Information security analyst jobs in Islip, NY

I have a client located in the East Setauket, NY area that has an opportunity for a Information Security Risk Analyst. If you or any of your colleagues are interested in discussing this opportunity please click Apply Now. In this role you will be an Information Security Risk Analyst for a client that works in the medical industry. This role is responsible for monitoring, determining, and reviewing potential and current information security risks. This is a 3 month and possibly longer contract. This role must be performed on-site. The pay on this role is $30.00 to $40.00 an hour based on experience. Job Requirements: 3+ years of experience with O365 and Purview platforms Experience reviewing daily Risky Users Ability to communicate with internal users to evaluate high risk access Ability to monitor the company's networks and identify security breaches Perform 3rd party security reviews using UpGuard TPRM tool Monitor DoJ DSP attestations and manage vendor communication and certs Help assist in creating IS runbook Document security processes Analyze Business Associate Agreements and provide recommendations on security & Liability Support Audit responses and investigations #VIS

Job Description We is seeking a talented Cyber Security Analyst. As a Cyber Security Analyst, you will play a key role in ensuring the security and integrity of our organization's data and systems. Requirements Responsibilities: Monitor, detect, and respond to cyber threats and security incidents, Conduct vulnerability assessments and penetration testing to identify potential weaknesses in our systems, Develop and implement security measures and best practices to protect against cyber attacks, Stay up-to-date with the latest cyber security trends and technologies, Collaborate with cross-functional teams to identify security risks and implement appropriate solutions, Provide training and guidance to employees on cyber security awareness and best practices. Requirements: Bachelor's degree in Computer Science, Information Security, or a related field, Proven experience in cyber security or a related role, Strong knowledge of security protocols and tools, Ability to analyze and interpret complex data and make informed decisions, Excellent problem-solving and communication skills, Relevant certifications (e.g. CISSP, CISM) are preferred but not required. Benefits About Us Zone IT Solutions is an Australia-based Recruitment Company. We specialise in Digital, ERP and larger IT Services. We offer flexible, efficient and collaborative solutions to any organisation that requires IT, experts. Our agile, agnostic and flexible solutions will help you source the IT Expertise you need. If you are looking for new opportunities, your profile at *******************************. Also, follow our LinkedIn page for new job opportunities and more. Zone IT Solutions is an equal-opportunity employer, and our recruitment process focuses on essential skills and abilities.

Join our global Cyber team as a Wordings Analyst supporting the Global Cyber Wordings Manager in the strategic development and governance of our Cyber and Tech policy suite, including Liberty Cyber Resolution and Liberty Tech Resolution. This role is a hands-on business enabler: you will help translate complex legal and regulatory requirements into clear, market-ready wordings, maintain our global clause library, support manuscript negotiations, and produce practical tools that empower underwriters and strengthen broker confidence. It's an excellent opportunity for an early-career insurance wordings or legal professional to build expertise in a fast-moving, global specialty line and make a visible impact on growth, innovation, and client experience. Key responsibilities: Wording library and drafting support Maintain and expand the global wording library centered on Liberty Cyber Resolution and Liberty Tech Resolution, including endorsements, exclusions, and guidance notes. Redline and prepare first drafts of standard clauses and endorsements; ensure consistency with definitions, coverage intent, and plain-language standards. Track version control, change logs, approvals, and archiving; Assist with localization for different jurisdictions, coordinating translations and filing documentation with Legal/Compliance. Commercial enablement Build practical tools (playbooks, FAQs, objection-handling guides, coverage summaries) to help regional teams position our products and close deals efficiently. Prepare broker/client comparison decks and battlecards; support pitches, RFP/RFI responses, and manuscript negotiations with clause comparisons and recommended alternatives. Triage wording queries from regions; track SLAs and referral approvals per the global governance framework. Partner closely with Underwriting, Product, Global Cyber Engagement, Claims, Legal/Compliance, and regional leaders to deliver accurate, timely support and uphold governance standards. Regulatory and legal stewardship Monitor and synthesize global regulatory and market developments (e.g., Lloyd's cyber war/systemic guidance, GDPR, DORA, NIS2, sanctions) into succinct briefs and recommended wording actions. Maintain audit-ready documentation; assist with regulatory filings or attestations where required. Claims partnership and feedback loop Collaborate with Claims to capture lessons from disputes and litigation trends; draft guidance notes and propose clarifications to improve coverage certainty. Support coverage position letters and documentation packs with research, citations, and clause histories. Innovation and product development support Help draft prototype wordings for new propositions Check alignment between underlying policy wordings and reinsurance treaty/facultative clauses. Administer wording management tools, ensuring robust version control, approval workflows, and usage analytics. Build dashboards and trackers for adoption of standard forms, deviation rates, SLA performance, disputes, and audit findings; provide monthly reporting to stakeholders. Qualifications Bachelor's degree in business, economics, or other quantitative field. Minimum 3 years, typically 4 years or more of relevant work experience. 2 - 5 years of experience in insurance wordings, legal/paralegal support, underwriting support, or product documentation; cyber specialty experience preferred. Strong drafting, redlining, and proofreading skills with a plain-language mindset and exceptional attention to detail. Working knowledge of insurance policy structures, endorsements, exclusions, and coverage interpretation; familiarity with cyber war/systemic language, sanctions, and privacy regulations is advantageous. Research and synthesis skills to translate complex regulatory/legal topics into practical guidance and actionable updates. Proficiency with MS Word (advanced track changes/redlining), Excel (trackers and dashboards), PowerPoint (training/pitch materials), and document/enablement tools. Collaborative, service-oriented approach; comfortable operating in a global matrix and meeting defined SLAs. Curiosity about cybersecurity risks and the incident response ecosystem; willingness to learn common threat scenarios to inform practical drafting. About Us Pay Philosophy: The typical starting salary range for this role is determined by a number of factors including skills, experience, education, certifications and location. The full salary range for this role reflects the competitive labor market value for all employees in these positions across the national market and provides an opportunity to progress as employees grow and develop within the role. Some roles at Liberty Mutual have a corresponding compensation plan which may include commission and/or bonus earnings at rates that vary based on multiple factors set forth in the compensation plan for the role. At Liberty Mutual, our goal is to create a workplace where everyone feels valued, supported, and can thrive. We build an environment that welcomes a wide range of perspectives and experiences, with inclusion embedded in every aspect of our culture and reflected in everyday interactions. This comes to life through comprehensive benefits, workplace flexibility, professional development opportunities, and a host of opportunities provided through our Employee Resource Groups. Each employee plays a role in creating our inclusive culture, which supports every individual to do their best work. Together, we cultivate a community where everyone can make a meaningful impact for our business, our customers, and the communities we serve. We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: *********************** Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law. Fair Chance Notices California Los Angeles Incorporated Los Angeles Unincorporated Philadelphia San Francisco We can recommend jobs specifically for you! Click here to get started.

Principal Information Security Analyst (Tier 2) As a Principal Information Security Analyst within Gen Digital's global Security Operations Center (SOC), you will play a key role in strengthening threat detection and response across the organization. The role focuses on improving SOC monitoring and detection processes through technical expertise, continuous development, and close collaboration with other security teams. In this position, you will serve as a senior specialist, leading automation and detection engineering efforts, mentoring junior analysts and contributing to projects that enhance security visibility and overall SOC performance. Operating in a follow-the-sun model, the SOC ensures 24/7 global coverage, with regional teams working during their respective business hours and sharing on-call responsibilities for weekend. Key Responsibilities: * Monitor, analyze, and correlate security alerts and events across multiple platforms (SIEM, WAF, EDR, email, cloud, network, and threat intelligence tools) to identify and validate suspicious or malicious activity * Continuously develop and fine-tune detection rules, correlation searches, security policies, and dashboards to improve visibility, reduce false positives, and increase alert accuracy across security platforms * Support and mentor Tier 1 analysts in alert triage, escalation quality, and use of tools * Collaborate with security engineers on automation and enrichment initiatives to streamline operational workflows and improve detection efficiency * Maintain complete and up-to-date documentation for all detection use cases, workflows and process improvements * Participate in security projects and collaborate with internal stakeholders (e.g., Incident Response, Security Engineering, Application Security, and IT) to enhance detection coverage, visibility, and response capabilities * Support the execution of incident response playbooks Qualification and Work Experience: * 3-5 years of hands-on experience in SOC operations, cybersecurity monitoring, or related areas such as detection engineering or threat analysis * Solid understanding of networking concepts (TCP/IP, DNS, HTTP/S) and how they apply to security monitoring and threat analysis * Strong knowledge of cybersecurity principles, common attack techniques, and threat types (e.g., phishing, malware, brute force, web application attacks) * Proven experience working with security logs, alerts, and structured data across multiple platforms (SIEM, EDR, WAF, cloud, and network telemetry) * Hands-on experience with SIEM platforms - Splunk preferred - including detection content development, rule tuning, and dashboard creation * Familiarity with Web Application Firewall (WAF) technologies and the ability to analyze or tune related alerts and policies * Understanding of cloud security concepts and experience with monitoring tools for major providers (AWS, Azure, GCP) * Working knowledge of scripting or automation (e.g., Python, PowerShell, or API-based integrations) to support analysis and enrichment workflows * Experience using AI-based tools to support daily SOC operations, including data analysis, investigation, documentation, and collaboration * Strong analytical and problem-solving skills with attention to detail and curiosity for continuous learning * Effective communication and documentation skills in English, both written and verbal * Experience collaborating across teams (e.g., Security Engineering, Incident Response, Application Security) on detection improvements or automation projects * Prior experience in a Security Operations Center (SOC) or similar environment is highly preferred * Familiarity with the fintech environment or experience supporting financial services infrastructure is considered a strong advantage #LI-AS1 Gen is proud to be an equal-opportunity employer, committed to diversity and inclusivity. We base employment decisions on merit, experience, and business needs, without considering race, color, national origin, age, religion, sex, pregnancy, genetic information, disability, medical condition, marital status, sexual orientation, gender identity or expression, military or veteran status, or other unlawful factors. Gen prohibits discrimination based on these protected characteristics and recruits talented candidates from diverse backgrounds. We consider individuals with arrest and conviction records and do not discriminate against employees for discussing their own pay or that of other employees or applicants. Learn more about pay transparency. To conform to U.S. export control regulations, applicant should be eligible for any required authorizations from the U.S. Government.

Information Security Specialist Job Responsibilities: Safeguards information system assets by identifying and solving potential and actual security problems. Protects system by defining access privileges, control structures, and resources. Recognizes problems by identifying abnormalities; reporting violations. Implements security improvements by assessing current situation; evaluating trends; anticipating requirements. Determines security violations and inefficiencies by conducting periodic audits. Upgrades system by implementing and maintaining security controls. Keeps users informed by preparing performance reports; communicating system status. Maintains quality service by following organization standards. Maintains technical knowledge by attending educational workshops; reviewing publications. Contributes to team effort by accomplishing related results as needed. Information Security Specialist Skills and Qualifications: System Administration, Network Security, Problem Solving, Information Security Policies, Informing Others, Process Improvement, On-Call, Network Troubleshooting, Firewall Administration, Network Protocols, Routers, Hubs, and Switches.

Department Description At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: * Secure the Magic by protecting information systems and platforms. * Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. * Strengthen the business through optimizing execution, application, and technology used to protect the Company. * Innovate by investing in core capabilities to enhance operational efficiency. Team Description: Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. What You'll Do: * Independent audit support for: * SOX 404 ITGCs * PII * PCI * ISPS * Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. * Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. * Develop and lead the Control Assurance Programs (ISPS and SOX). * Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. * Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. * This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. * Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. * Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) * Ensure for timely management response of audit findings into our corporate SOCD/SAD. * Oversee ISPS Management Audit coordination and open action plans. * Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. * Management of GRC workflows around coordination of certifications and attestations. * Partner with leadership to support the PCI-DSS compliance program. * Develop training materials, coordinate training sessions, and monitor compliance with training requirements. * Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. * Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. * Provide executive level updates on Compliance programs Must Haves (Years of Experience, languages, programs, tools, etc.): * Minimum of 8 years of related work experience, with 3 in management roles * IT SOX experience and proven experience in supporting IT audit/compliance functions * Experience in managing people * Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives * Interpersonal skills with the ability to work with teams cross-functionally * Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators * Detail-oriented but able to understand the big picture. Highly organized and efficient * Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments * Experience with cloud-based services, specifically AWS Nice To Haves (see above): * Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR * Experience working with companies that have a heavy microservice architecture Education: Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. About The Walt Disney Company (Corporate): At Disney Corporate you can see how the businesses behind the Company's powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you'll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe. About The Walt Disney Company: The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney's stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished. This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate). Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, religion, color, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information or disability, or any other basis prohibited by federal, state or local law. Disney champions a business environment where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a constantly evolving world. Apply Now Apply Later Current Employees Apply via My Disney Career Explore Location

Hudson River Trading (HRT) is looking for a Systems Engineer with a focus on physical security systems to join our Enterprise Technology team. This role will liaise closely with our Workplace and various Security teams to conduct research, design, and maintain physical security platforms. You'll join a lean and technical team with opportunities to architect, own, and evolve HRT's global physical security infrastructure, driving both strategic vision and hands-on execution, to help HRT stay secure while providing a great employee experience. Responsibilities Research, architect, and deploy physical security systems across our offices and supporting sites around the globe Conduct audits and risk assessments of the physical security of equipment and locations globally Curate an enjoyable employee experience while helping to maintain safety, security and compliance Manage user roles, permissions, and system access in compliance with company policies and best practices Troubleshoot hardware/software issues, perform diagnostics, and provide Level 2/3 support Create and maintain documentation of configurations, procedures, and system architecture Help lead technical response and forensic analysis for physical security incidents in collaboration with Workplace and Security Operations teams Collaborate with internal stakeholders to evaluate and adopt next-generation physical security technologies, such as AI-driven analytics, mobile credentials, or zero-trust physical systems Qualifications 5+ years of experience in the systems architecture, engineering, and administration of physical security systems (camera infrastructure, badge platforms, biometrics, environmental sensors, access control, etc.) Experience with open protocols and standards in physical security (OSDP, SNMP, etc.) Experience with consolidating and automating identity management, configuration, and logging for disparate physical security, access control, and digital IAM platforms Experience with data center physical security systems (VSS, ACS, IDS, anti-tailgating, anti-passback, mantraps, etc.) Experience automating through code (Python, Go, PowerShell) and working with SDKs/APIs Strong knowledge of networking concepts and protocols Familiarity with securing IP-based physical systems and awareness of modern physical security threats (e.g., firmware supply chain, OT/IT convergence) Willing to travel 20% of time to visit other offices and facilities as needed A certification like Certified Protection Professional (CPP) or Physical Security Professional (PSP) is a plus Experience using Linux is a plus Experience with public cloud providers (GCP, AWS, Azure) is a plus The estimated base salary range for this position is $150,000 - $250,000 per year, based on job-related skills and experience. This role will also be eligible for discretionary performance-based bonuses and a competitive benefits package. Culture Hudson River Trading (HRT) brings a scientific approach to trading financial products. We have built one of the world's most sophisticated computing environments for research and development. Our researchers are at the forefront of innovation in the world of algorithmic trading. At HRT we welcome a variety of expertise: mathematics and computer science, physics and engineering, media and tech. We're a community of self-starters who are motivated by the excitement of being at the cutting edge of automation in every part of our organization-from trading, to business operations, to recruiting and beyond. We value openness and transparency, and celebrate great ideas from HRT veterans and new hires alike. At HRT we're friends and colleagues - whether we are sharing a meal, playing the latest board game, or writing elegant code. We embrace a culture of togetherness that extends far beyond the walls of our office. Feel like you belong at HRT? Our goal is to find the best people and bring them together to do great work in a place where everyone is valued. HRT is proud of our diverse staff; we have offices all over the globe and benefit from our varied and unique perspectives. HRT is an equal opportunity employer; so whoever you are we'd love to get to know you.

Aircall is a unicorn AI-powered customer communications platform used by 22,000+ companies worldwide to drive revenue, faster resolutions, and scale. We're redefining what a customer communications platform can be-by combining voice, SMS, WhatsApp, and AI into one seamless workspace. Our momentum comes from a simple but powerful idea: help every customer-facing team work smarter, not harder. Aircall's AI Voice Agent automates routine calls, AI Assist streamlines post-call tasks, and AI Assist Pro delivers real-time guidance that helps people do their best work. The result-companies grow revenue, deliver faster resolutions, and scale service. We've built a product customers love and a business that scales fast. Aircall operates in nine global offices (Paris, New York, San Francisco, Sydney, Madrid, London, Berlin, Seattle, and Mexico City), and is backed by world-class investors. Our teams are shipping AI innovation faster than ever and expanding across new product lines and markets. At Aircall, you'll join a company in motion-ambitious, profitable, and product-driven-where impact is visible, decisions are fast, and growth is real. How We Work at Aircall: At Aircall, we believe in customer obsession, continuous learning, and delivering extraordinary outcomes. We value open collaboration, taking ownership, and making smart, informed decisions with speed and precision. If you thrive in a fast-paced, team-driven environment where curiosity, trust, and impact matter, you'll fit right in Aircall is seeking an experienced Information Security Manager to take ownership of Aircall's information security strategy, governance, and risk management practices. This person will serve as the central coordinating and orchestrating function for all branches of Information Security, ensuring that our security, IT, privacy and product teams are aligned, accountable, and operating against a unified framework. This individual will build and mature our governance, policy, and compliance foundations; ensure readiness against major security frameworks; and drive a security-first culture across the organization. This role will sit within the CTO (Technology) organization, alongside Security & Infrastructure Engineering building the security foundation of a future Governance, Risk & Compliance (GRC) function.Key Responsibilities Develop and maintain the company-wide security strategy, policies, and governance frameworks. Ensure ongoing compliance with SOC 2, GDPR, NIST. Determine in conjunction with the other security stakeholders the company's strategy to pursue additional certifications) and other relevant global security standards (e.g., ISO 27001). Participate in building the Governance, Risk & Compliance (GRC) function, aligning with privacy, compliance, and enterprise risk function; maintaining and executing against a risk matrix Ensure that each branch of Information Security (Product Security, IT Security, GTM, Vendor Due Diligence, Customer facing topics; Governance, Policies & Audits) is performing its responsibilities effectively and operating in a coordinated manner. Lead enterprise-wide security risk assessments, gap analyses, and mitigation planning. Partner closely with Legal/Privacy on regulatory obligations, including GDPR, data residency requirements, and incident reporting. Oversee vendor risk management and security due diligence, ensuring consistent assessment standards and cross-functional alignment. Build and manage a scalable vendor security program, including due diligence, remediation, and monitoring. Maintain and refine incident response policies, workflows, roles, and communication procedures. Coordinate cross-functional participation during security events, ensuring documentation, communication, and post-incident reporting. Serve as the point of escalation for major security events. Ensure clear reporting lines, accountability, and coordination between IT Security and Engineering/Product Security. Work closely with IT, Product, Engineering, and Data teams to embed security-by-design throughout the development lifecycle. Manage dotted-line reporting relationships with Security Engineers and IT team members, ensuring unified strategic direction while respecting functional dependencies. Represent Information Security to the Board, Audit Committee, customers, and regulators, as needed. Lead company-wide security training and awareness initiatives. Promote a security-first culture across all functions, ensuring employees understand their role in protecting company and customer data. Qualifications 8+ years of experience in Information Security, including security governance or GRC leadership roles within SaaS or cloud based companies. Deep knowledge of SOC 2, ISO 27001, NIST, GDPR, and modern security frameworks. Hands-on experience with GRC platform (Drata, One Trust, Vanta etc.) Experience leading cross-functional initiatives and managing multiple stakeholders. Experience with risk management, vendor security, and policy development. Proven ability in dealing with incident response and security operations. Strong communication skills, with experience presenting to executives or boards. $180,000 - $200,000 a year This is not including equity and other benefits. The actual salary offered will carefully consider a wide range of factors, including your skills, qualifications, and experience. Why join us? 🚀 Key moment to join Aircall in terms of growth and opportunities💆 ♀️ Our people matter, work-life balance is important at Aircall📚 Fast-learning environment, entrepreneurial and strong team spirit🌍 45+ Nationalities: cosmopolite & multi-cultural mindset💵 Competitive salary package & equity🏨 Medical, dental, and vision insurance is 100% covered📈 401k plan with company matching!✈️ Unlimited PTO - take the time you need to come to work feeling great!⭐️ Wellness, commuter, and childcare reimbursements💚 Generous parental leave policy DE&I Statement: At Aircall, we believe diversity, equity and inclusion - irrespective of origins, identity, background and orientations - are core to our journey. We pride ourselves on promoting active inclusion within our business to foster a strong sense of belonging for all. We're working to create a place filled with diverse people who can enrich and learn from one another. We're committed to ensuring that everyone not only has a seat at the table but is valued and respected at it by providing equal opportunities to develop and thrive. We will constantly challenge ourselves to make sure that we live up to our ambitions around diversity, equity and inclusion, and keep this conversation open. Above all else, we understand and acknowledge that we have work to do and much to learn. Want to know more about candidate privacy? Find our Candidate Privacy Notice here.We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

We are seeking a Senior Security DevOps Engineer who will be responsible for a variety of objectives resulting in risk mitigation and remediation of internal & external security threats. This role performs advanced threat analysis, threat intelligence gathering & reporting, incident response activities, improves accuracy of security systems, improves existing processes, and works on Cybersecurity focused projects. Contract to hire Onsite 2 days a week located in New York Cybersecurity - Cyber Intelligence & Incident Response Responds to and remediates email, endpoint, threat intelligence, and network-based threats; provides forensic investigation and support. Provides after-hours support as needed for response activities. Integration experience. Collaborates with cross divisional and Cybersecurity teams to continuously improve security capabilities and response to threats in the most efficient and effective manner. Assists with projects to implement advanced technologies to prevent & identify malicious behavior within cloud environments, networks, endpoints, and email technologies. Operates products such as SIEM, SOAR, threat intelligence platforms, advanced email protection, EDR, cloud security products, IDS/IPS, Zero Trust tooling, and other security technologies. Scripting experience. Implements and performs threat analysis utilizing industry standard frameworks (kill chain/diamond model) and techniques. Proposes and helps review security plans and policies to improve environmental security. Maintains and produces metrics, operational playbooks, process diagrams and documentation for the Cybersecurity program. AWS and/or Azure knowledge. Produces and distributes operational and tactical threat intelligence reports. Other duties may be assigned as needed to address new security threats facing the enterprise. Ability to: Demonstrate great teamwork and partnership with internal teams for resolution of security-based issues. Python programming tasks and understand of programming in general. Perform security event correlation, triage, and analysis. Apply security Threat Intelligence while responding to and investigating security events or Incidents. Identify when an application, network, system, or user has been compromised by an internal or external threat. Work on multiple projects to improve security capabilities. Exercise strong understanding of defense-in-depth security best practices. Apply security engineering and architecture concepts to best understand how to employ the most effective security monitoring, response, and threat reporting. Demonstrate effective communication of security issues and topics to management and others. Work well under pressure and within a high paced environment. Maintain operational guidelines and standards for Cybersecurity.

The Cloud Security Specialist is a senior technical and leadership position responsible for implementing, managing, and continuously improving cloud security across multi cloud environments including AWS, Azure, Google Cloud, and Oracle Cloud Infrastructure (OCI).This role combines hands on technical execution with team leadership. The successful candidate will lead a team of cloud security engineers, develop secure architectures, and manage enterprise grade cloud security solutions such as Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), Container Security, API Security, and AI Security Posture Management (AISPM).The individual will partner with cloud service, DevOps, and application teams to design secure deployments, enforce policies, and integrate automation for vulnerability remediation, threat detection, and compliance. They will also implement secure private connectivity between cloud and on premise networks using technologies such as AWS PrivateLink and Azure ExpressRoute. Required Education/Experience * Master's Degree and with 3 years of relevant experience IT or Information security or * Bachelor's Degree and with 5 years of relevant experience IT or Information security or * Associate's Degree and with 6 years of relevant experience IT or Information security or * High School Diploma/GED and with 8 years of relevant experience IT or Information security. Preferred Education/Experience * Master's Degree in Cybersecurity, Computer Engineering, Computer Science, Information Systems Security, Information Technology. and 3 years in Information security, Cloud Security or Cloud Architect in a senior technical role. With certifications such as CCSP, AWS Certified Security, Azure Security Engineer Associate, or GCP Cloud Security Engineer. Experience in cloud security or cloud architecture. Experience with CSPM, CWP, AISPM, and API security implementations. Handson work with identity management, hybrid connectivity (PrivateLink, ExpressRoute). * Bachelor's Degree in Cybersecurity, Computer Engineering, Computer Science, Information Systems Security, Information Technology. and 5 years in Information security, Cloud Security or Cloud Architect in a senior technical role. With certifications such as CCSP, AWS Certified Security, Azure Security Engineer Associate, or GCP Cloud Security Engineer. Experience in cloud security or cloud architecture. Experience with CSPM, CWP, AISPM, and API security implementations. Handson work with identity management, hybrid connectivity (PrivateLink, ExpressRoute). Relevant Work Experience * Handson experience with at least two major cloud providers (AWS, Azure, GCP, or OCI), required. * Implementation and management experience with CSPM, CWP, AISPM, and API security platforms, required. * Knowledge of IAM, rolebased access control, and policy enforcement, required. * Experience integrating cloud telemetry and logs with SIEM tools, required. * Understanding of hybrid connectivity and private link technologies (PrivateLink, ExpressRoute), required. * Experience with scripting (Python, PowerShell, Bash) and automation, required. * Experience with WAF and cloud API gateway configurations, required. * Strong understanding of cloud network fundamentals and background in cloud network security, and secure architecture design, required. * Experience collaborating with cloud service teams for planning and remediation, required. * Experience implementing application security best practices and training engineering teams, required. * Familiarity with CDN operations, certificates, and brand monitoring preferred, required. * Experience with SIEM integration, telemetry collection, and event analysis, preferred. * Demonstrated experience leading technical teams or project groups, preferred. * Experience with Container Security, preferred. * Experience securing API endpoints and implementing advanced cloud application protections, preferred. * Knowledge of AI/ML data protection and secure model deployment practices, preferred. * Experience integrating security automation into DevSecOps workflows using Terraform or Ansible, preferred. * Experience developing and delivering cloud security training and awareness programs, preferred. Skills and Abilities * Effective leadership skills * Demonstrated problem solving skills * Demonstrated problem solving skills * Strong written and verbal communication skills * Ability to drive multiple projects to successful completion * Proactively approaches responsibilities Licenses and Certifications * Driver's License Required * Other: CISSP, CCNP Security, GSEC, GCIH, CEH, or equivalent certifications. Preferred * Other: CCSP, AWS Certified Security, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, or OCI Security Professional. Preferred Physical Demands * Ability to push, pull, and lift up to 25 pounds * Sit or stand to use a keyboard, mouse, and computer for the duration of the workday Additional Physical Demands * The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays. * The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays. Core Responsibilities * Lead and mentor a team of cloud security engineers, fostering technical excellence and professional growth. * Architect and maintain secure multi-cloud environments across AWS, Azure, GCP, and OCI in partnership with Enterprise Architecture. * Deploy and manage CSPM platforms to drive continuous visibility, compliance, and risk posture improvement. * Implement CWP solutions to protect cloud workloads, prevent threats, and manage vulnerabilities effectively. * Define and enforce IAM policies and least-privilege principles to strengthen identity security across all platforms. * Design and secure private and hybrid connectivity using technologies such as AWS PrivateLink, Azure ExpressRoute, and Google Cloud Interconnect. * Integrate cloud telemetry and security events with SIEM systems to enhance incident detection and response capabilities. * Automate provisioning, configuration, and remediation workflows using IaC tools like Terraform and Ansible, supported by Python or PowerShell scripting. * Implement and manage WAF policies and API gateways to safeguard cloud applications and services. * Partner with DevOps and engineering teams to embed security within CI/CD pipelines and promote secure development practices. * Collaborate with risk and architecture teams to assess emerging technologies and align them with enterprise security strategy. * Stay informed on evolving threats, regulatory frameworks, and AI security trends to continuously improve cloud security posture.

We are seeking a skilled and experienced Information Security Analyst II. This individual will support Datadog's ability to respond, add, and maintain compliance with various security compliance frameworks. This analyst will coordinate PCI-DSS audit activities and develop and deliver evidence from subject matter experts and Datadog tools. Additionally, we encourage a mindset of innovation and continuous improvement, looking to refine and enhance our approaches wherever possible. At Datadog, we place value in our office culture - the relationships and collaboration it builds and the creativity it brings to the table. We operate as a hybrid workplace to ensure our Datadogs can create a work-life harmony that best fits them. What You'll Do: Coordinate the completion of PCI-DSS audit activities, including managing the audit contractor, delivering of evidence, and conducting quality reviews of auditor documentation Serve as a key liaison and manage expectations between internal teams (including Engineering, Product) and internal/external auditors. Synthesize complex customer and regulatory standards into concrete requirements for the Datadog Engineering, Legal and Business teams. Assist Engineering teams with creation and implementation of security controls to address security compliance risks. Foster strong collaboration across teams to drive successful compliance outcomes and ensure alignment with organizational goals. Build and maintain robust relationships with stakeholders to understand their needs and deliver exceptional service. Continuously enhance technical expertise by staying updated with industry trends and emerging technologies. Facilitate open communication to share knowledge and insights, promoting a learning environment. Who You Are: Minimum of 3-5 years' work experience in risk management, security compliance and/or auditing with significant hands-on control experience. A background in auditing or managing security compliance for SaaS based tech (AWS, GCP, Azure, and other SaaS based vendors like Salesforce, Workday, ServiceNow, etc.). Thorough understanding of one or more security compliance frameworks (e.g., FedRAMP, PCI-DSS, SOX, ISO 27001, SOC). Experience assessing control implementation across a technical environment to identify potential risks and proven ability to identify areas that require additional risk mitigation. Experience developing, guiding, implementing, and documenting security and control solutions that address compliance requirements. You are passionate about reading and writing, particularly when it comes to translating complex technical controls into language that resonates with both business and engineering audiences. You thrive in a collaborative culture where teamwork and shared learning are at the forefront. Efficiency is a core value for you, and you consistently seek ways to optimize processes and outcomes. Your ability to bridge communication between different teams allows you to drive organizational success. Datadog values people from all walks of life. We understand not everyone will meet all the above qualifications on day one. That's okay. If you're passionate about technology and want to grow your skills, we encourage you to apply. Benefits and Growth: New hire stock equity (RSUs) and employee stock purchase plan (ESPP) Continuous professional development, product training, and career pathing Intradepartmental mentor and buddy program for in-house networking An inclusive company culture, ability to join our Community Guilds (Datadog employee resource groups) Access to Inclusion Talks, our internal panel discussions Free, global mental health benefits for employees and dependents age 6+ Competitive global benefits Benefits and Growth listed above may vary based on the country of your employment and the nature of your employment with Datadog. Datadog offers a competitive salary and equity package, and may include variable compensation. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Datadog offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, parental planning, and mental health benefits, a 401(k) plan and match, paid time off, fitness reimbursements, and a discounted employee stock purchase plan. The reasonably estimated yearly salary for this role at Datadog is:$123,000-$157,000 USD About Datadog: Datadog (NASDAQ: DDOG) is a global SaaS business, delivering a rare combination of growth and profitability. We are on a mission to break down silos and solve complexity in the cloud age by enabling digital transformation, cloud migration, and infrastructure monitoring of our customers' entire technology stacks. Built by engineers, for engineers, Datadog is used by organizations of all sizes across a wide range of industries. Together, we champion professional development, diversity of thought, innovation, and work excellence to empower continuous growth. Join the pack and become part of a collaborative, pragmatic, and thoughtful people-first community where we solve tough problems, take smart risks, and celebrate one another. Learn more about #DatadogLife on Instagram, LinkedIn, and Datadog Learning Center. Equal Opportunity at Datadog: Datadog is proud to offer equal employment opportunity to everyone regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, and other characteristics protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. Here are our Candidate Legal Notices for your reference. Datadog endeavors to make our Careers Page accessible to all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please complete this form. This form is for accommodation requests only and cannot be used to inquire about the status of applications. Privacy and AI Guidelines: Any information you submit to Datadog as part of your application will be processed in accordance with Datadog's Applicant and Candidate Privacy Notice. For information on our AI policy, please visit Interviewing at Datadog AI Guidelines.

This role is located in New York City and will require a hybrid work schedule of at least 2 days in office per week. This role is for Vice President level candidates. About the Bank: Sumitomo Mitsui Trust Bank, Limited was established through the merger of The Sumitomo Trust and Banking Co., Ltd with Chuo Mitsui Trust and Banking, Ltd. on April 1, 2012. We are one of the largest asset managers in Asia and number one among Japanese financial institutions by AUM, with approximately $850 Billion USD in AUM. The Bank provides an assortment of financial solutions and manages a broad spectrum of financial products across its global branches. Department Overview: The Americas Division (“AD”) was established in the Sumitomo Mitsui Trust Bank, Limited, New York Branch) (“SMTBNY”) to perform corporate functions and supervise U.S. entities. Established under the AD are the “Global Banking Unit (“GBU”), Americas Division” and “Global Markets Unit (“GMU”), Americas Division” which performs business functions. Information Risk Governance (“IRG”) provides oversight to information and cyber security risk by maintaining and improving branch wide framework that is in-line with the Head Office and regulatory requirements and addresses Confidentiality, Integrity, and Availability for information assets. IRG establishes appropriate policies, procedures, measurement, and monitoring processes to proactively assess and evaluate cyber security and information security risks inherent in the Branch Operations. IRG is directly involved in all information and cyber security related projects, matters, and issues. Your Role Overview: To assist the Head of the Department with the day-to-day management and operation of the department. To assume the role of Information Security Officer and take the lead on overseeing the timely completion of the department's critical risk management projects. To provide direct assistance to the Head of the Department with regards to accomplishing the department's goals and objectives. To manage, guide and mentor other staff members with the preparation and completion of their assigned tasks. To contribute significantly to the overall success of the department in all key risk management and cyber security areas. Directly oversee completion of all critical projects, assist the HOD with implementing desired operational strategies and procedures. Recommend ways to improve efficiency, effectiveness, and productivity. Focus on proactive day-to-day operations. As ISO, assist with overseeing all information and cyber security matters. Your Duties and Responsibilities: Maintain and improve the information risk framework with guidance from HOD, address regulatory requirements, residual information risks specific to NY Branch Operations. Provide Information Security subject-matter-expertise to senior management. Work with IRT and coordinate incident responses to cyber security events. Keep abreast of industry wide information risk issues that could potentially have an impact on Branch Operations. Establish processes for communicating data classification guidelines and its governance. Oversee employee information security awareness training. Assesses and evaluates critical risk management projects: Annual Risk Assessment. Semi-annual Vulnerability Assessments. Special Risk Assessments done for a Particular Purpose Trend analysis of key risk management concepts and principles Attend the ISSRM and Branch Risk Management related meetings. Performs key information risk governance related tasks as described below: Provides User Access Control Governance. Monitors, analyzes and follows-up on Information Risk events/issues. Reviews information risk and proactively advises as necessary on: IT Projects/Issues Management process, Change Management Process, significant changes to IT procedures, IT Asset Management Report, key IT Vendor Contracts, IT Disaster Recovery Plan/Process, Record Retention Process, any related audit findings, etc. Establish and maintain Information Risk Key Risk Indicators (KRI). Periodically updates IT resources on Information risk related practices. Manages all information and cyber security policy and procedures manuals. Assist with the management of all matters related to Information Security and Information Risk Management, including directing appropriate Information/Applications Risk Assessments. Your Qualifications: Certification in Information Security (CISSP) required. 8+ years of Information Security related experience, IT Audit experience, preferred. Knowledge of Information Security principles, terminologies, and technologies required. Knowledge of Information Risk Management framework and principles required. Ability to analyze and design information security monitoring procedures and activities preferred. Detailed Knowledge and expertise in Technology Risk Assessments and Risk Analysis required. Excellent written and verbal communication skills, required. Good computer skills in Microsoft Office Excel and Word required. Strong project management and people management skills. preferred Why you should join SuMi Trust:SuMi Trust embraces flexible ways of working when the business and role permits. We provide employees with a hybrid working model, allowing for in-office work and work from home. Our diverse and inclusive environment along with our global presence enables us to collaborate and communicate to meet our business needs. We believe that efficient teams need truth, loyalty, and a strong sense of purpose to balance risk and their targets. We make sustainable business decisions to improve our society and the world. We believe that each person brings a unique value that drives the business though their creativity and passion. The Employee Benefits package includes: Paid Time Off, medical, HSA, vision, dental, FSA, 401(k), profit sharing, legal plan, cancer indemnity plan, disability insurance, life insurance, employee assistance program, commuter benefits, business travel accident, paid volunteer day, paid memberships, paid seminars, and tuition assistance. We offer many socialization opportunities for wellness, financial wellbeing, runs/walks, team building, happy hours, and activities to support the Sustainable Developmental Goals. Check out our LinkedIn for our employee experience: *************************************** We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SuMi Trust provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application

ISSO Employment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success: * Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. * Maintain responsibility for managing cybersecurity risk from an organizational perspective. * Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership. * Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies. * Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO). * Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes. * Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF. * Provide subject matter expertise for cyber security and trusted system technology. * Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems. * Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. * Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring. * Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications: * Bachelor's Degree. * A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc. * eMASS experience. * Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher. * Strong desktop publishing skills using Microsoft Word and Excel. * Experience with industry writing styles such as grammar, sentence form, and structure. * Ability to multi-task in a deadline-oriented environment. Ideally, you will also have: * CISSP, CASP, or a similar certificate is preferred. * Master's Degree in Cybersecurity or related field. * Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking. * Demonstrated ability to work well independently and as a part of a team. * Excellent work ethic and a high commitment to quality. Our Commitment: Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package. Health, Dental, and Vision Life Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation! Explore additional job opportunities with CGS on our Job Board: ************************************* For more information about CGS please visit: ************************** or contact: Email: [email protected] #CJ $92,213.33 - $125,146.66 a year We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

The Bronx Defenders (BxD) is an innovative, progressive public defense office in the South Bronx. We are seeking a passionate technology professional with a commitment to public defense to join the Information Technology (IT) Team as an Information Governance & Security Manager. Founded in 1997, BxD is a public defender nonprofit that has developed a nationally recognized model of representation called holistic defense, which provides people with teams of lawyers, social workers, and advocates to defend them zealously in court and address the underlying drivers and enmeshed penalties of legal system involvement. Our office now has more than 400 staff members who defend nearly 20,000 New Yorkers facing incarceration, family separation, eviction, and deportation (among other devastating consequences) in criminal, family, civil, and immigration proceedings each year. We continue reimagining the role of public defense even further, using community organizing and engagement, legislative advocacy, and impact litigation to partner with the communities we represent to bring about long-lasting systemic change. We also share our model and lessons learned on how to move to a holistic model of representation with current and future public defenders throughout the country. Information Technology Our Information Technology (IT) department is our first line of support in assisting our dedicated staff of attorneys, advocates, social workers, and administrative professionals. Ultimately, the work of our department helps to advance the needs of our clients and facilitate the process by which their legal teams support and advocate for them to reach their goals. As the leading office in providing holistic representation, we stay abreast of innovative technological tools and resources that are used to support our staff and clients as they navigate the criminal, family, immigration, and civil court systems. From onboarding new employees to strengthening cybersecurity and modernizing our digital tools, the IT department is dedicated to creating an environment where technology empowers people, minimizes friction, and keeps our organization at the forefront of innovation in public defense. Responsibilities The Information Governance & Security Manager ensures that organizational information (case files, HR data, client records, financial systems) is managed securely, compliantly, and in alignment with regulatory requirements (CJIS, HIPAA, SHIELD). This role develops and enforces information governance policies, manages risk assessments and audits, and coordinates with the MSP and IT leadership to safeguard the integrity, availability, and confidentiality of organizational data. Responsibilities Own and update organizational information governance policies (data retention, access control, encryption, privacy) Coordinate audits and access reviews across systems (M365, LegalServer, HRIS, Finance) Review and respond to SOC/security alerts escalated from the MSP Lead development and testing of Business Continuity (BCP), Disaster Recovery (DRP), and Incident Response (IRP) plans Conduct quarterly data protection and compliance audits Partner with HR, Legal, and IT to enforce retention and preservation schedules Oversee data backup strategy (3-2-1 rule: cloud, onsite, offline) Provide reports on compliance posture and risk exposure to the IT Director and COO Stay current on changes to CJIS, HIPAA, SHIELD, and ABA confidentiality standards Stay current with emerging technologies, security practices, and industry standards relevant to the role, and provide recommendations for improvements Maintain awareness of ongoing IT initiatives, organizational priorities, and cross-departmental projects to ensure alignment with broader business goals Perform other related duties as assigned in response to organizational needs, new compliance requirements, or changes in technology Qualifications 6+ years in IT governance, compliance, or security roles Strong knowledge of NIST CSF, ISO 27001, ITIL Security Mgmt Hands-on experience with M365 Security & Compliance Center, Purview, Intune Familiarity with audits, penetration testing, and risk assessments Ability to develop, test, and maintain BCP/DRP/IRP Excellent communication and report-writing skills for technical and non-technical audiences Experience collaborating with MSPs, auditors, and cross-functional teams Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or related field Professional Certifications (strongly preferred): CISSP,CISM,CISA, ISO 27001, Microsoft certified The following qualifications are preferred, but not : Experience in nonprofit, academic or healthcare environment Experience with unionized employees To cultivate the deep subject matter knowledge, strong interpersonal relationships and collaborative approach that are critical to the position's success, it is essential that the candidate be able to participate in-person and onsite in both internal and external meetings and events. This position has an onsite requirement of in-office, 5 days per week. Approximately 70% of The Bronx Defenders' staff, including attorneys and non-attorneys, are represented by UAW Local 2325 - Association of Legal Aid Attorneys (AFL-CIO). This position is not within the bargaining unit. Salary is commensurate with experience. The salary range for this position is $130,000 to $150,000 annually. Full-time employees are also eligible for a comprehensive benefits package including but not limited to medical, dental, and vision coverage; a 403(b) plan with employer contribution; and a generous vacation, sick leave, and parental leave policy To apply, please click APPLY TO THIS JOB ONLINE and upload your resume and cover letter in one document. Your resume will be used to determine your salary based on the number of years of directly relevant professional experience and should include all relevant professional experience. Applications without a written cover letter will not be considered. The Bronx Defenders is an equal opportunity employer and is cultivating a workplace that embraces staff with a diversity of backgrounds, identities, and experiences. We acknowledge the ways in which systemic oppression and injustice can undermine access to professional opportunities and are committed to conducting hiring and promotion processes that are equitable and accessible to those commonly excluded from the workforce. We do not discriminate against and encourage applicants from marginalized communities to apply, including those who identify as Black, Indigenous, people of color, queer, transgender, gender non-conforming, disabled, neurodivergent, and those directly impacted by criminal, civil, family, and immigration legal systems. We value lived as well as professional experience and particularly welcome applications from the Bronx community that we work with.

Job Title:Information Security Risk Compliance Manager Descrption Seeks an Information Security Risk Compliance Manager who will have the responsibility for several functions associated with IT security - from ensuring the security of software to selecting and/or constructing and deploying broader network security systems. Scope of Work Objectives: The Information Security Risk Compliance Manager oversees the organization's efforts in Risk assessment, Risk mitigation, Compliance management, Security governance, incident response, vendor risk management, Security awareness and training, Security audits and assessments, reporting and communication, continual improvement, and cross-functional collaboration. Their role is to ensure that the organization's systems, networks, and processes are secure, compliant with regulations and standards, and aligned with organizational goals and objectives. Requirements Responsibilities: Conduct risk assessments to identify potential threats and vulnerabilities to the organization. Develop and implement risk management strategies and policies to mitigate identified risks. Monitor and evaluate risk exposure across various departments and business units. Coordinate with stakeholders to ensure compliance with regulatory requirements and industry standards. Communicate risk management strategies and findings to senior management and relevant stakeholders. Lead the development and maintenance of the organization's risk register and risk management framework. Provide guidance and support to departments and teams in implementing risk mitigation measures. Conduct training and awareness programs on risk management principles and practices. Continuously monitor and review the effectiveness of risk management strategies and adjust as necessary. Stay updated on emerging risks and industry trends to proactively address potential threats to the organization. Maintain and enhance the company-wide security awareness program. Take ownership of establishing and enforcing security standards both within the team and across the organization. Work proactively and collaboratively to achieve change management and buy-in. Deliverables: Compliance Management: Ensure compliance with relevant regulations, standards, and frameworks such as GDPR, HIPAA, ISO 27001, NIST, etc., by establishing and maintaining appropriate controls and processes. Risk Mitigation: Develop and oversee risk mitigation strategies and controls to address identified security risks, including implementing technical controls, security best practices, and security awareness training programs. Incident Response: Develop and implement incident response plans and procedures to effectively respond to and manage security incidents, including data breaches, cyberattacks, and security breaches. Vendor Risk Management: Assess and manage risks associated with third-party vendors and service providers, including evaluating their security posture, conducting due diligence assessments, and ensuring contractual compliance. Cross-functional collaboration: Collaborate with IT teams, legal, HR, compliance, and other departments to ensure a holistic approach to information security risk management and compliance. Continual Improvement: Monitor industry trends, emerging threats, and regulatory changes to ensure that the organization's information security risk and compliance programs remain up-todate and effective. Preferred Skills: Excellent verbal and written communication skills. Ability to work both independently and as part of a team. Knowledge of Networking (Firewall, Networking Protocols); Working knowledge Frameworks Working knowledge of Information Security Domains Working knowledge of Security protocols Working knowledge of Cloud

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the Role We're looking for an Operating Systems Security Engineer to harden and secure the OS layer of our infrastructure. You'll be responsible for designing and implementing OS-level security controls, from kernel hardening to runtime protection, ensuring our systems can withstand sophisticated attacks while maintaining the performance required for AI model training. This is a hands-on role where you'll work with cutting-edge hardware and implement novel security solutions for environments that don't exist anywhere else in the world. You'll need to balance extreme security requirements with the operational needs of researchers training models at unprecedented scale. What You'll Do: Design and implement hardened OS configurations for AI workloads across diverse hardware platforms Minimize attack surfaces by removing as many unnecessary components as possible from kernelspace and userspace Develop kernel security policies using SELinux, AppArmor, and custom Linux Security Modules and runtime enforcement mechanisms Implement and maintain full-disk encryption solutions for diverse storage systems Build security infrastructure for AI systems, research environments, and production services Create OS-level attestation and integrity monitoring systems Apply security patches, develop patches for custom kernel modules, and kernel hardening configurations Design secure boot processes and trusted execution environments Work with container teams to ensure proper workload isolation at the kernel level Design privilege separation and mandatory access control policies Implement secure update mechanisms for OS components Build tooling for security configuration management and compliance verification Serve as a subject matter expert for OS security questions and designs Who You Are: 5+ years of experience in operating systems security or kernel development Deep knowledge of Linux internals, including kernel subsystems and security frameworks (SELinux, AppArmor, seccomp, etc.) Experience with kernel hardening techniques and exploit mitigation Strong programming skills in C and systems programming languages Experience with eBPF for security monitoring and enforcement Understanding of virtualization and containerization security Track record of identifying and fixing OS-level security vulnerabilities Experience with security-focused Linux distributions Strong candidates may also have: Kernel development experience or contributions to Linux kernel Experience with real-time or embedded operating systems Knowledge of hardware security features and their OS integration Experience with secure boot technologies Experience with confidential computing and memory encryption technologies (SEV, TDX, SGX) Background in vulnerability research, exploit development, or fuzzing Experience with formal methods for OS verification Knowledge of hardware security features and their OS integration (TPM, HSM, secure enclaves) Deadline to apply: None. Applications will be reviewed on a rolling basis. The expected base compensation for this position is below. Our total compensation package for full-time employees includes equity, benefits, and may include incentive compensation. Annual Salary:$300,000-$405,000 USDLogistics Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience. Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices. Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team. How we're different We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact - advancing our long-term goals of steerable, trustworthy AI - rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills. The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences. Come work with us! Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

Hours: 37.5 Line of Business: Technology Solutions Pay Details: 91,200 - 136,800 CAD TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs. As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role. Job Description: TD Bank is seeking a strategic and technically skilled Manager to join our Information Security team, focused on strengthening our fraud detection, authentication, and CIAM (Customer Identity and Access Management) capabilities. This role will lead the expansion of our monitoring and alerting footprint across enterprise platforms, ensuring control effectiveness, regulatory alignment, and rapid incident response in a complex financial environment. Key Responsibilities * Lead the design and deployment of monitoring and alerting strategies using Splunk, Datadog, Dynatrace, and Databricks across TD's digital ecosystem * Define alert thresholds and tuning logic to minimize false positives while maintaining high sensitivity to fraud and access anomalies * Oversee triage workflows for triggered alerts, coordinating with global teams to ensure timely investigation and resolution * Develop governance frameworks for alert lifecycle management, including setup, ownership, escalation, and audit readiness * Monitor control effectiveness across CIAM, authentication, and fraud domains, driving continuous improvement * Collaborate with fraud and cybersecurity teams to support incident investigations and mitigation strategies * Analyze alert trends and performance metrics to inform strategic improvements and risk prioritization * Champion automation and workflow optimization for alert handling, reporting, and compliance documentation * Ensure alignment with TD's enterprise risk management and regulatory obligations (e.g., OSFI, OCC) * Provide mentorship and leadership within the security monitoring team, fostering a culture of accountability and innovation Required Qualifications & Expertise * 5+ years of experience in information security, CIAM/fraud detection, or observability engineering within financial services * Hands-on expertise with Splunk, Datadog, Dynatrace, and Databricks for alert creation, analytics, and dashboarding * Strong understanding of CIAM, authentication protocols, and fraud risk indicators in regulated environments * Experience designing governance frameworks and control monitoring programs aligned with financial compliance standards * Proven ability to lead cross-functional teams and drive incident response processes across geographies * Excellent communication and documentation skills, with a strategic mindset and attention to regulatory detail Who We Are: TD is one of the world's leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we deliver legendary customer experiences to over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to the Bank, those we serve, and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers, communities and colleagues. TD is deeply committed to being a leader in customer experience, that is why we believe that all colleagues, no matter where they work, are customer facing. As we build our business and deliver on our strategy, we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether you've got years of banking experience or are just starting your career in financial services, we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs, we're here to support you towards your goals. As an organization, we keep growing - and so will you. Our Total Rewards Package Our Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial, physical, and mental well-being goals. Total Rewards at TD includes a base salary, variable compensation, and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off, banking benefits and discounts, career development, and reward and recognition programs. Learn more Additional Information: We're delighted that you're considering building a career with TD. Through regular development conversations, training programs, and a competitive benefits plan, we're committed to providing the support our colleagues need to thrive both at work and at home. Please be advised that this job opportunity is subject to provincial regulation for employment purposes. It is imperative to acknowledge that each province or territory within the jurisdiction of Canada may have its own set of regulations, requirements. Colleague Development If you're interested in a specific career path or are looking to build certain skills, we want to help you succeed. You'll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities. Whether you have a passion for helping customers and want to expand your experience, or you want to coach and inspire your colleagues, there are many different career paths within our organization at TD - and we're committed to helping you identify opportunities that support your goals. Training & Onboarding We will provide training and onboarding sessions to ensure that you've got everything you need to succeed in your new role. Interview Process We'll reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call. Accommodation Your accessibility is important to us. Please let us know if you'd like accommodations (including accessible meeting rooms, captioning for virtual interviews, etc.) to help us remove barriers so that you can participate throughout the interview process. We look forward to hearing from you! Language Requirement (Quebec only): Sans Objet

Qualifications Bachelor's degree required. Minimum five years of full-time professional experience in information technology, including evidence of successful and progressively responsible roles in information security or related area (including growth in levels of responsibility, complexity of work, numbers, and sophistication of employees) related to the essential responsibilities listed. Demonstrated fluency in written and spoken English with the sophistication necessary to effectively communicate technical details to both technical and non-technical individuals. Demonstrated willingness and ability to carry out the essential responsibilities listed with humility, grace, and optimism. Demonstrated understanding of, sensitivity to, and respect for the academic, cultural, and social diversity in the Hofstra University community. Preferred Qualifications Advanced degree in computer science, computer engineering, information security, or related field strongly preferred. One or more relevant professional certifications (e.g., CISSP , CISM /A, etc.) strongly preferred. Experience with state and federal information security regulatory requirements ( GLBA , FERPA , HIPAA , etc.) and other compliance requirements ( PCI , etc.). Knowledge of and experience applying industry-standard IT security frameworks ( NIST , IHECF , etc.). Significant experience in computing and information security, network security issues, and security incident response and recovery in a higher education environment. Significant experience in communicating information security principles and concepts to non-technical stakeholders, and success in improving cybersecurity awareness in a higher education environment. Working knowledge of the information security policy and regulatory environment of information security, particularly in higher education. Demonstrated experience and success in advising and collaborating with key stakeholders relevant to the essential responsibilities listed, including senior leadership, Internal Audit, outside auditors, and consultants. Professional experience in a leadership role in a higher education institution.

The Cloud Security Specialist is a senior technical and leadership position responsible for implementing, managing, and continuously improving cloud security across multi cloud environments including AWS, Azure, Google Cloud, and Oracle Cloud Infrastructure (OCI).This role combines hands on technical execution with team leadership. The successful candidate will lead a team of cloud security engineers, develop secure architectures, and manage enterprise grade cloud security solutions such as Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), Container Security, API Security, and AI Security Posture Management (AISPM).The individual will partner with cloud service, DevOps, and application teams to design secure deployments, enforce policies, and integrate automation for vulnerability remediation, threat detection, and compliance. They will also implement secure private connectivity between cloud and on premise networks using technologies such as AWS PrivateLink and Azure ExpressRoute. Required Education/Experience Master's Degree and with 3 years of relevant experience IT or Information security or Bachelor's Degree and with 5 years of relevant experience IT or Information security or Associate's Degree and with 6 years of relevant experience IT or Information security or High School Diploma/GED and with 8 years of relevant experience IT or Information security. Preferred Education/Experience Master's Degree in Cybersecurity, Computer Engineering, Computer Science, Information Systems Security, Information Technology. and 3 years in Information security, Cloud Security or Cloud Architect in a senior technical role. With certifications such as CCSP, AWS Certified Security, Azure Security Engineer Associate, or GCP Cloud Security Engineer. Experience in cloud security or cloud architecture. Experience with CSPM, CWP, AISPM, and API security implementations. Handson work with identity management, hybrid connectivity (PrivateLink, ExpressRoute). Bachelor's Degree in Cybersecurity, Computer Engineering, Computer Science, Information Systems Security, Information Technology. and 5 years in Information security, Cloud Security or Cloud Architect in a senior technical role. With certifications such as CCSP, AWS Certified Security, Azure Security Engineer Associate, or GCP Cloud Security Engineer. Experience in cloud security or cloud architecture. Experience with CSPM, CWP, AISPM, and API security implementations. Handson work with identity management, hybrid connectivity (PrivateLink, ExpressRoute). Relevant Work Experience Handson experience with at least two major cloud providers (AWS, Azure, GCP, or OCI), required. Implementation and management experience with CSPM, CWP, AISPM, and API security platforms, required. Knowledge of IAM, rolebased access control, and policy enforcement, required. Experience integrating cloud telemetry and logs with SIEM tools, required. Understanding of hybrid connectivity and private link technologies (PrivateLink, ExpressRoute), required. Experience with scripting (Python, PowerShell, Bash) and automation, required. Experience with WAF and cloud API gateway configurations, required. Strong understanding of cloud network fundamentals and background in cloud network security, and secure architecture design, required. Experience collaborating with cloud service teams for planning and remediation, required. Experience implementing application security best practices and training engineering teams, required. Familiarity with CDN operations, certificates, and brand monitoring preferred, required. Experience with SIEM integration, telemetry collection, and event analysis, preferred. Demonstrated experience leading technical teams or project groups, preferred. Experience with Container Security, preferred. Experience securing API endpoints and implementing advanced cloud application protections, preferred. Knowledge of AI/ML data protection and secure model deployment practices, preferred. Experience integrating security automation into DevSecOps workflows using Terraform or Ansible, preferred. Experience developing and delivering cloud security training and awareness programs, preferred. Skills and Abilities Effective leadership skills Demonstrated problem solving skills Demonstrated problem solving skills Strong written and verbal communication skills Ability to drive multiple projects to successful completion Proactively approaches responsibilities Licenses and Certifications Driver's License Required Other: CISSP, CCNP Security, GSEC, GCIH, CEH, or equivalent certifications. Preferred Other: CCSP, AWS Certified Security, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, or OCI Security Professional. Preferred Physical Demands Ability to push, pull, and lift up to 25 pounds Sit or stand to use a keyboard, mouse, and computer for the duration of the workday Additional Physical Demands The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays. The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays. Core Responsibilities Lead and mentor a team of cloud security engineers, fostering technical excellence and professional growth. Architect and maintain secure multi-cloud environments across AWS, Azure, GCP, and OCI in partnership with Enterprise Architecture. Deploy and manage CSPM platforms to drive continuous visibility, compliance, and risk posture improvement. Implement CWP solutions to protect cloud workloads, prevent threats, and manage vulnerabilities effectively. Define and enforce IAM policies and least-privilege principles to strengthen identity security across all platforms. Design and secure private and hybrid connectivity using technologies such as AWS PrivateLink, Azure ExpressRoute, and Google Cloud Interconnect. Integrate cloud telemetry and security events with SIEM systems to enhance incident detection and response capabilities. Automate provisioning, configuration, and remediation workflows using IaC tools like Terraform and Ansible, supported by Python or PowerShell scripting. Implement and manage WAF policies and API gateways to safeguard cloud applications and services. Partner with DevOps and engineering teams to embed security within CI/CD pipelines and promote secure development practices. Collaborate with risk and architecture teams to assess emerging technologies and align them with enterprise security strategy. Stay informed on evolving threats, regulatory frameworks, and AI security trends to continuously improve cloud security posture.