Information security analyst jobs in Plymouth, MA - 255 jobs

A leading data technology provider in Boston is seeking a Senior Security Engineer. In this key role, you will enhance the security of data platforms while collaborating with cross-functional teams. Responsibilities include designing secure architectures, analyzing vulnerabilities, and mentoring staff. A Bachelor's in a technical discipline and substantial experience in security engineering are required. This role offers a competitive salary range of $112,000 - $160,000 USD and substantial benefits including health insurance and 401(k) contributions. #J-18808-Ljbffr

Key Responsibilities Support business operations and development initiatives for the analysis, design & implementation of manufacturing IT solutions (MES, LIMS, SCADA, IoT, Data Historian) Functionally oriented Identify technical issues and communicate effectively across teams Required Experience: 6+ years in Business Analysis roles Manufacturing background req MES experience is a plus Must be a US Citizen or US Permanent Resident Bachelor's degree in Computer Science, Information Technology, or a related field required

A state governmental agency in Chelsea, Massachusetts is seeking an Accounts Management Analyst II to manage employee provisioning and deprovisioning, ensure timely completion of requests, and support end-users with IT issues. The ideal candidate should have extensive experience in technical support, strong knowledge in Windows, Azure, and service management tools like ServiceNow, along with excellent problem-solving and communication skills. This full-time role offers a salary range between $77,290 and $116,401 annually. #J-18808-Ljbffr

Information Security Data Analyst Large Banking Client Duration: 6+ month contract; Strong potential for extension / full time hire Our client in the banking industry is seeking a Data Analyst to join the Information Security & Risk team. This role will focus on data protection, compliance, and security analytics, ensuring sensitive information is safeguarded across systems and processes. The position offers an opportunity to contribute to risk mitigation, regulatory adherence, and the development of robust data security controls in a dynamic financial services environment. Responsibilities * Monitor, analyze, and report on data security events and potential data loss incidents * Collect, validate, and analyze data from multiple sources to ensure accuracy and integrity * Develop and maintain dashboards for security metrics using Power BI and AWS QuickSight * Execute queries to identify anomalies, trends, and potential vulnerabilities in data flows * Implement and enforce Data Loss Prevention (DLP) rules and policies across systems * Conduct testing and validation of DLP rules to ensure accuracy and effectiveness * Manage website whitelisting processes to support secure business operations * Support compliance with regulatory standards and internal security frameworks * Collaborate with security, risk, and IT teams to design and optimize data protection strategies * Communicate findings and actionable recommendations to leadership and stakeholders Required Experience * Minimum 3+ years of experience in data analytics with a focus on security or compliance * Strong understanding of data protection principles, DLP tools, and regulatory frameworks * Hands-on experience implementing and testing DLP rules and security controls * Proficiency in SQL Server for query writing and data validation * Dashboarding experience with Power BI and AWS QuickSight * Working knowledge of Python for automation and data analysis * Familiarity with security monitoring tools and incident response processes * Prior experience in financial services, preferably banking or fintech Desired Experience * Exposure to DLP solutions (e.g., Purview, Netskope) * Experience with identity and access management concepts * Understanding of data classification and encryption standards Soft Skills * Strong communication skills to engage leadership and cross-functional teams * Detail-oriented with a proactive approach to risk identification * Ability to work in a fast-paced, compliance-driven environment * Apex Benefits Overview * Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a retirement plan (401k or local country equivalent) program. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide. * · EEO Employer * Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or ************. Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click here for more details. Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide. Employee Type: Contract Remote: Yes Location: Boston, MA, US Job Type: Date Posted: November 18, 2025 Pay Range: $45 - $60 per hour Similar Jobs * Information Security Analyst - IAM / CyberArk * Information Security - Information Security Engineer 4 - Contingent * Information Systems Analyst * Network Security Analyst III * Senior Cyber Security Analyst

Join our global Cyber team as a Wordings Analyst supporting the Global Cyber Wordings Manager in the strategic development and governance of our Cyber and Tech policy suite, including Liberty Cyber Resolution and Liberty Tech Resolution. This role is a hands-on business enabler: you will help translate complex legal and regulatory requirements into clear, market-ready wordings, maintain our global clause library, support manuscript negotiations, and produce practical tools that empower underwriters and strengthen broker confidence. It's an excellent opportunity for an early-career insurance wordings or legal professional to build expertise in a fast-moving, global specialty line and make a visible impact on growth, innovation, and client experience. Key responsibilities: Wording library and drafting support Maintain and expand the global wording library centered on Liberty Cyber Resolution and Liberty Tech Resolution, including endorsements, exclusions, and guidance notes. Redline and prepare first drafts of standard clauses and endorsements; ensure consistency with definitions, coverage intent, and plain-language standards. Track version control, change logs, approvals, and archiving; Assist with localization for different jurisdictions, coordinating translations and filing documentation with Legal/Compliance. Commercial enablement Build practical tools (playbooks, FAQs, objection-handling guides, coverage summaries) to help regional teams position our products and close deals efficiently. Prepare broker/client comparison decks and battlecards; support pitches, RFP/RFI responses, and manuscript negotiations with clause comparisons and recommended alternatives. Triage wording queries from regions; track SLAs and referral approvals per the global governance framework. Partner closely with Underwriting, Product, Global Cyber Engagement, Claims, Legal/Compliance, and regional leaders to deliver accurate, timely support and uphold governance standards. Regulatory and legal stewardship Monitor and synthesize global regulatory and market developments (e.g., Lloyd's cyber war/systemic guidance, GDPR, DORA, NIS2, sanctions) into succinct briefs and recommended wording actions. Maintain audit-ready documentation; assist with regulatory filings or attestations where required. Claims partnership and feedback loop Collaborate with Claims to capture lessons from disputes and litigation trends; draft guidance notes and propose clarifications to improve coverage certainty. Support coverage position letters and documentation packs with research, citations, and clause histories. Innovation and product development support Help draft prototype wordings for new propositions Check alignment between underlying policy wordings and reinsurance treaty/facultative clauses. Administer wording management tools, ensuring robust version control, approval workflows, and usage analytics. Build dashboards and trackers for adoption of standard forms, deviation rates, SLA performance, disputes, and audit findings; provide monthly reporting to stakeholders. Qualifications Bachelor's degree in business, economics, or other quantitative field. Minimum 3 years, typically 4 years or more of relevant work experience. 2 - 5 years of experience in insurance wordings, legal/paralegal support, underwriting support, or product documentation; cyber specialty experience preferred. Strong drafting, redlining, and proofreading skills with a plain-language mindset and exceptional attention to detail. Working knowledge of insurance policy structures, endorsements, exclusions, and coverage interpretation; familiarity with cyber war/systemic language, sanctions, and privacy regulations is advantageous. Research and synthesis skills to translate complex regulatory/legal topics into practical guidance and actionable updates. Proficiency with MS Word (advanced track changes/redlining), Excel (trackers and dashboards), PowerPoint (training/pitch materials), and document/enablement tools. Collaborative, service-oriented approach; comfortable operating in a global matrix and meeting defined SLAs. Curiosity about cybersecurity risks and the incident response ecosystem; willingness to learn common threat scenarios to inform practical drafting. About Us Pay Philosophy: The typical starting salary range for this role is determined by a number of factors including skills, experience, education, certifications and location. The full salary range for this role reflects the competitive labor market value for all employees in these positions across the national market and provides an opportunity to progress as employees grow and develop within the role. Some roles at Liberty Mutual have a corresponding compensation plan which may include commission and/or bonus earnings at rates that vary based on multiple factors set forth in the compensation plan for the role. At Liberty Mutual, our goal is to create a workplace where everyone feels valued, supported, and can thrive. We build an environment that welcomes a wide range of perspectives and experiences, with inclusion embedded in every aspect of our culture and reflected in everyday interactions. This comes to life through comprehensive benefits, workplace flexibility, professional development opportunities, and a host of opportunities provided through our Employee Resource Groups. Each employee plays a role in creating our inclusive culture, which supports every individual to do their best work. Together, we cultivate a community where everyone can make a meaningful impact for our business, our customers, and the communities we serve. We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being. To learn more about our benefit offerings please visit: *********************** Liberty Mutual is an equal opportunity employer. We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran's status, pregnancy, genetic information or on any basis prohibited by federal, state or local law. Fair Chance Notices California Los Angeles Incorporated Los Angeles Unincorporated Philadelphia San Francisco We can recommend jobs specifically for you! Click here to get started.

At WHOOP, we're on a mission to unlock human performance and healthspan. Our wearable technology provides personalized insights that help millions of members better understand their bodies and make smarter decisions about training, recovery, and lifestyle. WHOOP is seeking a Director of Information Security to lead the execution of the company's security engineering and security operations capabilities. This role is accountable for delivering reliable, scalable security programs aligned with business and regulatory requirements in a growing, regulated technology environment. The Director of Information Security will manage an existing security team, oversee the operating model for security engineering and ops, and partner closely with Product Security, Security Architecture, Engineering, IT, GRC, and Legal. This role carries direct accountability for team performance and operational outcomes and is expected to drive execution through metrics, documented processes, and automation.RESPONSIBILITIES: Lead the Information Security function with accountability for security engineering delivery, day-to-day security operations, and the evolving operating model as WHOOP grows and regulatory and risk requirements change Translate regulatory, privacy, and risk requirements into effective, auditable technical controls, partnering with Security Architecture to ensure execution aligns with secure-by-design principles and target-state architecture Own security operations including detection, response, escalation, incident follow-up, and operational readiness, serving as Incident Commander during security events and acting as on-call executive escalation outside of business hours as needed, coordinating internal teams, external partners, and managed security service providers Establish and maintain standard operating procedures, metrics, automation, and process improvements to measure effectiveness, reduce risk, and scale security operations reliably Own the security posture for enterprise and internal use of AI technologies, including guardrails for access, data handling, monitoring, auditability, and the secure adoption of AI-enabled workflows in partnership with Architecture, Product Security, IT, and Legal Directly manage information security managers and senior individual contributors, setting clear expectations for performance, documentation, and accountability, and partnering with the CISO on hiring strategy, team growth, and capability development Partner with GRC and Legal to support audits, assessments, and regulatory obligations, providing technical evidence and subject-matter expertise, and communicate clearly with senior leadership on risk posture, priorities, and program progress QUALIFICATIONS: 10+ years of experience in information security, security engineering, or security operations, including 5+ years managing managers and senior individual contributors; this role is not intended for first-time people managers Demonstrated experience hiring, developing, and holding high-performing security teams accountable through measurable goals, repeatable processes, and clear documentation Proven leadership during high-impact security incidents and crisis situations, including coordination across internal teams and external partners Experience partnering with managed security service providers to drive consistent, outcome-based security operations Strong ability to prioritize effectively and drive execution in complex, high-growth environments Experience designing, building, or scaling security programs grounded in metrics, automation, and operational rigor Familiarity with regulatory frameworks including HIPAA, GDPR, PCI, and emerging AI-related compliance requirements Experience supporting healthcare, biometric, or other health-adjacent data environments is preferred Background in high-growth technology organizations is preferred Security certifications such as CISSP, CISM, or equivalent are a plus This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office. Interested in the role, but don't meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply. WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. The WHOOP compensation philosophy is designed to attract, motivate, and retain exceptional talent by offering competitive base salaries, meaningful equity, and consistent pay practices that reflect our mission and core values. At WHOOP, we view total compensation as the combination of base salary, equity, and benefits, with equity serving as a key differentiator that aligns our employees with the long-term success of the company and allows every member of our corporate team to own part of WHOOP and share in the company's long-term growth and success. The U.S. base salary range for this full-time position is $190,000-$220,000. Salary ranges are determined by role, level, and location. Within each range, individual pay is based on factors such as job-related skills, experience, performance, and relevant education or training. In addition to the base salary, the successful candidate will also receive benefits and a generous equity package. These ranges may be modified in the future to reflect evolving market conditions and organizational needs. While most offers will typically fall toward the starting point of the range, total compensation will depend on the candidate's specific qualifications, expertise, and alignment with the role's requirements.

Senior Cyber Security Analyst is an experienced cyber security individual who maintains the security of an organization's technical environment. They study existing security hardware and software, evaluate new security options and makes recommendations for improvement. Senior Cyber Security Analyst also identifies weak spots in a cyber security system that may be breached and creates procedures to manage threats. Senior Cyber Security Analyst monitors networks for suspicious activity and potential cyber threats. They keep up on threat intelligence, install and maintain security software and encryption. They are responsible for aiding in the planning of security systems, implementing policy and identifying business processes that may violate intended and acceptable use policies. They monitor and remediate vulnerabilities. Senior Cyber Security Analyst works on advanced, complex technical projects or business issues requiring state of the art technical or industry knowledge. Duties and Responsibilities Responsibilities include, but are not limited to the following: Assist in developing, operating, and evolving Cloud Access Security solutions and capabilities Performs system security administration on designated technology platforms, including operating systems, applications and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines Performs installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems Performs threat and vulnerability assessments, followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities Research, recommend, and implement streamlined automation processes Develops and maintains documentation for security systems and procedures Conducts network monitoring and intrusion detection analysis using various computer network defense tools, such as intrusion detection/prevention systems, firewalls and host-based security systems Provide support to one or more projects simultaneously. Delivers projects on schedule Deploys cloud-centric detection to detect threats related to cloud environments and services used by the organization Assists and trains junior team members in the use of security tools, the preparation of security reports and the resolution of security issues Applies patches where appropriate and, removes or otherwise mitigates known control weaknesses, such as unnecessary services or applications or redundant user accounts, as a means of hardening systems in accordance with security policies and standards Correlates activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity Using threat intelligence information research emerging threats and vulnerabilities to aid in the identification of incidents Job Knowledge - Remains up-to-date in assigned area of responsibility: possesses skills and knowledge to perform job effectively; efficiently and safely; acquires, understands, and applies technical and professional information and skills; understands and adheres to policies and procedures Supports the creation of security incident response, business continuity/disaster recovery plans, including conducting tests, publishing test results and making changes necessary to address deficiencies Analyzes problems and alternative solutions and takes appropriate timely action to achieve desired business results. Seeks unique and novel solutions to problems and considers impact of final resolution Perform security standards testing against computers before implementation to ensure security Provide Key Performance Metrics to our Risk Management team to help coordinate risk tracking. Educate internal teams on information security best practices. Assist in technical audits of IT Systems and controls. Other duties as assigned. Corporate Compliance Responsibility - As an essential function, responsible for complying with Neighborhood's Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies and procedures as it applies to individual job duties, the department, and the Company. This position must exercise due diligence to prevent, detect and report unlawful and/or unethical conduct by fellow co-workers, professional affiliates and/or agents Qualifications Qualifications Required: Bachelor's degree in Computer Science or a related area and/or sufficient experience in IT Security to equate to the degree. Minimum 10 years' experience Information Systems Minimum 5 years' of Information Security Experience, working with vulnerability management tools (Application/Code vulnerability scanners). Minimum 5 years' experience working with DNS, routing, authentication, VPN, proxies, IDS/IPS, and DDOS mitigation technologies Strong analytical and problem-solving skills to enable effective security incident and problem resolution Strong knowledge of threats and common vulnerabilities associated with exploitation techniques. Hands on experience with Patch Management, and Encryption algorithms Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT-business personnel Knowledge of Microsoft Windows AD group policy management and WSUS integration Hands on experience with SIEM monitoring, Patch Management, and Encryption algorithms. Familiar with NIST, HiTrust, and CIS Critical Security Controls Demonstrated experience implementing or operation of security hardware or software. Demonstrated Knowledge of Azure AD and Office 365 Ability to articulate technical risk issues in business terms Ability to work well under minimal supervision Security Certification (CISSP, CCSP, GIAC, CISM) Experience scripting and automating (PowerShell, python) Demonstrated experience with strategic thinking and risk based decision making Preferred Knowledge of network infrastructure including routers, switches, firewalls, wireless, and associated protocols Knowledge of SCCM, Nutanix, VMware, Linux, Web and email content filtering, Signal Sciences, Rapid 7, CrowdSrike, CyberArk Strong understanding of TLS, HTTPS, SFTP, SSH, IPSec Neighborhood Health Plan of Rhode Island is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

Analysis Group is one of the largest international economics consulting firms, with more than 1,500 professionals across 15 offices in North America, Europe, and Asia. Since 1981, we have provided expertise in economics, finance, health care analytics, and strategy to top law firms, Fortune Global 500 companies, and government agencies worldwide. Our internal experts, together with our network of affiliated experts from academia, industry, and government, offer our clients exceptional breadth and depth of expertise. The Manager, Information Security Compliance and Risk is responsible for leading the firm's Governance, Risk, and Compliance (GRC) program, including regulatory compliance, enterprise risk management, and assurance activities that support client requirements and regulatory obligations. This role also serves as the primary owner of Information Security AI governance, ensuring that the firm's use of AI and machine learning technologies aligns with security, privacy, regulatory, and client expectations. The role manages a team of three Information Security Analysts and owns SOC 2 and ISO 27001 certification programs, while partnering closely with Legal, Compliance, Privacy, IT, and Security Engineering and Operations to ensure effective control design, evidence collection, risk management, and continuous improvement. Responsibilities: Governance and Compliance Leadership * Own and maintain the firm's information security governance framework, including policies, standards, and procedures. * Lead annual SOC 2 and ISO 27001 audit cycles, including audit readiness, evidence coordination, and remediation tracking. * Ensure ongoing compliance with client, regulatory, and contractual information security requirements. * Manage policy exceptions, risk acceptances, and documentation of compensating controls. Regulatory Authorization and Assurance * Lead the renewal and ongoing maintenance of government and client security authorizations, attestations, and approvals required for regulated engagements. * Coordinate cross-functional evidence collection and control validation to support authorization renewals and periodic reassessments. * Track authorization requirements, renewal timelines, and control changes to ensure continuous eligibility for regulated work. AI Security Governance * Lead the Information Security AI governance program, ensuring secure, responsible, and compliant use of AI technologies across the firm. * Partner with Legal, Privacy, Compliance, and business stakeholders to define and maintain AI security requirements, risk assessments, and usage standards. * Establish and maintain security controls for AI-enabled tools, including data handling, access controls, model usage restrictions, and third-party AI risk. * Support client and regulatory inquiries related to AI security posture and governance practices. * Track emerging AI-related regulatory and security requirements and assess their impact on firm policies and controls. Risk Management * Maintain and mature the enterprise information security risk register. * Facilitate periodic risk assessments, including risks associated with AI usage, data processing, and third-party technologies. * Develop and report meaningful risk metrics and dashboards for leadership review. * Translate technical and operational risks into clear business-impact language. Third-Party and Emerging Risk Governance * Oversee third-party security risk management in partnership with Legal. * Lead structured reviews of vendor security posture, including AI and SaaS providers. * Track remediation plans and ongoing monitoring of third-party and AI-related risks. Audit and Assurance Coordination * Serve as the primary liaison for internal and external audits related to information security. * Coordinate evidence collection across IT, Security Engineering, Privacy, and business stakeholders. * Track findings, corrective actions, and continuous improvement initiatives. Team Leadership * Directly manage three Information Security Analysts. * Set priorities, provide mentorship, and support professional development. * Establish consistent processes, documentation standards, and performance expectations across the GRC function. Cross-Functional Collaboration * Partner closely with Security Engineering and Operations to align governance requirements with technical controls. * Work with Legal, Compliance, Privacy, and Data Science teams on regulatory interpretation and AI governance requirements. * Support client security inquiries, assessments, and due diligence requests. Expected Outcomes * Sustained audit readiness for SOC 2 and ISO 27001 with minimal disruption. * Clear, measurable visibility into information security and AI-related risk posture. * Consistent, scalable governance processes supporting firm growth and responsible AI adoption. * Strong alignment between governance requirements and operational security controls. Qualifications & Skills * Bachelor's degree required; degree in information security, risk management, or a related field preferred. * 7 to 10 years of experience in information security, GRC, audit, or risk management required. * Prior experience managing SOC 2 and or ISO 27001 programs required. * Demonstrated people management or team leadership experience. * Professional certifications such as CISSP, CISM, CRISC, CGRC, or ISO 27001 Lead Implementer or Auditor. * Experience with GRC platforms and risk management tooling. * Experience supporting AI governance, data governance, or emerging technology risk programs. * Experience supporting client-driven security assessments in a professional services environment. * An inclusive and growth-oriented mindset, strong interpersonal skills, and an ability to work across differences. * To the extent permitted by applicable law, eligible candidates must be authorized to work in the United States without sponsorship or restriction, now and in the future. Analysis Group embraces equal opportunity. We are committed to building teams that bring a variety of backgrounds, perspectives, and skills, as we believe that a strong and inclusive workforce directly supports our goal of providing the highest-quality work. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other class protected under applicable federal, state, or local law, and we encourage candidates of all backgrounds to apply. Analysis Group offers competitive compensation and a comprehensive benefits package. The estimated salary range for this position is $175,000-$200,000. Compensation offered will be based on a number of factors including work experience, education, and skill level. This role is eligible for a discretionary annual bonus that is determined in large part by individual performance. To learn more about our benefit offerings, click here. #LI-Hybrid Privacy Notice For information about Analysis Group's privacy practices, please refer to the applicable Analysis Group privacy policy. * Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. * Please view the EEOC's "Know Your Rights" poster here.

We are seeking a detail-oriented and highly skilled Security Analyst to join our team in Boston and shape the future of Cybersecurity. As a Security Analyst at 7AI, you will leverage your expertise of the security landscape to review and analyze AI Agent investigations, ensuring accuracy and completeness, ultimately helping to build our multi-agent platform. You will be integral in building and maintaining the reliability of our AI Agents, working in tandem with Engineering and Product to inform our roadmap as we build. If you want to build the next generation of Cybersecurity and put AI in the hands of defenders, please apply below. Key Responsibilities: Review and validate alerts and investigations completed by the AI Agents for accuracy and completeness. Collaborate with the Engineering and Product teams to provide feedback and assist in optimizing the AI platform. Develop internal playbooks, standard operating procedures and tools that will guide the AI Agents to perform quality investigations. Stay current with emerging cybersecurity trends, vulnerabilities, and new attack techniques, especially the field of AI-driven attacks. Investigate flagged security incidents, analyzing potential threats and confirming the findings generated by AI. Recommend mitigation strategies and remediation steps to train the AI to reduce the threat surface. Correlate findings from multiple sources, including network logs, endpoint data, and threat intelligence, to validate AI-generated reports. Assist with ongoing threat monitoring, triage, and prioritization of security incidents. Required Qualifications: 4+ years of experience in a Security Analyst or similar role within the cybersecurity field. Hands-on experience with incident response for Cloud and Identity alerts, and at least two of Email, EDR, Threat Intel and Networking alerts. Strong understanding of security monitoring tools and techniques (SIEM, IDS/IPS, IDP, etc.). Experience analyzing and investigating security alerts from multiple sources, including intrusion detection systems, network monitoring tools, and endpoint protection platforms. Familiarity with the latest cybersecurity threats, attack vectors, and vulnerabilities. Strong analytical and problem-solving skills, with the ability to verify AI-driven analysis and make independent security decisions. Scripting experience with languages such as Python Data querying experience with SIEM technologies (SPL, KQL, FQL, SQL, etc).

Job Description At OneStudyTeam (a Reify Health company), we specialize in speeding up clinical trials and increasing the chance of new therapies being approved with the ultimate goal of improving patient outcomes. Our cloud-based platform, StudyTeam, brings research site workflows online and enables sites, sponsors, and other key stakeholders to work together more effectively. StudyTeam is trusted by the largest global biopharmaceutical companies, used in over 6,000 research sites, and is available in over 100 countries. Join us in our mission to advance clinical research and improve patient care. One mission. One team. That's OneStudyTeam. We are seeking a Senior Security Compliance Analyst with expertise in Governance, Risk, and Compliance (GRC) to support and enhance our security and compliance programs within the healthcare industry. This role is critical in ensuring adherence to industry regulations, responding to customer audits, and maintaining compliance with ISO 27001, HIPAA, and other security frameworks. The ideal candidate will be a detail-oriented compliance expert who can navigate complex regulatory environments, assist with internal/external audits, and drive continuous improvement in security governance. The ideal candidate must be able to operate independently while delivering on the following duties. What You'll Be Working On: Lead and support customer security audits, responding to security questionnaires and demonstrating compliance with security frameworks. Prepare, coordinate, and manage ISO 27001 audits, including evidence collection, control implementation, and auditor engagement. Ensure ongoing compliance with HIPAA, NIST CSF, and other regulatory requirements applicable to healthcare data security. Develop and maintain policies, procedures, and security documentation to meet regulatory and contractual obligations. Perform gap analyses and risk assessments to identify and remediate compliance risks. Manage and improve security governance frameworks, ensuring alignment with industry best practices and business objectives. Conduct third-party vendor risk assessments, ensuring compliance with security policies and contractual obligations. Monitor security controls, ensuring effectiveness and continuous improvement in alignment with security frameworks. Support security awareness training initiatives, ensuring employees understand compliance responsibilities. Stay current on ISO 27001, HIPAA, NIST 800-53, and other relevant standards, translating them into actionable security controls. Assist in defining security metrics and reporting on compliance status and risk posture to leadership. Work closely with legal, security, IT, and business teams to align compliance requirements with security operations. What You'll Bring to OneStudyTeam: Bachelor's degree in Information Security, Computer Science, Risk Management, or related field (or equivalent experience). 8+ years of progressive experience in GRC, compliance, or security audit roles. Experience in healthcare or regulated industries strongly preferred. Certifications strongly preferred: ISO 27001 Lead Auditor/Implementer, CISSP, CISM, CISA, HITRUST CCSFP, CRISC. Experience leading ISO 27001, SOC2, or HITRUST audits, including ISMS implementation and external audit coordination. Strong understanding of NIST CSF, SOC 2, GDPR, and other security frameworks. Hands-on experience with customer security audits, including responding to security questionnaires and managing security assessments. Ability to perform risk assessments, policy reviews, and compliance gap analyses. Strong written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders. Detail-oriented with excellent organizational and project management skills. Ability to work independently and collaboratively in a remote environment. Familiarity with GRC tools (e.g., OneTrust, LogicGate, Archer, Vanta, Drata) is a plus. We value diversity and believe the unique contributions each of us brings drives our success. We do not discriminate on the basis of race, sex, religion, color, national origin, gender identity, age, marital status, veteran status, or disability status. Note: OneStudyTeam is unable to sponsor work visas at this time. If you are a non-U.S. resident applicant, please note that OneStudyTeam works with a Professional Employer Organization. As a condition of employment, you will abide by all organizational security and privacy policies. This organization participates in E-Verify (E-Verify's Right to Work guidance can be found here).

Type of Requisition: Regular Clearance Level Must Currently Possess: Top Secret/SCI Clearance Level Must Be Able to Obtain: Top Secret SCI + Polygraph Public Trust/Other Required: None Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Information Security, Information Security Management, Information System Security Certifications: None Experience: 5 + years of related experience US Citizenship Required: Yes Job Description: The Information Systems Security Officer (ISSO) III is responsible for ensuring the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the ISSM and ISO. The position shall have the detailed knowledge and expertise required to manage the security aspects of an information system and, in many organizations, is assigned responsibility for the day-to-day security operations of a system. This will include physical and environmental protection, personnel security, incident handling, and security training and awareness. It will be required to work in close coordination with the ISSM and ISO in monitoring the information system(s) and its environment of operation to include developing and updating the authorization documentation, implementing configuration management across authorization boundaries. This will include assessing the security impact of those changes and making recommendation to the ISSM. The primary function is working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments efforts. The position will provide “day-to-day” support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities. Performance shall include: Assist the ISSM in meeting their duties and responsibilities. Prepare, review, and update authorization packages. Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media. Notify ISSM when changes occur that might affect the authorization determination of the information system(s). Conduct periodic reviews of information systems to ensure compliance with the security authorization package. Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change. Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly. Ensure all IS security-related documentation is current and accessible to properly authorized individuals. Ensure audit records are collected, reviewed, and documented (to include any anomalies) Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties. Execute the cyber security portion of the self-inspection, to include security coordination and review of all system assessment plans. Identify cyber security vulnerabilities and assist with the implementation of the countermeasures for them. Prepare reports on the status of security safeguards applied to computer systems. Perform ISSO duties in support of in-house and external customers. Conduct continuous monitoring activities for authorization boundaries under your preview. Assist Department of Defense, National Agency and Contractor organizations with the development of assessment and authorization (A&A) efforts. Experience: 5+ years related experience, especially in developing RMF packages or bodies of evidence. 2+ years SAP experience required. Prior performance in roles such as System, Network Administrator or ISSO. Education: Bachelor's degree OR Associate's degree in a related area + 2 years' experience OR equivalent experience (4 years) Certifications: IAT Level II ( Security+ CE, CCNA Security, etc) or IAM Level II . Clearance Required to Start: TS/SCI required. . Must be able to Attain - TS/SCI with CI Polygraph. #AirforceSAPOpportunities #ISSO III The likely salary range for this position is $102,000 - $138,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: 10-25% Telecommuting Options: Onsite Work Location: USA MA Bedford Additional Work Locations: USA MA Avon, USA MA Boston, USA MA Braintree, USA MA Burlington, USA MA Cambridge, USA MA Fort Devens, USA MA Hanscom AFB, USA MA Norwood, USA MA Peabody, USA MA Quincy, USA MA Taunton, USA MA Waltham, USA MA Westwood Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

Type of Requisition: Regular Clearance Level Must Currently Possess: Top Secret/SCI Clearance Level Must Be Able to Obtain: Top Secret SCI + Polygraph Public Trust/Other Required: None Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Information Security, Information Security Management, Information System Security Certifications: None Experience: 2 + years of related experience US Citizenship Required: Yes Job Description: The ISSO is responsible for ensuring the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the ISSM and ISO. The position shall have the detailed knowledge and expertise required to manage the security aspects of an information system and, in many organizations, is assigned responsibility for the day-to-day security operations of a system. This also will include physical and environmental protection, personnel security, incident handling, and security training and awareness. It will be required to work in close coordination with the ISSM and ISO in monitoring the information system(s) and its environment of operation to include developing and updating the authorization documentation, implementing configuration management across authorization boundaries. This will include assessing the security impact of those changes and making recommendation to the ISSM. The primary function is working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments efforts. The position will provide “day-to-day” support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities. Performance shall include: Assist the ISSM in meeting their duties and responsibilities. Prepare, review, and update authorization packages. Ensure approved procedures are in place for clearing, sanitizing, and destroying various types of hardware and media. Notify ISSM when changes occur that might affect the authorization determination of the information system(s). Conduct periodic reviews of information systems to ensure compliance with the security authorization package. Coordinate any changes or modifications to hardware, software, or firmware of a system with the ISSM and AO/DAO prior to the change. Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly. Ensure all IS security-related documentation is current and accessible to properly authorized individuals. Ensure audit records are collected, reviewed, and documented (to include any anomalies) Attend required technical and security training (e.g., operating system, networking, security management) relative to assigned duties. Execute the cyber security portion of the self-inspection, to include providing security coordination and review of all system assessment plans. Identify cyber security vulnerabilities and assist with the implementation of the countermeasures for them. Prepare reports on the status of security safeguards applied to computer systems. Perform ISSO duties in support of in-house and external customers. Conduct security impact analysis activities and provide to the ISSM on all configuration management changes to the authorization boundaries. Experience: 2+ years related experience. SAP experience required. Prior performance in roles such as System, Network Administrator, or ISSO. Education: Bachelor's degree OR Associate's degree in a related area + 2 years' experience OR equivalent experience (4 years) Certifications: IAT Level II or IAM Level II (Security+ CE, CCNA Security, etc.) Security Clearance: TS/SCI required. Must be able to Attain - TS/SCI with CI Poly. #AirforceSAPOpportunities #ISSO The likely salary range for this position is $95,285 - $128,915. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: 10-25% Telecommuting Options: Onsite Work Location: USA MA Boston Additional Work Locations: USA MA Avon, USA MA Braintree, USA MA Burlington, USA MA Cambridge, USA MA Fort Devens, USA MA Norwood, USA MA Peabody, USA MA Quincy, USA MA Taunton, USA MA Waltham, USA MA Westwood Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

Analysis Group is one of the largest international economics consulting firms, with more than 1,500 professionals across 15 offices in North America, Europe, and Asia. Since 1981, we have provided expertise in economics, finance, health care analytics, and strategy to top law firms, Fortune Global 500 companies, and government agencies worldwide. Our internal experts, together with our network of affiliated experts from academia, industry, and government, offer our clients exceptional breadth and depth of expertise. The Manager, Information Security Compliance and Risk is responsible for leading the firm's Governance, Risk, and Compliance (GRC) program, including regulatory compliance, enterprise risk management, and assurance activities that support client requirements and regulatory obligations. This role also serves as the primary owner of Information Security AI governance, ensuring that the firm's use of AI and machine learning technologies aligns with security, privacy, regulatory, and client expectations. The role manages a team of three Information Security Analysts and owns SOC 2 and ISO 27001 certification programs, while partnering closely with Legal, Compliance, Privacy, IT, and Security Engineering and Operations to ensure effective control design, evidence collection, risk management, and continuous improvement. Responsibilities: Governance and Compliance Leadership Own and maintain the firm's information security governance framework, including policies, standards, and procedures. Lead annual SOC 2 and ISO 27001 audit cycles, including audit readiness, evidence coordination, and remediation tracking. Ensure ongoing compliance with client, regulatory, and contractual information security requirements. Manage policy exceptions, risk acceptances, and documentation of compensating controls. Regulatory Authorization and Assurance Lead the renewal and ongoing maintenance of government and client security authorizations, attestations, and approvals required for regulated engagements. Coordinate cross-functional evidence collection and control validation to support authorization renewals and periodic reassessments. Track authorization requirements, renewal timelines, and control changes to ensure continuous eligibility for regulated work. AI Security Governance Lead the Information Security AI governance program, ensuring secure, responsible, and compliant use of AI technologies across the firm. Partner with Legal, Privacy, Compliance, and business stakeholders to define and maintain AI security requirements, risk assessments, and usage standards. Establish and maintain security controls for AI-enabled tools, including data handling, access controls, model usage restrictions, and third-party AI risk. Support client and regulatory inquiries related to AI security posture and governance practices. Track emerging AI-related regulatory and security requirements and assess their impact on firm policies and controls. Risk Management Maintain and mature the enterprise information security risk register. Facilitate periodic risk assessments, including risks associated with AI usage, data processing, and third-party technologies. Develop and report meaningful risk metrics and dashboards for leadership review. Translate technical and operational risks into clear business-impact language. Third-Party and Emerging Risk Governance Oversee third-party security risk management in partnership with Legal. Lead structured reviews of vendor security posture, including AI and SaaS providers. Track remediation plans and ongoing monitoring of third-party and AI-related risks. Audit and Assurance Coordination Serve as the primary liaison for internal and external audits related to information security. Coordinate evidence collection across IT, Security Engineering, Privacy, and business stakeholders. Track findings, corrective actions, and continuous improvement initiatives. Team Leadership Directly manage three Information Security Analysts. Set priorities, provide mentorship, and support professional development. Establish consistent processes, documentation standards, and performance expectations across the GRC function. Cross-Functional Collaboration Partner closely with Security Engineering and Operations to align governance requirements with technical controls. Work with Legal, Compliance, Privacy, and Data Science teams on regulatory interpretation and AI governance requirements. Support client security inquiries, assessments, and due diligence requests. Expected Outcomes Sustained audit readiness for SOC 2 and ISO 27001 with minimal disruption. Clear, measurable visibility into information security and AI-related risk posture. Consistent, scalable governance processes supporting firm growth and responsible AI adoption. Strong alignment between governance requirements and operational security controls. Qualifications & Skills Bachelor's degree required; degree in information security, risk management, or a related field preferred. 7 to 10 years of experience in information security, GRC, audit, or risk management required. Prior experience managing SOC 2 and or ISO 27001 programs required. Demonstrated people management or team leadership experience. Professional certifications such as CISSP, CISM, CRISC, CGRC, or ISO 27001 Lead Implementer or Auditor. Experience with GRC platforms and risk management tooling. Experience supporting AI governance, data governance, or emerging technology risk programs. Experience supporting client-driven security assessments in a professional services environment. An inclusive and growth-oriented mindset, strong interpersonal skills, and an ability to work across differences. To the extent permitted by applicable law, eligible candidates must be authorized to work in the United States without sponsorship or restriction, now and in the future. Analysis Group embraces equal opportunity. We are committed to building teams that bring a variety of backgrounds, perspectives, and skills, as we believe that a strong and inclusive workforce directly supports our goal of providing the highest-quality work. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other class protected under applicable federal, state, or local law, and we encourage candidates of all backgrounds to apply. Analysis Group offers competitive compensation and a comprehensive benefits package. The estimated salary range for this position is $175,000-$200,000. Compensation offered will be based on a number of factors including work experience, education, and skill level. This role is eligible for a discretionary annual bonus that is determined in large part by individual performance. To learn more about our benefit offerings, click here. #LI-Hybrid Privacy Notice For information about Analysis Group's privacy practices, please refer to the applicable Analysis Group privacy policy. Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities. Please view the EEOC's “Know Your Rights” poster here.

Basic Qualifications RRequires a Bachelor's degree in Systems Engineering, or a related Science, Engineering, Technology or Mathematics field. Also requires 5+ years of job-related experience, or a Master's degree plus 3 years of job-related experience. Agile experience preferred. CLEARANCE REQUIREMENTS: Department of Defense Secret security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibilityrequirements for access to classified information. Due to the nature of work performed within our facilities, U.S.citizenship is required. Responsibilities for this Position We are seeking a Systems Security Engineer who has experience in the design and development of NSA-certified Cybersecurity devices. Key Responsibilities: Design and develop specifications for mission-critical NSA-certified Cybersecurity devices Collaborate with software and validation engineering teams to deliver high-speed data solutions Develop real-time multi-threaded Embedded System architecture using Model-based Systems Engineering (MBSE) tools and techniques Analyze and maintain system security requirements throughout product development lifecycle Conduct trade studies, perform functional analysis, and design system security. Preferred Skills and Experiences: NSA approved Cryptography/Encryption Security requirements analysis Real-Time multi-threaded Embedded System architecture and development Model-based Systems Engineering (MBSE) CISSP certification or similar INCOSE ASEP, CSEP, or ESEP certification We value candidates who possess: Drive to expand knowledge and experience in designing complex systems Ability to define project scope, schedule, and expected results Initiative to complete assignments and ability to engage in technical direction and leadership Our Commitment to You: An exciting career path with opportunities for continuous learning and development Research-oriented work with award-winning teams Competitive benefits package #CJ3 Salary Note This estimate represents the typical salary range for this position based on experience and other factors (geographic location, etc.). Actual pay may vary. This job posting will remain open until the position is filled. Combined Salary Range USD $124,397.00 - USD $138,003.00 /Yr. Company Overview General Dynamics Mission Systems (GDMS) engineers a diverse portfolio of high technology solutions, products and services that enable customers to successfully execute missions across all domains of operation. With a global team of 12,000+ top professionals, we partner with the best in industry to expand the bounds of innovation in the defense and scientific arenas. Given the nature of our work and who we are, we value trust, honesty, alignment and transparency. We offer highly competitive benefits and pride ourselves in being a great place to work with a shared sense of purpose. You will also enjoy a flexible work environment where contributions are recognized and rewarded. If who we are and what we do resonates with you, we invite you to join our high-performance team! Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

Job DescriptionISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Woods Hole Oceanographic Institution is searching for a highly skilled and cleared Information System Security Officer (ISSO) / Classified Systems Information Assurance Analyst to join our team, focusing exclusively on the security of classified information systems and networks. This critical role is responsible for ensuring the confidentiality, integrity, and availability of sensitive government information in accordance with stringent U.S. government (USG) security directives. The ISSO will be instrumental in the authorization and accreditation(A&A) process, continuous monitoring, incident response, and the implementation of robust security controls for classified environments. The ideal candidate will possess a deep understanding of relevant security frameworks, policies, and a proven track record of maintaining secure classified systems. This is a regular, full-time, exempt position, and is eligible for full benefits. ESSENTIAL FUNCTIONS Authorization & Accreditation (A&A) / Risk Management Framework (RMF): Lead or support the development, review, and submission of comprehensive security authorization packages (e.g., System Security Plans (SSPs), Risk Assessment Reports, Contingency Plans, Plan of Action and Milestones (POA&Ms)) for classified systems. Ensure all classified systems maintain an Authority to Operate (ATO), Interim Authority to Test (IATT), or Authority to Connect (ATC) in accordance with RMF or legacy A&A processes (e.g., DIACAP). Interpret and apply USG security policies, regulations, and guidelines, including but not limited to: NISPOM, DoD Instruction 8500.01, NIST SP 800-53, DCID 6/3, ICD 503, JSIG, and DISA STIGs. Security Control Implementation & Enforcement: Design, implement, and maintain security controls specific to classified systems, including secure configurations, access controls, auditing, media control, and classified spillage prevention/response. Configure and manage specialized security tools relevant to classified environments (e.g., Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), Data Loss Prevention (DLP) solutions). Perform rigorous hardening of operating systems (Windows, Linux), applications, and network devices based on DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs). Vulnerability Management & Continuous Monitoring: Conduct vulnerability scans, analyze results, and work with system administrators to remediate security weaknesses on classified systems. Oversee and perform continuous monitoring activities, including reviewing audit logs, security events, and system alerts for anomalous behavior. Track and ensure compliance with Information Assurance Vulnerability Management (IAVM) directives. Incident Response & Classified Spillage: Act as a primary point of contact and lead for security incidents and classified spillage events on assigned systems. Execute incident response procedures, including containment, eradication, recovery, and detailed reporting to relevant government authorities. Participate in forensic investigations as required for classified incidents. Compliance & Audit Support: Maintain meticulous documentation of all security artifacts, configurations, policies, and procedures for classified systems. Support internal and external security inspections, audits, and assessments by government agencies (e.g., DCSA, DSS, NSA). Develop and implement standard operating procedures (SOPs) for the secure operation of classified systems. User Training & Guidance: Provide guidance and training to users on proper handling, marking, and safeguarding of classified information and operation of classified systems. Ensure all personnel accessing classified systems meet training requirements (e.g., security awareness, insider threat). Configuration Management: Manage and control changes to the hardware, software, and firmware of classified systems to maintain their security posture and accreditation. MINIMUM QUALIFICATIONS Security Clearance: Active U.S. Government Security Clearance required at the SECRET level or above. Education: Bachelor's degree in Computer Science, Information Security, Cybersecurity, or equivalent experience. Experience: 5 years of dedicated experience in Information Assurance/Cybersecurity within classified government or defense environments. Demonstrable expertise in the Risk Management Framework (RMF) or equivalent A&A processes (e.g., DIACAP). Hands-on experience with security tools and technologies used in classified environments (e.g., ACAS, HBSS, SIEM, dedicated firewalls). Proven experience with DISA STIGs and their application to various operating systems and applications. Technical Skills: Strong understanding of network protocols, operating systems (Windows, Linux/Unix), and virtualized environments in a classified context. Experience with encryption technologies and COMSEC devices. Knowledge of scripting languages (e.g., PowerShell, Python, Bash) for automation and auditing is a plus. Desired Certifications: CISSP (Certified Information Systems Security Professional) DoD 8570.01-M IAT Level II (e.g., CompTIA Security+, CySA+, CCNA Security, SSCP) or higher (IAM Level I, II, or III). GIAC Certifications relevant to incident handling, forensics, or security auditing (e.g., GCIH, GCFA, GCCC, GSNA) Additional Job Requirements Salary Range: $114,000 to $148,000 USD The salary range provided for this position reflects the expected minimum and maximum base pay for new hires. Actual compensation will be determined based on factors such as relevant skills, experience, and qualifications, as well as internal equity and market conditions. In addition to base salary, eligible employees also receive a comprehensive benefits package. WHOI accepts applications on a rolling basis - applications will be reviewed as they are received, and we encourage you to submit your application as soon as possible to ensure full consideration. While we will continue to review applications until the position is filled, and early applicants may have an advantage in the selection process. EEO Statement Woods Hole Oceanographic Institution (WHOI) provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

GE Aviation Systems - Edison Works in Lynn, MA is seeking an Information System Security Manager (ISSM) in support of US Government (USG), Department of Defense (DoD) activities. In this role, the successful candidate will be supporting and managing information systems security for multiple USG classified systems and networks and for various programs and sponsors. The successful candidate is expected to have a working knowledge of National Institute of Standards and Technology (NIST) information system protection policies and Risk Management Framework (RMF) procedures and tools as prescribed within the Defense Counterintelligence and Security Agency (DCSA), DCSA Assessment and Authorization Manual (DAAPM) and as they apply to various defense industry implementations. Job Description Job Title: Information Systems Security Officer (ISSO) Company Intro/About Us: GE Aerospace is a world-leading provider of jet engines, components, and integrated systems for commercial and military aircraft. At GE Aerospace, we are committed to pushing the boundaries of technology to deliver innovative solutions that power the future of flight. Working here means being part of a team that values safety, quality, delivery, and cost (SQDC), with safety always being the top priority. Our culture fosters collaboration, respect, and continuous improvement, ensuring every employee has the opportunity to thrive. Site, Business, OR Functional Area Overview: At InsertSite/FunctionalArea, you'll be part of a dynamic team dedicated to ensuring the security and compliance of classified systems and networks. We pride ourselves on fostering a culture of respect, innovation, and teamwork, where employees are empowered to make meaningful contributions. With competitive benefits and a focus on professional growth, this is a place where your career can truly take off. Role Overview: As an Information Systems Security Officer (ISSO), you will play a critical role in implementing and maintaining the cybersecurity compliance of classified systems and networks under the direction of the Information Systems Security Manager (ISSM). This position is on−site and involves working both independently and collaboratively with cross functional teams to execute day‑to‑day cybersecurity program elements. Your work will directly support GE Aerospace's mission of delivering secure and compliant solutions to our customers. Key Responsibilities Area ISSO-Focused Responsibilities Compliance Support certification of IT assets prior to submission to DCSA for accreditation and help ensure compliance with applicable policy documents, under the guidance of the ISSM. Control implementation Assist in designing, implementing, and maintaining solutions that conform to information system security control requirements after system or network categorization. Security tools Utilize tools such as STIG, SCAP, SPLUNK, MS Log Parser, and others to help configure, monitor, and review systems and networks. Audit and monitoring Configure and/or operate audit tools and review security logs to identify anomalies, vulnerabilities, and system errors, escalating issues to the ISSM when needed. Configuration compliance Help ensure system and network configurations meet USG regulatory compliance requirements and document deviations for remediation. A&A support Support system certification and accreditation planning and testing activities to enable formal USG Assessment and Authorization (A&A). DocumentationDevelop, maintain, and update system accreditation documentation, including system security plans, risk assessments, hardware/software lists, and plan of actions and milestones, in coordination with the ISSM. Continuous monitoring Execute elements of the continuous monitoring plan, document results, and report on findings to validate information protection effectiveness. Program support Provide support and backup coverage to special access programs as needed, working closely with the ISSM and broader security team. IT collaboration Collaborate with IT personnel to support secure systems operations, maintenance, and licensing compliance. User support Assist users with account validation, vulnerability remediation actions, and IT security briefings. The Ideal Candidate The ideal candidate is a detail-oriented cybersecurity professional with strong documentation skills and a passion for maintaining secure systems operations. They thrive in a collaborative environment, are comfortable following established processes and standards, and are committed to delivering high-quality results while adhering to federal security requirements and guidance from the ISSM. Required Qualifications CategoryRequirement ClearanceCurrent/Active DoD Secret clearance (adjudicated within the last six years) with the ability to obtain and maintain up to TS. Education/ExperienceBachelor's degree in computer science, information systems security, or a minimum of 4-6 years of experience in a cybersecurity-related field. Technical skills Strong knowledge of Microsoft Office and documentation creation/maintenance. OS experience Experience with recent Windows operating systems. Regulatory knowledge Familiarity with federal security requirements and mandates (e.g., RMF, NISPOM/DAAPM). STIG experience Experience implementing DISA Security Technical Implementation Guides (STIG). CertificationCompTIA Security+ certification or other DoD 8570/8140 IAT II or IAM I-II equivalent qualifications. Soft skills Strong organizational, time management, and scheduling skills; ability to work independently and collaboratively in a diversified environment. COMSECWorking knowledge of Communications Security (COMSEC) equipment and administration (or willingness to obtain). Preferred Qualifications CategoryPreferred Background DoD 8570/8140IAT II, IAT III, IAM II, or higher certifications IAW DoD 8570/8140 qualifications. Networking & crypto Certifications or experience in local area networks, network appliances, and cryptography. PlatformsCisco, Linux, and VMware experience. ToolsWorking experience with eMASS. RMFKnowledge of DoD RMF requirements and implementations per DAAPM and/or JSIG. Physical security Familiarity with physical security principles and apparatus. SCAP & STIGExperience using SCAP tools to verify STIG implementation. Data protection Knowledge of data backup strategies and secure data handling practices. Additional Information The base pay range for this position is $127,300.00-$169,700.00. The specific pay offered may be influenced by a variety of factors, including the candidate's experience, education, and skill set. This position is also eligible for an annual discretionary bonus based on a percentage of your base salary/commission based on the plan. This posting is expected to close on February 3rd, 2026. GE Aerospace offers comprehensive benefits and programs to support your health and, along with programs like HealthAhead, your physical, emotional, financial and social wellbeing. Healthcare benefits include medical, dental, vision, and prescription drug coverage, access to a Health Coach from GE Aerospace, and the Employee Assistance Program, which provides 24/7 confidential assessment, counseling and referral services. Retirement benefits include the GE Aerospace Retirement Savings Plan, a 401(k) savings plan with company matching contributions and company retirement contributions, as well as access to Fidelity resources and planning consultants. Other benefits include tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, and paid time off for vacation or illness. GE Aerospace (General Electric Company or the Company) and its affiliates each sponsor certain employee benefit plans or programs (i.e., is a "Sponsor"). Each Sponsor reserves the right to terminate, amend, suspend, replace or modify its benefit plans and programs at any time and for any reason, in its sole discretion. No individual has a vested right to any benefit under a Sponsor's welfare benefit plan or program. This document does not create a contract of employment with any individual. 2023 GE Aerospace and/or its affiliates. All rights reserved. Attorney-Client Privileged Closing: At GE Aerospace, we are committed to fostering a diverse and inclusive workplace. Join us and be part of a team that is shaping the future of flight. Export Control Language: GE Aerospace will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen. This role requires access to U.S. export-controlled information. Therefore, employment will be contingent upon the ability to prove that you meet the status of a U.S. Person as one of the following: U.S. lawful permanent resident, U.S. Citizen, have been granted asylee or refugee status (i.e., a protected individual under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)). Additional Information GE Aerospace offers a great work environment, professional development, challenging careers, and competitive compensation. GE Aerospace is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. GE Aerospace will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). Relocation Assistance Provided: Yes

**Country:** United States of America ** Onsite **U.S. Citizen, U.S. Person, or Immigration Status Requirements:** Active and transferable U.S. government issued security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance **Security Clearance Type:** Secret - Current **Security Clearance Status:** Active and existing security clearance required on day 1 At Raytheon, the foundation of everything we do is rooted in our values and a higher calling - to help our nation and allies defend freedoms and deter aggression. We bring the strength of more than 100 years of experience and renowned engineering expertise to meet the needs of today's mission and stay ahead of tomorrow's threat. Our team solves tough, meaningful problems that create a safer, more secure world. Raytheon is seeking a well-qualified **Systems Security Engineer II (P2)** to join our elite Systems Security Engineering (SSE) team for the Systems Directorate in developing solutions to protect the Warfighter's technology advantage. Systems Security Engineering creates holistic security solutions leveraging Cyber Security, Software Assurance and Supply Chain Risk Management to support Program Protection Implementation on embedded weapons systems. Join our highly visible team and perform technically challenging assignments, which will directly contribute to protecting our nation and our Warfighters. This is an onsite position at Raytheon in Portsmouth, RI. **What You Will Do** + Support the development of cybersecurity requirements, design and architecture artifacts, plans, and policies. + Support security development and test efforts implementation of security controls of networking devices, databases, operating systems, and hardware and software component + Implement proper cybersecurity controls + Integrate cybersecurity development activities **Qualifications You Must Have** + Typically requires a Bachelor's Degree in Science, Technology, Engineering or Mathematics (STEM) and 2 years of prior relevant experience + Active and transferable U.S. government issued Secret security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance + Experience working in the Naval industry **Qualifications We Prefer** + Experience in Cybersecurity Engineering + Usage of information security toolsets including anti-virus, Vulnerability Assessment, HIDS/ NIDS. host-based or endpoint security solutions, Multi-Factor Authentication (MFA), and Security Incident and Event Management (SIEM) and centralized auditing tools familiarity with splunk is preferred + Linux Bash scripting or Python scripting experience + Experience with National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) + DoDI 8570.01-M IAT Level-II Compliant Certification (e.g. Security+, CISSP, or equivalent) + Security systems engineering involving various computer hardware and software S/W operating system and application solutions in both a stand-alone and in LAN/WAN configurations + Experience with IT and/or network and system security administration, including operating system security configuration and account management best practices for UNIX, MS Windows, Red Hat Enterprise Linux, and CISCO systems **What We Offer** + Our values drive our actions, behaviors, and performance with a vision for a safer, more connected world. At RTX we value: Trust, Respect, Accountability, Collaboration, and Innovation + Relocation Eligible - Relocation assistance is available **_As part of our commitment to maintaining a secure hiring process, candidates may be asked to attend select steps of the interview process in-person at one of our office locations, regardless of whether the role is designated as on-site, hybrid or remote._** The salary range for this role is 68,900 USD - 131,100 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate's work experience, location, education/training, and key skills. Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement. Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company's performance. This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply. RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window. _RTX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or veteran status, or any other applicable state or federal protected class. RTX provides affirmative action in employment for qualified Individuals with a Disability and Protected Veterans in compliance with Section 503 of the Rehabilitation Act and the Vietnam Era Veterans' Readjustment Assistance Act._ **Privacy Policy and Terms:** Click on this link (******************************************************** to read the Policy and Terms Raytheon Technologies is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

A leading automotive service company in Downtown Boston seeks a dedicated Senior Security Engineer to safeguard its web and mobile applications, manage various security incidents, and ensure compliance with safety standards. This role requires collaboration across teams to implement defense strategies and educate staff on security practices. Self-starters with expertise in threat management and a solid understanding of compliance frameworks will thrive in this vibrant environment. Join the mission to revolutionize car ownership and enjoy competitive pay and exceptional benefits. #J-18808-Ljbffr