Information security analyst jobs in Johnston, RI - 257 jobs

A state governmental agency in Chelsea, Massachusetts is seeking an Accounts Management Analyst II to manage employee provisioning and deprovisioning, ensure timely completion of requests, and support end-users with IT issues. The ideal candidate should have extensive experience in technical support, strong knowledge in Windows, Azure, and service management tools like ServiceNow, along with excellent problem-solving and communication skills. This full-time role offers a salary range between $77,290 and $116,401 annually. #J-18808-Ljbffr

The IT Security Analyst I is responsible for supporting the Bank's IT Security preventative and reactive measures including but not limited to Technology governance, risk, and compliance. IT governance-related duties include ensuring security controls are in place, effective, and that risks are recorded and actively being managed. Other tasks include configuration management, asset management, patch management, software/hardware lifecycle, threat intelligence, user activity monitoring, and reporting thereof. This role is expected to be fully aware of the Bank's security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals. Other duties include collaboration with senior IT Security personnel to optimize security tools and processes. Performs any functions, within scope of authority and expertise, to provide the highest level of service and responsiveness to customers and co-workers. This is a Hybrid work schedule, 3 days in the office and 2 days remote in Massachusetts. Responsibilities IT Governance * Maintain the Bank's IT security program control framework to ensure compliance with industry standards (NIST, CIS, FFIEC) and MSB's IT security control requirements. * Develop systems and processes for identifying, managing, and reporting risks. * Provide governance, risk, and compliance data insights to drive improvement across the IT system. * Compile metrics/reporting for the weekly IT Governance report. Facilitate weekly presentation to stakeholders. * Design and implement security controls for our infrastructure and critical systems. * Assigns responsibility for IT Governance related issues and tracks them to resolution. * Continually working to improve the Banks overall security posture. * Track and understand emerging security practices and threats. Leverage this knowledge to improve security configurations across the enterprise and hunt for potential or active t threats. * Manage daily volume of offline computers. Triage and resolve issues so computers can join network and be managed. * Reconcile asset type risk scores regularly and report metrics and issues to IT Division. IT Security Control Programs * Configuration Hardening: * Conduct hardening assessments of hardware and software to identify noncompliance of standards and define remediation requirements. * Regular maintenance of configuration hardening benchmarks. * Vulnerability Management: * Monitoring, delegation, and investigation of vulnerabilities in a severity-prioritized process. * Development, deployment, and automation of scripts for remediation of vulnerabilities. * Patch Management: * Systematic testing, deployment, and reporting of system patches. * Threat Intelligence: * Monitor, triage, and report on Threat Intelligence alerts accordingly. * Software/Hardware Management: * Reconciliation of end-of-life/end-of-support hardware and software. * Authorization of software based on weight of business need and risk. * Regular upkeep of software versions within Bank infrastructure. System & Application Administration * Workstation ownership - building, securing, and ongoing management of assigned workstation assets. * Identifying and mitigating vulnerabilities on assigned assets and applications. * Application ownership - configuring, implementing, securing, and ongoing management of the Bank's security applications. Security Operations * Recommend additional security solutions or enhancements to existing security solutions to improve overall security. * Participate in investigations into problematic activity. * Consults with third party vendors/suppliers as required. Requirements Education Bachelor's Degree in computer science, information systems or equivalent work experience is required Work Experience 2+ years experience supporting security components and applying security best practices across an enterprise application/network infrastructure is required Additional Requirements Experience with managing and securing Microsoft Windows or Linux is preferred. Working knowledge of IT security controls and how to determine their effectiveness. Knowledge, Skills, and Abilities Understanding of common security technologies and functions (Endpoint AV, Patch Management, Encryption, Vulnerability Scanning, etc.) Working knowledge of common operating systems (Windows, Linux, etc.) and basic endpoint security principles Passion and enthusiasm for Cyber Security Demonstrates excellent communication, facilitation, efficient decision making and problem solving skills Licenses and Certifications Certified Information Systems Security Professional (CISSP) or equivalent security related certification Preferred Expected Pay Range From: $62,682 To: $111,280 The pay range is the salary we in good faith expect to pay for this role at the time of posting. Actual compensation paid may fluctuate higher or lower than the posted range and the range may be modified in the future due to several factors including, but not limited to, relevant experience, certifications, and qualifications, internal equity, adjustments to the requirements and responsibilities of the job, business needs, and economic and market data. EEO Statement Middlesex Savings Bank is an Equal Opportunity Employer/protected Veterans/Individuals with Disabilities

Join our global Cyber team as a Wordings Analyst supporting the Global Cyber Wordings Manager in the strategic development and governance of our Cyber and Tech policy suite, including Liberty Cyber Resolution and Liberty Tech Resolution. This role is a hands-on business enabler: you will help translate complex legal and regulatory requirements into clear, market-ready wordings, maintain our global clause library, support manuscript negotiations, and produce practical tools that empower underwriters and strengthen broker confidence. It's an excellent opportunity for an early-career insurance wordings or legal professional to build expertise in a fast-moving, global specialty line and make a visible impact on growth, innovation, and client experience. Key responsibilities: Wording library and drafting support Maintain and expand the global wording library centered on Liberty Cyber Resolution and Liberty Tech Resolution, including endorsements, exclusions, and guidance notes. Redline and prepare first drafts of standard clauses and endorsements; ensure consistency with definitions, coverage intent, and plain-language standards. Track version control, change logs, approvals, and archiving; Assist with localization for different jurisdictions, coordinating translations and filing documentation with Legal/Compliance. Commercial enablement Build practical tools (playbooks, FAQs, objection-handling guides, coverage summaries) to help regional teams position our products and close deals efficiently. Prepare broker/client comparison decks and battlecards; support pitches, RFP/RFI responses, and manuscript negotiations with clause comparisons and recommended alternatives. Triage wording queries from regions; track SLAs and referral approvals per the global governance framework. Partner closely with Underwriting, Product, Global Cyber Engagement, Claims, Legal/Compliance, and regional leaders to deliver accurate, timely support and uphold governance standards. Regulatory and legal stewardship Monitor and synthesize global regulatory and market developments (e.g., Lloyd's cyber war/systemic guidance, GDPR, DORA, NIS2, sanctions) into succinct briefs and recommended wording actions. Maintain audit-ready documentation; assist with regulatory filings or attestations where required. Claims partnership and feedback loop Collaborate with Claims to capture lessons from disputes and litigation trends; draft guidance notes and propose clarifications to improve coverage certainty. Support coverage position letters and documentation packs with research, citations, and clause histories. Innovation and product development support Help draft prototype wordings for new propositions Check alignment between underlying policy wordings and reinsurance treaty/facultative clauses. Administer wording management tools, ensuring robust version control, approval workflows, and usage analytics. Build dashboards and trackers for adoption of standard forms, deviation rates, SLA performance, disputes, and audit findings; provide monthly reporting to stakeholders. Qualifications Bachelor's degree in business, economics, or other quantitative field. Minimum 3 years, typically 4 years or more of relevant work experience. 2 - 5 years of experience in insurance wordings, legal/paralegal support, underwriting support, or product documentation; cyber specialty experience preferred. Strong drafting, redlining, and proofreading skills with a plain-language mindset and exceptional attention to detail. Working knowledge of insurance policy structures, endorsements, exclusions, and coverage interpretation; familiarity with cyber war/systemic language, sanctions, and privacy regulations is advantageous. Research and synthesis skills to translate complex regulatory/legal topics into practical guidance and actionable updates. Proficiency with MS Word (advanced track changes/redlining), Excel (trackers and dashboards), PowerPoint (training/pitch materials), and document/enablement tools. Collaborative, service-oriented approach; comfortable operating in a global matrix and meeting defined SLAs. Curiosity about cybersecurity risks and the incident response ecosystem; willingness to learn common threat scenarios to inform practical drafting. About Us Pay Philosophy: The typical starting salary range for this role is determined by a number of factors including skills, experience, education, certifications and location. The full salary range for this role reflects the competitive labor market value for all employees in these positions across the national market and provides an opportunity to progress as employees grow and develop within the role. Some roles at Liberty Mutual have a corresponding compensation plan which may include commission and/or bonus earnings at rates that vary based on multiple factors set forth in the compensation plan for the role. At Liberty Mutual, our goal is to create a workplace where everyone feels valued, supported, and can thrive. We build an environment that welcomes a wide range of perspectives and experiences, with inclusion embedded in every aspect of our culture and reflected in everyday interactions. This comes to life through comprehensive benefits, workplace flexibility, professional development opportunities, and a host of opportunities provided through our Employee Resource Groups. Each employee plays a role in creating our inclusive culture, which supports every individual to do their best work. Together, we cultivate a community where everyone can make a meaningful impact for our business, our customers, and the communities we serve. We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: *********************** Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law. Fair Chance Notices California Los Angeles Incorporated Los Angeles Unincorporated Philadelphia San Francisco We can recommend jobs specifically for you! Click here to get started.

Information Security Data Analyst Large Banking Client Duration: 6+ month contract; Strong potential for extension / full time hire Our client in the banking industry is seeking a Data Analyst to join the Information Security & Risk team. This role will focus on data protection, compliance, and security analytics, ensuring sensitive information is safeguarded across systems and processes. The position offers an opportunity to contribute to risk mitigation, regulatory adherence, and the development of robust data security controls in a dynamic financial services environment. Responsibilities * Monitor, analyze, and report on data security events and potential data loss incidents * Collect, validate, and analyze data from multiple sources to ensure accuracy and integrity * Develop and maintain dashboards for security metrics using Power BI and AWS QuickSight * Execute queries to identify anomalies, trends, and potential vulnerabilities in data flows * Implement and enforce Data Loss Prevention (DLP) rules and policies across systems * Conduct testing and validation of DLP rules to ensure accuracy and effectiveness * Manage website whitelisting processes to support secure business operations * Support compliance with regulatory standards and internal security frameworks * Collaborate with security, risk, and IT teams to design and optimize data protection strategies * Communicate findings and actionable recommendations to leadership and stakeholders Required Experience * Minimum 3+ years of experience in data analytics with a focus on security or compliance * Strong understanding of data protection principles, DLP tools, and regulatory frameworks * Hands-on experience implementing and testing DLP rules and security controls * Proficiency in SQL Server for query writing and data validation * Dashboarding experience with Power BI and AWS QuickSight * Working knowledge of Python for automation and data analysis * Familiarity with security monitoring tools and incident response processes * Prior experience in financial services, preferably banking or fintech Desired Experience * Exposure to DLP solutions (e.g., Purview, Netskope) * Experience with identity and access management concepts * Understanding of data classification and encryption standards Soft Skills * Strong communication skills to engage leadership and cross-functional teams * Detail-oriented with a proactive approach to risk identification * Ability to work in a fast-paced, compliance-driven environment * Apex Benefits Overview * Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a retirement plan (401k or local country equivalent) program. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide. * · EEO Employer * Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or ************. Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click here for more details. Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide. Employee Type: Contract Remote: Yes Location: Boston, MA, US Job Type: Date Posted: November 18, 2025 Pay Range: $45 - $60 per hour Similar Jobs * Information Systems Security Officer * Information Security Analyst - IAM / CyberArk * Information Systems Analyst * L2 Cyber Security Analyst * Network Security Analyst III

Description & Requirements Maximus is seeking a qualified Sr. Technical/Security Analyst for multiple projects, current and upcoming. The qualified candidate will be involved in technical/security planning and assessment projects with potentially multiple state agencies. The position requires the candidate to produce/review security relevant documentation, such as system security plans, POA&Ms, assessment plans, etc., produce technical/security analyses, develop estimates, review and contribute to requirements for large systems-planning efforts in the Child Support, Child Welfare and/or Integrated Eligibility public-sector domains. The individual will report directly to a Senior Manager. Maximus is a matrix-managed organization, which means the individual will have secondary reporting relationships to one or more Project Managers, depending on which projects they are assigned. *This role is remote but requires working standard business hours in the US time zone of the client. This position is contingent upon award. * Essential Duties and Responsibilities: - Collaborate with project managers on various initiatives and projects to track progress and provide support as necessary. - Support leadership in ensuring that the project is delivered to specifications, is on time, and within budget. - Work closely with management and work groups to create and maintain work plan documents. - Track the status and due dates of projects. - Manage relationships with project staff responsible for projects. - Produce regular weekly and monthly status reports that could include; work plan status, target dates, budget, resource capacity, and other reports as needed. - Facilitate regular meetings and reviews. - Adhere to contract requirements and comply with all corporate policies and procedures. Job Specific Duties and Responsibilities: -Perform duties independently under the direction of their direct manager and/or Project Managers on specific projects. -Review project documentation and client materials and provide analysis of technical and security related topics. -Participate in client meetings and offer observations and insight on technical and security related topics. -Identify risk areas and potential problems that require proactive attention. -Review and author artifacts and other project documents and identify potential gaps, inconsistencies, or other issues that may put the project at risk. Such artifacts and documents may include but are not limited to: *System Security Plan *Plan of Action and Milestones (POA&M) *Security Assessment Plan *Risk Assessment reports *CMS ARC-AMPE forms and documentation *Data Conversion and Migration Management Plan *Deployment and/or roll-out plans -Perform security assessments, lead security audit and assessment activities, and provide direct security oversight support to assigned clients and projects. -Identify and escalate to the Senior Manager / Project Manager risks, alternatives, and potential quality issues. -Attend interviews, focus groups, or other meetings necessary to gather information for project deliverables in accordance with the project scope of work. -Attend project meetings with the client, subcontractors, project stakeholders, or other Maximus Team members, as requested by the Senior Manager / Project Manager. -Complete project work in compliance with Maximus standards and procedures. -Support team to complete assigned responsibilities as outlined in the Project schedule. -Support all other tasks assigned by Senior Manager / Project Manager. Minimum Requirements - Bachelor's degree in related field. - 7-10 years of relevant professional experience required. - Equivalent combination of education and experience considered in lieu of degree. Job Specific Requirements: -Be available to work during standard client business hours. Projects may involve clients from any US time zone, so it is possible that work outside of the individual's local business hours will be required. -Bachelor's degree from an accredited college or university, or equivalent work experience. -7+ years of experience in information security, with at least 3 years of security-compliance work in a regulated industry. -5+ years of experience working with HIPAA, NIST 800-53 and/or CMS MARS-E or ARC-AMPE security frameworks. -Familiar with operating systems: Windows, Linux/UNIX, OS/X. -Familiar with AI tools, capabilities. -Strong command of cloud computing topics. -Strong command of agile software development practices as well as waterfall development practices. -Strong desktop software skills: proficient in MS Office, Excel, Word, Project. -Ability to explain and communicate technical subjects to non-technical audiences. -Ability to develop advanced concepts, techniques, and standards requiring a high level of interpersonal and technical skills. -Ability to work independently. -Good organizational skills and the ability to manage multiple tasks and deadlines simultaneously. -Strong interpersonal and team building skills, as well as an understanding of client relationship building are essential. -Excellent verbal and writing skills and be comfortable working with customers. -Ability to multi-task with supervision. -Self-motivated fast learner. Preferred Skills: -Prefer a candidate with experience in the Health & Human Services industry, which may include working with programs such as Child Support, Child Welfare, or Integrated Eligibility (SNAP, TANF, and Medicaid). -Preference for security related certifications, such as the CISSP (Certified Information Systems Security Professional). EEO Statement Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics. Pay Transparency Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances. Accommodations Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process-including accessing job postings, completing assessments, or participating in interviews,-please contact People Operations at **************************. Minimum Salary $ 120,000.00 Maximum Salary $ 140,000.00

Senior Cyber Security Analyst is an experienced cyber security individual who maintains the security of an organization's technical environment. They study existing security hardware and software, evaluate new security options and makes recommendations for improvement. Senior Cyber Security Analyst also identifies weak spots in a cyber security system that may be breached and creates procedures to manage threats. Senior Cyber Security Analyst monitors networks for suspicious activity and potential cyber threats. They keep up on threat intelligence, install and maintain security software and encryption. They are responsible for aiding in the planning of security systems, implementing policy and identifying business processes that may violate intended and acceptable use policies. They monitor and remediate vulnerabilities. Senior Cyber Security Analyst works on advanced, complex technical projects or business issues requiring state of the art technical or industry knowledge. Duties and Responsibilities Responsibilities include, but are not limited to the following: * Assist in developing, operating, and evolving Cloud Access Security solutions and capabilities * Performs system security administration on designated technology platforms, including operating systems, applications and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines * Performs installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems * Performs threat and vulnerability assessments, followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities Research, recommend, and implement streamlined automation processes * Develops and maintains documentation for security systems and procedures * Conducts network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host-based security systems * Provide support to one or more projects simultaneously. Delivers projects on schedule * Deploys cloud-centric detection to detect threats related to cloud environments and services used by the organization * Assists and trains junior team members in the use of security tools, the preparation of security reports and the resolution of security issues * Applies patches where appropriate and, removes or otherwise mitigates known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards Correlates activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity * Using threat intelligence information research emerging threats and vulnerabilities to aid in the identification of incidents * Job Knowledge - Remains up-to-date in assigned area of responsibility: possesses skills and knowledge to perform job effectively; efficiently and safely; acquires, understands, and applies technical and professional information and skills; understands and adheres to policies and procedures * Supports the creation of security incident response, business continuity/disaster recovery plans, including conducting tests, publishing test results and making changes necessary to address deficiencies * Analyzes problems and alternative solutions and takes appropriate timely action to achieve desired business results. Seeks unique and novel solutions to problems and considers impact of final resolution * Perform security standards testing against computers before implementation to ensure security * Provide Key Performance Metrics to our Risk Management team to help coordinate risk tracking. * Educate internal teams on information security best practices. * Assist in technical audits of IT Systems and controls. * Other duties as assigned. * Corporate Compliance Responsibility - As an essential function, responsible for complying with Neighborhood's Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies and procedures as it applies to individual job duties, the department, and the Company. This position must exercise due diligence to prevent, detect and report unlawful and/or unethical conduct by fellow co-workers, professional affiliates and/or agents

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Position Summary: Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank's Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents. Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements. Role Description: This role is primarily responsible for ensuring that relevant Privileged Access Controls are adequately enforced across platforms and applications to comply with IAM Standard. Partner with PAM Governance leads to ensure that Privileged Access Controls are appropriately measured, reported and governed. Apply industry PAM best practices, templates, and documentation while also proposing improvements based on practical knowledge. Document and convey PAM related requirements to technology partners to build/implement enhanced PAM solutions that are efficient, effective, and modern and able to result in material risk reduction in sustainable manner. Collaborate with stakeholders to develop PAM requirements that iteratively support long term PAM modernization and transformation (covers Process, Data and Technology aspects). Provide education to team members and technology partners regarding the proposed changes to PAM controls. Partners with the policy governance team for socialization and publication of proposed changes to the PAM Standard Takes accountability for addressing PAM risks. Proactively identify risk and ways to continuously enhance and improve BAC's PAM controls. Implement and take decisive actions in finding solutions. Drives towards intended outcomes. Engage senior management to provide factual, transparent, and timely reporting on existing and emerging PAM or information security risks. Active participation in GIS IAM/PAM forums including but not limited to Monthly IAM Stakeholder Forum and Control Owner Forum for standard and Single Process Inventory (SPI) enhancements. Supports audit issues for closure and sustainability Required Qualifications: 7 years relevant hands-on experience in PAM in complex and heterogenous technology environment. Deep experience with Linux, Windows, Cloud scale Identity, Access Management (Single Sign-On, Multi Factor Authentication), Authorization services or design and architecture of PAM services Deep knowledge of bank financial practices and policies and ability to adapt to fast changing environment Working level experience with IAM platforms such as Ping Identity, Active Directory OpenLDAP, OpenDJ Experience in consumption of Web Service APIs such as JSON / XML Hands on experience and involvement in large and complex projects. Expert level knowledge of privileged access management methodologies and techniques for on-prem and Cloud implementation. Expert level knowledge of authentication platforms such as Active Directory, LDAP, Kerberos, LDAP, Radius. Expert knowledge of PAM related tools which support session proxy, vaulting, just-in-time provision, integration with service management tool would be an advantage. Deep security knowledge which covers core technology infrastructure (network, storage, servers, databases, etc.) identity management and application security practice. Deep knowledge on Federation platforms or protocols such as Oauth, OpenID, SAML, WS-Fed, etc. Good knowledge and understanding of PAM-specific laws, rules, and regulations within the financial services sector. Proficient in Microsoft Office suite of products with ability to quickly analyze and synthesize large volumes of data. Familiarity with security standards such as NIST, ISO/EC, FFIEC. Understanding and interpreting BAC's established information security Policy, Standards, Procedure and Guides, and applying this knowledge to related PAM decisions and response. Possession of CISSP certification would be an advantage. Knowledge of Compliance Certifications such as SOX, SOC, SOC2. Serve as the Subject Matter Experts in advising BAC business and technology counterparts on effective ways to achieve or exceed compliance with applicable Policy, Standards, Procedures and Guides. Proficient in articulating facts and data-driven plans and to partner with stakeholders to implement intended solutions to drive risk reductions and adherence to PAM standards. Strong attention to detail and advanced analytical skills. Excellent communication and presentation skills. Able to effectively prioritize multiple tasks. Proven track record in delivering outcomes that result in sustainable risk reductions in PAM. Ability to work independently on initiatives with little oversight. Motivated and willing to learn. Confident and effective in delivering messages across a wide spectrum of individuals with varying degrees of technical and business understanding This job will be open and accepting applications for a minimum of seven days from the date it was posted Shift: 1st shift (United States of America) Hours Per Week: 40 Pay Transparency details US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842), US - MA - Boston - 100 Federal St - 100 Federal St Lp (MA5100) Pay and benefits information Pay range$78,200.00 - $137,700.00 annualized salary, offers to be determined based on experience, education and skill set.Discretionary incentive eligible This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.BenefitsThis role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.

Job Description At OneStudyTeam (a Reify Health company), we specialize in speeding up clinical trials and increasing the chance of new therapies being approved with the ultimate goal of improving patient outcomes. Our cloud-based platform, StudyTeam, brings research site workflows online and enables sites, sponsors, and other key stakeholders to work together more effectively. StudyTeam is trusted by the largest global biopharmaceutical companies, used in over 6,000 research sites, and is available in over 100 countries. Join us in our mission to advance clinical research and improve patient care. One mission. One team. That's OneStudyTeam. We are seeking a Senior Security Compliance Analyst with expertise in Governance, Risk, and Compliance (GRC) to support and enhance our security and compliance programs within the healthcare industry. This role is critical in ensuring adherence to industry regulations, responding to customer audits, and maintaining compliance with ISO 27001, HIPAA, and other security frameworks. The ideal candidate will be a detail-oriented compliance expert who can navigate complex regulatory environments, assist with internal/external audits, and drive continuous improvement in security governance. The ideal candidate must be able to operate independently while delivering on the following duties. What You'll Be Working On: Lead and support customer security audits, responding to security questionnaires and demonstrating compliance with security frameworks. Prepare, coordinate, and manage ISO 27001 audits, including evidence collection, control implementation, and auditor engagement. Ensure ongoing compliance with HIPAA, NIST CSF, and other regulatory requirements applicable to healthcare data security. Develop and maintain policies, procedures, and security documentation to meet regulatory and contractual obligations. Perform gap analyses and risk assessments to identify and remediate compliance risks. Manage and improve security governance frameworks, ensuring alignment with industry best practices and business objectives. Conduct third-party vendor risk assessments, ensuring compliance with security policies and contractual obligations. Monitor security controls, ensuring effectiveness and continuous improvement in alignment with security frameworks. Support security awareness training initiatives, ensuring employees understand compliance responsibilities. Stay current on ISO 27001, HIPAA, NIST 800-53, and other relevant standards, translating them into actionable security controls. Assist in defining security metrics and reporting on compliance status and risk posture to leadership. Work closely with legal, security, IT, and business teams to align compliance requirements with security operations. What You'll Bring to OneStudyTeam: Bachelor's degree in Information Security, Computer Science, Risk Management, or related field (or equivalent experience). 8+ years of progressive experience in GRC, compliance, or security audit roles. Experience in healthcare or regulated industries strongly preferred. Certifications strongly preferred: ISO 27001 Lead Auditor/Implementer, CISSP, CISM, CISA, HITRUST CCSFP, CRISC. Experience leading ISO 27001, SOC2, or HITRUST audits, including ISMS implementation and external audit coordination. Strong understanding of NIST CSF, SOC 2, GDPR, and other security frameworks. Hands-on experience with customer security audits, including responding to security questionnaires and managing security assessments. Ability to perform risk assessments, policy reviews, and compliance gap analyses. Strong written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders. Detail-oriented with excellent organizational and project management skills. Ability to work independently and collaboratively in a remote environment. Familiarity with GRC tools (e.g., OneTrust, LogicGate, Archer, Vanta, Drata) is a plus. We value diversity and believe the unique contributions each of us brings drives our success. We do not discriminate on the basis of race, sex, religion, color, national origin, gender identity, age, marital status, veteran status, or disability status. Note: OneStudyTeam is unable to sponsor work visas at this time. If you are a non-U.S. resident applicant, please note that OneStudyTeam works with a Professional Employer Organization. As a condition of employment, you will abide by all organizational security and privacy policies. This organization participates in E-Verify (E-Verify's Right to Work guidance can be found here).

We are seeking a detail-oriented and highly skilled Security Analyst to join our team in Boston and shape the future of Cybersecurity. As a Security Analyst at 7AI, you will leverage your expertise of the security landscape to review and analyze AI Agent investigations, ensuring accuracy and completeness, ultimately helping to build our multi-agent platform. You will be integral in building and maintaining the reliability of our AI Agents, working in tandem with Engineering and Product to inform our roadmap as we build. If you want to build the next generation of Cybersecurity and put AI in the hands of defenders, please apply below. Key Responsibilities: Review and validate alerts and investigations completed by the AI Agents for accuracy and completeness. Collaborate with the Engineering and Product teams to provide feedback and assist in optimizing the AI platform. Develop internal playbooks, standard operating procedures and tools that will guide the AI Agents to perform quality investigations. Stay current with emerging cybersecurity trends, vulnerabilities, and new attack techniques, especially the field of AI-driven attacks. Investigate flagged security incidents, analyzing potential threats and confirming the findings generated by AI. Recommend mitigation strategies and remediation steps to train the AI to reduce the threat surface. Correlate findings from multiple sources, including network logs, endpoint data, and threat intelligence, to validate AI-generated reports. Assist with ongoing threat monitoring, triage, and prioritization of security incidents. Required Qualifications: 4+ years of experience in a Security Analyst or similar role within the cybersecurity field. Hands-on experience with incident response for Cloud and Identity alerts, and at least two of Email, EDR, Threat Intel and Networking alerts. Strong understanding of security monitoring tools and techniques (SIEM, IDS/IPS, IDP, etc.). Experience analyzing and investigating security alerts from multiple sources, including intrusion detection systems, network monitoring tools, and endpoint protection platforms. Familiarity with the latest cybersecurity threats, attack vectors, and vulnerabilities. Strong analytical and problem-solving skills, with the ability to verify AI-driven analysis and make independent security decisions. Scripting experience with languages such as Python Data querying experience with SIEM technologies (SPL, KQL, FQL, SQL, etc).

Basic Qualifications RRequires a Bachelor's degree in Systems Engineering, or a related Science, Engineering, Technology or Mathematics field. Also requires 5+ years of job-related experience, or a Master's degree plus 3 years of job-related experience. Agile experience preferred. CLEARANCE REQUIREMENTS: Department of Defense Secret security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibilityrequirements for access to classified information. Due to the nature of work performed within our facilities, U.S.citizenship is required. Responsibilities for this Position We are seeking a Systems Security Engineer who has experience in the design and development of NSA-certified Cybersecurity devices. Key Responsibilities: Design and develop specifications for mission-critical NSA-certified Cybersecurity devices Collaborate with software and validation engineering teams to deliver high-speed data solutions Develop real-time multi-threaded Embedded System architecture using Model-based Systems Engineering (MBSE) tools and techniques Analyze and maintain system security requirements throughout product development lifecycle Conduct trade studies, perform functional analysis, and design system security. Preferred Skills and Experiences: NSA approved Cryptography/Encryption Security requirements analysis Real-Time multi-threaded Embedded System architecture and development Model-based Systems Engineering (MBSE) CISSP certification or similar INCOSE ASEP, CSEP, or ESEP certification We value candidates who possess: Drive to expand knowledge and experience in designing complex systems Ability to define project scope, schedule, and expected results Initiative to complete assignments and ability to engage in technical direction and leadership Our Commitment to You: An exciting career path with opportunities for continuous learning and development Research-oriented work with award-winning teams Competitive benefits package #CJ3 Salary Note This estimate represents the typical salary range for this position based on experience and other factors (geographic location, etc.). Actual pay may vary. This job posting will remain open until the position is filled. Combined Salary Range USD $124,397.00 - USD $138,003.00 /Yr. Company Overview General Dynamics Mission Systems (GDMS) engineers a diverse portfolio of high technology solutions, products and services that enable customers to successfully execute missions across all domains of operation. With a global team of 12,000+ top professionals, we partner with the best in industry to expand the bounds of innovation in the defense and scientific arenas. Given the nature of our work and who we are, we value trust, honesty, alignment and transparency. We offer highly competitive benefits and pride ourselves in being a great place to work with a shared sense of purpose. You will also enjoy a flexible work environment where contributions are recognized and rewarded. If who we are and what we do resonates with you, we invite you to join our high-performance team! Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

Job DescriptionAt WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. WHOOP is seeking a Senior Information Security Engineer to serve as a technical leader in our Security team reporting to our Information Security Manager. In this role, you will drive the deployment and continuous enhancement of controls that protect millions of users' biometric and health data, build scalable defenses across our infrastructure and applications, and lead incident response efforts with visibility across the business. This is an opportunity to have direct impact at scale, working alongside engineers, product teams, and executives to drive forward-looking security strategies. RESPONSIBILITIES: Implement and enhance security controls by leading the deployment, integration, and tuning of solutions such as CNAPP, SIEM, CASB, EDR, DLP, and MDM to maximize effectiveness. Support security design decisions by providing subject matter expertise on cloud and SaaS security best practices while influencing architecture led by the Security Architect role. Lead incident response and investigations by guiding containment, remediation, root cause analysis, and post-incident improvements. Strengthen application security by overseeing secure development practices and managing SAST, SCA, and DAST tooling. Advance identity and access management by supporting IAM policy enforcement, SSO, MFA, SCIM, RBAC, and user lifecycle governance. Secure AI systems and integrations by assessing and protecting embedded APIs and organizational AI tool usage to ensure resilience, privacy, and compliance. Collaborate cross-functionally by working with Engineering, IT, and GRC teams to embed security into systems and workflows. Mentor and influence by providing technical guidance, reviewing work, and promoting security-first thinking across the organization. Stay ahead of threats and regulations by tracking emerging risks, technologies, and compliance requirements to inform forward-looking strategies. Participate in and help improve the on-call rotation by providing guidance, escalation support, and driving improvements in response processes. QUALIFICATIONS: Bachelor's degree in Computer Science, Information Security, or a related technical field and/or advanced certifications (CISSP, CISM, AWS Security Specialty, SANS, etc.). 8+ years of hands-on experience in Information Security, IT Security, or a related role, including at least 2 years in a senior or lead capacity. Proven track record implementing and managing advanced security technologies (e.g., CASB, CNAPP, CSPM, SIEM, SOAR, DLP, SWG). Experience securing AI/ML systems or APIs, including governance of third-party AI integrations and organizational use of AI tools. Strong understanding of modern cloud security architecture (AWS, Azure, GCP) and experience performing threat modeling and risk assessments on cloud-based systems. Hands-on experience with application security tooling (SAST, SCA, DAST) and embedding secure development practices. Demonstrated leadership in security incident response, investigations, and root cause analysis. Effective communicator with the ability to influence stakeholders and explain security concepts to technical and non-technical audiences. Strong project management skills and the ability to drive initiatives to completion in a fast-paced environment. Experience mentoring engineers and setting operational standards. Familiarity with compliance and risk frameworks relevant to health and AI (SOC 2, ISO 27001, PCI, GDPR, FTC guidance, HIPAA-adjacent state laws) is a plus. Interested in the role, but don't meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply. WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values. At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company's long-term growth and success. The U.S. base salary range for this full-time position is $150,000 - $190,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. In addition to the base salary, the successful candidate will also receive benefits and a generous equity package. These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate's specific qualifications, expertise, and alignment with the role's requirements. Learn more about WHOOP.

Are you a Cybersecurity compliance expert ready to take the lead in a dynamic, high-impact role? Join a globally recognized firm where you'll play a key role in shaping and strengthening our cybersecurity strategy. This is your chance to make a difference in a fast-paced, professional environment that values innovation, collaboration, and technical excellence. Why You'll Love This Role: Drive Security Initiatives - Lead firmwide cybersecurity programs, ensuring compliance with ISO 27001 and other industry standards. Be a Decision-Maker - Approve security risks, implement best practices, and enhance policies to safeguard critical systems. Third-Party & Risk Management - Oversee vendor risk assessments, vulnerability management, and client security audits. Lead & Mentor - Supervise a Compliance Analyst and provide strategic guidance across teams. Innovate & Protect - Collaborate with IT leadership to integrate cutting-edge security solutions into firm operations. What You Bring to the Table: 5+ years of cybersecurity experience in a complex IT environment. Strong knowledge of security frameworks (ISO 27001, NIST, etc.). Hands-on experience with security tools, compliance audits, and risk assessments. Leadership experience with a passion for mentoring and developing security professionals. Bachelor's degree in Cyber Security, Computer Science, or a related field. Security certifications (CISSP, CRISC, etc.) strongly preferred. Offer includes: Competitive salary: $145,000 - $170,000 Hybrid work environment Excellent benefits package A culture of excellence, diversity, and professional growth Ready to step into a leadership role where your expertise will make a real impact? Apply today and be a key player in securing the future of a top international firm. Apply to this post or email your resume directly to Dan Gilliam, email: **************************** Tags: Cybersecurity, IT, ISO, Compliance, Security Manager

Job DescriptionISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

New England College of Optometry seeks an entry level Information Security Manager to develop, implement, and oversee a robust information security strategy and program. This critical role involves establishing and enforcing policies, procedures, and technologies to protect the confidentiality, integrity, and availability of institutional and student data. The Information Security Manager will be responsible for risk assessment, incident response, security operations, and ensuring compliance with all relevant regulations and standards. This role requires strong leadership, technical expertise, and excellent communication skills to collaborate effectively across the institution. Responsibilities * Develop, implement, and oversee a robust information security strategy and program in alignment with institutional goals and industry best practices. * Establish and maintain institutional information security policies, standards, and guidelines, ensuring they are regularly reviewed, updated, and communicated. * Manage security operations, including monitoring, detection, prevention, response, and analysis of security threats and vulnerabilities. * Lead and coordinate the information security incident response team, managing security breaches & ensuring timely and effective resolution and post-incident analysis. * Conduct regular risk assessments and penetration testing to identify and mitigate potential security vulnerabilities across systems, networks, and applications. * Ensure compliance with national and international regulatory frameworks (e.g., FERPA, HIPAA, ISO 27001, SOC 2) relevant to the organization. * Oversee security awareness training programs for all employees to promote a culture of security consciousness. * Manage the security budget and evaluate, select, and implement appropriate security tools and technologies. * Report on the status of the security program, vulnerabilities, and incidents to executive leadership. * Work on "special projects" as assigned by the Chief Information Officer. * Other duties as assigned. Requirements * Experience in designing, implementing, and managing enterprise-level information security programs and strategy. * Technical knowledge of network security, application security, cloud security (e.g., AWS, Azure, GCP), and endpoint protection technologies. * Understanding of risk management methodologies and security frameworks (e.g., ISO 27001, NIST, CIS Controls). * Experience leading security incident response and forensic analysis. * Strong communication and interpersonal skills, with the ability to explain complex security issues to technical and non-technical audiences. * Knowledge of networking principles, including wireless networking. * Excellent written and verbal communication skills, professional appearance, punctuality and a sense of urgency. * Experience working with Active Directory and Google Cloud Platform. * Ability and willingness to learn new technologies. Preferred Background/Skills * Professional certifications such as CISSP, CISM, or relevant SANS certifications. * Experience with Governance, Risk, and Compliance (GRC) tools and processes. * Exceptional organizational skills, with the ability to prioritize projects and tasks. * Familiarity with scripting languages (e.g., Python, PowerShell) for security automation. * Ability to write reports and document steps for knowledge sharing. * Ability to work efficiently and independently with minimal supervision. * Excellent customer service and communications skills. Education * Bachelor's degree in Computer Science, Information Technology, Information Security, or a related technical field. Experience * A minimum of 2 years of progressive experience in the field of information security. NECO is an Equal Opportunity employer and encourages all qualified candidates to apply. New England College of Optometry offers a robust benefits program including: * 3 plan options for BCBS medical coverage (employer subsidized at 75% or greater) * Mental Health and Wellness benefits * BCBS Dental * Discounted vision services * 13 paid holidays and generous paid time off for sick, vacation, and personal days * Employer-paid life insurance, and short-term and long-term disability * Voluntary Insurance: life, critical illness, hospital indemnity, accident, * Voluntary Benefits: employee discounts and pet insurance * 9% employer contribution to a 403(b) retirement plan after 1 year of service with no vesting schedule or match requirement * Qualified Public Service Loan Forgiveness Employer

Full-time Description New England College of Optometry seeks an entry level Information Security Manager to develop, implement, and oversee a robust information security strategy and program. This critical role involves establishing and enforcing policies, procedures, and technologies to protect the confidentiality, integrity, and availability of institutional and student data. The Information Security Manager will be responsible for risk assessment, incident response, security operations, and ensuring compliance with all relevant regulations and standards. This role requires strong leadership, technical expertise, and excellent communication skills to collaborate effectively across the institution. Responsibilities Develop, implement, and oversee a robust information security strategy and program in alignment with institutional goals and industry best practices. Establish and maintain institutional information security policies, standards, and guidelines, ensuring they are regularly reviewed, updated, and communicated. Manage security operations, including monitoring, detection, prevention, response, and analysis of security threats and vulnerabilities. Lead and coordinate the information security incident response team, managing security breaches & ensuring timely and effective resolution and post-incident analysis. Conduct regular risk assessments and penetration testing to identify and mitigate potential security vulnerabilities across systems, networks, and applications. Ensure compliance with national and international regulatory frameworks (e.g., FERPA, HIPAA, ISO 27001, SOC 2) relevant to the organization. Oversee security awareness training programs for all employees to promote a culture of security consciousness. Manage the security budget and evaluate, select, and implement appropriate security tools and technologies. Report on the status of the security program, vulnerabilities, and incidents to executive leadership. Work on "special projects" as assigned by the Chief Information Officer. Other duties as assigned. Requirements Experience in designing, implementing, and managing enterprise-level information security programs and strategy. Technical knowledge of network security, application security, cloud security (e.g., AWS, Azure, GCP), and endpoint protection technologies. Understanding of risk management methodologies and security frameworks (e.g., ISO 27001, NIST, CIS Controls). Experience leading security incident response and forensic analysis. Strong communication and interpersonal skills, with the ability to explain complex security issues to technical and non-technical audiences. Knowledge of networking principles, including wireless networking. Excellent written and verbal communication skills, professional appearance, punctuality and a sense of urgency. Experience working with Active Directory and Google Cloud Platform. Ability and willingness to learn new technologies. Preferred Background/Skills Professional certifications such as CISSP, CISM, or relevant SANS certifications. Experience with Governance, Risk, and Compliance (GRC) tools and processes. Exceptional organizational skills, with the ability to prioritize projects and tasks. Familiarity with scripting languages (e.g., Python, PowerShell) for security automation. Ability to write reports and document steps for knowledge sharing. Ability to work efficiently and independently with minimal supervision. Excellent customer service and communications skills. Education Bachelor's degree in Computer Science, Information Technology, Information Security, or a related technical field. Experience A minimum of 2 years of progressive experience in the field of information security. NECO is an Equal Opportunity employer and encourages all qualified candidates to apply. New England College of Optometry offers a robust benefits program including: 3 plan options for BCBS medical coverage (employer subsidized at 75% or greater) Mental Health and Wellness benefits BCBS Dental Discounted vision services 13 paid holidays and generous paid time off for sick, vacation, and personal days Employer-paid life insurance, and short-term and long-term disability Voluntary Insurance: life, critical illness, hospital indemnity, accident, Voluntary Benefits: employee discounts and pet insurance 9% employer contribution to a 403(b) retirement plan after 1 year of service with no vesting schedule or match requirement Qualified Public Service Loan Forgiveness Employer

A leading automotive service company in Downtown Boston seeks a dedicated Senior Security Engineer to safeguard its web and mobile applications, manage various security incidents, and ensure compliance with safety standards. This role requires collaboration across teams to implement defense strategies and educate staff on security practices. Self-starters with expertise in threat management and a solid understanding of compliance frameworks will thrive in this vibrant environment. Join the mission to revolutionize car ownership and enjoy competitive pay and exceptional benefits. #J-18808-Ljbffr

Description & Requirements Maximus is seeking a qualified Sr. Technical/Security Analyst for multiple projects, current and upcoming. The qualified candidate will be involved in technical/security planning and assessment projects with potentially multiple state agencies. The position requires the candidate to produce/review security relevant documentation, such as system security plans, POA&Ms, assessment plans, etc., produce technical/security analyses, develop estimates, review and contribute to requirements for large systems-planning efforts in the Child Support, Child Welfare and/or Integrated Eligibility public-sector domains. The individual will report directly to a Senior Manager. Maximus is a matrix-managed organization, which means the individual will have secondary reporting relationships to one or more Project Managers, depending on which projects they are assigned. *This role is remote but requires working standard business hours in the US time zone of the client. This position is contingent upon award. * Essential Duties and Responsibilities: - Collaborate with project managers on various initiatives and projects to track progress and provide support as necessary. - Support leadership in ensuring that the project is delivered to specifications, is on time, and within budget. - Work closely with management and work groups to create and maintain work plan documents. - Track the status and due dates of projects. - Manage relationships with project staff responsible for projects. - Produce regular weekly and monthly status reports that could include; work plan status, target dates, budget, resource capacity, and other reports as needed. - Facilitate regular meetings and reviews. - Adhere to contract requirements and comply with all corporate policies and procedures. Job Specific Duties and Responsibilities: -Perform duties independently under the direction of their direct manager and/or Project Managers on specific projects. -Review project documentation and client materials and provide analysis of technical and security related topics. -Participate in client meetings and offer observations and insight on technical and security related topics. -Identify risk areas and potential problems that require proactive attention. -Review and author artifacts and other project documents and identify potential gaps, inconsistencies, or other issues that may put the project at risk. Such artifacts and documents may include but are not limited to: *System Security Plan *Plan of Action and Milestones (POA&M) *Security Assessment Plan *Risk Assessment reports *CMS ARC-AMPE forms and documentation *Data Conversion and Migration Management Plan *Deployment and/or roll-out plans -Perform security assessments, lead security audit and assessment activities, and provide direct security oversight support to assigned clients and projects. -Identify and escalate to the Senior Manager / Project Manager risks, alternatives, and potential quality issues. -Attend interviews, focus groups, or other meetings necessary to gather information for project deliverables in accordance with the project scope of work. -Attend project meetings with the client, subcontractors, project stakeholders, or other Maximus Team members, as requested by the Senior Manager / Project Manager. -Complete project work in compliance with Maximus standards and procedures. -Support team to complete assigned responsibilities as outlined in the Project schedule. -Support all other tasks assigned by Senior Manager / Project Manager. Minimum Requirements - Bachelor's degree in related field. - 7-10 years of relevant professional experience required. - Equivalent combination of education and experience considered in lieu of degree. Job Specific Requirements: -Be available to work during standard client business hours. Projects may involve clients from any US time zone, so it is possible that work outside of the individual's local business hours will be required. -Bachelor's degree from an accredited college or university, or equivalent work experience. -7+ years of experience in information security, with at least 3 years of security-compliance work in a regulated industry. -5+ years of experience working with HIPAA, NIST 800-53 and/or CMS MARS-E or ARC-AMPE security frameworks. -Familiar with operating systems: Windows, Linux/UNIX, OS/X. -Familiar with AI tools, capabilities. -Strong command of cloud computing topics. -Strong command of agile software development practices as well as waterfall development practices. -Strong desktop software skills: proficient in MS Office, Excel, Word, Project. -Ability to explain and communicate technical subjects to non-technical audiences. -Ability to develop advanced concepts, techniques, and standards requiring a high level of interpersonal and technical skills. -Ability to work independently. -Good organizational skills and the ability to manage multiple tasks and deadlines simultaneously. -Strong interpersonal and team building skills, as well as an understanding of client relationship building are essential. -Excellent verbal and writing skills and be comfortable working with customers. -Ability to multi-task with supervision. -Self-motivated fast learner. Preferred Skills: -Prefer a candidate with experience in the Health & Human Services industry, which may include working with programs such as Child Support, Child Welfare, or Integrated Eligibility (SNAP, TANF, and Medicaid). -Preference for security related certifications, such as the CISSP (Certified Information Systems Security Professional). EEO Statement Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics. Pay Transparency Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances. Accommodations Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process-including accessing job postings, completing assessments, or participating in interviews,-please contact People Operations at **************************. Minimum Salary $ 120,000.00 Maximum Salary $ 140,000.00

At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. WHOOP is seeking a Senior Information Security Engineer to serve as a technical leader in our Security team reporting to our Information Security Manager. In this role, you will drive the deployment and continuous enhancement of controls that protect millions of users' biometric and health data, build scalable defenses across our infrastructure and applications, and lead incident response efforts with visibility across the business. This is an opportunity to have direct impact at scale, working alongside engineers, product teams, and executives to drive forward-looking security strategies. RESPONSIBILITIES: Implement and enhance security controls by leading the deployment, integration, and tuning of solutions such as CNAPP, SIEM, CASB, EDR, DLP, and MDM to maximize effectiveness. Support security design decisions by providing subject matter expertise on cloud and SaaS security best practices while influencing architecture led by the Security Architect role. Lead incident response and investigations by guiding containment, remediation, root cause analysis, and post-incident improvements. Strengthen application security by overseeing secure development practices and managing SAST, SCA, and DAST tooling. Advance identity and access management by supporting IAM policy enforcement, SSO, MFA, SCIM, RBAC, and user lifecycle governance. Secure AI systems and integrations by assessing and protecting embedded APIs and organizational AI tool usage to ensure resilience, privacy, and compliance. Collaborate cross-functionally by working with Engineering, IT, and GRC teams to embed security into systems and workflows. Mentor and influence by providing technical guidance, reviewing work, and promoting security-first thinking across the organization. Stay ahead of threats and regulations by tracking emerging risks, technologies, and compliance requirements to inform forward-looking strategies. Participate in and help improve the on-call rotation by providing guidance, escalation support, and driving improvements in response processes. QUALIFICATIONS: Bachelor's degree in Computer Science, Information Security, or a related technical field and/or advanced certifications (CISSP, CISM, AWS Security Specialty, SANS, etc.). 8+ years of hands-on experience in Information Security, IT Security, or a related role, including at least 2 years in a senior or lead capacity. Proven track record implementing and managing advanced security technologies (e.g., CASB, CNAPP, CSPM, SIEM, SOAR, DLP, SWG). Experience securing AI/ML systems or APIs, including governance of third-party AI integrations and organizational use of AI tools. Strong understanding of modern cloud security architecture (AWS, Azure, GCP) and experience performing threat modeling and risk assessments on cloud-based systems. Hands-on experience with application security tooling (SAST, SCA, DAST) and embedding secure development practices. Demonstrated leadership in security incident response, investigations, and root cause analysis. Effective communicator with the ability to influence stakeholders and explain security concepts to technical and non-technical audiences. Strong project management skills and the ability to drive initiatives to completion in a fast-paced environment. Experience mentoring engineers and setting operational standards. Familiarity with compliance and risk frameworks relevant to health and AI (SOC 2, ISO 27001, PCI, GDPR, FTC guidance, HIPAA-adjacent state laws) is a plus. Interested in the role, but don't meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply. WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values. At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company's long-term growth and success. The U.S. base salary range for this full-time position is $150,000 - $190,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. In addition to the base salary, the successful candidate will also receive benefits and a generous equity package. These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate's specific qualifications, expertise, and alignment with the role's requirements. Learn more about WHOOP.

ISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ