Information security analyst jobs in Rogers, AR - 386 jobs

Title: Sr Information Security Analyst Salary: $100K Job Summary: As a member of the Information Security team, responsibilities include manages and mitigates information security risk by identifying, evaluating, assessing, designing, monitoring, administering, reporting and implementing systems, policies and processes. Provides information security risk insight and guides management on information security risk issues and serves as advisor to peers, team members and management. Minimum Education: Bachelor's degree in Computer Science, MIS, Computer Engineering, Cyber Security or related discipline. Licensure, Registration and/or Certification: One or more of the following certifications are preferred: Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Systems Auditor (CISA). Work Experience: 3 - 4 years related experience inclusive of two years working directly in an Information Services department and previous experience with HIPAA/PHI compliance programs, policies, procedures, risk assessments and audits. Knowledge, Skills and Abilities: In-depth knowledge of cyber security methodology and security practices. Knowledge of HIPAA, PCI, SOX, ISO and NIST cybersecurity frameworks. Knowledge of intrusion detection and intrusion prevention systems, penetration and vulnerability testing. Knowledge of data loss prevention, anti-virus and anti-malware software tools. Knowledge of computer networking, TCP/IP, routing and switching, network protocols and packet analysis tools. Knowledge of Windows, UNIX and Linux operating systems. Excellent problem solving and analytical skills. Excellent written and oral communication skills. Excellent organizational and interpersonal skills. Ability to work independently as well as in a team setting. Essential Functions and Responsibilities: Define, implement, and enforce information security policies, strategies, and procedures that align with healthcare laws and regulations, such as HIPAA. Conduct and/or support targeted risk assessment. Determine significant risk points and exercise process for risk assessment and risk acceptance. Review assessment results for vulnerabilities, gaps, control deficiencies, and work with key stakeholders to establish plans for sustainable resolution. Maintain an effective information security awareness program and educate internal teams on best practices. Ensures that business and clinical software applications include adequate information and security controls. Establish and maintain metrics based on the information security framework..

Oversees and coordinates all information security staff and activities to ensure the firm's overall information assets are adequately protected. Oversees the planning, coordinating and implementing of information security programs in order to maintain information integrity and protect against all cybersecurity threats. Interacts with other individuals in the firm in a problem-solving and team-building manner. Oversees, develops and maintains the Firm's ISO 27001 Program, and operation objectives. Manages the development and cost effective solutions to maintain the integrity of system information while allowing business operations to continue in the event of any type of business interruption. Assists in audits of the Information Security program as needed at the request of management. Uses leadership skills to train, motivate and direct assigned staff. Provides technical expertise in the selection, testing, implementation and deployment of information security systems. Provides technical guidance and direction in information security monitoring, assessment, auditing and testing. Defines, develops and implements the firm's Information Protection Program security policy. Works with the Director of Information Security and Risk Management to develop methods of improving department workflow, customer satisfaction and employee efficiency. Assists in determining department work procedures, plans, assigns and directs work as necessary. Monitors employee workflow and makes adjustments as necessary to ensure customers' needs are addressed in a timely and efficient manner. Monitors and audits analyst(s) work product, reviews and communicate results with employee and provides advice. Coordinates training of staff to ensure work meets/exceeds performance expectations within a reasonable time frame. Oversees department projects, ensuring that procedures are followed and objectives are accomplished according to schedule. Responsible for conducting, coordinating, testing, implementing, deploying, and operational maintenance of all information security systems, applications, appliances and devices throughout the firm. Responsible for assessing, recommending, developing, implementing and maintaining the firm's information security infrastructure and security standards. Lead for security risk assessments and penetration studies of networks. Recommends solutions for security vulnerabilities and takes corrective measures and/or applies security patches when appropriate. Installs, monitors, maintains and upgrades virus detection applications/tools to ensure computer codes, viruses, and worms are blocked or eradicated when detected. Analyzes problematic security log entries from security servers and routers, provides technical solutions to issues and security breaches. Is on call to respond to security incidents or disaster recovery and business continuity operations. Maintains advanced knowledge of the firm's Information Security posture, goals and objectives. Supervises the Information Security Engineers. Is responsible for the overall direction, coordination, and evaluation of designated employees in this category. Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding, coaching, and disciplining employees; addressing complaints and resolving problems.

CompanyFederal Reserve Bank of Kansas CityWhen you join the Federal Reserve-the nation's central bank-you'll play a key role, collaborating with leading tech professionals to strengthen and protect our economic, financial and payments systems. We invest in contemporary and emerging technology each year to support the Federal Reserve and our economy, and we're building a dynamic and diverse team for our future. Important Information Open to US citizens, Green Card holders or Permanent Residents with at least 3 years of residency, with the intent to become a US citizen. No sponsorship is available. Candidates must have valid work authorization, without an end date, to be considered. This position requires working on-site, in Kansas City, Denver, Oklahoma City, or Omaha, with 5 days per month remote work flexibility. This position is not eligible to be remote and relocation assistance is not available. We are seeking cybersecurity professionals to join our Information Security team as a security specialist focused on operating our DevSecOps program according to standards and policies. This will be done through close partnership with peers in FRB Kansas City and other Reserve Banks across the System. It will also require healthy relationship building and tight integration with development teams. Additionally, you'll partner with business areas, vendors, and our diverse network of professionals to identify, implement, and support security across the organization. Candidates with strong understanding and experience in cloud environment deployments, information security, data management, low-code and no-code solutions, DevSecOps, and artificial intelligence will be ideal. Key Activities Interpret and evaluate policies in order to mature and implement the DevSecOps program. Assess maturity of development teams' DevSecOps practices against an existing framework. Proactively advocate for and drive enhancements into the program. Identify gaps/opportunities for enhancements to workflows and processes for enhancing the software development lifecycle (SDLC). Implement and consults on secure continuous integration and continuous delivery (CI/CD) pipelines, evaluating code and/or applications, or creating code to facilitate the process. Monitors information security policy compliance using security tooling. Evaluate and implement security products and/or processes to enhance productivity and effectiveness for various platforms and initiatives. Provide technical expertise and support to internal teams on security-related matters. Collaborate with cross-functional teams to integrate security measures into existing software applications and infrastructure. Stay current with emerging technologies, industry trends, and best practices in cybersecurity to enhance our security posture. Support leadership decision making through timely analysis and written communications. Qualifications Typically requires 3-6 years of relevant experience. Bachelor's Degree in Technology, Engineering, Computer Science, Information Systems, Cybersecurity or other related field or equivalent work experience. Strong competence in cloud technologies such as AWS, Azure, and other platforms. Expert understanding of DevSecOps practices, frameworks, and tools. Expertise with tool integration for the DevOps pipeline such as Git. Combines and organizes information into meaningful patterns; identifies underlying relationships, causes and effects; and combines pieces of information to form conclusions or general rules. Rapidly acquires new knowledge and learns new skills, and practices agile methodologies to planning and accomplishing work. Conveys complex and technical issues to diverse audiences. Demonstrated competencies with artificial intelligence are beneficial. Working knowledge of Terraform, Ansible, Cloud Formations, AWS Config, AWS Inspector, Guard Duty and others. Strong knowledge of software development languages, tools and techniques such as Python, JSON, YAML, and Java Technical expertise in security tools and knowledge of security practices and procedures. A learning mindset, proactiveness, collaboration, and strong attention to detail. Additional Information How We Work (HWW): On-site: 5 days per month remote work flexibility Locations: Kansas City, Denver, Oklahoma City, Omaha Remote Eligible: No Relocation Assistance: No Salary: $79,100 - $111,500 / Experienced Level $98,600 - $139,000 / Senior Level Final offers are determined by factors including the candidate's qualifications, internal alignment considerations, district assignment, and geographic location. Screening: US citizens, permanent residents with the intent to become a US citizen with at least three or more years of United States residency from the date of legal entry to the United States is required for this position. This position has additional screening requirements due to the information accessed while performing the job. These additional screenings would be initiated at the time of offer acceptance and can take up to a couple of months to be completed. You can begin work before the screening is completed; however, continued employment is contingent on acceptable screening results. The areas screened may include education/employment verification, criminal history, credit history, and reference checks. Sponsorship: The Federal Reserve Bank of Kansas City will not sponsor a new applicant for employment authorization for this position. Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future. About Us Total Rewards & Benefits Who We Are What We Do Follow us on LinkedIn , Instagram, X (formerly Twitter) , and YouTube #KCFedIT Full Time / Part TimeFull time Regular / TemporaryRegularJob Exempt (Yes / No) YesJob CategoryInformation Technology Family GroupWork ShiftFirst (United States of America) The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences. Always verify and apply to jobs on Federal Reserve System Careers (************************************* or through verified Federal Reserve Bank social media channels. Privacy Notice

The Intrusion Analyst III serves as an experienced security professional within Walmart's Security Operations Center (SOC), responsible for performing in-depth investigations, refining triage quality, and mentoring entry-level analysts. This role bridges operational execution and analytical leadership - ensuring SOC workflows remain efficient, accurate, and responsive to evolving threats. The Intrusion Analyst III independently conducts follow-on investigations, validates findings, and contributes to process improvements that enhance detection and response capabilities. What you'll do... Essential Responsibilities * Investigation Ownership - Lead follow-on investigations from escalated alerts to resolution, identifying root causes and impact scope. * Quality Control - Review and validate triage work from Analysts II to ensure consistency and accuracy across incident handling. * Threat Analysis - Identify and contextualize indicators of compromise using SOAR, SIEM, endpoint, and AI-assisted tools. * Incident Response Support - Collaborate with senior analysts during containment and recovery phases, ensuring accurate data collection and response coordination. * Process Refinement - Recommend improvements to triage workflows, documentation standards, and response playbooks. * Cross-Functional Collaboration - Partner with detection engineering, threat intelligence, and infrastructure teams to share findings and improve visibility. * Knowledge Sharing - Mentor junior analysts through shadowing, feedback, and informal training sessions. * Reporting - Produce detailed investigation reports and summaries for senior review. Core Competencies * Technical Depth - Demonstrates strong understanding of intrusion methods, network forensics, and incident response techniques. * Critical Thinking - Applies structured analysis to evaluate alerts and data, identifying patterns and correlations across sources. * Accountability - Takes ownership of assigned incidents and ensures timely and accurate resolution. * Collaboration - Works effectively across functions, providing clear communication and actionable insights. * Mentorship - Supports the development of Analysts II by modeling best practices and reinforcing operational standards. Technical Knowledge & Skills * Proficient in SOC toolsets: SIEM, SOAR, endpoint detection, and AI-assisted analysis platforms. * Familiar with incident response frameworks (NIST) and adversary mapping (MITRE ATT&CK). * Skilled in investigation techniques such as log correlation, memory analysis, and forensic review. * Experience documenting findings and contributing to incident post-mortems. * Working knowledge of scripting, query building, or automation concepts to enhance analysis efficiency. Minimum Qualifications * Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience). * 4+ years of experience in SOC operations, intrusion analysis, or incident response. * Demonstrated ability to lead independent investigations and mentor junior team members. Professional Development Certifications such as GCIH, GCIA, or CySA+ are recommended to broaden technical knowledge. Expected to progress toward Senior Intrusion Analyst (X4) through leadership in investigations and process improvement. Leadership Expectations * Respect the Individual - Foster collaboration and provide constructive feedback to peers. * Act with Integrity - Uphold security and ethical standards in all investigative actions. * Serve Our Customers and Members - Protect systems and data by delivering timely, high-quality incident analysis. * Strive for Excellence - Pursue technical growth, continuous learning, and innovation in detection and response. Impact of Role The Intrusion Analyst III ensures Walmart's SOC maintains high analytical quality and investigative rigor. By owning investigations, mentoring peers, and improving SOC efficiency, this role serves as the critical bridge between front-line execution and senior-level technical leadership. #LI-DNP #LI-DNI Wal-Mart is an Equal Opportunity Employer. At Walmart, we offer competitive pay as well as performance-based bonus awards and other great benefits for a happier mind, body, and wallet. Health benefits include medical, vision and dental coverage. Financial benefits include 401(k), stock purchase and company-paid life insurance. Paid time off benefits include PTO (including sick leave), parental leave, family care leave, bereavement, jury duty, and voting. Other benefits include short-term and long-term disability, company discounts, Military Leave Pay, adoption and surrogacy expense reimbursement, and more. You will also receive PTO and/or PPTO that can be used for vacation, sick leave, holidays, or other purposes. The amount you receive depends on your job classification and length of employment. It will meet or exceed the requirements of paid sick leave laws, where applicable. For information about PTO, see ******************************** Live Better U is a Walmart-paid education benefit program for full-time and part-time associates in Walmart and Sam's Club facilities. Programs range from high school completion to bachelor's degrees, including English Language Learning and short-form certificates. Tuition, books, and fees are completely paid for by Walmart. Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to a specific plan or program terms. For information about benefits and eligibility, see One.Walmart. Bentonville, Arkansas US-09401: The annual salary range for this position is $90,000.00 - $180,000.00 Herndon, Virginia US-10710: The annual salary range for this position is $108,000.00 - $216,000.00 Additional compensation includes annual or quarterly performance bonuses. Additional compensation for certain positions may also include : * Stock ㅤ ㅤ ㅤ ㅤ Minimum Qualifications... Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications. Option 1: Bachelor's degree in computer science, information technology, engineering, information systems, cybersecurity or related area and 2years' experience in intrusion analysis or related area at a technology, retail, or data-driven company. Option 2: 4 years' experience in intrusion analysis or related area at a technology, retail, or data-driven company. Preferred Qualifications... Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications. Certification in Security+, Network+, GISF, CISA ,CISSP, CCSP, or GCIH, Master's degree in Computer Science, Information Technology, Engineering, Information Systems, Cybersecurity, or related area, We value candidates with a background in creating inclusive digital experiences, demonstrating knowledge in implementing Web Content Accessibility Guidelines (WCAG) 2.2 AA standards, assistive technologies, and integrating digital accessibility seamlessly. The ideal candidate would have knowledge of accessibility best practices and join us as we continue to create accessible products and services following Walmart's accessibility standards and guidelines for supporting an inclusive culture. Primary Location... 702 Sw 8Th St, Bentonville, AR 72716, United States of America Walmart and its subsidiaries are committed to maintaining a drug-free workplace and has a no tolerance policy regarding the use of illegal drugs and alcohol on the job. This policy applies to all employees and aims to create a safe and productive work environment.

The Cyber Security Operations Analyst is primarily responsible for monitoring the front lines of the company's cyber defense program, helping to protect critical systems and data from potential threats, responding to reported security violations, analyzing internet access, connectivity and threats (virus protection, spam, etc.) DUTIES AND RESPONSIBILITIES The following represents the majority of the duties performed by the position but is not meant to be all-inclusive nor prevent other duties from being assigned when necessary. 1. Complies with DOT and OSHA health, safety and environmental requirements and follows safety philosophy and procedures developed by the Company including: applicable environmental, health and safety rules, procedures, and accepted safe work practices, the use of appropriate personal protective equipment and safety systems, and the reporting of workplace hazards and injury or illness arising from workplace activities; observes the workplace to identify conditions or behaviors that should be corrected and takes appropriate action. 2. Monitors Security Information and Event Management (SIEM) alerts, firewall logs, intrusion detection systems, and network activity for suspicious behavior including public and private threat intelligence sources for emerging risks; analyzes internet access, connectivity logs, and alerts related to virus protection, spam, and suspicious behavior including user account activity providing reports on potential anomalies. 3. Conducts daily security log reviews and assists in identifying potential threats; summarizes and shares relevant alerts with the cybersecurity team. 4. Monitors incoming security tickets and alerts; documents and triages security incidents, escalating to senior analysts as needed; assists with evidence collection and incident tracking. 5. Performs scheduled vulnerability scans, analyzes findings, and maintains remediation tracking logs; assists with patch management processes including deployment, tracking, and reporting. 6. Assists with internal and external audits by collecting necessary documentation and evidence. 7. Maintains regulatory compliance documentation as required by TSA, DOT, O SHA, etc.; creates and updates procedural documents, runbooks, security playbooks, and knowledge base articles. 8. Documents all incidents, assessments, and routine checks to support audit readiness and knowledge transfer; manages project tracking logs. 9. Assists with the configuration and maintenance of endpoint protection, firewall settings, and other cybersecurity tools under guidance. 10. Reviews vendor solutions and compiles initial summaries for team consideration; maintains security-related inventories, software licenses, and access lists. 11. Assists with development and dissemination of basic cybersecurity awareness content for end users; tracks completion of required security training and assists with scheduling refresher sessions. 12. Participates in a scheduled on-call rotation for after-hours and weekend security support. REQUIREMENTS · Associate's degree or the equivalent in experience in Cyber Security, Information Technology or related field and a minimum of two (2) years of prior experience in cybersecurity, IT support, or SOC environment. Internship or hands-on training in networking, firewalls, or security systems preferred. Certification such as CompTIA Security+, CASP+, or CEH (preferred or in progress). Knowledge, Skills and Abilities · Ability to actively engage in safe behavior and understand and follow the principles and methods related to pipeline and workplace safety as established by the Company. · Knowledge of emergency and safety procedures, policies procedures, equipment operating parameters, and all applicable DOT, EPA, FERC, DHS, and OSHA requirements. · Knowledge of Active Directory, Exchange, SharePoint, CISCO routing and switching configuration. · Knowledge of firewall and network security and IDS (intrusion detection systems), and network management tools. · Knowledge of TSA security requirements and regulations. · Knowledge of identity management processes and procedures. · Skill in project management. · Ability to manage, track and analyze information. · Ability to effectively work and cooperate with supervisors, co-workers, and vendors. · Ability to follow corporate policies and the directions of supervisors. · Ability to refrain from causing or contributing to the disruption of the workplace.

At Jack Henry, we're more than a technology company, we're a force for good in financial services. We're redefining how community banks and credit unions connect with the people they serve. Our mission is rooted in people inspired innovation, empowering financial institutions to deliver seamless, secure, and human centered experiences. We deliver cutting-edge solutions that are paving the way for the next generation of digital banking and payments, but our true impact begins with our associates. If you're ready to help transform an industry and grow with a company that values purpose, collaboration, and excellence then we'd love to meet you. We are seeking a highly skilled PCI Security Analyst to join our team. The analyst is responsible for ensuring organizational compliance with the Payment Card Industry Data Security Standard (PCI DSS) and related cybersecurity requirements. This role involves conducting compliance assessments, managing audits, implementing security controls, and mitigating risks associated with payment card data. This position offers remote flexibility within a 70-mile radius of our office locations in Allen, TX; Lenexa, KS; Springfield, MO; or Monett, MO. The salary range for this position is $110,000- $125,000 and will be determined based on location and experience level. All positions, regardless of location, may require an onsite interview or in-person onboarding requirement to verify your identity. What you'll be responsible for: * Conducts PCI DSS compliance assessments to identify gaps and risks supporting ongoing security and compliance. * Develops, implements, and maintains PCI-related security policies, standards, and procedures to ensure consistent protection of cardholder data. * Monitors and validates compliance with PCI DSS requirements across systems and processes to maintain regulatory adherence. * Executes comprehensive validation of PCI DSS scope across enterprise environments, ensuring accurate identification and classification of in-scope systems, applications, and data flows. * Collaborates with cross-functional teams to assess segmentation controls, cardholder data locations, and business processes to confirm scope boundaries align with PCI DSS requirements. * Documents scope rationale and provide evidence-based recommendations to reduce scope where feasible, while maintaining compliance integrity. * Validates vulnerability assessments and penetration testing to ensure secure configurations. * Validates encryption, key management, and secure transmission of cardholder data to protect sensitive information. * Supports incident response and forensic investigations involving payment card data to enable rapid resolution. * May perform other job duties as assigned. What you'll need to have: * Minimum of 6 years of experience in a PCI DSS compliance role. * At least one relevant certification (e.g., PCIP, QSA, CISSP, ISA) is required. What would be nice for you to have: * A senior level professional with in-depth body of knowledge, experience and expertise with the ability to resolve complex issues. * Excellent understanding of PCI DSS requirements and security frameworks (e.g., PCI 4.x, NIST, ISO 27001). * Strong knowledge of network security, encryption, and secure system configurations. * Strong technical expertise in network security, encryption, vulnerability management, and secure system design. * Strong risk management capabilities including the ability to identify, assess, and mitigate compliance and security risks within payment card environments * Demonstrated proficiency using compliance management platforms (e.g., Archer, Qualys, Trustwave), SIEM, and vulnerability scanning tools to support PCI DSS compliance and cybersecurity initiatives. If you got this far, we hope you're feeling excited about this opportunity. Even if you don't feel you meet every single requirement on this posting, we still encourage you to apply. We're looking for passionate, driven individuals who align with our mission and can bring unique perspectives to our team. Why Jack Henry? At Jack Henry, we live by the motto: "Do the right thing, do whatever it takes, and have fun." It's more than a tagline, it's the foundation of our culture. We recognize that our associates are the key to our success, and we're deeply committed to their wellbeing. That's why we offer comprehensive benefits designed to support your physical, mental, and financial health so you can thrive both personally and professionally. We're also leading the way in technology modernization, helping financial institutions evolve with speed, security, and flexibility. Our strategy focuses on delivering secure data access, mitigating fraud, and enabling seamless integration. Empowering our teams to build innovative solutions that meet the evolving needs of accountholders. Culture of Commitment Ask our associates why they love Jack Henry, and many will tell you it is because our culture is exceptional. We do great things together. Our culture empowers us to rise to challenges, seek new opportunities, and support one another through change. It's this shared commitment that drives our success. We're proud to foster an environment where inclusion, sustainability, and community impact are more than values, they're how we operate. Visit our Corporate Sustainability site to learn more about our culture and commitment to our people, customers, community, environment, and shareholders. Equal Employment Opportunity At Jack Henry, we know we are better together. We value, respect, and protect the uniqueness each of us brings. Innovation flourishes by including all voices and makes our business - and our society - stronger. Jack Henry is an equal opportunity employer and we are committed to providing equal opportunity in all of our employment practices, including selection, hiring, performance management, promotion, transfer, compensation, benefits, education, training, social, and recreational activities to all persons regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, genetic information, pregnancy, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, and military and veteran status, or any other protected status protected by local, state or federal law. No one will be subject to, and Jack Henry prohibits, any form of discipline, reprisal, intimidation, or retaliation for good faith reports or complaints of discrimination of any kind, pursuing any discrimination claim, or cooperating in related investigations. Requests for full corporate job descriptions may be requested through the interview process at any time.

Collabera is ranked amongst the top 10 Information Technology (IT) staffing firms in the U.S., with more than $550 million in sales revenue and a global presence that represents approximately 12,000+ professionals across North America (U.S., Canada), Asia Pacific (India, Philippines, Singapore, Malaysia) and the United Kingdom. We support our clients with a strong recruitment model and a sincere commitment to their success, which is why more than 75% of our clients rank us amongst their top three staffing suppliers. Not only are we committed to meeting and exceeding our customer's needs, but also are committed to our employees' satisfaction as well. We believe our employees are the cornerstone of our success and we make every effort to ensure their satisfaction throughout their tenure with Collabera. As a result of these efforts, we have been recognized by Staffing Industry Analysts (SIA) as the “Best Staffing Firm to Work For” for five consecutive years since 2012. Collabera has over 40 offices across the globe with a presence in seven countries and provides staff augmentation, managed services and direct placement services to global 2000 corporations. For consultants and employees, Collabera offers an enriching experience that promotes career growth and lifelong learning. Visit ***************** to learn more about our latest job openings. Awards and Recognitions --Staffing Industry Analysts: Best Staffing Firm to Work For (2016, 2015, 2014, 2013, 2012) --Staffing Industry Analysts: Largest U.S. Staffing Firms (2016, 2015, 2014, 2013) --Staffing Industry Analysts: Largest Minority Owned IT Staffing Firm in the US. Job Description Responsibilities: Performs focused risks assessments of existing or new services and technologies (both internal and external) by utilizing questionnaires, surveys, interviews and observations and reviewing documentation to identify and evaluate risk scenarios. Communicates risk assessment findings to information security “customers,” or business partners.Provides consultative advice to information security customers that enables them to make informed risk management decisions.Identifies appropriate controls to effectively manage information risks as needed.Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.Maintains strong working relationships with individuals and groups involved in managing information risks across the organization Qualifications Required Skills/Experience • 3+ years of work experience in information security, especially in an Information Risk Analysis, Enterprise Risk Management (ERM), and/or IT Audit role • Knowledge of quantitative and qualitative risk evaluation methods • An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one • An ability to effectively influence others to modify their opinions, plans, or behaviors • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business • Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part • An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one's network within an organization • Open and able to apply original and innovative thinking to produce new ideas and create innovative products in an environment that embraces continuous improvement Additional Information To set up an inerview for this position, feel free to contact: Imran Malek ************ *******************************

TENEX is an AI-native, automation-first, built-for-scale Managed Detection and Response (MDR) provider. We are a force multiplier for defenders, helping organizations enhance their cybersecurity posture through advanced threat detection, rapid response, and continuous protection. Our team is composed of industry experts with deep experience in cybersecurity, automation, and AI-driven solutions. Backed by leading investors, we are rapidly growing and seeking top talent to join our mission of revolutionizing the MDR landscape. We're a fast growing startup backed by industry experts and top tier investor Andreessen Horowitz. As an early employee, you'll play a meaningful role in defining and building our culture. Get in on the ground floor. We're a small but well-funded team that just raised a substantial round - joining now comes with limited risk and unlimited upside. Culture is one of the most important things at TENEX.AI-explore our culture deck at culture.tenex.ai to witness how we embody it, prioritizing the irreplaceable collaboration and community of in-person work. We are looking for a detail-oriented Information Security Analyst to spearhead our internal compliance efforts and manage our Third-Party Risk Management (TPRM) program. In this role, you won't just be checking boxes; you will be the architect of the controls that protect our customers' data involving AI and other cutting edge technologies. You will bridge the gap between technical security operations and formal audit requirements, ensuring we remain a gold standard in the industry. Location: This role will require onsite in our Overland Park, KS or Sarasota, FL location. Key Responsibilities 1. Internal SOC 1 & SOC 2 Compliance Audit Readiness: Lead the preparation for annual SOC 1 Type II and SOC 2 Type II audits. Control Monitoring: Perform continuous testing of technical and administrative controls (e.g., access reviews, change management, encryption standards). Evidence Collection: Coordinate with Engineering, HR, and DevOps teams to gather and organize audit evidence throughout the year. Remediation: Identify gaps in current processes and work with department heads to implement corrective actions. 2. Third-Party Risk Management (TPRM) Vendor Assessments: Conduct security assessments of new and existing vendors, reviewing their SOC reports, ISO certifications, and SIG questionnaires. Risk Scoring: Evaluate the risk profile of third-party tools and services, providing recommendations to leadership on whether to approve or mitigate risks. Contract Review: Partner with Legal to ensure security addendums (DSAs/BAsAs) meet our internal compliance requirements. 3. Policy & Governance Maintain and update the Information Security Management System (ISMS) documentation. Develop and deliver security awareness training tailored to compliance requirements. Act as the primary point of contact for client inquiries regarding our security posture. Required Qualifications & Skills: Experience: At least 2 years in Information Security, IT Audit, or Compliance (GRC). Frameworks: Deep understanding of AICPA Trust Services Criteria (SOC 2) and SSAE 18 (SOC 1) along with ISO 27001, NIST-800. Technical Knowledge: Familiarity with cloud environments (GCP/AWS/Azure), IAM, and vulnerability management. TPRM Tools: Experience with risk assessment platforms (e.g., OneTrust, Vanta, or Drata). Certifications: CISA, CRISC, or Security+ preferred (CPA-tracked experience is a plus). Ideal Candidate Profile: The "Translator": You can explain complex frameworks like ISO27001, NIST 800, and map them to internal controls in policy documentation to support compliance requirements. Meticulous: You audit the environment and policies for consistency and enforcement. Proactive: You don't wait for the audit window to open; you are constantly looking for ways to automate evidence collection. Education & Certifications: Bachelor's degree in Computer Science, Cybersecurity, Engineering, or a related field (or equivalent experience). Why Join Us? Opportunity to work with cutting-edge AI-driven cybersecurity technologies and Google SecOps solutions. Collaborate with a talented and innovative team focused on continuously improving security operations. Competitive salary and benefits package. A culture of growth and development, with opportunities to expand your knowledge in AI, cybersecurity, and emerging technologies.

Assignment Overview: The senior Contractor CI Cyber Threat Analyst will ensure all required reports are complete with minimal errors and that all processes, activities, and reports are conducted within established time frames. will also ensure analysts are trained in and follow current standard operating procedures. They will contribute to the following annual production requirements: Duties: Produce weekly actionable Technical CI (Cyber) status reports in collaboration with teammates, NGA partners and intelligence community peers, as necessary. Provide relevant input for the CI Cyber Branch to create 36 weekly cyber status reports, each report due NLT 0800 each Monday morning. Status reports will include (as applicable): Threat data collected and reported by NGA Technical CI team and network security personnel. Intelligence reported by the Intelligence Community. Fusion of all source threat analysis derived from multiple intelligence sources (INTs). Imagery when available. Information that can be used to inform security decisions. Produce monthly Technical CI threat reports in collaboration with teammates, NGA partners and Intelligence Community peers as necessary. Provide a monthly threat report for the months not falling on the quarterly report month or the annual report month. Provide relevant input for the CI Cyber Branch to create 8 monthly reports, each report due NLT 5th day of each applicable month. Threat reports should include: Compilation of data collected and reported in weekly products. Intelligence reported by the Intelligence Community. Fused All Source threat analysis derived from multiple INTs. Imagery when available. Depiction of Technical CI threat(s) to NGA to inform security decision makers. Produce quarterly Technical CI threat reports in collaboration with teammates, NGA partners and Intelligence Community peers as necessary. Provide relevant input for the CI Cyber Branch to create three quarterly reports, each report due NLT 5th day of January, April, and July. Threat reports should include: Compilation of data collected and reported in weekly and monthly products. Intelligence reported by the Intelligence Community. Fused All Source threat analysis derived from multiple INTs. Include imagery when available. Depiction of Technical CI threat(s) to NGA to inform security decisions. Produce relevant input to the CI Cyber Branch annual Cyber Threat Assessment in collaboration with teammates, NGA partners and Intelligence Community peers as necessary. The annual Cyber Threat Assessment is due NLT 1 1 December. Threat studies should include: Compilation of data collected and reported in Intelligence Information Reports (IIRs) and quarterly products. Raw and finished Intelligence reported by Intelligence Community. Fused All Source threat analysis derived from multiple INTs. Include imagery when available. Analytic judgments, intelligence gaps, and overall technical threat(s) to NGA. Produce IIRs from data collected and reported by either the Technical CI team, NGA cyber security personnel, or partner agencies. Provide a minimum of 9 IIRs within Fiscal year. Effective IIR writing requires: Coordination with teammates and stakeholders to ensure accuracy of reported information. Cross referencing local information reporting with Intelligence Community reporting. Clear and concise writing to briefly convey threat. Responsiveness to Intelligence Community priority collections requirements. Timeliness. Perform inquiries of anomalous activity using automated investigative tools (For example: M3, Palantir, TAC, ARCSIGHT, RSA Security Analytics, CCD, QLIX, TIDE, or Criss Cross). Provide Technical CI advise and expertise in support of CI inquiries, operations and issues. Develop leads by detecting anomalous activity, conducting open source and classified research, and liaison with internal and external partners. Conduct research, evaluate collection, and perform analysis on Technical CI intelligence topics of interest to leadership, analysts and customers. Demonstrate an ability to draw high-quality, appropriate and objective conclusions from information in a timely manner. Research, analyze, and synthesize All-Source data to identify patterns, commonalities, and linkages. Demonstrate current subject matter expertise on Technical CI issues, threats and trends. (For example: Cyber threats and Technical Surveillance threats). Demonstrate and master the ability to self-edit and produce clearly written, properly sourced and grammatically correct intelligence products that adhere to established style guide and template standards. Demonstrate proficiency in use of bottom-line-up-front (BLUF) writing. Display an ability to collaborate with internal NGA and external IC/Cyber community members. Coordinate CI Cyber activities originating from Enterprise Incident Response Events. Conduct liaison between CI Office, Insider Threat, Cyber Security Operations Center (CSOC), other NGA Offices, and IC/DoD partners as applicable to conducting the CI Cyber Mission. Perform threat analysis, threat forecasts, threat alerts, and recommend countermeasures. Skills and Experience Required: Shall possess a minimum of 11 years Threat Analysis experience, of which at least 5 of those years include Technical Threat Analysis experience or cyber investigations. Possess or obtain certification to comply with DoD 8570.01-M Information Assurance (IA) requirements within one calendar year of assignment at the sole expense of the vendor. Shall possess or obtain and maintain IA II certification. See DoD 8570.01-M for acceptable certifications for each IA level. Desired: Be a credentialed graduate of an accredited federal or DoD CI training academy. Possess a Bachelor's degree in Science, Technology, Engineering, or Mathematics disciplines. Possess post-graduate degree in Science, Technology, Engineering, or Mathematics disciplines. Possess knowledge and understanding of foreign adversaries' security and intelligence services, terrorist organizations, and threats posed to US Gov. Experience translating Government vision into understandable and achievable measures. Experience in using supervisory skills to coach teammates to achieve objectives. Monitor and track progress toward achievable measures.

IAM Information Security Specialist Duration: 12 Months Overview of the Role: Our Client is currently seeking an Identity Access Management (IAM) Information Security Specialist that will have a strong emphasis on Cloud based IAM services. As a member of the team, your work will focus on IDaaS (Identity as a service) work using SaaS (Software as a Service) tools. As an IAM Information Security Specialist you will work with critical and sensitive information daily, and you will be relied upon to maintain critical security safeguards. Key Responsibilities: Develop and maintain comprehensive information security posture including rules, controls, and security safeguards. General activities such as Develop and maintain the information security posture (rules, controls, security safeguards, etc.) to protect information assets, and conducts reviews. Engineering activities such as facilitating and configuring application integrations, creation of IAM objects (users, groups, servicer accounts, API tokens, etc.), working incidents, following change management processes, and creating documentation. Required Skills & Qualifications: At least three years of related access control experience with a general understanding of provisioning within IDaaS and IAM systems preferred. Associate or Bachelors degree from an accredited college or university with specialization in an information technology field or equivalent combination of experience, education, and/or certification preferred. Intermediate understanding of computer applications such as Microsoft Office, internet navigation and email programs. Strong interpersonal, analytical and customer service skills and communication skills. Good business and organizational skills including the ability to prioritize, work within a team setting and manage work. Perks of Working with AP Recruiters & Associates: Competitive compensation (depending on experience) Comprehensive career development and professional growth opportunities Dedicated recruiter support throughout your contract journey Access to exclusive opportunities with Fortune 500 clients Flexible work arrangements and professional development resources About the Client: Our client is a leading energy company recognized as one of the largest electric utilities in the United States. They are committed to delivering clean, affordable, and reliable energy while driving innovation in sustainable power generation. The organization operates across multiple states, serving millions of customers and maintaining a strong focus on environmental stewardship, technological advancement, and community development. Their commitment to digital transformation and cybersecurity excellence makes this an exciting opportunity for security professionals.

**Job Opportunity is actually with a company called Western Farmers Electric Cooperative (WFEC)** Under the general supervision of the Supervisor, IT Infrastructure, the Cyber Threat Analyst performs monitoring and analysis of cyber threats to assist in the defense of WFEC cyber systems and operations. The incumbent will curate and triage intelligence from multiple cyber intelligence sources and will inform the security operations with timely and relevant TTPs, IOCs, and context. The incumbent will generate reports for upper management based on data, information, and intelligence. The incumbent must understand the MITRE ATT&CK framework and be able to integrate the framework in the reporting. The Cyber Threat Analyst will develop and document threat hunt activities based on intelligence, scenarios, and observations. The incumbent develops, maintains, and supports systems that provide collection capabilities and telemetry information to the organization. In addition, the incumbent performs troubleshooting, installation, and maintenance on equipment and software systems related to NERC CIP. The incumbent performs change management and configuration activities, security controls testing, system baseline activities, vulnerability testing and analysis, and network traffic analysis to ensure system reliability and security. The incumbent participates in in-house, regulatory, and industry teams, including working groups, committees, incident response teams, and business continuity teams as required. Also, the incumbent participates in exercises that test policies, procedures, and skills which are required by business and critical operations. The incumbent responds to anomalous events that will require analysis and will have to synthesize and correlate complex events to ensure operational security.

Kanshe Infotech is Consulting Firm Which Provides World online training. Online Training (Remote Training + Real-time exp) available. Our training is more than just hours of lecture, we believe in student engagement, motivation and knowledge sharing as tools for success and we do it with great dedication and precision. We offer online training that clearly stands out of the group, sign up for a demo session. Job Description Our Training Features: · You will receive top quality instruction that Kanshe Infotech is famous for Online IT training. · Trainees will receive immediate response to any training related queries, either technical or otherwise. We advise our trainees not to wait till the next class to seek answers to any technical issue. · Training sessions are conducted by real-time instructor with real-time examples. · Every training session is recorded and posted to the batch after each weekend class. · We are offering online training on Cyber Security. . Provide OPT Stem Ext.: Guidance and support for applying for the 24-month OPT STEM extension Help with OPT Employment letter: Help with drafting and obtaining OPT employment letters that meet USCIS requirements. · We provide training in technology of your choice. · Good online training virtual class room environment. · Highly qualified and experienced trainers. · Professional environment. · Special interview training · Training for skill enhancement. · Study material and Lab material provided. · E-Verified company. If you are interested or if you know anyone looking for a change, please feel free to call or email me for details or questions. I look forward to seeing resumes from you or your known and highly recommended candidates. Thanks Additional Information All your information will be kept confidential according to EEO guidelines.

Join our dynamic and thriving company as a Data Security Analyst in St. Louis, MO where you'll have the opportunity to make an impact and shape the future of our renowned brands. If you have a passion for fashion, eager to learn and have an eye for detail, this is the perfect role for you! As a member of our team, you'll be part of a company that values results, caring and learning. What You'll Be Doing Monitor security service performance and availability: Provide recommendations on security equipment, software, and services On-going investigation: Inspect information security alarms and events to determine vulnerability and impact Implement processes: Put forth structured risk assessment processes, conducting ongoing threat and vulnerability assessments, and evaluating controls and countermeasures to mitigate risk Participate in architecture reviews: Ensure adherence to information security architecture Develop processes: Create plans for preventing, detecting, identifying, analyzing and responding to information security incidents Design and deliver programs: Create education and training programs on information security and privacy matters The Timberline Group Phone: ************ PO Box 565, Sullivan, Mo 63080 ********************* ************************* "Delivering quality solutions through quality people"

The Security Risk and Compliance Analyst is a member of the information security team and works closely with the other members of the team, the business, and other IT staff to develop and manage security for one or more IT functional area (e.g., data, systems, network, and physical) across the enterprise. The candidate will be able to effectively understand standard risk methodologies and the implementation of security controls in an enterprise environment. Key Result Areas: Work as part of a team to maintain security and integrity of corporate data and IT systems through activities including: Develop and maintain enterprise security policies and procedures Assist in the coordination and completion of information security risk assessments and documentation Work with information security management to develop strategies and plans to enforce security requirements and address identified risks Report to management concerning residual risk, vulnerabilities, and other security exposures including misuse of information assets and noncompliance Work with IT department and members of the information security team to identify, select and implement technical controls Provide direct support to the business and IT staff for security related Maintain an awareness of security and control issues in emerging technologies Perform other duties as assigned Knowledge, skills, and experience required: Bachelor's degree in Computer Science, Information Systems, or other equivalent degree or experience Preferred Certifications (CISSP, CISA, CRISC, CRM, GSEC, etc.) Strong analytical and problem-solving skills to enable effective security incident and problem resolution Proven ability to work under stress with the flexibility to handle multiple high-pressure tasks simultaneously Ability to work well under minimal supervision Strong team-oriented skills with the ability to interface effectively with a broad range of people and roles, including vendors and enterprise personnel Strong written and verbal communication skills and attention to detail for board level committee and regulatory reporting Strong customer/client focus with the ability to manage expectations appropriately General understanding of risk management Knowledge of security methodology frameworks and regulatory requirements such as NIST, CIS, HIPAA, PCI, and FFIEC Microsoft Excel, Word, and Visio skillset for the creation, tracking and reporting of security metrics (e. graphs, formatting, basic formulas) Preferred Qualifications: Understanding of enterprise risk management systems and automation platforms Experience with Data Loss Prevention (DLP) and Vulnerability Management solutions *This position is on-site located in Oklahoma City, must reside within the area to be considered. *Position requires a minimum of 3 years of relevant US based experience. #LI-Onsite #LI-DNI

Description & Requirements Maximus is seeking a qualified Sr. Technical/Security Analyst for multiple projects, current and upcoming. The qualified candidate will be involved in technical/security planning and assessment projects with potentially multiple state agencies. The position requires the candidate to produce/review security relevant documentation, such as system security plans, POA&Ms, assessment plans, etc., produce technical/security analyses, develop estimates, review and contribute to requirements for large systems-planning efforts in the Child Support, Child Welfare and/or Integrated Eligibility public-sector domains. The individual will report directly to a Senior Manager. Maximus is a matrix-managed organization, which means the individual will have secondary reporting relationships to one or more Project Managers, depending on which projects they are assigned. *This role is remote but requires working standard business hours in the US time zone of the client. This position is contingent upon award. * Essential Duties and Responsibilities: - Collaborate with project managers on various initiatives and projects to track progress and provide support as necessary. - Support leadership in ensuring that the project is delivered to specifications, is on time, and within budget. - Work closely with management and work groups to create and maintain work plan documents. - Track the status and due dates of projects. - Manage relationships with project staff responsible for projects. - Produce regular weekly and monthly status reports that could include; work plan status, target dates, budget, resource capacity, and other reports as needed. - Facilitate regular meetings and reviews. - Adhere to contract requirements and comply with all corporate policies and procedures. Job Specific Duties and Responsibilities: -Perform duties independently under the direction of their direct manager and/or Project Managers on specific projects. -Review project documentation and client materials and provide analysis of technical and security related topics. -Participate in client meetings and offer observations and insight on technical and security related topics. -Identify risk areas and potential problems that require proactive attention. -Review and author artifacts and other project documents and identify potential gaps, inconsistencies, or other issues that may put the project at risk. Such artifacts and documents may include but are not limited to: *System Security Plan *Plan of Action and Milestones (POA&M) *Security Assessment Plan *Risk Assessment reports *CMS ARC-AMPE forms and documentation *Data Conversion and Migration Management Plan *Deployment and/or roll-out plans -Perform security assessments, lead security audit and assessment activities, and provide direct security oversight support to assigned clients and projects. -Identify and escalate to the Senior Manager / Project Manager risks, alternatives, and potential quality issues. -Attend interviews, focus groups, or other meetings necessary to gather information for project deliverables in accordance with the project scope of work. -Attend project meetings with the client, subcontractors, project stakeholders, or other Maximus Team members, as requested by the Senior Manager / Project Manager. -Complete project work in compliance with Maximus standards and procedures. -Support team to complete assigned responsibilities as outlined in the Project schedule. -Support all other tasks assigned by Senior Manager / Project Manager. Minimum Requirements - Bachelor's degree in related field. - 7-10 years of relevant professional experience required. - Equivalent combination of education and experience considered in lieu of degree. Job Specific Requirements: -Be available to work during standard client business hours. Projects may involve clients from any US time zone, so it is possible that work outside of the individual's local business hours will be required. -Bachelor's degree from an accredited college or university, or equivalent work experience. -7+ years of experience in information security, with at least 3 years of security-compliance work in a regulated industry. -5+ years of experience working with HIPAA, NIST 800-53 and/or CMS MARS-E or ARC-AMPE security frameworks. -Familiar with operating systems: Windows, Linux/UNIX, OS/X. -Familiar with AI tools, capabilities. -Strong command of cloud computing topics. -Strong command of agile software development practices as well as waterfall development practices. -Strong desktop software skills: proficient in MS Office, Excel, Word, Project. -Ability to explain and communicate technical subjects to non-technical audiences. -Ability to develop advanced concepts, techniques, and standards requiring a high level of interpersonal and technical skills. -Ability to work independently. -Good organizational skills and the ability to manage multiple tasks and deadlines simultaneously. -Strong interpersonal and team building skills, as well as an understanding of client relationship building are essential. -Excellent verbal and writing skills and be comfortable working with customers. -Ability to multi-task with supervision. -Self-motivated fast learner. Preferred Skills: -Prefer a candidate with experience in the Health & Human Services industry, which may include working with programs such as Child Support, Child Welfare, or Integrated Eligibility (SNAP, TANF, and Medicaid). -Preference for security related certifications, such as the CISSP (Certified Information Systems Security Professional). EEO Statement Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information and other legally protected characteristics. Pay Transparency Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances. Accommodations Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process-including accessing job postings, completing assessments, or participating in interviews,-please contact People Operations at **************************. Minimum Salary $ 120,000.00 Maximum Salary $ 140,000.00

We are seeking an experienced and mission-driven Manager of Information Security to help protect our credit union's systems, safeguard member data, and support our commitment to being the best place our employees have ever worked and the best place our members have ever banked. The ideal candidate holds a current CISSP certification, and has experience in IT Security, Business Continuity, and Vendor Management, demonstrating deep expertise across all cybersecurity domains, and maintains ongoing training to stay ahead of evolving threats and regulatory requirements in the financial services sector. The Manager Information Security responsible for overseeing the Information Security program, Vendor Management program, and the administration of the Business Continuity Plan at WEOKIE Federal Credit Union. Responsibilities include but are not limited to developing and maintaining the information security framework, monitoring and managing vendor risk, and maintaining, enhancing, and testing the Business Continuity Plan. Major Activities: * Develops, maintains, and reviews appropriate information security policies and procedures needed to maintain the integrity of the information security program. * Conducts threat focused business impact analysis to maintain an inventory of business impacting cyber threats. * Organizes and conducts cybersecurity simulation exercises. * Acts as the IT Security, Business Continuity, and Vendor Management central point of contact for the annual NCUA exam and IT Controls Audit. * Ensures proper policies, procedures, risk mitigation activities, and operation controls are followed. Reports gaps in policies, procedures, and operating controls to leadership to ensure member impact and risk is mitigated. * Responsible for performing information security risk assessments on a scheduled basis that focus on ensuring policies and procedures are consistently applied. * Attends/makes presentations to the WEOKIE Board of Directors and various Board Committees as assigned. * Assist with development of company wide information security training materials for computer-based training modules and build company wide information security awareness materials. * Support technology/systems that enable all vendor management activities by administering the Tandem platform. * Responsible for vendor risk assessment and execution of other vendor management activities as needed. This includes administration, processing risk acceptance documentation, and maintaining the schedule of vendor management activities. * Maintain, develop, update, and test WEOKIE's Business Continuity Plan. * Write reports to summarize testing activities, including results and recommendations. * Act as Business Continuity Coordinator in the event of an incident, to ensure that WEOKIE's Business Continuity Plan is implemented. Critical Results: * WEOKIE's information security program is a core part of its culture and is integrated into all of its lines of business, support functions and third-party management programs. * Information Security risks and threats are clearly identified, measured and remediated timely. * The Board of Directors and Senior Management receive timely and credible reporting and recommendations that lead to effective decision-making in both strategic and tactical contexts. * Members and credit union information security assets are protected from unauthorized access and when necessary, reacts timely and effectively to manage incidents or vulnerabilities. * WEOKIE receives favorable results from key reviews, audits, and exams from audit and exam sources. * WEOKIE's information security program is seen as independent from the IT line of business and also seen as supportive and collaborative to all stakeholders. * Risk assessments are completed annually and deficiency are quickly addressed and/or remediated. * Security incidents are properly documented, tracked, and escalated in a timely fashion when deficiencies are presented. * New quality control activities are developed and presented to leadership that correspond to the information security program. * Vendor Management risk assessments, reporting results, and conclusions are thoroughly documented, completed timely and accurately. * Vendor Management is collaboratively managed with fellow team members. * Vendor Management risks are controlled and mitigated by adhering to all applicable policies and procedures. * WEOKIE's Business Continuity Plan is up-to-date, regularly tested, thoroughly communicated, and ready for immediate implementation in the event of an incident. Qualifications: * Specialized or Technical Knowledge and Skills: The Manager Information Security is a data security professional skilled at managing IT security activities in a complex, multi-system/multi-vendor computing environment. A strong, practical working knowledge of information security concepts and technical architecture are necessary along with an ability to take technical concepts and translate them into business impact. * A bachelor's degree is required, preferably in Information Technology or Computer Science. * A minimum of three years of experience in the information security field. * A Certified Information System Security Professional (CISSP) certification is required; additional certifications such as a Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) are preferred. * Demonstrated experience in managing and working with third party vendors. * Demonstrated ability to research and implement innovative solutions that have improved security, operational efficiency, quality, and service levels. * In-depth understanding of the financial services or highly regulated business, and the applications systems and technical infrastructures needed to support them. B. Behavioral Competencies: Behavioral competencies are the skills and personal characteristics that an individual should possess in order to be successful in this position. * Core Competencies: Core competencies are consistent for all positions across the organization and are aligned with WEOKIE's core values. * Member Focus (internal and external): Builds member confidence, is committed to increasing member satisfaction, sets achievable member expectations, assumes responsibility for solving member problems, ensures commitments to members are met, solicits opinions and ideas from members, responds to internal members. * Dependability: Meets commitments, works independently, accepts accountability, handles change, sets personal standards, stays focused under pressure, and meets attendance/punctuality requirements. * Integrity/Ethics: Deals with others in a straightforward and honest manner, is accountable for actions, maintains confidentiality, supports company values, conveys good news and bad. * Job Specific Competencies: The position requires a well‐rounded and level‐headed individual who is able to maintain composure in a variety of situations. The following stand out among a long list of behavioral competencies for this position: * Managing Vision and Purpose: Communicates a compelling and inspired vison of core purpose; talks beyond today; talks about possibilities, is optimistic, creates mileposts and symbol to rally support behind the vision; make the vision sharable by everyone; can inspire and motivate entire units or organizations. * Strategic Agility: Sees ahead clearly, can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately pain credible pictures and visions of possibilities and likelihoods; can create competitive and breakthrough strategies and plans. * Oriented Towards Serving Others: Is predisposed to servant leadership and excited towards improving conditions for others. * Command Skills: Relishes leading; takes unpopular stands if necessary; encourages direct and tough debate but isn't afraid to end it and move on; is looked to for direction in a crisis; faces adversity head on; energized by tough challenges. * Intellectual Horsepower: Is bright and intelligent; deals with concepts and complexity comfortably; described as intellectually sharp, capable, and agile. * Innovation Management: Is good at brining the creative ideas of others to market; has good judgement about which creative ideas and suggestions will work; has a sense about managing the creative process of others; can facilitate effective brainstorming; can project how potential ideas may play out in the marketplace. * Composure: Is cool under pressure; does not become defensive or irritated when times are tough; is considered mature; can be counted on to hold things together during tough times; can handle stress; is not knocked off balance by the unexpected; doesn't show frustration when resisted or blocked; is a settling influence in a crisis. * Political Savvy: Can maneuver through complex political situations effectively and quietly; is sensitive to how people and organizations function; anticipates where the land mines are and plans his/her approach accordingly; views corporate politics as a necessary part of organizational life and work to adjust to that reality. C. Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to stand; walk; sit; use hands to finger, handle, or feel; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl and talk or hear. The employee must occasionally lift and/or move up to 50 pounds. Specific vision abilities required by this job include color vision, peripheral vision, depth perception and ability to adjust focus. D. Work Environment: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The worker is not substantially exposed to adverse environmental conditions. The noise level in the work environment is usually moderate. WEOKIE does not and shall not discriminate on the basis of Protected Status, marital status, and political belief or any other status or condition protected by applicable federal and/or state law. Bona fide occupational qualifications will be applied impartially. These activities include, but are not limited to, hiring of staff, selection of volunteers and vendors, and provision of services. We are committed to providing an inclusive and welcoming environment for all our members, our staff, clients, volunteers, subcontractors, vendors, and clients.

Make a direct impact on protecting the Bank's people, systems, and customers! As an Information Security Analyst, you'll play a hands-on role in strengthening the Bank's security posture while working closely with Compliance, Risk Management, and IT Security. This position offers visibility across the organization, meaningful responsibility, and the opportunity to influence how security awareness and risk management are practiced every day. You'll be trusted to monitor critical system access, investigate and respond to real-world phishing threats, and lead the Bank's security awareness and social engineering programs. From training employees to advising leadership on security risks, your work will directly reduce risk and improve the organization's security culture. What You'll Do * Protect critical systems by monitoring access changes and advising on best practices * Investigate suspicious emails and manage phishing response and testing programs * Lead engaging security awareness training and new-hire education * Plan and report on phishing and social engineering exercises * Support key information security risk assessments and control reviews * Partner with IT and business leaders to identify and mitigate security risks What You Bring * 5+ years of experience in IT security, risk management, audit, or compliance CapFed is an equal opportunity employer.

CompanyFederal Reserve Bank of Kansas CityWhen you join the Federal Reserve-the nation's central bank-you'll play a key role, collaborating with leading tech professionals to strengthen and protect our economic, financial and payments systems. We invest in contemporary and emerging technology each year to support the Federal Reserve and our economy, and we're building a dynamic and diverse team for our future. Important Information Open to US citizens, Green Card holders or Permanent Residents with at least 3 years of residency, with the intent to become a US citizen. No sponsorship is available. Candidates must have valid work authorization, without an end date, to be considered. This position requires working on-site, in Kansas City, Denver, Oklahoma City, or Omaha, with 5 days per month remote work flexibility. This position is not eligible to be remote and relocation assistance is not available. We are seeking cybersecurity professionals to join our Information Security team as a security specialist focused on operating our DevSecOps program according to standards and policies. This will be done through close partnership with peers in FRB Kansas City and other Reserve Banks across the System. It will also require healthy relationship building and tight integration with development teams. Additionally, you'll partner with business areas, vendors, and our diverse network of professionals to identify, implement, and support security across the organization. Candidates with strong understanding and experience in cloud environment deployments, information security, data management, low-code and no-code solutions, DevSecOps, and artificial intelligence will be ideal. Key Activities Interpret and evaluate policies in order to mature and implement the DevSecOps program. Assess maturity of development teams' DevSecOps practices against an existing framework. Proactively advocate for and drive enhancements into the program. Identify gaps/opportunities for enhancements to workflows and processes for enhancing the software development lifecycle (SDLC). Implement and consults on secure continuous integration and continuous delivery (CI/CD) pipelines, evaluating code and/or applications, or creating code to facilitate the process. Monitors information security policy compliance using security tooling. Evaluate and implement security products and/or processes to enhance productivity and effectiveness for various platforms and initiatives. Provide technical expertise and support to internal teams on security-related matters. Collaborate with cross-functional teams to integrate security measures into existing software applications and infrastructure. Stay current with emerging technologies, industry trends, and best practices in cybersecurity to enhance our security posture. Support leadership decision making through timely analysis and written communications. Qualifications Typically requires 3-6 years of relevant experience. Bachelor's Degree in Technology, Engineering, Computer Science, Information Systems, Cybersecurity or other related field or equivalent work experience. Strong competence in cloud technologies such as AWS, Azure, and other platforms. Expert understanding of DevSecOps practices, frameworks, and tools. Expertise with tool integration for the DevOps pipeline such as Git. Combines and organizes information into meaningful patterns; identifies underlying relationships, causes and effects; and combines pieces of information to form conclusions or general rules. Rapidly acquires new knowledge and learns new skills, and practices agile methodologies to planning and accomplishing work. Conveys complex and technical issues to diverse audiences. Demonstrated competencies with artificial intelligence are beneficial. Working knowledge of Terraform, Ansible, Cloud Formations, AWS Config, AWS Inspector, Guard Duty and others. Strong knowledge of software development languages, tools and techniques such as Python, JSON, YAML, and Java Technical expertise in security tools and knowledge of security practices and procedures. A learning mindset, proactiveness, collaboration, and strong attention to detail. Additional Information How We Work (HWW): On-site: 5 days per month remote work flexibility Locations: Kansas City, Denver, Oklahoma City, Omaha Remote Eligible: No Relocation Assistance: No Salary: $79,100 - $111,500 / Experienced Level $98,600 - $139,000 / Senior Level Final offers are determined by factors including the candidate's qualifications, internal alignment considerations, district assignment, and geographic location. Screening: US citizens, permanent residents with the intent to become a US citizen with at least three or more years of United States residency from the date of legal entry to the United States is required for this position.This position has additional screening requirements due to the information accessed while performing the job. These additional screenings would be initiated at the time of offer acceptance and can take up to a couple of months to be completed. You can begin work before the screening is completed; however, continued employment is contingent on acceptable screening results. The areas screened may include education/employment verification, criminal history, credit history, and reference checks. Sponsorship: The Federal Reserve Bank of Kansas City will not sponsor a new applicant for employment authorization for this position. Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future. About Us Total Rewards & Benefits Who We Are What We Do Follow us on LinkedIn , Instagram, X (formerly Twitter) , and YouTube #KCFedIT Full Time / Part TimeFull time Regular / TemporaryRegularJob Exempt (Yes / No) YesJob CategoryInformation Technology Family GroupWork ShiftFirst (United States of America) The Federal Reserve Banks are committed to equal employment opportunity for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences. Always verify and apply to jobs on Federal Reserve System Careers (FRS) or through verified Federal Reserve Bank social media channels. Privacy Notice

Make a direct impact on protecting the Bank's people, systems, and customers! As an Information Security Analyst, you'll play a hands-on role in strengthening the Bank's security posture while working closely with Compliance, Risk Management, and IT Security. This position offers visibility across the organization, meaningful responsibility, and the opportunity to influence how security awareness and risk management are practiced every day. You'll be trusted to monitor critical system access, investigate and respond to real-world phishing threats, and lead the Bank's security awareness and social engineering programs. From training employees to advising leadership on security risks, your work will directly reduce risk and improve the organization's security culture. What You'll Do * Protect critical systems by monitoring access changes and advising on best practices * Investigate suspicious emails and manage phishing response and testing programs * Lead engaging security awareness training and new-hire education * Plan and report on phishing and social engineering exercises * Support key information security risk assessments and control reviews * Partner with IT and business leaders to identify and mitigate security risks What You Bring * 5+ years of experience in IT security, risk management, audit, or compliance CapFed is an equal opportunity employer.