix of value-generating characteristics that help us delve into the heart of a problem to deliver precise services and solutions - repeatedly. In business since 2000, LanceSoft is a reputed and credible Contingent Workforce Management Services firm that has established itself as a pioneer in providing highly scalable workforce solutions and exceptionally competent global IT services to a diverse set of customers across various industries around the globe. LanceSoft is headquartered out of the Washington DC Metropolitan (Herndon, VA) and operates out of various locations in the US, Canada and India Job Description The associate would join a project team responsible for critical Identity and Access Management projects utilizing Forefront Identity Manager to facilitate process automation. - The team member would be responsible for: o Quickly learning BD's onboarding and termination automated procedures. o Providing End User Training and Support for Forefront Identity Manager processes. o Documenting and training IT staff on Forefront Identity Manager processes. o Facilitate and execute testing of new ForeFront Identity Manager functionality (additional source systems, workflows, roles and permissions). o Facilitate global Active Directory data integrity remediation of User and Group objects. Qualifications Strong Identity and Access Management foundation in Active Directory and Forefront Identity Manager. SAP GRC and ABAP security design is a nice to have. - Excellent Powershell, LDAP or equivalent scripting and reporting skills including heavy Microsoft Excel and CSV based Extract, Transform and Load operations. - Excellent verbal and written communication skills. - Must have hands on experience implementing large FIM projects - Must have strong technical writing capabilities related to FIM Additional Information Looking for a candidate who has strong Active Directory Reporting. BD is doing a massive clean up in Active Directory . Also this candidate must be able to do training for new customers and have good communication skills.

Chicago, Illinois;Jersey City, New Jersey; Charlotte, North Carolina; Denver, Colorado **To proceed with your application, you must be at least 18 years of age.** Acknowledge Refer a friend **To proceed with your application, you must be at least 18 years of age.** Acknowledge (**************************************************************************************************************************************** **Job Description:** At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Sr. Information Security Officer - Gen AI will be a member of the Business Information Security Office (BISO) residing within the Global Information Security (GIS) organization. In this role you will work closely with the line of business, their Chief Operating Officer (COO) and supporting technology teams from the Chief Information Officer (CIO)/Chief Technology Officer (CTO). This job is responsible for partnering with senior leaders to balance the needs of the business while ensuring information security risk are appropriately identified and managed to mitigate risk to the organization and drive uncompromising cyber security protection. The role will also support a group/team to develop a deep understanding of the business to lead specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities and enable you to provide guidance on information security topics, policies, and controls. Job expectations include acting as an integrated business partner with cross-functional senior leaders to provide blended security and business expertise to ensure appropriate business management of information security risks. This position will be integral to activities establishing and maintaining a strong security posture with respect to Generative Artificial Intelligence (AI) applications and workloads both internal and external to Bank of America. **Key Responsibilities in order of criticality:** - Leads cybersecurity risk assessments of Generative AI use cases, including assessment of the inherent risk and control effectiveness - Guides business leaders and technology organizations on initiatives requiring Global Information Security engagement and/or manage problem resolution on cyber security related issues - Serves as a common risk control partner to identify emerging security risks in the portfolio - Drives adherence and appropriate risk tolerance levels, operating in accordance with the information security policies defined to protect against threats to data confidentiality, integrity, and availability - Promotes awareness of current and emerging cybersecurity threats and advise on potential information security exposure - Facilitates risk reviews across logical and physical boundaries to identify gaps and recommend secure designs - Interprets the information security requirements outlined in policy, standards and procedures as well as reinforces requirements through education and awareness - Leads as a "security ambassador" to help business leaders drive strategic and innovative risk mitigation priorities and navigate the Global Information Security organization **Required Qualifications:** - 8+ years of experience in cybersecurity, with at least 2 years focused on cyber assessment of Artificial Intelligence or Machine Learning systems - A deep understanding of Generative AI/Large Language Models and assessment frameworks including MITRE ATLAS, OWASP Top 10 for LLM and GenAI, and NIST AI RMF - In-depth knowledge of cybersecurity threats, controls and technologies, with a deep understanding/experience with software developer experiences to bridge the gap between the theoretical and practical application - Ability to apply knowledge of internal and external information vulnerabilities to evaluate the degree of threat to an information system and answer tactical questions about current operations, predict future behavior or recommend appropriate mitigation countermeasures - Ability to manage and design controls that may contribute to a remediation plan developed to address policy, technology, environmental, and/or operational gaps - Ability to bring multiple stakeholders together, including senior business and technology leaders, and cut to the heart of issues to reach consensus - Ability to decompose complex issues and drive timely decisions, knowing when to engage others for additional input, and when to act independently - Bias for action and a commitment to build partnerships in a dynamic risk & threat driven environment - Strong interpersonal skills; ability to make effective presentations and communicate technical concepts to non-technical parties - Ability to identify, measure, monitor, and control risk as part of daily business activities, with a focus on specific risk types (e.g., Strategic, Credit, Market, Liquidity, Operational, Compliance, Reputational) - Ability to design, architect, analyze, support, and secure cloud-based workloads - Excellent communication, influencing and facilitation skills **Shift:** 1st shift (United States of America) **Hours Per Week:** 40 Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates. View your **"Know your Rights (************************************************************************************** "** poster. **View the LA County Fair Chance Ordinance (************************************************************************************************** .** Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.