Information security analyst jobs in Gurnee, IL

ABOUT US At HUB International, we are a team of entrepreneurs. We believe in protecting and supporting the aspirations of individuals, families, and businesses. We help our clients evaluate their risks and develop solutions tailored to their needs. We believe in empowering our employees to learn, grow, and make a difference. Our structure enables our teams to maintain their own unique, regional culture while leveraging support and resources from our corporate centers of excellence. HUB is a global insurance and employee benefits broker, providing a boundaryless array of business insurance, employee benefits, risk services, personal insurance, retirement, and private wealth management products and services. With over $5 billion in revenue and almost 20,000 employees in 600 offices throughout North America, HUB has grown substantially, in part due to our industry leading success in mergers and acquisitions. ABOUT THE ROLE The Information Security Analyst functions as a member of the Security Operations and Engineering team and interacts with technical and business units to plan and implement information security solutions and support information security incidents. This role requires strong teamwork skills and leadership qualities and must be able ability to foster and maintain business relationships with both technical and business units, must be a great communicator. Objectives of this Role Protect the integrity and confidentiality of HUB data and infrastructure while enabling business functionality in all systems and environments by supporting applicable security solutions. Lead incident response activities and provide timely response to security incidents and alerts generated by security tools or the SOC Assist in improving processes, identify efficiencies, and recommend solution enhancements to improve service level delivery Contribute to “Continuous Improvement and Posture Management” efforts, in respect to HUB's information security tooling and systems. Support the HUB Information Security Governance & Compliance team as needed during risk assessments, internal and external Information Security Audits, and Vendor reviews Champion vulnerability remediation efforts and act as a liaison to IT and application owners for patch management Gather and report on key organizational information security metrics Other duties as assigned Daily and Monthly Responsibilities Provide Level II Support for incident and request tickets escalated from other technical teams Communicate with stakeholders to assist remediation efforts. Lead / Assist in root-cause analysis for security incidents events leading to resolution. Contribute to weekly and monthly posture and response operations reporting. Be responsible for analysis and recommendation of upgrades, changes, implementation specific to the support and scaling of HUB's security operations. Support the HUB Information Security Governance & Compliance team as needed during risk assessments, internal and external Information Security Audits, and Vendor reviews Skills and Qualifications Bachelor's degree in discipline appropriate to assignment or an equivalent combination of education and experience Related certifications (e.g., GSEC, CISSP, AWS) preferred At least 2 years' experience in an Information Security role or 3 years' experience in an IT engineering capacity with progressively difficult responsibilities 2+ years of experience with cloud infrastructure and O365 services and technology Experience working with and managing Active Directory / MS Entra ID Experience with SOAR (Security Orchestration, Automation, and response) Experience with vulnerability assessment and patch management practices Experience with KQL and SPL or other Query Languages Knowledge of industry security standards, guidelines, and regulatory/compliance requirements related to information security such as ISO 27001, NIST 800-53, SOC2, PCI, SOX, etc. Knowledge of Windows Event and network device logging Knowledge of networking protocols and concepts including TCP, DNS, DHCP, Firewalls, VPN, and Web proxies Understanding of email transmission, routing, and authentication concepts including, SMTP, SPF, DKIM and DMARC Demonstrated incident response experience including dealing with malware and endpoint anti-virus and detection and response solutions Excellent Prioritization, decision making, critical thinking, communication skills Ability to coordinate and perform multiple tasks/projects simultaneously, balancing priorities and deliverables High flexibility, including willingness to travel up to 10% of working time JOIN OUR TEAM Do you believe in the power of innovation, collaboration, and transformation? Do you thrive in a supportive and client focused work environment? Are you looking for an opportunity to help build and drive change in a rapidly growing and evolving organization? When you join HUB International, you will be part of a community of learners and doers focused on our Core Values: entrepreneurship, teamwork, integrity, accountability, and service. Disclosure required under applicable law in California, Colorado, Illinois, Maryland, Minnesota, New York, New Jersey, and Washington states: The expected salary range for this position is $90-100K and will be impacted by factors such as the successful candidate's skills, experience and working location, as well as the specific position's business line, scope and level. If you believe that your qualifications and experience surpass the minimum requirements for this role, we encourage you to submit your application. By doing so, we will be able to keep your application on file for consideration for potential future positions within our organization. HUB International is proud to offer comprehensive benefit and total compensation packages which could include health/dental/vision/life/disability insurance, FSA, HSA and 401(k) accounts, paid-time-off benefits such as vacation, sick, and personal days, and eligible bonuses, equity and commissions for some positions.

We're seeking a senior cybersecurity engineer to design, build, and operationalize enterprise grade data protection capabilities anchored in Microsoft E5. You will lead engineering for Microsoft Purview (Information Protection & DLP, eDiscovery/Audit), Sensitivity Labels, and related guardrails-integrating telemetry and enforcement through Zscaler, CrowdStrike, and Splunk. This role bridges secure-by-default platform engineering with pragmatic automation to protect regulated data (e.g., PHI/PII) at scale. Senior leadership has prioritized accelerating Copilot and E5 controls adoption, creating a high impact opportunity to shape how we protect data across SaaS and AI workloads. What You'll Do Engineer secure-by-default E5 data protection • Design and implement Microsoft Purview DLP policies (endpoint, Exchange, SharePoint, OneDrive, Teams) and Sensitivity Label taxonomy with automated enforcement paths. • Build policy-as-code pipelines (CI/CD) to version, test, and deploy DLP rules, label configs, and governance artifacts in multiple environments. Integrate Zscaler, CrowdStrike, and Splunk • Connect Zscaler SSE inspection with Purview controls; route events to Splunk for analytics, dashboards, and detections that close visibility and enforcement loops. • Leverage CrowdStrike telemetry (e.g., Falcon/Shield) to correlate endpoint behaviors with data movement signals for insider risk and exfiltration use cases. Build automations & guardrails • Develop services and workflows (e.g., Azure Functions, Logic Apps, Graph API) to auto remediate mislabels, revoke risky shares, and notify data owners. • Implement secure-by-default configuration baselines and drift detection for E5 security controls (MCAS/Defender for Cloud Apps, Conditional Access, etc.). Operate and continuously improve • Own reliability for data protection pipelines: SLIs/SLOs, runbooks, and incident playbooks in partnership with Insider Risk team. • Create Splunk content (data models, dashboards, correlation searches) aligned to exfiltration, anomalous access, and label violations. • Partner with Privacy and Compliance for audit ready controls (eDiscovery/Audit), evidence, and exception processes. Collaborate across security & platform teams • Work with PSO, IAM, and Insider Risk to align label taxonomy and enforcement with business workflows and least privilege access. • Provide technical leadership and mentoring for engineers/analysts rolling out new E5 features and operational support. Required Qualifications • 5+ years engineering experience in enterprise security or platform engineering; hands-on with Microsoft E5 security stack (Purview DLP, Information Protection, eDiscovery). • Proven expertise building policy as code for DLP/labels (GitHub/Azure DevOps), and automating Graph/PowerShell administration. • Demonstrated ability to design secure-by-default guardrails and support rapid SaaS/AI adoption (including Copilot) without compromising compliance. Nice to Have • Strong background in data protection for regulated data (PII/PHI), insider risk detection, and evidence driven investigations. • Production experience with Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon APIs/telemetry), and Splunk (TA configs, CIM, correlation searches). • Experience migrating from legacy DLP (e.g., Forcepoint) to Microsoft DLP; building vendor neutral dictionaries and detection logic. • Familiarity with MCAS/Defender for Cloud Apps, conditional access policies, and SSPM evaluations. • Background in HIPAA/PHI audit support and exception governance workflows. Success Metrics (first 6-12 months) • DLP policy efficacy: reduction in unauthorized shares/exports; mean time to remediate violations. • Label coverage & accuracy: % of sensitive content labelled; false positive/negative rate trends. • Telemetry integration: end-to-end event flow (Purview → Zscaler/CrowdStrike → Splunk) with actionable detections. • Secure-by-default adoption: # of guardrails implemented; drift detected/resolved; Copilot controls baselined. • Audit readiness: evidence completeness for eDiscovery/Audit; exception closure rates. Tools & Technologies (primary) • Microsoft E5 / Purview: Information Protection, DLP, eDiscovery/Audit, Insider Risk • Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon/Shield), Splunk (CIM, ES) • Automation: GitHub, Graph API, PowerShell, Azure Functions/Logic Apps • Data flows: Exchange/SharePoint/OneDrive/Slack, endpoints, web proxies, CASB/SSE

Job Title: Senior Information Security Engineer - AI Primary Location: Rosemont, IL - Hybrid, 3 days onsite Direct Hire TalentFish is casting a line for a Senior Information Security Engineer - AI/Artificial Intelligence. This is a Direct Hire role based in Rosemont, IL with a hybrid schedule (3 days onsite) with our premier client. This is a new, exciting position within an awarded top Chicago employer organization where you'll contribute to the organization's Responsible Artificial Intelligence governance by assessing the security, integrity, and risks associated with the use of AI models and technologies. This role is hands-on and works closely with multi-disciplinary teams to evaluate AI use cases and maintain AI security frameworks and standards. What You Bring to the Role (Ideal Experience) • Bachelor's degree in Computer Science, Mathematics, or related field • 5+ years of total professional experience, including security, data security, or control validation experience • 2-3 years of practical, hands-on experience working with Artificial Intelligence technologies; working directly with AI models or ML systems • Ability to evaluate AI model risks, including bias, data exposure, data leakage, and model poisoning • Data processing or analytics skills are a plus What You'll Do (Skills Used in This Position) • Lead security assessments for AI models, including Large Language Models (LLMs), Natural Language Models (NLMs), and Small Language Models (SLMs) • Participate in review committees to assess AI use cases for value, complexity, feasibility, risk, compliance, and strategic alignment • Review AI architecture and usage within internal and third-party solutions to ensure adherence to AI security frameworks and regulatory requirements • Support development and maintenance of AI security standards, frameworks, and governance models • Provide education on AI security best practices, emerging risks, and mitigation strategies • Perform additional related responsibilities as required Compensation Information The expected salary range for this position is $120,000 - $150,000 per year, depending on experience and qualifications. This role also qualifies for comprehensive benefits such as health insurance, 401(k), and paid time off. TalentFish is committed to pay transparency and equal opportunity. The salary range provided is in compliance with applicable state and federal regulations. This role requires authorization to work in the U.S. without current or future visa sponsorship. All offers are contingent upon the completion of a background check, which may include but is not limited to reference checks, education verification, employment verification, drug testing, criminal records checks, and any required certifications or compliance requirements based on the end client's background check policies and applicable laws. TalentFish is an employee-owned company pioneering a new realm in talent acquisition. We are redefining IT staffing by evolving AI, video screening, and our unique platform. TalentFish focuses on providing the best employee, consultant, and client experience possible. At TalentFish we are an Equal Opportunity Employer; we embrace and encourage diversity!

About the Role Join a specialized team of analysts and engineers dedicated to detecting and responding to insider risk events. This senior-level role focuses on engineering Microsoft E5 tools to strengthen enterprise data protection and insider threat detection capabilities. You will lead the design, build, and operationalization of secure-by-default solutions anchored in Microsoft Purview and related technologies, ensuring compliance and resilience at scale. Key Responsibilities Engineer Secure-by-Default E5 Data Protection Design and implement Microsoft Purview DLP policies across endpoints, Exchange, SharePoint, OneDrive, and Teams. Develop and maintain Sensitivity Label taxonomy with automated enforcement paths. Build Policy-as-Code Pipelines Create CI/CD workflows to version, test, and deploy DLP rules, label configurations, and governance artifacts across multiple environments. Integrate Security Telemetry Connect Zscaler SSE inspection with Purview controls; route events to Splunk for analytics and detection. Leverage CrowdStrike telemetry to correlate endpoint behaviors with data movement signals for insider-risk and exfiltration scenarios. Develop Automations & Guardrails Build services and workflows (Azure Functions, Logic Apps, Graph API) for auto-remediation, revoking risky shares, and notifying data owners. Implement configuration baselines and drift detection for E5 security controls (MCAS, Conditional Access, etc.). Operate and Continuously Improve Maintain reliability for data protection pipelines, including SLIs/SLOs, runbooks, and incident playbooks. Create Splunk dashboards and correlation searches aligned to exfiltration, anomalous access, and label violations. Collaborate Across Teams Partner with Privacy and Compliance for audit-ready controls and evidence processes. Work with IAM, Insider Risk, and platform teams to align label taxonomy and enforcement with business workflows. Provide technical leadership and mentorship for engineers and analysts implementing new E5 features. Required Qualifications 5+ years of experience in enterprise security or platform engineering. Hands-on expertise with Microsoft E5 security stack (Purview DLP, Information Protection, eDiscovery). Proven ability to build policy-as-code for DLP/labels and automate administration using Graph API and PowerShell. Experience designing secure-by-default guardrails for SaaS/AI adoption, including Copilot. Preferred Qualifications Strong background in data protection for regulated data (PII/PHI) and insider-risk detection. Experience with Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon APIs/telemetry), and Splunk (CIM, correlation searches). Familiarity with MCAS, Defender for Cloud Apps, and conditional access policies. Knowledge of HIPAA/PHI audit support and exception governance workflows. Success Metrics (First 6-12 Months) Improved DLP policy efficacy and reduced unauthorized data movement. Increased label coverage and accuracy for sensitive content. End-to-end telemetry integration across Purview, Zscaler, CrowdStrike, and Splunk. Secure-by-default adoption and Copilot controls baselined. Audit readiness with complete evidence and exception closure rates. Tools & Technologies Microsoft E5 / Purview: Information Protection, DLP, eDiscovery/Audit, Insider Risk Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon/Shield), Splunk (CIM, ES) Automation: GitHub, Graph API, PowerShell, Azure Functions/Logic Apps

Job Title: Business Information Security Officer - Clinical Employment Type: Full-Time Salary Range: $130,000 - $140,000 + Benefits (Health, Dental, Vision, PTO, 401K) About the Role: We're seeking a Business Information Security Officer (BISO) to serve as a trusted advisor and strategic partner to business and clinical leaders. In this highly visible role, you'll embed cybersecurity into everyday operations, influence security adoption, and ensure compliance with frameworks like NIST, HIPAA, and FERPA. This is an opportunity to shape cybersecurity strategy in healthcare, research, and education while collaborating with executive leadership to advance a security-first culture. Key Responsibilities: Act as the frontline cybersecurity liaison for business and clinical leaders Identify and escalate domain-specific cybersecurity risks Monitor compliance with security policies and regulatory frameworks (HIPAA, FERPA, NIST CSF) Lead security awareness and risk engagement programs Develop and execute a roadmap of security initiatives aligned with business goals Drive change management for cybersecurity adoption What We're Looking For: Bachelor's degree in Computer Science or related field 5-7 years in Information Security, GRC, or cybersecurity education 3+ years managing cross-functional teams and projects Strong background in risk management, governance, and compliance Excellent communication and leadership skills Preferred: Healthcare or clinical environment experience Certifications: CISSP, CISM, PMP

About Us Founded in 2014, we offer the industry's first and only cloud-based, fully-customizable, end-to-end software solution to automate securities-based lending from origination through the life of the loan. By combining thought leadership in suitability and risk management with industry-leading education and the latest technology, Supernova enables advisors to deliver holistic, goals-based advice and to help their clients achieve financial wellness. We partner with the industry's largest banks, most prominent insurance companies and leading online brokerages to democratize access to securities-based lending and better the entire financial ecosystem. Why Join Supernova? At Supernova Technology, we believe that the best results come from a team that is passionate, driven, and supported in all aspects of their professional lives. Here, you'll work alongside talented and innovative individuals who are committed to driving the future of securities-based lending technology. We foster a culture of collaboration, continuous learning, and growth, where each person's contributions make a real impact. Job Overview We are seeking a highly motivated and detail-oriented Security Engineer to help secure our securities-backed lending SaaS platform. The successful candidate will focus primarily on application security, secure SDLC, and application vulnerability management, while also assisting with the execution and implementation of broader information security initiatives. You'll partner with engineering, SRE/DevOps, and business teams to embed security into our build and delivery processes, support risk reduction across cloud and endpoint surfaces, and drive measurable remediation outcomes in a regulated financial-services environment. RESPONSIBILITIES: Perform hands-on web/API penetration tests, validate scanner findings, and provide clear PoCs, impact statements, and prioritized remediation aligned with OWASP. Integrate and tune SAST, DAST, SCA, container, and secret-detection tools in CI/CD; define pass/fail gates and PR checklists. Conduct lightweight threat modeling and security design reviews for new features such as authentication, session management, and secrets handling. Manage the full application vulnerability lifecycle (discover → prioritize → fix → retest → close) with SLAs and metrics. Assist in hardening AWS and ECS/Docker workloads (IAM roles, network segmentation, image policies, logging/monitoring) and support patch hygiene across cloud, container, and endpoints. Participate in incident response, including exploit reproduction, log analysis, impact assessment, and lessons learned. Provide evidence for audits (ISO 27001, SOC 2, NIST SSDF), maintain policies and developer guidance, and support vendor/security evaluations. Translate findings into developer-ready tickets, publish secure-coding guidance, and partner with engineering to streamline secure delivery. Prototype automation, explore AI/LLM-assisted workflows to improve triage and code review, and share improvements across teams. Contribute to organization-wide cybersecurity training and awareness efforts. QUALIFICATIONS: Bachelor's degree in security engineering, information assurance, or related field. 2-3 years of experience in security or software engineering (internships, labs, or open-source count), preferably in regulated industries. Strong knowledge of web/API security issues (auth, session management, injections, SSRF, CSRF, access control) and common cloud/web misconfigurations. Experience with SDLC security tools (SAST/DAST/SCA/secret detection/container scanning), CI/CD workflows, and Git. Scripting or coding skills (Python or JavaScript/TypeScript) and ability to read backend code. Familiarity with AWS security basics (IAM least privilege, KMS, logging/monitoring, security groups) and Docker/ECS runtime considerations. Clear communication skills with the ability to translate risk into actionable remediation. Experience using AI/LLM-assisted tools for triage, documentation, or code review preferred. Exposure to WAF/CDN tuning, API protection, and risk-based remediation SLAs/metrics preferred. Familiarity with frameworks like OWASP ASVS/SAMM, NIST SSDF, ISO 27001, SOC 2, PCI DSS preferred. Relevant security certifications preferred. Our Employee Benefits At Supernova Technology, we provide a robust benefits package to support the health and well-being of our employees. Our offerings include: Medical, Dental, and Vision Insurance: Multiple plans with coverage for employees and dependents. HSA and FSA Accounts: Tax-advantaged accounts for health and dependent care expenses. Life and Disability Insurance: Employer-paid basic coverage with options for additional voluntary coverage. Compensation: $95,000 - $130,000 Retirement Savings: 401(k) plan with employer contributions. Employee Assistance Program (EAP): Confidential support services, including free therapy sessions. Paid Time Off: Flexible PTO policies. Additional Perks: Commuter benefits, pet insurance, continuing education assistance, and more. Note: Actual salary at the time of hire may vary and may be above or below the range based on various factors, including but not limited to, the candidate's relevant qualifications, skills and experience, and the location where this position may be filled. Our Core Values Our core values drive everything we do. At Supernova, we... Form, execute, and communicate new ideas that add value to our employees and customers Strive through obstacles and failures Follow-through on promises or commitments to others, accept responsibility, and answer for actions & decisions Listen to, understand, and support our employees and customers Act with speed, positive attitude, and flexibility Exceed expectations and surpass ourselves every day; we embrace a sense of pride and never stop growing Join us and make an impact while growing your career at Supernova.

Salary: Open + Bonus Hybrid: 3 days onsite, 2 days remote *This role is open to H1B transfer* Qualifications Bachelors' degree including 6+ years of related experience Experience in one or more of the following disciplines: security operations, development, engineering, or architecture Experience supporting privileged access management and access controls programs. Professional or personal experience using AI coding agents such as OpenAI Codex, Claude Code, or Gemini CLI. Expertise in providing operational and engineering support for one or more of the following: CyberArk, HashiCorp Vault, Active Directory Certificate Services (ADCS), HSMs, and Public Key Infrastructure (PKI). Expertise in scripting languages and developing in one or more of the following languages Golang, Bash, Python, PowerShell, Ansible, and/or Terraform. Knowledge of privileged access management methodologies and techniques for on-prem and Cloud implementation. Knowledge of application authentication and authorization systems (i.e., Active Directory, OAuth 2.0, OIDC, AWS IAM, App Role, k8s, LDAPS, Kerberos, Certificate) Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines. Working knowledge of security architecture design and principles including confidentiality, integrity and availability. Responsibilities Manage privileged access systems that protect most critical assets, implement AI-based security capabilities, and help shape security architecture. Provide 24x7 operational support for the suite of privileged management solutions (e.g., CyberArk, Hashi, PKI), including implementing hot fixes, resolving bugs, troubleshooting issues, performing break-fixes, managing secrets lifecycle, and delivering end-user support. Maintain robust operational integrity of privileged access management infrastructure throughout its lifecycle (e.g., patching, version control, system upgrades, etc.). Provide organizational subject matter experts on secrets management and privileged access management architecture, establishing and enforcing security as code principles throughout the environment. Develop and implement system enhancements to improve platform user experience and automated integrations, while designing long-term solutions to address operational issues through innovative technologies including artificial intelligence for faster detection and remediation of functional and technical problems.

About the Company: A Leading Financial Service Client is looking to hire a strong Security Engineer who can lead Red team exercises against a hybrid environment using threat intelligence and the MITRE Telecommunication&CK Framework. Responsibilities: Approx 8 years' experience with industry standard Red Team testing tools (Cobalt Strike, Mythic C2, Rubeus, Bloodhound, Covenant, etc.) or the ability to demonstrate equivalent knowledge. Expert understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing. Expert understanding of Red Team concepts, tools, and automation strategies. Expert understanding of MITRE Telecommunication&CK framework tactics, techniques, and procedures. Expert understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability. Expert understanding of Windows and Linux system hardening concepts and techniques.

Ann & Robert H. Lurie Children's Hospital of Chicago provides superior pediatric care in a setting that offers the latest benefits and innovations in medical technology, research and family-friendly design. As the largest pediatric provider in the region with a 140-year legacy of excellence, kids and their families are at the center of all we do. Ann & Robert H. Lurie Children's Hospital of Chicago is ranked in all 10 specialties by the U.S. News & World Report. Location 680 Lake Shore Drive Job Description The Incident Response Analyst helps guide resources to prepare for, coordinate, and respond to incidents, including, but not limited to, computer security vulnerabilities, malware, phishing, and social engineering, as well as associated forensic investigations. This position utilizes industry-leading security incident response procedures, performing frequent monitoring of incident detection control effectiveness and helping to inform preparedness exercises. This position effectively collaborates with managed detection and response, incident assistance, and security forensics partners. This position coordinates with internal emergency preparedness teams and contributes to a resilient business continuity posture. Essential Job Functions: Area Specific Job Accountabilities: Receive and triage incoming security alerts to determine their severity, priority, and relevance. Conduct initial triage and investigation of security incidents, including gathering and analyzing relevant data and logs. Analyze logs and security event data to identify indicators of compromise (IOCs) and potential security incidents. Conduct analysis of suspicious files, malware samples, or artifacts to understand their behavior and potential impact. Assist in the collection and preservation of digital evidence during incident investigation. Prepare detailed incident reports, documenting the timeline, actions taken, and lessons learned from each incident. Performs other duties as assigned. Knowledge, Skills, & Abilities: Bachelor's degree, preferably in Computer Science or related information security expertise. 2+ years of experience in information security incident response required. SANS GCIH (GIAC Certified Incident Handler), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Security Auditor) or equivalent certification highly desired. Strong knowledge of information security forensics, security operations, security monitoring, technology implementation, risk analysis strategy, and NIST incident response life cycle. Experience and knowledge with information security frameworks, regulatory compliance, and regulatory bodies (e.g., HITRUST, NIST, HIPAA, DHHS). Goal oriented with the ability to lead team achievements toward desired results utilizing both internal and external resources. Professional communication, disciplined documentation, and commitment to following and improving processes and procedures. Familiarity and experience with crisis management, disaster recovery, and business availability programs and procedures Education High School Diploma/GED (Required) Pay Range $93,600.00-$154,440.00 Salary At Lurie Children's, we are committed to competitive and fair compensation aligned with market rates and internal equity, reflecting individual contributions, experience, and expertise. The pay range for this job indicates minimum and maximum targets for the position. Ranges are regularly reviewed to stay aligned with market conditions. In addition to base salary, Lurie Children's offer a comprehensive rewards package that may include differentials for some hourly employees, leadership incentives for select roles, health and retirement benefits, and wellbeing programs. For more details on other compensation, consult your recruiter or click the following link to learn more about our benefits. Benefit Statement For full time and part time employees who work 20 or more hours per week we offer a generous benefits package that includes: Medical, dental and vision insurance Employer paid group term life and disability Employer contribution toward Health Savings Account Flexible Spending Accounts Paid Time Off (PTO), Paid Holidays and Paid Parental Leave 403(b) with a 5% employer match Various voluntary benefits: Supplemental Life, AD&D and Disability Critical Illness, Accident and Hospital Indemnity coverage Tuition assistance Student loan servicing and support Adoption benefits Backup Childcare and Eldercare Employee Assistance Program, and other specialized behavioral health services and resources for employees and family members Discount on services at Lurie Children's facilities Discount purchasing program There's a Place for You with Us At Lurie Children's, we embrace and celebrate building a team with a variety of backgrounds, skills, and viewpoints - recognizing that different life experiences strengthen our workplace and the care we provide to the Chicago community and beyond. We treat everyone fairly, appreciate differences, and make meaningful connections that foster belonging. This is a place where you can be your best, so we can give our best to the patients and families who trust us with their care. Lurie Children's and its affiliates are equal employment opportunity employers. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin, ancestry, age, disability, marital status, pregnancy, protected veteran status, order of protection status, protected genetic information, or any other characteristic protected by law. Support email: ***********************************

Job Description Support the Information security governance, risk management and compliance program, focusing on compliance and assurance. Facilitate the compliance and assurance program, by performing assurance assessments to ensure Alliant Credit Union (ACU) is compliant with regulatory and legal obligations. Help maintain the technical control library ensure assessments align securing ACU. Facilitate IT issue management by working with employees on scheduling calls and going over the issue and resolution. Essential Responsibilities Responsible to facilitate the compliance and assurance assessments and issue management via a GRC tool Conduct assurance assessment, including control test of design (ToD) and test of operating effectiveness (TOE) activities Provide recommendations on improving compliance-related processes and/or procedures and identify opportunities for ITGC/security compliance control automation Facilitate group and individual meetings, ensure that each meeting is organized and aligned and schedule walkthrough agenda addressing any issue that arise and and guiding towards actionable outcomes Assist internal and external audit teams to address inquiries Participate in InfoSec projects as assigned by management such as the review of documents Education Minimum- 4 Year Bachelors Degree in Computer Science, Information Security or Related Years of Experience Minimum - 2 Years Governance, Risk Management, Compliance within a financial institution or Security Compliance or Related In Lieu of Education 5 Years Governance, Risk Management, Compliance within a financial institution License/Certifications/Training Preferred: Compliance, Risk Management, or Governance certifications: CRISC, CISM or CISA Compensation & Benefits: Typical hiring range: $57,500 - $89,500 Annually. Actual compensation will be determined using factors such as experience, skills & knowledge. Additional Compensation: Annual performance bonus Benefits: Alliant provides a benefits package including health care, vision, dental, and 401k with employer match. Additional Benefits: Work from home up to 3 days a week Paid parental leave Employee discount programs Time off including paid personal and sick days 11 paid holidays Education reimbursement *Note that eligibility and cost of benefits can vary depending on the number of regularly scheduled hours, and job status such as regular full-time, regular part-time, or temporary employment. Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensures compliance with all applicable state and federal laws, company procedures and policies. Maintains integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives. The responsibilities listed do not contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice.

RELOCATION ASSISTANCE: Relocation assistance may be available CLEARANCE TYPE: SAPTRAVEL: Yes, 10% of the TimeDescriptionAt Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work - and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history. We are seeking capable, talented, and motivated team-contributors at our Northrop Grumman Rolling Meadows site. Our products range from advanced sensing technologies to state-of-the-art targeting and tracking systems that are deployed in Electro-Optical Infrared (EOIR) and Radio Frequency Electronic Warfare (RFEW) systems. These systems are designed, developed, built, integrated, and tested by the capable folks at our company to protect the lives of US and Allied warfighters in present and future conflicts. Enjoy a culture where your voice is valued and start contributing to our team of passionate professionals providing real-life solutions to our world's biggest challenges. We take pride in creating purposeful work and allowing our employees to grow and achieve their goals every day by Defining Possible. With our competitive pay and comprehensive benefits, we have the right opportunities to fit your life and launch your career today. If you are interested in consideration to be included as a part of this team, we would invite you to apply. Northrop Grumman Mission Systems Sector (NGMS) is seeking a Staff Systems Security Engineer to join our Systems Security Engineering team. The Security Engineering team is cross-disciplinary across the security domain; encompassing embedded Systems Engineering, Cybersecurity, Software Security and Anti-Tamper Engineering. Roles & Responsibilities: · Design/develop system architectures and generate system designs to be implemented in a cost-effective manner. Implement and ensure compliance with government policies (e.g., JSIG, DAAPM, NIST 800-53, CNSSI 1253, DODI 5200.39, etc.) by reviewing process tailoring needs and approving documented procedures. Guide and monitor technical documentation/publication to document trades studies, system designs, analysis, and results related to a systems security posture such as identifying Critical Program Information (CPI) and creation of Anti-Tamper Plans Develop an understanding of system interfaces and how to protect them. Assist with the definition of key capabilities and performance requirements. Adapt production and development products to meet unique customer needs and support the development of system security functions. Collaborate with security engineering team(s), across a portfolio of programs, through the duration of program execution to solve issues and to prepare for requirements sell off. Support technical work products developed by the larger engineering team in support of major milestone deliveries (e.g.: SRR, SVR, PDR, CDR, TRR, PRR). Authoring technical documentation such as white papers, proposal technical volumes, and program milestone briefings. Collaborate with security engineering team(s), across a portfolio of programs, through the duration of program execution to solve issues and to prepare for requirements sell off. Other duties may include technical leadership, business capture activities, interfacing with industry partners and the USG. This position will be full-time, on-site at our Rolling Meadows, IL location. This position is contingent upon Funding/Contract award, special access program and acquiring and maintaining the necessary US Government security clearance per customers' requirements prior to start. Basic Qualifications for a Staff Systems Security Engineer: Bachelor's degree in Electrical Engineering, Software Engineering, Computer Engineering, Computer Science, Cybersecurity, or related technical fields with 12+years of related experience, a Master's degree in Electrical Engineering, Software Engineering, Computer Engineering, Computer Science, Cybersecurity, or related technical fields with 10+ years of related experience or a PhD in Electrical Engineering, Software Engineering, Computer Engineering, Computer Science, Cybersecurity, or related technical fields with 7+ years of related experience. 3 years of cumulative experience on DoD based platforms and/or systems regarding the application of Cybersecurity RMF or Anti-Tamper with competencies in security threat analysis, systems architecture, engineering design, requirements derivation, validation, and verification. Must have demonstrated experience in leading teams to solve technical problems, including decomposition, root cause analysis, solution development, implementation and monitoring Experience contributing to and/or making technical presentations to internal and external customers. Ability to obtain and maintain a minimum of a Secret Clearance with additional customer specified clearance prior to start. Preferred Qualifications for a Staff Systems Security Engineer: Advanced degrees in Electrical Engineering, Software Engineering, Computer Engineering, Computer Science, Cybersecurity, or related technical fields. Experience with design verification testing, reverse engineering, embedded software development, Cybersecurity, or Anti-Tamper Possess a DoD 8140 certification, e.g. CompTIA Security+, CISSP, or similar. Experience with proposals and creating basis of estimates (BOEs) Primary Level Salary Range: $163,200.00 - $244,800.00The above salary range represents a general guideline; however, Northrop Grumman considers a number of factors when determining base salary offers such as the scope and responsibilities of the position and the candidate's experience, education, skills and current market conditions.Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay. Annual bonuses are designed to reward individual contributions as well as allow employees to share in company results. Employees in Vice President or Director positions may be eligible for Long Term Incentives. In addition, Northrop Grumman provides a variety of benefits including health insurance coverage, life and disability insurance, savings plan, Company paid holidays and paid time off (PTO) for vacation and/or personal business.The application period for the job is estimated to be 20 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.Northrop Grumman is an Equal Opportunity Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO and pay transparency statement, please visit *********************************** U.S. Citizenship is required for all positions with a government clearance and certain other restricted positions.

Join our global Cyber team as a Wordings Analyst supporting the Global Cyber Wordings Manager in the strategic development and governance of our Cyber and Tech policy suite, including Liberty Cyber Resolution and Liberty Tech Resolution. This role is a hands-on business enabler: you will help translate complex legal and regulatory requirements into clear, market-ready wordings, maintain our global clause library, support manuscript negotiations, and produce practical tools that empower underwriters and strengthen broker confidence. It's an excellent opportunity for an early-career insurance wordings or legal professional to build expertise in a fast-moving, global specialty line and make a visible impact on growth, innovation, and client experience. Key responsibilities: Wording library and drafting support Maintain and expand the global wording library centered on Liberty Cyber Resolution and Liberty Tech Resolution, including endorsements, exclusions, and guidance notes. Redline and prepare first drafts of standard clauses and endorsements; ensure consistency with definitions, coverage intent, and plain-language standards. Track version control, change logs, approvals, and archiving; Assist with localization for different jurisdictions, coordinating translations and filing documentation with Legal/Compliance. Commercial enablement Build practical tools (playbooks, FAQs, objection-handling guides, coverage summaries) to help regional teams position our products and close deals efficiently. Prepare broker/client comparison decks and battlecards; support pitches, RFP/RFI responses, and manuscript negotiations with clause comparisons and recommended alternatives. Triage wording queries from regions; track SLAs and referral approvals per the global governance framework. Partner closely with Underwriting, Product, Global Cyber Engagement, Claims, Legal/Compliance, and regional leaders to deliver accurate, timely support and uphold governance standards. Regulatory and legal stewardship Monitor and synthesize global regulatory and market developments (e.g., Lloyd's cyber war/systemic guidance, GDPR, DORA, NIS2, sanctions) into succinct briefs and recommended wording actions. Maintain audit-ready documentation; assist with regulatory filings or attestations where required. Claims partnership and feedback loop Collaborate with Claims to capture lessons from disputes and litigation trends; draft guidance notes and propose clarifications to improve coverage certainty. Support coverage position letters and documentation packs with research, citations, and clause histories. Innovation and product development support Help draft prototype wordings for new propositions Check alignment between underlying policy wordings and reinsurance treaty/facultative clauses. Administer wording management tools, ensuring robust version control, approval workflows, and usage analytics. Build dashboards and trackers for adoption of standard forms, deviation rates, SLA performance, disputes, and audit findings; provide monthly reporting to stakeholders. Qualifications Bachelor's degree in business, economics, or other quantitative field. Minimum 3 years, typically 4 years or more of relevant work experience. 2 - 5 years of experience in insurance wordings, legal/paralegal support, underwriting support, or product documentation; cyber specialty experience preferred. Strong drafting, redlining, and proofreading skills with a plain-language mindset and exceptional attention to detail. Working knowledge of insurance policy structures, endorsements, exclusions, and coverage interpretation; familiarity with cyber war/systemic language, sanctions, and privacy regulations is advantageous. Research and synthesis skills to translate complex regulatory/legal topics into practical guidance and actionable updates. Proficiency with MS Word (advanced track changes/redlining), Excel (trackers and dashboards), PowerPoint (training/pitch materials), and document/enablement tools. Collaborative, service-oriented approach; comfortable operating in a global matrix and meeting defined SLAs. Curiosity about cybersecurity risks and the incident response ecosystem; willingness to learn common threat scenarios to inform practical drafting. About Us Pay Philosophy: The typical starting salary range for this role is determined by a number of factors including skills, experience, education, certifications and location. The full salary range for this role reflects the competitive labor market value for all employees in these positions across the national market and provides an opportunity to progress as employees grow and develop within the role. Some roles at Liberty Mutual have a corresponding compensation plan which may include commission and/or bonus earnings at rates that vary based on multiple factors set forth in the compensation plan for the role. At Liberty Mutual, our goal is to create a workplace where everyone feels valued, supported, and can thrive. We build an environment that welcomes a wide range of perspectives and experiences, with inclusion embedded in every aspect of our culture and reflected in everyday interactions. This comes to life through comprehensive benefits, workplace flexibility, professional development opportunities, and a host of opportunities provided through our Employee Resource Groups. Each employee plays a role in creating our inclusive culture, which supports every individual to do their best work. Together, we cultivate a community where everyone can make a meaningful impact for our business, our customers, and the communities we serve. We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: *********************** Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law. Fair Chance Notices California Los Angeles Incorporated Los Angeles Unincorporated Philadelphia San Francisco We can recommend jobs specifically for you! Click here to get started.

At Children's Wisconsin, we believe kids deserve the best. Children's Wisconsin is a nationally recognized health system dedicated solely to the health and well-being of children. We provide primary care, specialty care, urgent care, emergency care, community health services, foster and adoption services, child and family counseling, child advocacy services and family resource centers. Our reputation draws patients and families from around the country. We offer a wide variety of rewarding career opportunities and are seeking individuals dedicated to helping us achieve our vision of the healthiest kids in the country. If you want to work for an organization that makes a difference for children and families, and encourages you to be at your best every day, please apply today. Please follow this link for a closer look at what it's like to work at Children's Wisconsin: *********************************** Children's Wisconsin is seeking a Senior Information Epic Security Analyst- to join our team! Location: Remote but must be local to Milwaukee What you will do: The IS Security Analyst-Epic will perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Ensures that user community understands and adheres to necessary procedures to maintain security. Must be able to weigh business needs against security concerns and articulate issues to management. Primary EPIC security lead on Enterprise Information Security team responsible for management of Epic user records (EMP users, including background users) which includes the life cycle management of the records (creation, modification, inactivation) and auditing as appropriate. Collaborates with app analysts teams who manage the templates and sub templates. Participates in the development of workflows, system configuration, change documentation, optimization and support related to Epic security, while working with application teams to deploy functionality changes, new modules or departments, update security classes, modify provider records, conduct user analysis, and implement security enhancements. Leads and assists in the development of department and organization wide policies and procedures, while effectively communicating policies and procedures impacting Identity and Access management to end users, leadership, and peers to ensure compliant practices. Provides guidance on optimizing security build based on appropriate minimum necessary standards. Responsible for the on-going maintenance, testing, support and optimization of Epic user security and provider management, with focus on role based access. Epic certification is a requirement. Excellent organizational skills and ability to manage work load while assigned to multiple simultaneous projects with minimal supervision. Thorough understanding of user account administration in a network environment. Thorough understanding of security auditing principles. Familiarity with current common paradigms for violating system integrity. Top-tier security performance tuning skills and trouble-shooting required. Works closely with all levels of the organization to ensure that security is consistent with organizational security standards, information access requirements and business strategies. Coordinates with IS entities regarding technical considerations (user rights/privileges, system access) to ensure proper implementation and provides on-going support for all security operations. Works collaboratively with Internal Audit, Corporate Compliance, Human Resources and other departments on security related issues and projects. Works with cross-functional teams to perform reviews and tests of IS internal controls to ensure existing systems are operating as designed and contain adequate controls. Monitors and analyzes technology security and recommends appropriate IS policies, procedures and practices to strengthen security operations. Provides consultation regarding audit, regulatory and security management activities across IS functional areas. Coordinates the IS component of both internal and external audits, federal and state examinations. ESSENTIAL FUNCTIONS: Demonstrates behaviors outlined in the Core Competencies the Blue Kids Way to provide service excellence as a committed partner to children, families and co-workers. Recommends and maintains policies and procedures related to information security. Monitors the organization's overall security fabric. Assesses security needs and capabilities of the organization. Makes regular reports to management concerning security measures. Makes recommendations for improvement as required. Identifies and provides information security awareness training as appropriate. Identifies appropriate courses to enhance security capabilities and competencies of the organization. Works with management to perform and maintain risk assessments. Ensures organization compliance with the security sections of Federal and State statutes, including HIPAA, as well as regulatory requirements. Coordinates investigations into potential security infractions. Determines and designs appropriate tests for all aspects of information security. Activities may include attempted “cracking” of system security, review of audit trails and attempted theft of devices. Evaluates system effectiveness and makes change recommendations as necessary. Coordinates periodic reviews of system security by outside consultants, including vulnerability assessments, penetration tests, HIPAA reviews and PCI compliance. Works with IS teams to implement recommendations as appropriate. Monitors, evaluates and makes recommendations regarding perimeter security including prevention against attack, viruses, and other forms of malicious software. Monitors, evaluates and makes recommendations regarding email and Internet content filtering. Evaluates and makes recommendations regarding requested changes to perimeter security. Recommends policies and procedures for controlling remote access by employees, non-employees and vendors. Reviews and makes recommendations regarding security oriented software applications and workstation security, including patch management, user rights management, and operating system configuration. Keeps current on security issues through seminars, publications and self-education on an on-going basis. MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED: Requires bachelor's degree in computer science or related technology field. Master's degree preferred. Requires 7 years of relevant computer systems experience, preferably in a hospital or healthcare setting. Significant experience in IS security administration including compliance, audit, and information security management. Epic Security certification is a requirement. Professional certification (e.g. CISA, CISM or CISSP) preferred. Thorough understanding of risk analysis, disaster recovery and audit tracking. Familiarity with current common paradigms for violating system integrity. Must have excellent interpersonal skills to effectively communicate with all levels of hospital personnel, vendors and IS personnel. Must possess the ability to deliver clear, concise communications and presentations. Must be able to train others on key IS security concepts. Children's Wisconsin is an equal opportunity / affirmative action employer. We are committed to creating a diverse and inclusive environment for all employees. We treat everyone with dignity, respect, and fairness. We do not discriminate against any person on the basis of race, color, religion, sex, gender, gender identity and/or expression, sexual orientation, national origin, age, disability, veteran status, or any other status or condition protected by the law. Certifications/Licenses:

The JFG Information Security Engineering & Operations Analyst plays a key role in supporting JFG's Identity & Access Management (IAM), Cyber Threat Management, and Vulnerability Management services. This role helps support IAM services to provision, deprovision, and certify access to JFG systems. It also helps detect, analyze, hunt for, and report on cybersecurity events related to malware, network intrusion, and data loss protection and insider threat incidents. This role is also responsible for finding and reporting on internal and external vulnerabilities on JFG systems. This role will be supported by a Managed Detection & Response (MDR) services and Identity & Access Management Managed services. Occasional off-hour and weekend work will be expected. Very little (less than 5%) business travel is expected in this role. This role will be located in Racine, Wisconsin. Ability to come in-office would be required (working a hybrid schedule.) KEY RESPONSIBILITIES: * Detect, analyze, contain, and remediate threats and vulnerabilities across the JFG environment. * Operate and support vulnerability management, data loss protection, cybersecurity monitoring, cybersecurity incident response, intrusion analysis, root-cause-analysis (digital forensics), cyber-threat intelligence, and malware analysis technologies. * Lead and report on incidents involving malware, network intrusion, insider-threat, internal investigations and litigation support activities. * Incorporate Cyber Threat Intelligence into operational signal intelligence and reporting. * Proactively investigate JFG environment for threats based on Cyber Threat Intelligence and known threat methods and patterns (aka Threat Hunting). * Operate and support Identity Governance and Administration technologies to support timely on/off-boarding of people and regular access governance reviews to ensure appropriate access. * Support weekly/monthly/quarterly/annual operational metrics, reports and dashboards. * Assist with maintaining the Cybersecurity Incident Response Plan. * Collaborate on the continuous improvement of Information Security Operations processes, workflows, and procedures (e.g. RunBooks). * Automate repetitive tasks and drive efficiencies with measurable benchmarks to show progress. JOB REQUIREMENTS: * Associates degree in Information Security, Cybersecurity preferred * 0-2 years' experience * Types of certification preferred: Security+, CEH, SSCP * Experience with Python and PowerShell scripting languages for automation preferred * Good report writing and communication skills * Has a basic understanding of the Information Security platforms at JFG, common Information Security controls and frameworks, networking concepts and technologies, as well as Windows and Linux environments Come as you are. Johnson Financial Group supports and is committed to the principle of equal employment opportunity. We make all employment-related decisions without regard for an individual's race, color, religion, sex, sexual orientation, age, national origin, citizenship, disability, veteran status, or any other protected status as required by law.

Mindlance is a national recruiting company which partners with many of the leading employers across the country. Feel free to check us out at ************************* Job Title: Cyber Security Analyst Duration: 12 Months Location: Oakbrook Terrace, IL Job Description: Responsible for planning, designing, and implementing a process for cyber security monitoring, incident detection, and incident response. 1-3 yrs of experience and a Bachelor's degree in IT systems or a related discipline. Position Requirements: - Configuration and administration of logging aggregation and security event monitoring tools (like Industrial Defender, Splunk, etc.) - Configuration and maintenance of performance monitoring tools (like Solarwinds, Uptime, CA Spectrum, etc.) o Understands and can configure tools and endpoint systems to use SNMP for monitoring - General IT Support (application patching, client updates, remote access and administration tools) - General Networking knowledge (IP Networking, OSI Stack, etc.) Additional Information Thanks & Regards' ___________________________________________________________________________ Vikram Bhalla | Team Recruitment | Mindlance, Inc. | W: ************ All your information will be kept confidential according to EEO guidelines.

blue Stone Executive Search has been retained by our client, a multi billion dollar global organization, a world leader in their vertical, with a dedication to cutting-edge technology and work/family balance, to search for a motivated and energetic IT Leader to direct and manage their Information Security objectives on a company-wide basis. Job Description As the Manager of Information Security, you will be responsible for the development and execution of a comprehensive company wide information security strategy. The Information Security Manager will build and work with appropriate internal staff to deploy an information security awareness program to support compliance with information security policy, standards, procedures, and best practices. The Information Security Manager will develop needed security policies while working with appropriate HR and Legal teams on final version approval and distribution. You will also be expected to participate in information security response and provide audit/compliance and forensic activities for the company, as needed. As the Information Security Manager, you will implement proactive processes and technologies to monitor the company internal and external network environment for potential threats with appropriate response processes. You will also evaluate new technology that the company would use in execution of the information security strategy using both quantitative and qualitative methods. The Information Security Manager will also help to create a policy for the company and design and implement necessary tools to protect company data on employee owned devices. Qualifications Experience and familiarity with control and security frameworks such as COSO, COBiT, and ISO Candidate has one or more current CISSP, CISM, CISA certifications Two to five years security leadership experience required Bachelor's degree in related field preferred Solid understanding of information technology and information security including; firewalls, VPN's, penetration testing and other security devices with an emphasis on network security Experience with management and administration with firewall technologies from Cisco and other firewall manufacturers Knowledge in developing and socializing security policies and processes Demonstrated ability to create information security strategy and execution plans Knowledge of intrusion detection and prevention solutions and experience implementing them in a corporate environment Excellent interpersonal skills with the ability to communicate with technical and non-technical contacts Must be highly organized and detail oriented Exceptional analytical and problem solving skills Excellent written and verbal communication skills Ability to manage multiple priorities to deliver results Additional InformationblueStone Executive Search successfully finds and secures the top talent within targeted industries. As executive search professionals, the advice we impart and the solutions we provide can have a significant impact on the businesses, careers and lives of others. We recognize these responsibilities and take them seriously. We value long-term relationships above short-term gain. We are continually seeking exceptional talent with the highest standards of professionalism. E-mail resumes to [email protected] and phone ************.

We are seeking an experienced Quality Assurance Analyst to test updates to our client's website and other interactive deliverables. Primary responsibilities include executing test plans, updating test reports, writing bug defects, verifying fixes, and testing pages and emails on supported environments. Job Description Interview mode: Phone and Skype (On site interview may be required) We can submit C2C consultants JD: OBJECTIVES: • Reports to the Head of Security Strategy & Architecture • Provides leadership and guidance to the regional IT organization on cyber and information security and risk management activities, education, and solutions • Contributes to defining global security strategy and architecture processes • Defines and establishes regional security processes based on global security strategy and architecture, with a focus on practices for Vulnerability Management, Systems Development Lifecycle, Information Security Processes including risk based Architecture design. • Directs a regional approach for the implementation of global IT security standards and methodologies • Provides input to global security operations such as incident response, monitoring, trend identification, and security posture and remediation ACCOUNTABILITIES: • Reports to the Head of Security Strategy & Architecture on plans and status of relevant projects, including the regional security strategy and implementation initiatives • Contributes to the design, development, and deployment of global security strategy and architecture concepts • Cooperates with regional teams in understanding global security strategy and architecture requirements • Conducts periodic review of security-related SDLC processes and stage gates • Incorporates cyber security and IT risk management into regional activities • Be the subject matter expert in security and assessments, including vulnerability management processes, vendor security reviews, penetration testing, and application security • Conducts follow-ups on any identified corrective actions • Functions as an advisor to system owners, security program managers and others in all matter (technical and otherwise) involving IT security and continuity • Directs or delegates level 3 support services for the region • Manages the relationship between IT security and regional business executives and business managers • Provides recommendations in planning of programs and projects in the area of cyber security • Reviews and manages budget and reports financial and event status to Head of Security Strategy & Architecture EDUCATION, BEHAVIOURAL COMPETENCIES AND SKILLS: Required: • Bachelor's Degree (business administration, risk management, information security, Management Information Systems (MIS), Computer Science or related IT field) or high school degree • 7+ years IT experience • 5+ years of work experience in developing, implementing and managing security solutions • 3+ years of work experience in designing and architecture security strategy and solutions • Demonstrated leadership role in working with C-Suite executives and the Board • Experience with implementing and operating security programs in a global environment, with a focus in Germany and European countries • Hands-on experience with the development of security strategy and frameworks, architectural methodologies, and service delivery • Project management experience including full lifecycle implementation • Proven ability to analyze a wide variety of data and make calculated, risk-based decisions • Ability to communicate ideas and data both verbally and written in a persuasive and appropriate manner • Ability to assess strengths and weaknesses of staff members and provide suggestions for improvement • Ability to write and speak in the English language Desired: • In-depth pharmaceutical industry and drug development experience • Experience with validated systems LICENSES/CERTIFICATIONS: • Information security certification (CISSP, CISM, CISA, GIAC, CEH, CCSK) TRAVEL REQUIREMENTS: • Access to transportation to attend meetings • Ability to fly to meetings regionally and globally • Willingness to travel up to 25-50%. Location: Deerfield, IL. Duration: 1 Year+ Additional Information All your information will be kept confidential according to EEO guidelines. Please call @ ************ Ext 183

About Rethink First Rethink First is a leading behavioral health technology company working to make mental wellness, education, and support accessible and scalable. Through our suite of cloud-based platforms-including RethinkEd, RethinkCare, and RethinkBH-we serve educators, employers, and providers with tools that deliver measurable, inclusive outcomes. We're on a mission to make behavioral health more effective, equitable, and human-and we're looking for a creative visionary to help lead that charge. About the Role We are building a modern, cloud-forward security program grounded in Cyber Resilience, Application Security, and Security Assurance. As our Manager, Information Security, you will be the operational and execution leader for our Security Assurance function while helping shape key processes across SecOps and AppSec. This role is ideal for someone who thrives in a high-growth SaaS environment, collaborates well cross-functionally, and wants to help mature a security program that must support HIPAA, SOC 2 Type II, HITRUST, and a broad healthcare customer base. You will own the day-to-day execution of GRC, Audit Readiness, Evidence Collection, Policy Management, TPRM, and Client Trust-and must have hands-on experience implementing or operating Vanta as a centralized compliance automation platform. You will serve as a multiplier for the Sr Director, creating repeatable processes, driving deadlines, maturing documentation, and ensuring audit-ready control operation across Azure, M365, and our SaaS product ecosystem. Key Responsibilities Security Assurance Leadership (Primary Responsibility - 60%) Lead the end-to-end Security Assurance function across SOC 2, HIPAA, HITRUST, and regulatory frameworks. Act as the program manager for all audits, coordinating with Legal, HR, Engineering, Product, and Infrastructure to maintain year-round audit readiness. Own the implementation, configuration, optimization, and continuous operation of Vanta, including: Control mapping and ownership assignments Evidence collection workflows Vendor risk management modules Client Trust functionality (best answers, trust portal, knowledge base) Build and maintain an audit calendar, evidence repository, and standardized evidence collection playbooks. Drive development and continuous maintenance of security policies, standards, and procedures. Operate the Third-Party Risk Management process, including vendor classification (Tier 1/BAA), questionnaire review, residual risk scoring, and contract security review. Respond to customer security questionnaires, RFPs, and client audit requests with clarity, accuracy, and speed. Cyber Resilience & SecOps Leadership (25%) While not a hands-on SecOps role, you will: Partner with the SecOps Engineers to build daily operational cadence across alerts, incidents, vulnerability management, and hygiene controls. Ensure controls monitored by Tenable, Microsoft Defender, Sentinel, and other platforms produce audit-ready evidence. Help design operational dashboards and KPIs for incident response, vulnerability SLAs, and hygiene metrics. Validate operational controls for compliance frameworks (MFA, SSO, logging, monitoring, access reviews, backups, endpoint security, network protections, etc.). Application Security Collaboration (15%) Work with Engineering, Architecture, and DevOps teams to ensure Product and AppSec controls align with SOC 2 and HITRUST expectations. Contribute to secure SDLC processes, risk assessments for new features, and remediation tracking for vulnerabilities and findings. Validate that security requirements are integrated into CI/CD workflows where appropriate. Required Qualifications 7+ years of progressive experience in Information Security, with at least 3+ years in a governance, compliance, or Security Assurance leadership role. Direct experience implementing or operating Vanta (must be hands-on). Strong experience supporting and maturing SOC 2 Type II, HIPAA Security Rule, and HITRUST programs in a SaaS environment. Deep understanding of Microsoft Azure security architecture, including Entra ID, RBAC, Conditional Access, Defender for Cloud, Sentinel, and workload identities. Clear understanding of audit control design, evidence, and auditor expectations. Experience building vendor risk programs, reviewing DPAs and BAAs, and performing vendor due diligence. Excellent writing skills for policies, procedures, client responses, and audit documentation. Demonstrated ability to lead complex projects with multiple stakeholders and tight deadlines. Strong communication and relationship-building skills across technical and non-technical teams. Preferred Qualifications Experience in healthcare SaaS or other regulated industries. Hands-on experience with: Vanta Vendor Risk + Trust Center Microsoft Purview (DLP, Information Protection) Azure DevOps or GitHub governance Tenable, Defender, or other vulnerability platforms Jira/Confluence Certifications such as CISA, CISSP, HCISPP, HITRUST CCSFP, or similar. Experience working with offshore teams. Benefits: Generous health, dental, & vision benefits package Flexible paid time off 11 paid company holidays 401k + matching Parental leave Access to our award-winning RethinkCare platform supporting neurodiversity in the workplace through parental success, professional resilience, and personal wellbeing. Location: Remote opportunities are available to candidates who reside in the following states: AL, AZ, CT, FL, GA, HI, IA, IL, IN, KY, LA, MD, MA, MI, MN, MO, MT, NC, NE, NH, NJ, NV, OH, OR, PA, RI, TN, TX, VA, WA, WI, WY Our commitment to an inclusive workplace RethinkFirst is an equal opportunity employer and is committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because that is what drives curiosity, innovation, and the success of our business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws. Accommodations are available for applicants with disabilities. JazzHR Privacy Policy JazzHR Terms of Use California Privacy Notice #remote

AYR Global IT Solutions is a national staffing firm focused on cloud, cyber security, web application services, ERP, and BI implementations by providing proven and experienced consultants to our clients. Our competitive, transparent pricing model and industry experience make us a top choice of Global System Integrators and enterprise customers with federal and commercial projects supported nationwide. Job Role: Data and System Security Engineer Location: Lincolnshire, IL Duration: 6+ Months Qualifications Job Description: Data and System Security engineer Experience with data encryption management solutions, such as Vormteric and CloudLink Experience with PKI management solutions, such as ADCS and External providers Investigative and analytical problem solving skills Customer service/support experience Additional Skills:PKI Knowledge of encryption management technologies, such as Vormetric, CloudLink. Additional Information If anyone might be intersted please send resumes to kmarsh@ayrglobal (dot) com or you can reach me direct at **************