Information security analyst jobs in Marion, IA

In this role, you will work closely with IT teams to secure our applications throughout the development lifecycle. You'll help build a secure-by-design culture, drive security automation, and protect our systems against evolving threats. This position reports to the Manager of Information Security. ESSENTIAL JOB FUNCTIONS: Work with the Information Security Team to improve security for the company by configuring and administering security systems and tools Monitor and respond to security events using SIEM and SOAR tools Investigate security incidents to determine root cause and remediation tactics Help automate security monitoring and remediation processes Prepare and analyze security incident data and metrics for periodic reporting Collaborate on vulnerability management, remediation, and penetration testing efforts Implement and manage SAST, DAST, and Burp Suite across GitHub CI/CD pipelines and development workflows Champion secure coding practices based on OWASP Top 10 and SSDF guidelines Help secure cloud environments (Azure, AWS) and container-based deployments Conduct regular security assessments to ensure alignment with SSDLC standards After-hours configuration changes and on-call support required MINIMUM QUALIFICATIONS: Bachelor's degree in Computer Science, Information Systems (or related degree), or equivalent experience. 3+ years of experience in Application or Information Security Strong understanding of SSDLC, NIST SSDF, and DevSecOps principles. Experience with SAST/DAST tools (e.g., GitHub Advanced Security, BURP). Solid knowledge of OWASP Top 10 and secure coding best practices. Proficiency in GitHub for code review, pipeline security, and automation. Hands-on with scripting (Python, PowerShell, Bash) and API security. Experience in Azure and AWS cloud security, containers, and infrastructure-as-code. Familiarity with SIEM/SOAR platforms and incident response workflows. Experience with Windows, MacOS, and Linux operating systems Proficient in Microsoft Office applications such as Microsoft Outlook, Word, Excel, PowerPoint, and SharePoint ** This is a full-time, W2 position with Hub Group - We are NOT able to provide sponsorship at this time ** Salary: $95,000-150,000/year + bonus eligibility ** This is an estimated range based on the circumstances at the time of posting, however, may change based on a combination of factors, including but not limited to skills, experience, education, market factors, geographical location, budget, and demand** Benefits We offer a comprehensive benefits plan including: Medical Dental Vision Flexible Spending Account (FSA) Employee Assistance Program (EAP) Life & AD&D Insurance Disability Paid Time Off Paid Holidays BEWARE OF FRAUD! Hub Group has become aware of online recruiting related scams in which individuals who are not affiliated with or authorized by Hub Group are using Hub Group's name in fraudulent emails, job postings, or social media messages. In light of these scams, please bear the following in mind Hub Group will never solicit money or credit card information in connection with a Hub Group job application. Hub Group does not communicate with candidates via online chatrooms such as Signal or Discord using email accounts such as Gmail or Hotmail. Hub Group job postings are posted on our career site: ******************************** About Us Hub Group is the premier, customer-centric supply chain company offering comprehensive transportation and logistics management solutions. Keeping our customers' needs in focus, Hub Group designs, continually optimizes and applies industry-leading technology to our customers' supply chains for better service, greater efficiency and total visibility. As an award-winning, publicly traded company (NASDAQ: HUBG) with $4 billion in revenue, our 6,000 employees and drivers across the globe are always in pursuit of "The Way Ahead" - a commitment to service, integrity and innovation. We believe the way you do something is just as important as what you do. For more information, visit ****************

We're seeking a senior cybersecurity engineer to design, build, and operationalize enterprise grade data protection capabilities anchored in Microsoft E5. You will lead engineering for Microsoft Purview (Information Protection & DLP, eDiscovery/Audit), Sensitivity Labels, and related guardrails-integrating telemetry and enforcement through Zscaler, CrowdStrike, and Splunk. This role bridges secure-by-default platform engineering with pragmatic automation to protect regulated data (e.g., PHI/PII) at scale. Senior leadership has prioritized accelerating Copilot and E5 controls adoption, creating a high impact opportunity to shape how we protect data across SaaS and AI workloads. What You'll Do Engineer secure-by-default E5 data protection • Design and implement Microsoft Purview DLP policies (endpoint, Exchange, SharePoint, OneDrive, Teams) and Sensitivity Label taxonomy with automated enforcement paths. • Build policy-as-code pipelines (CI/CD) to version, test, and deploy DLP rules, label configs, and governance artifacts in multiple environments. Integrate Zscaler, CrowdStrike, and Splunk • Connect Zscaler SSE inspection with Purview controls; route events to Splunk for analytics, dashboards, and detections that close visibility and enforcement loops. • Leverage CrowdStrike telemetry (e.g., Falcon/Shield) to correlate endpoint behaviors with data movement signals for insider risk and exfiltration use cases. Build automations & guardrails • Develop services and workflows (e.g., Azure Functions, Logic Apps, Graph API) to auto remediate mislabels, revoke risky shares, and notify data owners. • Implement secure-by-default configuration baselines and drift detection for E5 security controls (MCAS/Defender for Cloud Apps, Conditional Access, etc.). Operate and continuously improve • Own reliability for data protection pipelines: SLIs/SLOs, runbooks, and incident playbooks in partnership with Insider Risk team. • Create Splunk content (data models, dashboards, correlation searches) aligned to exfiltration, anomalous access, and label violations. • Partner with Privacy and Compliance for audit ready controls (eDiscovery/Audit), evidence, and exception processes. Collaborate across security & platform teams • Work with PSO, IAM, and Insider Risk to align label taxonomy and enforcement with business workflows and least privilege access. • Provide technical leadership and mentoring for engineers/analysts rolling out new E5 features and operational support. Required Qualifications • 5+ years engineering experience in enterprise security or platform engineering; hands-on with Microsoft E5 security stack (Purview DLP, Information Protection, eDiscovery). • Proven expertise building policy as code for DLP/labels (GitHub/Azure DevOps), and automating Graph/PowerShell administration. • Demonstrated ability to design secure-by-default guardrails and support rapid SaaS/AI adoption (including Copilot) without compromising compliance. Nice to Have • Strong background in data protection for regulated data (PII/PHI), insider risk detection, and evidence driven investigations. • Production experience with Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon APIs/telemetry), and Splunk (TA configs, CIM, correlation searches). • Experience migrating from legacy DLP (e.g., Forcepoint) to Microsoft DLP; building vendor neutral dictionaries and detection logic. • Familiarity with MCAS/Defender for Cloud Apps, conditional access policies, and SSPM evaluations. • Background in HIPAA/PHI audit support and exception governance workflows. Success Metrics (first 6-12 months) • DLP policy efficacy: reduction in unauthorized shares/exports; mean time to remediate violations. • Label coverage & accuracy: % of sensitive content labelled; false positive/negative rate trends. • Telemetry integration: end-to-end event flow (Purview → Zscaler/CrowdStrike → Splunk) with actionable detections. • Secure-by-default adoption: # of guardrails implemented; drift detected/resolved; Copilot controls baselined. • Audit readiness: evidence completeness for eDiscovery/Audit; exception closure rates. Tools & Technologies (primary) • Microsoft E5 / Purview: Information Protection, DLP, eDiscovery/Audit, Insider Risk • Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon/Shield), Splunk (CIM, ES) • Automation: GitHub, Graph API, PowerShell, Azure Functions/Logic Apps • Data flows: Exchange/SharePoint/OneDrive/Slack, endpoints, web proxies, CASB/SSE

Job Title: Senior Information Security Engineer - AI Primary Location: Rosemont, IL - Hybrid, 3 days onsite Direct Hire TalentFish is casting a line for a Senior Information Security Engineer - AI/Artificial Intelligence. This is a Direct Hire role based in Rosemont, IL with a hybrid schedule (3 days onsite) with our premier client. This is a new, exciting position within an awarded top Chicago employer organization where you'll contribute to the organization's Responsible Artificial Intelligence governance by assessing the security, integrity, and risks associated with the use of AI models and technologies. This role is hands-on and works closely with multi-disciplinary teams to evaluate AI use cases and maintain AI security frameworks and standards. What You Bring to the Role (Ideal Experience) • Bachelor's degree in Computer Science, Mathematics, or related field • 5+ years of total professional experience, including security, data security, or control validation experience • 2-3 years of practical, hands-on experience working with Artificial Intelligence technologies; working directly with AI models or ML systems • Ability to evaluate AI model risks, including bias, data exposure, data leakage, and model poisoning • Data processing or analytics skills are a plus What You'll Do (Skills Used in This Position) • Lead security assessments for AI models, including Large Language Models (LLMs), Natural Language Models (NLMs), and Small Language Models (SLMs) • Participate in review committees to assess AI use cases for value, complexity, feasibility, risk, compliance, and strategic alignment • Review AI architecture and usage within internal and third-party solutions to ensure adherence to AI security frameworks and regulatory requirements • Support development and maintenance of AI security standards, frameworks, and governance models • Provide education on AI security best practices, emerging risks, and mitigation strategies • Perform additional related responsibilities as required Compensation Information The expected salary range for this position is $120,000 - $150,000 per year, depending on experience and qualifications. This role also qualifies for comprehensive benefits such as health insurance, 401(k), and paid time off. TalentFish is committed to pay transparency and equal opportunity. The salary range provided is in compliance with applicable state and federal regulations. This role requires authorization to work in the U.S. without current or future visa sponsorship. All offers are contingent upon the completion of a background check, which may include but is not limited to reference checks, education verification, employment verification, drug testing, criminal records checks, and any required certifications or compliance requirements based on the end client's background check policies and applicable laws. TalentFish is an employee-owned company pioneering a new realm in talent acquisition. We are redefining IT staffing by evolving AI, video screening, and our unique platform. TalentFish focuses on providing the best employee, consultant, and client experience possible. At TalentFish we are an Equal Opportunity Employer; we embrace and encourage diversity!

About the Role Join a specialized team of analysts and engineers dedicated to detecting and responding to insider risk events. This senior-level role focuses on engineering Microsoft E5 tools to strengthen enterprise data protection and insider threat detection capabilities. You will lead the design, build, and operationalization of secure-by-default solutions anchored in Microsoft Purview and related technologies, ensuring compliance and resilience at scale. Key Responsibilities Engineer Secure-by-Default E5 Data Protection Design and implement Microsoft Purview DLP policies across endpoints, Exchange, SharePoint, OneDrive, and Teams. Develop and maintain Sensitivity Label taxonomy with automated enforcement paths. Build Policy-as-Code Pipelines Create CI/CD workflows to version, test, and deploy DLP rules, label configurations, and governance artifacts across multiple environments. Integrate Security Telemetry Connect Zscaler SSE inspection with Purview controls; route events to Splunk for analytics and detection. Leverage CrowdStrike telemetry to correlate endpoint behaviors with data movement signals for insider-risk and exfiltration scenarios. Develop Automations & Guardrails Build services and workflows (Azure Functions, Logic Apps, Graph API) for auto-remediation, revoking risky shares, and notifying data owners. Implement configuration baselines and drift detection for E5 security controls (MCAS, Conditional Access, etc.). Operate and Continuously Improve Maintain reliability for data protection pipelines, including SLIs/SLOs, runbooks, and incident playbooks. Create Splunk dashboards and correlation searches aligned to exfiltration, anomalous access, and label violations. Collaborate Across Teams Partner with Privacy and Compliance for audit-ready controls and evidence processes. Work with IAM, Insider Risk, and platform teams to align label taxonomy and enforcement with business workflows. Provide technical leadership and mentorship for engineers and analysts implementing new E5 features. Required Qualifications 5+ years of experience in enterprise security or platform engineering. Hands-on expertise with Microsoft E5 security stack (Purview DLP, Information Protection, eDiscovery). Proven ability to build policy-as-code for DLP/labels and automate administration using Graph API and PowerShell. Experience designing secure-by-default guardrails for SaaS/AI adoption, including Copilot. Preferred Qualifications Strong background in data protection for regulated data (PII/PHI) and insider-risk detection. Experience with Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon APIs/telemetry), and Splunk (CIM, correlation searches). Familiarity with MCAS, Defender for Cloud Apps, and conditional access policies. Knowledge of HIPAA/PHI audit support and exception governance workflows. Success Metrics (First 6-12 Months) Improved DLP policy efficacy and reduced unauthorized data movement. Increased label coverage and accuracy for sensitive content. End-to-end telemetry integration across Purview, Zscaler, CrowdStrike, and Splunk. Secure-by-default adoption and Copilot controls baselined. Audit readiness with complete evidence and exception closure rates. Tools & Technologies Microsoft E5 / Purview: Information Protection, DLP, eDiscovery/Audit, Insider Risk Zscaler (SSE/ZIA/ZPA), CrowdStrike (Falcon/Shield), Splunk (CIM, ES) Automation: GitHub, Graph API, PowerShell, Azure Functions/Logic Apps

Job Title: Business Information Security Officer - Clinical Employment Type: Full-Time Salary Range: $130,000 - $140,000 + Benefits (Health, Dental, Vision, PTO, 401K) About the Role: We're seeking a Business Information Security Officer (BISO) to serve as a trusted advisor and strategic partner to business and clinical leaders. In this highly visible role, you'll embed cybersecurity into everyday operations, influence security adoption, and ensure compliance with frameworks like NIST, HIPAA, and FERPA. This is an opportunity to shape cybersecurity strategy in healthcare, research, and education while collaborating with executive leadership to advance a security-first culture. Key Responsibilities: Act as the frontline cybersecurity liaison for business and clinical leaders Identify and escalate domain-specific cybersecurity risks Monitor compliance with security policies and regulatory frameworks (HIPAA, FERPA, NIST CSF) Lead security awareness and risk engagement programs Develop and execute a roadmap of security initiatives aligned with business goals Drive change management for cybersecurity adoption What We're Looking For: Bachelor's degree in Computer Science or related field 5-7 years in Information Security, GRC, or cybersecurity education 3+ years managing cross-functional teams and projects Strong background in risk management, governance, and compliance Excellent communication and leadership skills Preferred: Healthcare or clinical environment experience Certifications: CISSP, CISM, PMP

About Us Founded in 2014, we offer the industry's first and only cloud-based, fully-customizable, end-to-end software solution to automate securities-based lending from origination through the life of the loan. By combining thought leadership in suitability and risk management with industry-leading education and the latest technology, Supernova enables advisors to deliver holistic, goals-based advice and to help their clients achieve financial wellness. We partner with the industry's largest banks, most prominent insurance companies and leading online brokerages to democratize access to securities-based lending and better the entire financial ecosystem. Why Join Supernova? At Supernova Technology, we believe that the best results come from a team that is passionate, driven, and supported in all aspects of their professional lives. Here, you'll work alongside talented and innovative individuals who are committed to driving the future of securities-based lending technology. We foster a culture of collaboration, continuous learning, and growth, where each person's contributions make a real impact. Job Overview We are seeking a highly motivated and detail-oriented Security Engineer to help secure our securities-backed lending SaaS platform. The successful candidate will focus primarily on application security, secure SDLC, and application vulnerability management, while also assisting with the execution and implementation of broader information security initiatives. You'll partner with engineering, SRE/DevOps, and business teams to embed security into our build and delivery processes, support risk reduction across cloud and endpoint surfaces, and drive measurable remediation outcomes in a regulated financial-services environment. RESPONSIBILITIES: Perform hands-on web/API penetration tests, validate scanner findings, and provide clear PoCs, impact statements, and prioritized remediation aligned with OWASP. Integrate and tune SAST, DAST, SCA, container, and secret-detection tools in CI/CD; define pass/fail gates and PR checklists. Conduct lightweight threat modeling and security design reviews for new features such as authentication, session management, and secrets handling. Manage the full application vulnerability lifecycle (discover → prioritize → fix → retest → close) with SLAs and metrics. Assist in hardening AWS and ECS/Docker workloads (IAM roles, network segmentation, image policies, logging/monitoring) and support patch hygiene across cloud, container, and endpoints. Participate in incident response, including exploit reproduction, log analysis, impact assessment, and lessons learned. Provide evidence for audits (ISO 27001, SOC 2, NIST SSDF), maintain policies and developer guidance, and support vendor/security evaluations. Translate findings into developer-ready tickets, publish secure-coding guidance, and partner with engineering to streamline secure delivery. Prototype automation, explore AI/LLM-assisted workflows to improve triage and code review, and share improvements across teams. Contribute to organization-wide cybersecurity training and awareness efforts. QUALIFICATIONS: Bachelor's degree in security engineering, information assurance, or related field. 2-3 years of experience in security or software engineering (internships, labs, or open-source count), preferably in regulated industries. Strong knowledge of web/API security issues (auth, session management, injections, SSRF, CSRF, access control) and common cloud/web misconfigurations. Experience with SDLC security tools (SAST/DAST/SCA/secret detection/container scanning), CI/CD workflows, and Git. Scripting or coding skills (Python or JavaScript/TypeScript) and ability to read backend code. Familiarity with AWS security basics (IAM least privilege, KMS, logging/monitoring, security groups) and Docker/ECS runtime considerations. Clear communication skills with the ability to translate risk into actionable remediation. Experience using AI/LLM-assisted tools for triage, documentation, or code review preferred. Exposure to WAF/CDN tuning, API protection, and risk-based remediation SLAs/metrics preferred. Familiarity with frameworks like OWASP ASVS/SAMM, NIST SSDF, ISO 27001, SOC 2, PCI DSS preferred. Relevant security certifications preferred. Our Employee Benefits At Supernova Technology, we provide a robust benefits package to support the health and well-being of our employees. Our offerings include: Medical, Dental, and Vision Insurance: Multiple plans with coverage for employees and dependents. HSA and FSA Accounts: Tax-advantaged accounts for health and dependent care expenses. Life and Disability Insurance: Employer-paid basic coverage with options for additional voluntary coverage. Compensation: $95,000 - $130,000 Retirement Savings: 401(k) plan with employer contributions. Employee Assistance Program (EAP): Confidential support services, including free therapy sessions. Paid Time Off: Flexible PTO policies. Additional Perks: Commuter benefits, pet insurance, continuing education assistance, and more. Note: Actual salary at the time of hire may vary and may be above or below the range based on various factors, including but not limited to, the candidate's relevant qualifications, skills and experience, and the location where this position may be filled. Our Core Values Our core values drive everything we do. At Supernova, we... Form, execute, and communicate new ideas that add value to our employees and customers Strive through obstacles and failures Follow-through on promises or commitments to others, accept responsibility, and answer for actions & decisions Listen to, understand, and support our employees and customers Act with speed, positive attitude, and flexibility Exceed expectations and surpass ourselves every day; we embrace a sense of pride and never stop growing Join us and make an impact while growing your career at Supernova.

About the Company: A Leading Financial Service Client is looking to hire a strong Security Engineer who can lead Red team exercises against a hybrid environment using threat intelligence and the MITRE Telecommunication&CK Framework. Responsibilities: Approx 8 years' experience with industry standard Red Team testing tools (Cobalt Strike, Mythic C2, Rubeus, Bloodhound, Covenant, etc.) or the ability to demonstrate equivalent knowledge. Expert understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing. Expert understanding of Red Team concepts, tools, and automation strategies. Expert understanding of MITRE Telecommunication&CK framework tactics, techniques, and procedures. Expert understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability. Expert understanding of Windows and Linux system hardening concepts and techniques.

***Hybrid, 3 days onsite, 2 days remote*** ***We are unable to sponsor as this is a permanent full-time role*** Responsibilities: Provide 24x7 operational support for the suite of privileged management solutions (e.g., CyberArk, Hashi, PKI), including implementing hot fixes, resolving bugs, troubleshooting issues, performing break-fixes, managing secrets lifecycle, and delivering end-user support. Maintain robust operational integrity of privileged access management infrastructure throughout its lifecycle (e.g., patching, version control, system upgrades, alignment with Security standards, etc.). Provide organizational subject matter expert on secrets management and privileged access management architecture, establishing and enforcing security as code principles throughout the environment. Develop and implement system enhancements to improve platform user experience and automated integrations, while designing long-term solutions to address operational issues through innovative technologies including artificial intelligence for faster detection and remediation of functional and technical problems. Qualifications: Experience in one or more of the following disciplines: security operations, development, engineering, or architecture Experience supporting privileged access management and access controls programs. Professional or personal experience using AI coding agents such as OpenAI Codex, Claude Code, or Gemini CLI. Expertise in providing operational and engineering support for one or more of the following: CyberArk, HashiCorp Vault, Active Directory Certificate Services (ADCS), HSMs, and Public Key Infrastructure (PKI). Expertise in scripting languages and developing in one or more of the following languages GoLang, Bash, Python, PowerShell, Ansible, and/or Terraform. Knowledge of privileged access management methodologies and techniques for on-prem and Cloud implementation. Knowledge of application authentication and authorization systems (i.e., Active Directory, oAuth 2.0, OIDC, AWS IAM, App Role, k8s, LDAPS, Kerberos, Certificate) Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines.

Systems Engineer IV Scott AFB, IL, USA Full-time FLSA Status: Exempt Clearance Requirement: Secret Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide. Job Description Overview SOS International LLC is seeking a [TITLE] to join our team in [work location]. A Systems Engineer is responsible for designing, implementing, and maintaining the systems and infrastructure necessary to support the technical operations of an organization. This role involves an in-depth understanding of both hardware and software components, as well as the ability to troubleshoot complex issues and provide innovative solutions. Essential Duties Perform technical engineering evaluations and assessments of high-risk Cross Domain Solutions (CDS) to determine the suitability and compliance of its components with Joint, DOD, and AF policies, and configuration and security guides. Determine the suitability of the CDS components and/or systems in relation to installation, modification, relocation, and/or removal. Conduct CDS technical engineering evaluations and assessments based on the Risk Decision Authority Criteria (RDAC) developed by the National Security Agency (NSA) for CDS hardware, software, firmware, and systems comprised of those components. Derive transfer processing threat, identity threat, policy threat and corresponding policy by-pass threat, and site mitigation risk ratings with sufficient justification to receive approval/authorization from CDS forums including: National Security Agency (NSA), Connection Approval Office (CAO), DoD Information Security Risk Management Committee (DoD ISRMC), Cross Domain Technical Advisory Board (CDTAB), National Cross Domain Strategy and Management Office (NCDSMO) Defense Security / Cybersecurity Accreditation Working Group (DSAWG) community. Accomplish documentation detailing the transfer processing risk introduced by a CDS to include measures taken to protect the confidentiality, availability, and integrity of information before and after it transits the CDS as well as data at rest. Identify and provide mitigation recommendations in the environment in which the CDS will operate Interpret scan and test results and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs). Recommend risk mitigations to ensure CDSs meet an acceptable level of risk for issuance of an Authority to Operate (ATO). Conduct extensive reviews of technical documentation including CDS Appendices, CDS Validation Approval Requests, system topologies, Lab-Based Security Assessments (LBSA) and Site-Based Security Assessments (SBSA) plans and reports. Assess authenticator management, intrusion management, partner identity management, location security, and technology and data risk mitigations. Perform engineering studies in support of complex mission critical CDS systems and deliver draft technical documents, reports, briefings, and other correspondence to the government. Coordinate with Authorizing Officials (AOs), PMOs, user reps, and system owners to maintain Risk Management Framework (RMF) packages, conduct risk and vulnerability assessments, provide support to the CDS approval processes, and perform other IA support duties. Develop and submit recommended policy directives, instructions, manuals, standards, strategies, visions, mission statements, goals and objectives as they apply to CDS. Provide ad hoc reports and briefings with information such as metrics, meeting minutes, inputs for Joint Approval Boards, and updated status of operational CDSs. Travel Requirements: Travel between Scott AFB, IL and other CONUS/OCONUS locations may be required under this task order. Qualifications Essential Requirements Bachelor's degree in Communications or Security is mandatory. Active SECRET security clearance is a non-negotiable prerequisite. Minimum of four years of relevant professional experience is required. Demonstrated proficiency in National, DoD, and AF Information Assurance (IA) policies, procedures, and objectives is essential. DoD 8570.1 IAM Level II certification (CAP, CASP+CE, CISM, CISSP or Associate, GSLC, CCISO) is imperative. Extensive knowledge and experience in Security Engineering, Risk Assessments, and Network Architectures are crucial. Superior analytical and problem-solving capabilities are required, with the ability to diagnose complex technical issues and develop effective solutions. Exceptional verbal and written communication skills are necessary, including the ability to articulate technical concepts to non-technical stakeholders. Proven experience in managing multiple projects simultaneously, demonstrating strong organizational and time management skills. Meticulous attention to detail is critical to ensure the accuracy and reliability of system configurations and documentation. Demonstrated ability to work effectively in a team environment, with strong interpersonal skills and the capacity to establish positive working relationships with colleagues and stakeholders. Adaptability to evolving technologies and organizational needs is essential, along with a commitment to continuous learning and improvement. Comprehensive knowledge of cybersecurity principles and best practices, with the ability to implement and maintain robust security measures. Preferred Qualifications Advanced degrees or certifications in Systems Engineering, Network Engineering, or Cybersecurity will be viewed favorably. Additional Information Work Environment This position requires working in an office environment, with occasional travel to client sites or data centers. May require working outside regular business hours to perform maintenance or respond to emergencies. Ability to lift and move computer hardware and equipment as needed. Working at SOSi All interested individuals will receive consideration and will not be discriminated against for any reason.

Senior Manager, Information Security Office (ISO) Consultant At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. You are comfortable with Cloud Service technologies like Storage Services, Security & Access Control Management, Container Services, and API Implementation and Management. You are familiar with various Cloud computing models to include IaaS, PaaS, and SaaS along with their architectural differences. Security is essential to what we do here, from protecting our customers to our associates. Responsibilities: The Senior Lead ISO Consultant will provide cyber security architecture advisory support needed to build the Technology & Business capabilities on a novel Modern platform, that will enable customer set-up, use, and management of a Capital One Credit Card, including Data Product. In this role, the responsibilities will include: Act as a central Information Security point of contact for the Global Payment Networks line of business Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, and User Access Management Serve as an expert in Capital One's Information Security capabilities, solutions, policies, procedures and standards Collaborating with enterprise cyber teams and tech architects in defining and driving the cyber architecture strategy and guiding principles for the architecting and designing of the modern platforms. Support security architecture and implementation needs for technology modernization efforts Overseeing all cyber related dependencies across the multiple components being built for the modernization effort. Influence customers to leverage security capabilities and solutions to shift and integrate security to the left in the development processes Escalate and manage cyber security risk Provide ad-hoc support on special Information Security hot topics for the business Provide regular updates to executive leadership with your line of business on the overall Information Security health and risk environment Work with line of business leadership to anticipate their objectives and needs to better serve the line of business Support the team on collectively mapping technologies to a standardized framework in order to identify and execute on best practices in risk reduction through the configuration of cybersecurity tools and platforms. Support the development, modification, and use of capability, risk, or threat classification frameworks and standardization methodologies to facilitate the conduct of correlative capability, maturity, and effectiveness evaluations. Support data validation and communications on the impact of identified operational, compliance, process, control, and tooling gaps and potential remediation courses of action to multiple audiences, including leadership, to support the enhancement of their cybersecurity postures. About You: You have a desire to work in a very fast moving, forward leaning, and modern computing environment You have a deep passion for Securing modern computing platforms You have a strong desire to continually learn about new technologies You possess strong conceptual thinking and communication skills You are able to work well under minimal supervision You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors You maintain calmness and clarity of thought under pressure and ability to maintain confidentiality You have a deep understanding of strategic business objectives and the ability to drive results toward those objectives Basic Qualifications: High School Diploma, GED or equivalent certification At least 6 years of experience working in cybersecurity or information technology At least 5 years of experience providing guidance and oversight of cyber security concepts At least 5 years of experience performing cyber security risk assessments or cyber security architecture reviews At least 4 years of experience with cloud security Preferred Qualifications: Bachelor's Degree 7+ years of experience in securing a public cloud environment (AWS, GCP, Azure) 6+ years of cyber security advisory and technology consulting experience 6+ years of experience in Cyber Risk Management 3+ years of experience on cryptography, HSMs and similar systems Knowledge of HPNS, ATM, Mainframe technologies and other payment networks infrastructure technologies Experience in security integration for Mergers and Acquisitions Experience with PCI and Payment Network Compliance. Professional certifications AWS Certified Solutions Architect and Certified Information Systems Security Professional (CISSP) At this time, Capital One will not sponsor a new applicant for employment authorization, or offer any immigration related support for this position (i.e. H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN, E-2, E-3, L-1 and O-1, or any EADs or other forms of work authorization that require immigration support from an employer). The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Chicago, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Ann & Robert H. Lurie Children's Hospital of Chicago provides superior pediatric care in a setting that offers the latest benefits and innovations in medical technology, research and family-friendly design. As the largest pediatric provider in the region with a 140-year legacy of excellence, kids and their families are at the center of all we do. Ann & Robert H. Lurie Children's Hospital of Chicago is ranked in all 10 specialties by the U.S. News & World Report. Location 680 Lake Shore Drive Job Description The Incident Response Analyst helps guide resources to prepare for, coordinate, and respond to incidents, including, but not limited to, computer security vulnerabilities, malware, phishing, and social engineering, as well as associated forensic investigations. This position utilizes industry-leading security incident response procedures, performing frequent monitoring of incident detection control effectiveness and helping to inform preparedness exercises. This position effectively collaborates with managed detection and response, incident assistance, and security forensics partners. This position coordinates with internal emergency preparedness teams and contributes to a resilient business continuity posture. Essential Job Functions: Area Specific Job Accountabilities: Receive and triage incoming security alerts to determine their severity, priority, and relevance. Conduct initial triage and investigation of security incidents, including gathering and analyzing relevant data and logs. Analyze logs and security event data to identify indicators of compromise (IOCs) and potential security incidents. Conduct analysis of suspicious files, malware samples, or artifacts to understand their behavior and potential impact. Assist in the collection and preservation of digital evidence during incident investigation. Prepare detailed incident reports, documenting the timeline, actions taken, and lessons learned from each incident. Performs other duties as assigned. Knowledge, Skills, & Abilities: Bachelor's degree, preferably in Computer Science or related information security expertise. 2+ years of experience in information security incident response required. SANS GCIH (GIAC Certified Incident Handler), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Security Auditor) or equivalent certification highly desired. Strong knowledge of information security forensics, security operations, security monitoring, technology implementation, risk analysis strategy, and NIST incident response life cycle. Experience and knowledge with information security frameworks, regulatory compliance, and regulatory bodies (e.g., HITRUST, NIST, HIPAA, DHHS). Goal oriented with the ability to lead team achievements toward desired results utilizing both internal and external resources. Professional communication, disciplined documentation, and commitment to following and improving processes and procedures. Familiarity and experience with crisis management, disaster recovery, and business availability programs and procedures Education High School Diploma/GED (Required) Pay Range $93,600.00-$154,440.00 Salary At Lurie Children's, we are committed to competitive and fair compensation aligned with market rates and internal equity, reflecting individual contributions, experience, and expertise. The pay range for this job indicates minimum and maximum targets for the position. Ranges are regularly reviewed to stay aligned with market conditions. In addition to base salary, Lurie Children's offer a comprehensive rewards package that may include differentials for some hourly employees, leadership incentives for select roles, health and retirement benefits, and wellbeing programs. For more details on other compensation, consult your recruiter or click the following link to learn more about our benefits. Benefit Statement For full time and part time employees who work 20 or more hours per week we offer a generous benefits package that includes: Medical, dental and vision insurance Employer paid group term life and disability Employer contribution toward Health Savings Account Flexible Spending Accounts Paid Time Off (PTO), Paid Holidays and Paid Parental Leave 403(b) with a 5% employer match Various voluntary benefits: Supplemental Life, AD&D and Disability Critical Illness, Accident and Hospital Indemnity coverage Tuition assistance Student loan servicing and support Adoption benefits Backup Childcare and Eldercare Employee Assistance Program, and other specialized behavioral health services and resources for employees and family members Discount on services at Lurie Children's facilities Discount purchasing program There's a Place for You with Us At Lurie Children's, we embrace and celebrate building a team with a variety of backgrounds, skills, and viewpoints - recognizing that different life experiences strengthen our workplace and the care we provide to the Chicago community and beyond. We treat everyone fairly, appreciate differences, and make meaningful connections that foster belonging. This is a place where you can be your best, so we can give our best to the patients and families who trust us with their care. Lurie Children's and its affiliates are equal employment opportunity employers. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin, ancestry, age, disability, marital status, pregnancy, protected veteran status, order of protection status, protected genetic information, or any other characteristic protected by law. Support email: ***********************************

At TruStage, we're on a mission to make a brighter financial future accessible to everyone. We put people first, and work hand in hand with employees and customers to create a diverse and inclusive environment. Passionate about building insurance and financial services solutions, we push the boundaries of what's possible. We need you to help us shape what's next. You'll be encouraged to share your experiences, ideas and skills to help others take control of their financial future. Join a team that has received numerous awards for being a top place to work: TruStage awards and recognition Job Summary Under the guidance of Information Security leadership, the Information Security Analyst supports TruStage's cybersecurity program by delivering integrated threat intelligence and digital forensic services. This hands-on role is responsible for reviewing and analyzing incoming threat intelligence to assess risk and potential impact to the organization, applying best practices to inform proactive defense strategies. The analyst plays a critical role in the incident response lifecycle by investigating escalated threats-such as malware infections, phishing attempts, or unauthorized access-through structured processes that include detection, containment, eradication, recovery, and root cause analysis. Responsibilities also include conducting forensic investigations, performing advanced data collections, and executing eDiscovery requests. The analyst may be called upon to support investigations led by Legal, Human Resources, or other internal stakeholders, ensuring evidence integrity and alignment with regulatory and organizational standards. The ideal candidate will have experience using tools such as Magnet Forensics Axiom Cyber, Splunk, Microsoft Defender, and the MITRE ATT&CK framework to detect, investigate, and respond to complex security incidents. This role requires a strong analytical mindset, attention to detail, and the ability to work collaboratively across teams to enhance the organization's security posture. Excellent verbal and written communication skills are essential, as the analyst will be expected to clearly document findings, articulate technical concepts to non-technical stakeholders, and contribute to incident reports, threat briefings, and cross-functional discussions. Job Responsibilities: * Support Information Security Leadership regarding all aspects of the information security program, with minimal supervision. Responsibilities include facilitating the identification of risks throughout the organization, developing, reporting and monitoring formats on risk management issues and developing methodologies for the assessment of risks throughout the organization. * Continuously monitor the internal and external landscape for relevant events, risks, and threats related to malicious code, vulnerabilities, and potential attacks. * Coordinate and ensure cybersecurity related alerts and incidents are prioritized and responded to at all hours of the day. * Remain current with emerging threats and share knowledge with colleagues to improve incident response processes. * Participate in the creation and execution of tabletop exercises designed to identify gaps, improve skills, enhance communication and engage with key stakeholders. * Review reports from tabletop exercises, vulnerability scans and penetration testing to identify weaknesses or gaps in existing security controls and provide recommendations where appropriate. * Lead coordination, consultation, and assessment efforts to track and remediate events and alerts, directs response to related incidents, internal or external audits, and / or control assessments. * Identify, report, and assist in resolving privacy, compliance or security violations and control gaps. * Lead feedback with other IT teams to protect data from compliance, privacy or security compromise. * Contribute to the strategic direction of the Information Security team to develop new capabilities, process efficiencies and goals. * Participate in the development, review, ongoing maintenance and development of security policies, standards, processes, procedures and requirements to facilitate the establishment of common administrative controls for the delivery of security capabilities. * Security Awareness: Develop content for organization wide and targeted security awareness training. Present relevant information security topics through a variety of forums depending on the audience. * The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time. The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time. Job Requirements: * Bachelor's degree in computer science, information systems or related field, or equivalent combination of education and/or related professional work experience. * 5 or more years of demonstrated proficiency with an information security audit, assessment, engineering or architecture focus or comparable, professional experience. * Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing. * Aptitude for speaking or communicating to varied groups of business and technical professionals. * Experience in presenting technical material to a nontechnical audience and to senior management. * Established skills and experience in the development of security policies, standards or other governance practices. * Demonstrated relationship management and consulting skills, including ability to effectively influence and negotiate. * Proven ability to provide high quality customer service. * Financial Services industry experience strongly preferred. * Experience with law enforcement preferred * Experience with forensics preferred #LI-SW If you're ready to help make a difference, apply today. A resume is required to apply. TruStage may process applicant information using an Artificial Intelligence (AI) tool. This tool automatically generates a screening score based on how well applicant information matches the requirements and qualifications for the position. TruStage recruiters use the screening score as a guide to further evaluate candidates; the score is one component of an application review and does not automatically determine whether a candidate moves forward. Candidates may choose to opt out of this process. Compensation may vary based on the job level, your geographic work location, position incentive plan and exemption status. Base Salary Range: $97,800.00 - $146,800.00 At TruStage, we believe a sound, inclusive benefits program is of vital importance, along with a flexible workplace that allows for work-life balance, career growth and retirement assistance. In addition to your base pay, your position may be eligible for an annual incentive (bonus) plan. Additional benefits available to eligible employees include medical, dental, vision, employee assistance program, life insurance, disability plans, parental leave, paid time off, 401k, and tuition reimbursement, just to name a few. Beyond pay and benefits, we also recognize that flexibility, including working in a place you prefer, is essential to caring for our employees. We will continue to strive to offer flexibility and invest in technology and other tools that will make hybrid working normal rather than an exception, so that when "life happens," you can focus on what's most important. Accommodation request TruStage is a place where everyone can bring their best self and thrive. If you need application or interview process accommodations, please contact the accessibility department.

Job Description Support the Information security governance, risk management and compliance program, focusing on compliance and assurance. Facilitate the compliance and assurance program, by performing assurance assessments to ensure Alliant Credit Union (ACU) is compliant with regulatory and legal obligations. Help maintain the technical control library ensure assessments align securing ACU. Facilitate IT issue management by working with employees on scheduling calls and going over the issue and resolution. Essential Responsibilities Responsible to facilitate the compliance and assurance assessments and issue management via a GRC tool Conduct assurance assessment, including control test of design (ToD) and test of operating effectiveness (TOE) activities Provide recommendations on improving compliance-related processes and/or procedures and identify opportunities for ITGC/security compliance control automation Facilitate group and individual meetings, ensure that each meeting is organized and aligned and schedule walkthrough agenda addressing any issue that arise and and guiding towards actionable outcomes Assist internal and external audit teams to address inquiries Participate in InfoSec projects as assigned by management such as the review of documents Education Minimum- 4 Year Bachelors Degree in Computer Science, Information Security or Related Years of Experience Minimum - 2 Years Governance, Risk Management, Compliance within a financial institution or Security Compliance or Related In Lieu of Education 5 Years Governance, Risk Management, Compliance within a financial institution License/Certifications/Training Preferred: Compliance, Risk Management, or Governance certifications: CRISC, CISM or CISA Compensation & Benefits: Typical hiring range: $57,500 - $89,500 Annually. Actual compensation will be determined using factors such as experience, skills & knowledge. Additional Compensation: Annual performance bonus Benefits: Alliant provides a benefits package including health care, vision, dental, and 401k with employer match. Additional Benefits: Work from home up to 3 days a week Paid parental leave Employee discount programs Time off including paid personal and sick days 11 paid holidays Education reimbursement *Note that eligibility and cost of benefits can vary depending on the number of regularly scheduled hours, and job status such as regular full-time, regular part-time, or temporary employment. Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensures compliance with all applicable state and federal laws, company procedures and policies. Maintains integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives. The responsibilities listed do not contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice.

At Children's Wisconsin, we believe kids deserve the best. Children's Wisconsin is a nationally recognized health system dedicated solely to the health and well-being of children. We provide primary care, specialty care, urgent care, emergency care, community health services, foster and adoption services, child and family counseling, child advocacy services and family resource centers. Our reputation draws patients and families from around the country. We offer a wide variety of rewarding career opportunities and are seeking individuals dedicated to helping us achieve our vision of the healthiest kids in the country. If you want to work for an organization that makes a difference for children and families, and encourages you to be at your best every day, please apply today. Please follow this link for a closer look at what it's like to work at Children's Wisconsin: *********************************** Children's Wisconsin is seeking a Senior Information Epic Security Analyst- to join our team! Location: Remote but must be local to Milwaukee What you will do: The IS Security Analyst-Epic will perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Ensures that user community understands and adheres to necessary procedures to maintain security. Must be able to weigh business needs against security concerns and articulate issues to management. Primary EPIC security lead on Enterprise Information Security team responsible for management of Epic user records (EMP users, including background users) which includes the life cycle management of the records (creation, modification, inactivation) and auditing as appropriate. Collaborates with app analysts teams who manage the templates and sub templates. Participates in the development of workflows, system configuration, change documentation, optimization and support related to Epic security, while working with application teams to deploy functionality changes, new modules or departments, update security classes, modify provider records, conduct user analysis, and implement security enhancements. Leads and assists in the development of department and organization wide policies and procedures, while effectively communicating policies and procedures impacting Identity and Access management to end users, leadership, and peers to ensure compliant practices. Provides guidance on optimizing security build based on appropriate minimum necessary standards. Responsible for the on-going maintenance, testing, support and optimization of Epic user security and provider management, with focus on role based access. Epic certification is a requirement. Excellent organizational skills and ability to manage work load while assigned to multiple simultaneous projects with minimal supervision. Thorough understanding of user account administration in a network environment. Thorough understanding of security auditing principles. Familiarity with current common paradigms for violating system integrity. Top-tier security performance tuning skills and trouble-shooting required. Works closely with all levels of the organization to ensure that security is consistent with organizational security standards, information access requirements and business strategies. Coordinates with IS entities regarding technical considerations (user rights/privileges, system access) to ensure proper implementation and provides on-going support for all security operations. Works collaboratively with Internal Audit, Corporate Compliance, Human Resources and other departments on security related issues and projects. Works with cross-functional teams to perform reviews and tests of IS internal controls to ensure existing systems are operating as designed and contain adequate controls. Monitors and analyzes technology security and recommends appropriate IS policies, procedures and practices to strengthen security operations. Provides consultation regarding audit, regulatory and security management activities across IS functional areas. Coordinates the IS component of both internal and external audits, federal and state examinations. ESSENTIAL FUNCTIONS: Demonstrates behaviors outlined in the Core Competencies the Blue Kids Way to provide service excellence as a committed partner to children, families and co-workers. Recommends and maintains policies and procedures related to information security. Monitors the organization's overall security fabric. Assesses security needs and capabilities of the organization. Makes regular reports to management concerning security measures. Makes recommendations for improvement as required. Identifies and provides information security awareness training as appropriate. Identifies appropriate courses to enhance security capabilities and competencies of the organization. Works with management to perform and maintain risk assessments. Ensures organization compliance with the security sections of Federal and State statutes, including HIPAA, as well as regulatory requirements. Coordinates investigations into potential security infractions. Determines and designs appropriate tests for all aspects of information security. Activities may include attempted “cracking” of system security, review of audit trails and attempted theft of devices. Evaluates system effectiveness and makes change recommendations as necessary. Coordinates periodic reviews of system security by outside consultants, including vulnerability assessments, penetration tests, HIPAA reviews and PCI compliance. Works with IS teams to implement recommendations as appropriate. Monitors, evaluates and makes recommendations regarding perimeter security including prevention against attack, viruses, and other forms of malicious software. Monitors, evaluates and makes recommendations regarding email and Internet content filtering. Evaluates and makes recommendations regarding requested changes to perimeter security. Recommends policies and procedures for controlling remote access by employees, non-employees and vendors. Reviews and makes recommendations regarding security oriented software applications and workstation security, including patch management, user rights management, and operating system configuration. Keeps current on security issues through seminars, publications and self-education on an on-going basis. MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED: Requires bachelor's degree in computer science or related technology field. Master's degree preferred. Requires 7 years of relevant computer systems experience, preferably in a hospital or healthcare setting. Significant experience in IS security administration including compliance, audit, and information security management. Epic Security certification is a requirement. Professional certification (e.g. CISA, CISM or CISSP) preferred. Thorough understanding of risk analysis, disaster recovery and audit tracking. Familiarity with current common paradigms for violating system integrity. Must have excellent interpersonal skills to effectively communicate with all levels of hospital personnel, vendors and IS personnel. Must possess the ability to deliver clear, concise communications and presentations. Must be able to train others on key IS security concepts. Children's Wisconsin is an equal opportunity / affirmative action employer. We are committed to creating a diverse and inclusive environment for all employees. We treat everyone with dignity, respect, and fairness. We do not discriminate against any person on the basis of race, color, religion, sex, gender, gender identity and/or expression, sexual orientation, national origin, age, disability, veteran status, or any other status or condition protected by the law. Certifications/Licenses:

Min USD $31.51/Hr. Max USD $48.83/Hr. Under the direction of the Manager, Security Operations, the Security Operations Analyst protects organizational assets by ensuring an effective information security control environment for Memorial Health System. This role is a combination of project management and incident response through identification, analysis, prioritization, communication and mitigation of incidents as they occur. Please note this is a hybrid position and is required to be onsite in Springfield, IL several days per week. On call rotation is for 1 week approximately every 5 weeks. Qualifications Minimum Qualifications:Education:• Bachelor's degree in health information management, Computer Science, Business, Cybersecurity, Health Care, or related discipline required. Four or more years of relevant prior work experience may be considered in lieu of degree.Licensure/Certification/Registry:• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or similar security related certification preferred.Experience:• Minimum 2 years of security experience required.• Minimum 2 years of compliance experience preferred.• Minimum 2 years of project management experience preferred. • Demonstrated experience with healthcare clinical and financial applications required.• Experience with audit methodologies and control frameworks (such as ISO27001 or NIST) required.• Experience with MS365 Office suite and collaboration tools required. Other Knowledge/Skills/Abilities:• Demonstrated strong communication skills and diplomacy to work between technical and administrative teams at all organizational levels, as well as to write and update concise and accurate documentation.• Demonstrated knowledge of Microsoft Windows systems, administrator and client/server communications protocol, UNIX, Oracle, LDAP, XML and directory administration. Demonstrated knowledge of computer systems, architecture and process flow. • Evidence of leadership, creativity, integrity, and initiative. Evidence of ability to achieve results and inspire others to do the same, personal accountability, and dedication to continue learning and investigating relevant technology required.• Demonstrated planning, problem-solving, decision-making, analytical and change management skills. • Demonstrated ability to maintain confidentiality, professionalism, and trustworthiness.• Demonstrated ability to drive projects forward and achieve objectives aligned with strategic direction, even in the face of stakeholder resistance or ambiguity.• Must be personally motivated to achieve results alone and through others particularly related to providing exceptional customer service. Must be results oriented and be able to manage time appropriately in order to meet assigned goals. Responsibilities Principle Duties & Responsibilities:1. Performs various daily operational tasks as assigned by Security Operations Manager to ensure the continued security and protection of MH data. 2. Provides ongoing consulting on industry best practices regarding the securing of information assets.3. Analyzes department processes and identifies security gaps between teams.4. Documents control gaps; proactively develop plans to address identified gaps with subject matter expert and stakeholder input. 5. Investigate security incidents and breaches6. Responds to computer security incidents according to the incident response policy and procedures.7. Coordinate containment, eradication, and recovery efforts8. Works with business areas to develop, document, and update policies, plans, processes, procedures, and guidance to ensure a safe, effective control environment. 9. Maintains the organizational security control baseline for security-related compliance. 10. Collaborate with vulnerability management teams to assess and remediate risks11. Embodies the Memorial Health System Performance Excellence Standards of Safety, Courtesy, Quality, and Efficiency that support our mission, vision and values:• SAFETY: We put safety first. We speak up and take action to create an environment of zero harm. We build an inclusive culture where everyone can fully engage.• INTEGRITY: We are accountable for our attitude, actions and health. We honor diverse abilities, beliefs and identities. We respect others by being honest and showing compassion.• QUALITY: We listen to learn and partner for success. We seek continuous improvement while advancing our knowledge. We deliver evidence-based care to achieve excellent outcomes.• STEWARDSHIP: We use resources wisely. We are responsible for delivering equitable care. We work together to coordinate care.12. Develops, maintains, and tests incident response plans to ensure organizational compliance with required laws and regulations. 13. Supports the Security Operations Manager in continued development and refinement of Disaster Recovery plans14. Supports security awareness training, working to expose all departments to new and improved processes.15. Perform triage on incoming alerts to determine severity and relevance, working with system, application, and network owners to explain, remediate, and document as needed The intent of this job description is to provide a representative summary of the major duties and responsibilities performed by incumbents of this job. Incumbents may be requested to perform tasks other than those specifically presented in this description.

The Information Assurance Principal Analyst/Program Lead will provide leadership, oversight, and operational management for the Joint Operation Planning and Execution System (JOPES) and the Transportation Visualizer (TransViz) Functional Management Support contract. This individual will act as the primary liaison between TeAM, government officials, and all contract stakeholders, ensuring the coordination, integration, and execution of all program activities in accordance with DoD and USTRANSCOM expectations. The Information Assurance Principal Analyst/Program Lead will be responsible for meeting all performance, schedule, and quality objectives as outlined in the contract's scope. Mission Objectives - The primary objective of this project is to support the operational effectiveness and mission readiness of the JOPES and TransViz platforms at Scott Air Force Base. As a critical contract team member, the Information Assurance Principal Analyst/Program Lead ensures seamless functional management, stakeholder coordination, and compliance with all contractual and security requirements while facilitating process improvements and the timely delivery of program services. This position supports USTRANSCOM and associated DoD agencies by optimizing system capabilities and user experience in support of national defense objectives. Position Responsibility Summary Serve as the principal point of contact (POC) for all programmatic, technical, and contractual matters, representing TeAM in communications with government officials and stakeholders. Serve as a Liaison for all meetings & events, coordinating & scheduling all course training for teams, and attending reviews of the program. Lead, supervise, and coordinate activities of the project team-overseeing System Administrators and the Database Administrator-to fulfill contract objectives. Ensure timely and accurate reporting of program performance, deliverables, metrics, and compliance with DoD security, safety, and operational requirements. Manage risks, mitigate issues, and implement corrective actions to maintain project schedule and instill quality control. Oversee and ensure workforce compliance with all mandatory security, safety, and DoD-mandated annual training, including but not limited to OPSEC, Antiterrorism Level I, CUI, and Emergency Operations. Develop and implement process improvements, leveraging industry best practices (e.g., ITIL) to enhance JOPES/TransViz functionality and user satisfaction. Foster a culture of open communication and collaboration across stakeholders, promoting continuous improvement in program delivery. Ensure all support activities are conducted on-site in compliance with established guidelines and within the designated geographic radius.

Job Description This is a hybrid position requiring 3 days in office at our Middleton, WI office location. #LI-Hybrid At CapSpecialty, we are a specialty underwriting company being driven by well-informed, entrepreneurial and proactive employees. Come join our exciting company where you can really make an impact, and each individual's unique skills and talents are recognized and valued. You will find an accessible leadership team that welcomes opinions and ideas. We owe much of our success to our collaborative environment and set of three guiding principles rooted in customer-centricity, employee excellence and corporate culture. We offer competitive compensation and benefits packages - including an innovative open vacation plan, generous paid sick and parental leave, fully vested matching 401k, company-paid group term life insurance and short- & long-term disability plans, professional and educational growth opportunities, flexible and casual work environment, and recognition for exceptional performance. Please see our full list of Total Rewards here. CapSpecialty is seeking an Information Security Analyst who will support our organization's cybersecurity operations. The analyst will assist in monitoring systems, investigating alerts, managing access controls, and supporting compliance efforts. This role includes exposure to Identity & Access Management (“IAM”) and other key areas of information security. Duties/Responsibilities: Conduct investigations into and properly document security incidents, including evaluating incident impact and recommending corrective actions to management. Collate security metrics and generate reports from the security systems as needed. Support managing accounts and permissions in IAM systems, including recommending improvements to identity governance where appropriate. Perform tasks as assigned to meet any audit requests. Help maintain IAM documentation and workflows. Help maintain and promote security policies, procedures, and training materials. Oversee assigned components of the security awareness programs, and track employee participation including following up on training completion. This may include reporting compliance metrics to leadership. Manage the physical security program, providing recommendations for updates as needed. Keep up to date and current on security trends. Other related duties and initiatives, as assigned. Supervisory Responsibilities: None. Core Competencies: Proven ability to deal well with ambiguity, prioritize tasks, resolve issues and deliver measurable results in an agile, fast-paced environment. Excellent oral and written communication skills. Ability to manage difficult customer situations, elicit customer feedback, analyze and resolve customer issues. Excellent analytical, problem solving, collaboration and time-management skills. A high level of integrity and commitment to confidentiality. Must be highly self-motivated requiring minimal direction. Have a passion for Information Security and a desire to advance personal growth through continuing professional education, self-study, and pursuit of technical certifications. Education and Experience: Associate's degree in computer science or equivalent. 1+ years of relevant experience in IT with exposure to cybersecurity practices, technologies, and methodologies is preferred. Basic understanding of security principles, threats, and controls is desirable. Familiarity with IAM concepts and tools (i.e. Active Directory, Okta, Azure AD) is a plus but not required. Familiarity with security controls and technologies desired (i.e. firewall, SIEM, DLP, WAF, and IPS.). Physical Demands Prolonged periods of sitting at a desk and working on a computer. May be required to lift up to 15 pounds at times. CapSpecialty is a leading provider of specialty insurance and bonds for small- to mid-sized businesses in the U.S., offering casualty, professional liability, surety and fidelity products in all 50 states and the District of Columbia. By working with select partners through a limited distribution model, CapSpecialty's creative, hard-working team provides personalized service and cultivates mutually successful partnerships to deliver positive results. CapSpecialty is an operating subsidiary of Berkshire Hathaway, and its carriers have an A ("Excellent") rating from A.M. Best, writing both admitted and non-admitted policies. For more information, please visit CapSpecialty.com. Apply today! Equal Employment Opportunity Employer Powered by ExactHire:184950

Established in 1991, Collabera has been a leader in IT staffing for over 22 years and is one of the largest diversity IT staffing firms in the industry. As a half a billion dollar IT company, with more than 9,000 professionals across 30+ offices, Collabera offers comprehensive, cost-effective IT staffing & IT Services. We provide services to Fortune 500 and mid-size companies to meet their talent needs with high quality IT resources through Staff Augmentation, Global Talent Management, Value Added Services through CLASS (Competency Leveraged Advanced Staffing & Solutions) Permanent Placement Services and Vendor Management Programs. Collabera recognizes true potential of human capital and provides people the right opportunities for growth and professional excellence. Job Description Location: 100 Abbott Park Road, Lake County, Abbott Park, IL 60064 Duration: 6+ months (could go beyond) Roles: • Network Directory and Infrastructure Services Administration. • Knowledge of domain administration and troubleshooting, Active Directory, MS FIM, Exchange, MS Office365 and supporting technologies, MS Azure, NPS, Federation and SQL Server administration required. Responsibilities: • Provide technical Level III problem isolation and resolution for a Global Active Directory Network. • Configures and performs advanced diagnostics on infrastructure components and cloud based applications. • Understands and repairs Domain infrastructure including DNS, DHCP, ADLDS, ADFS and FIM Sync. • Understands and can configure/install Win Server 2008r2/2012r2 technologies for domain controllers and Radius Authentication servers. • Repair and recover from hardware or software failures. • Rotate on-call and must be available to work a varied shift schedule in a 7x24 hour operations center environment. • Initiate major outage communication technical bridges as requested. • Apply fix procedures as instructed for repetitive events as instructed and coordinate with impacted constituencies. Competencies: • Superior knowledge of Active Directory overall and its administrative components. • Perform domain administration for 61,000+ workstations including domain controllers, NPS, Win 2003/2008R2/2012 server hardware, dynamic host configuration protocol (DHCP), domain name servers (DNS) configuration integrated with active directory, desktop configuration and end user support. • Candidate will have worked in an AD environment that has done acquisition and divestiture work, Candidate will have worked with products such as ADMT, and ADLDS and the roles they play in M&A activities such as management of active directory structure in creation, administration of organizational units (OU), containers and sub containers throughout the domain from geographic to organizational standards, while setting policies and permissions. • Candidate should have expert knowledge of Federation protocols including OAuth, SAML, WSFed, and a deep understanding of the IDP and SP roles associated with Federation environments. • Candidate will have worked with Office 365 from an Identity standpoint and have an understanding of Azure Active Directory Sync and Identity Federation for Cloud services. • Expertise should include attribute mapping and troubleshooting as well as rule sets associated with AADSync. • Candidate must be able to correctly configure servers and clients for all services. • Can isolate and repair most DNS and IP service problems. • Understands and uses the appropriate tools in all instances during problem isolation and repair. • Possesses an in depth understanding of communications technologies and can isolate and resolve most infrastructure issues. Qualifications • Associates Degree Minimum, prefer Computer Science or technology area or telecommunications science business minor • Three (3) to six (6) months of specialized technical courses in Win and Active Directory technology's typically provided by vendors, technical societies, or equivalent experience. Additional Information To know more about this position, please contact: Himanshu Prajapat ************ **********************************

Information Security Analyst STATUS: Full time DEPARTMENT: Information Security Office DIVISION: Information Technology CLASSIFICATION: Exempt UNION: Non-Union REPORTS TO: Senior Director Information Security PLACEMENT: Professional staff, S11 HIRING RANGE: $70,689 - 79,526 Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The student population at the college is diverse in ethnicity, gender, language, age and background. Joliet Junior College is an AA/EO employer and strongly encourages applications from candidates who would enhance the diversity of its staff. POSITION SUMMARY The Information Security Analyst is responsible for protecting the college's information systems and data by monitoring, analyzing, and responding to security incidents and threats. This role supports compliance with regulatory requirements (e.g., CIRCIA, HIPAA, GLBA), enhances operational efficiency, and contributes to the continual improvement of security processes and documentation. The analyst will also detect opportunities to develop and maintain security documentation, including knowledgebase articles, and manage security-related tickets from stakeholders. ESSENTIAL JOB DUTIES AND KEY RESPONSIBILITIES 1. Incident Management: Monitor, triage, and respond to cybersecurity threats and incidents across network, application, identity, and cloud layers. 2. Vulnerability Management: Participate in vulnerability assessments and penetration testing to identify and remediate security weaknesses. 3. Security Operations: Manage and maintain security tools (e.g., SIEM, IDS/IPS, vulnerability scanners), ensuring daily monitoring and compliance. 4. Facilitate the integration of SOC/Managed Security Services activities with the broader Information Security team, ensuring consistent application of ITIL processes such as Incident Management, Problem Management, and Event Management. 5. Identity Management: Support Office 365 email account management tasks, including user permissions, credential hand-offs, mailbox access provisioning, and coordination with identity and access management processes." 6. Compliance & Risk Management: Assist in legal and regulatory compliance efforts; conduct risk assessments and support audit activities. 7. Service Request Management: Handle, triage, and manage tier 2 level and up security-related tickets and requests from stakeholders, ensuring timely resolution and escalation as needed. 8. Knowledge Management: Detect opportunities to develop, improve, and maintain security documentation, including knowledgebase articles and process guides. 9. Process Improvement: Assist with the development and continual improvement of security-related processes, automation initiatives, and reporting tools. 10. Cloud Support: Support secure cloud infrastructure through systems auditing and account lifecycle management. 11. Collaboration & Training: Collaborate with IT and academic departments to ensure secure deployment of new technologies; provide security awareness training to staff and students. 12. Reporting: Prepare and present reports on security incidents, vulnerabilities, compliance status, and process improvements to leadership. 13. Professional Development: Stay current with emerging security threats, trends, best practices, and ITIL service management principles. 14. Perform related duties as assigned. MINIMUM QUALIFICATIONS 1. Bachelor's degree in Computer Science or a closely related field, OR an Associate's degree combined with 2-4 years of experience in information security or IT operations. 2. Ability to establish and maintain cooperative and effective working relationships with other members of the college and community, displaying cultural competence as well as emotional intelligence. 3. Demonstrated commitment to the college's core values of respect and inclusion, sustainability, integrity, collaboration, humor and well-being, innovation and quality. Bachelor's degree in information technology, Cybersecurity, Computer Science, or related field.. 4. Understanding of cybersecurity principles, tools, and compliance frameworks. 5. Experience with Microsoft Azure, Active Directory, and security monitoring tools. 6. Experience in information security and/or IT risk management with a focus on security performance and reliability 7. Familiarity multiple risk management concepts, frameworks, and standards (CSC, NIST, ISO, COBIT) 8. Excellent analytical, communication, documentation, and collaboration skills. 9. Possesses relevant industry certifications such as CEH, CISA, CCET, Network+, Security+, CySa+, or Microsoft SC-900, demonstrating foundational and specialized knowledge in cybersecurity. 10. Demonstrated understanding of the NIST Cybersecurity framework and auditing security controls identified in NIST800-171 and NIST SP800-53A. 11. Knowledgeable on ITIL process management. PREFERRED QUALIFICATIONS 1. Experience in higher education or public sector environments. 2. English and Spanish verbal and written communication proficiency. 3. Demonstrated multicultural competence. PHYSICAL DEMANDS 1. Normal office physical demands. 2. Ability to travel between campus locations and to and from community events. 3. Ability to travel in state and nationally. WORKING CONDITIONS 1. Duties are performed indoors in the usual office and/or outdoor environment. BENEFITS Click on the link for information about JJC's Benefits: Non-Union Support Staff, Professional, Administrative Full Time/Part Time: Full time Union (If Applicable): Scheduled Hours: 40