Information security analyst jobs in Vancouver, WA

The Cyber Security Analyst will be responsible for protecting all of the companys hardware, software, and networks from cybercriminals. The analyst's primary role will be to understand the company IT infrastructure in detail in order to detect, evaluate and respond to threats that could potentially breach the network. The Cyber Security Analyst provides specific guidance and coaching to key security areas, e.g. key and encryption, secure software development. In this capacity, a cyber security analyst is part of the proactive work to help shape the tech delivery of the organization.The successful incumbent must possess excellent analytical, communication skills and be solution oriented. RESPONSIBILITIES AND DUTIES Responsible for understanding the global threat landscape and acting on threat intelligence. Conduct cyber security incident response, following industry standards of containment, eradication, recovery and lessons learned. Manage containment and eradication of threats and remediation of environment during or after an incident, including identifying potential business impact and communication with stakeholders Manage information security-related breaches Document event analysis and write reports of incident investigations. Perform forensic analysis on threat indicators and intelligence insight and identify impact of vulnerabilities Support the tech delivery in product and services teams with expert security knowledge relevant to a specific technology area or domain (e.g. Key & encryption, secure software development) Develop the required processes and tools to support the tech delivery teams Define and develop security guardrails relevant to the tech area/domain The above responsibilities are indicative of the work required and should not be seen as an exhaustive list. KNOWLEDGE AND SKILLS Security solutions (proxy, email gateway, IDS/IPS, FW, SIEM, SOAR, EDR etc.) Cloud, key and encryption management, SDLC concepts IT and security architecture Excellent English skills, both written and spoken. QUALIFICATIONS AND EXPERIENCE BSc. in Computer Science, Computer Engineering, Mathematics, Information Security or any related field (or equivalent work experience). Minimum of 3 years experience in the field Penetration testing (OWASP, MITRE etc.) experience Cyber Security certifications (e.g. Security+, GCIA, GCIH, GREM, CISSP, CEH, GCFA) DESIRED ATTRIBUTES AND BEHAVIOURAL COMPETENCIES Apply fundamental security concepts to cyber defense and understand business and risk to guide the cyber defense day to day operations. Manage cases with enterprise SIEM or Incident Management systems Support network investigations and network monitoring in a SOC environment. Perform vulnerability assessment and penetration testing SPECIAL CONDITIONS N/A FUNCTIONAL RELATIONSHIPS External: N/A Internal: Development team, Tech Lead, CTO PERFORMANCE CRITERIA Timely delivery of agreed daily, weekly and monthly KPIs

is Subject to Contract Award JANUS Research Group is currently seeking a Cyber Systems SSO for a contract to support the Deputy Chief of Staff (DCS, G8. The DCS G-8 is the principal military advisor to the Chief of Staff, Army (CSA) and the Assistant Secretary of the Army, Financial Management and Comptroller (ASA(FMC)) for the Programming phase of the Planning, Programming, Budgeting, and Execution (PPBE) process. The DCS, G-8 coordinates with the Assistant Secretary of the Army, Acquisition, Logistics, and Technology (ASA(ALT)) on all proposed programming and process recommendations related to ongoing and future acquisition programs and science and technology initiatives. The DCS, G-8 coordinates with Army Futures Command (AFC) for program funding for all elements of the future force materiel modernization enterprise. Position Description: Manages Army cyber capability development within the Intelligence Division. Provides analytical and technical expertise on cyber defense, network operations, and offensive cyber modernization. Develops information papers, briefings, and SPAR/POM inputs addressing capability gaps, performance, and operational integration. Coordinates with ASA(ALT), T2COM, ARCYBER, INSCOM, and ARSTAF to align cyber initiatives with Army and Joint modernization strategies. Relevant Competencies / Skill Levels: A Bachelor's Degree in Engineering and/or Business A minimum of four (4) years of experience and expertise in Force Development duties Demonstrates expert analytical and technical skills in cyber systems architecture, network defense, and offensive cyber capabilities. Proficient in evaluating system performance, security posture, and modernization impacts to ensure resilient and adaptive cyber operations. Possesses advanced analytical and communication abilities to deliver clear, data-driven assessments that enhance Army cyber capability development and operational readiness Benefits: 401(k), Paid Time Off (PTO), Paid Holidays, Medical and Dental Plans, Life and Disability insurance, Education Assistance (and more). JANUS strives to provide opportunities for career growth through training and development. We also offer an attractive comprehensive benefit package to include health and welfare plans and financial products. As part of a total rewards program, employees can benefit from our referral bonus program, and other various employee awards. JANUS Research Group takes pride in our benefit package and rewards program which has earned us the certification of a Great Place to Work JANUS Research Group provides reasonable accommodation so that qualified applicants with a disability may participate in the selection process. Please advise us of any accommodations you request to express interest in a position by e-mailing: Judy Pagac, Chief Human Resources Officer at **************************** or calling **************. Please state your request for assistance in your message. Only reasonable accommodation requests related to applying for a specific position within JANUS Research Group will be reviewed at the e-mail address and phone number supplied. Thank you for considering a career with JANUS Research Group. JANUS Research Group participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information. E-Verify JANUS Research Group is an equal opportunity/ affirmative action employer. It is company policy to provide equal opportunity in all areas of employment practice without regard to race, color, religion, sex, sexual orientation, national origin, age, marital status, veteran status, citizenship, or disability. This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, sex, or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment qualified individuals without regard to race, color, religion, sex, national origin, protected veteran status or disability.

Responsibilities: Conduct Security Assessment and Authorization (A&A) support for IT systems Conduct Security A&A documentation review Update IT Security Compliance SOPs Monitor and report on FISMA Compliance activities Conduct Plan of Action and Milestone (POA&M) management and quality control activities and ensure accuracy of the organization's Security A&A tool. Support Ongoing Authorization (OA) by review of the security controls The Need-to-Have Skills & Qualifications: Working knowledge and experience with CSAM and RMF Experience working with system stakeholders to assess and manage system cybersecurity risk Knowledge of the process to obtain a system ATO and requirements to maintain the ATO Working Place: Washington, D.C., District of Columbia, United States Company : Sept 25 - Tria

Aditi Staffing is an MBE certified, IT Staffing firm in the US offering contract, contract-to-hire & direct hire career opportunities with Fortune Firms. Recently recognized as one of the fastest growing staffing firms and top diversity firm by the Staffing Industry Analysts, Aditi Staffing has been a partner of choice for candidates and clients. Visit our website: http://www.aditistaffing.com/ Job Description Role: Information Security Analyst Location: Information Security Analyst 6-8 years of experience in information security / technology or related field. Advanced verbal and communication skills with diverse cross functioning groups. Strong background and experience in policy development, program administration. In depth knowledge and experience in incident response activities and compliance. Ability to plan, organize and prioritize tasks to complete independently and within time frame established. While technical knowledge of information technology and security issues is highly desirable, technical expertise and resources will be available from units such as Security Operations to support the information security and privacy program. Strong technical writing abilities. Very good understanding of security controls, control systems, and business drivers that impact security controls. Knowledge of SEC, FFC, Sarbanes-Oxley (SOX) and or Gramm-Leach Bliley Act regulatory policies & guidelines. Strong background in security authentication, security applications development methodologies, security architecture and operational procedures, organization, business continuity skills, disaster recovery skills, identity management skills and hands on experience implementing products / solutions e.g. NetIQ, Entrust, Netegrity, Oblix, PKI, and some director service, RSA, strong understanding of the development and maintenance of RBAC s (Role Based Access Controls). Ability to work collaboratively with a broad range of constituencies essential. A demonstrated ability to work with diverse cross functional groups of people is required. Good to Have: Knowledge of the following technologies a plus: Intrusion Detection / Prevention Systems for networks and hosts Security Event Management Systems Vulnerability Assessment Systems Secure transfer protocols such as SSH, SCP and Connect Direct Secure Plus Diagnostic tools such as packet capture/decode and WAN probes IP Networking Windows Systems administration and security tools Experience with remote access, terminal servers, etc a plus Experience in the administration of UNIX Solaris, HP/UX, or Linux and Windows operating systems a plus Experience in developing and administering an information security program desirable Working knowledge of and experience in the policy and regulatory environment of information security, especially in higher education is desirable Additional Information Regards, Arun Kumar R arunkr(AT)aditistaffing.com D: 425-457-7916

Job Description We is seeking a talented Cyber Security Analyst. As a Cyber Security Analyst, you will play a key role in ensuring the security and integrity of our organization's data and systems. Requirements Responsibilities: Monitor, detect, and respond to cyber threats and security incidents, Conduct vulnerability assessments and penetration testing to identify potential weaknesses in our systems, Develop and implement security measures and best practices to protect against cyber attacks, Stay up-to-date with the latest cyber security trends and technologies, Collaborate with cross-functional teams to identify security risks and implement appropriate solutions, Provide training and guidance to employees on cyber security awareness and best practices. Requirements: Bachelor's degree in Computer Science, Information Security, or a related field, Proven experience in cyber security or a related role, Strong knowledge of security protocols and tools, Ability to analyze and interpret complex data and make informed decisions, Excellent problem-solving and communication skills, Relevant certifications (e.g. CISSP, CISM) are preferred but not required. Benefits About Us Zone IT Solutions is an Australia-based Recruitment Company. We specialise in Digital, ERP and larger IT Services. We offer flexible, efficient and collaborative solutions to any organisation that requires IT, experts. Our agile, agnostic and flexible solutions will help you source the IT Expertise you need. If you are looking for new opportunities, your profile at *******************************. Also, follow our LinkedIn page for new job opportunities and more. Zone IT Solutions is an equal-opportunity employer, and our recruitment process focuses on essential skills and abilities.

TITLE: N/A JOB CODE: FLSA: Exempt SALARY GRADE: 7 CATEGORY: Full-time UNION REPRESENTATION: NA SCHEDULE: Hybrid SUPERVISORY ROLE Y/N: 11.2025 The Information Security Analyst I plays a critical role in safeguarding the organization's systems and information assets. This position supports the development and implementation of security strategies, tools, and guidelines to protect against unauthorized access, data breaches, and system disruptions. Responsibilities include monitoring and responding to Information Security-related alerts, supporting audit and risk assessment activities, evaluating internal controls, and recommending improvements to enhance security posture. The analyst assists in migrating non-compliant environments to meet regulatory standards and ensures adherence to data protection laws and banking industry compliance requirements. This role is foundational to maintaining the confidentiality, integrity, and availability of sensitive financial data and supporting the organization's overall cybersecurity framework. ESSENTIAL DUTIES Identity and Access Management Support access provisioning, modification, and termination processes to ensure timely and secure access control. Conduct administrator activity and user access reviews across IT systems, including privileged access audits and firewall/cloud app usage monitoring. Maintain asset and access inventories, perform recurring audits of critical systems, and reconcile against endpoint and network tools. Security Monitoring and Incident Response Monitor and respond to alerts from SIEM, IDS, firewalls, and endpoint protection systems. Conduct vulnerability scans, track remediation efforts, and facilitate related meetings. Maintain readiness for incident response activation, including participation in tabletop exercises. System Administration and Tool Management Administration of cloud computing environments, conditional access, and guest provisioning following established best practices. Manage software controls, browser extensions, and patching processes. Administer security camera system and ensure system uptime. Administer Mobile Device Management system. Threat Intelligence and Continuous Improvement Stay informed on emerging threats in the banking sector and contribute to threat intelligence reporting. Research and test new security tools, controls, and AI applications to enhance the Bank's security posture. Correctly identify true and false positives in alerting systems and tune these systems for continuous improvement. Security Awareness and Training Support phishing simulations and training campaigns, track completion, and report metrics to management. Documentation and Reporting Log findings, remediation efforts, and audit results in a structured ticketing system. Assist with vendor management program administration and reporting. Data Protection and Compliance Ensure compliance with GLBA, FFIEC, and other applicable regulations through log retention, configuration management oversight, and DLP monitoring. Administer data classification tools and respond to violations involving PII or sensitive data. Audit VPN usage and test controls across email, endpoint, and network security platforms. Completes mandatory compliance training in accordance with established deadlines. The position performs duties specific to the position and other functions as assigned. ROLE COMPETENCIES/SKILLS Attention to Detail Collaboration & Communication Diversity & Inclusion Execution & Ownership Time Management Compliance Innovation Systems Thinking Data Analysis & Management Information Security Network Operations Critical Thinking Consulting Analytical Thinking ENVIRONMENT, PHYSICAL & MENTAL ACTIVITIES The incumbent is in a non-confined office-type setting in which they are free to move about at will. It may include some minor annoyances such as noise, odors, drafts, etc. For Hybrid and Remote roles, work may also be performed away from BSB worksites depending on the position and requirements. For Hybrid/Remote work, employees are required to have an environment when working at home that has a dependable, high-speed internet connection and environment conducive to frequent phone or internet calls where private, confidential or other information is not visible, able to be overheard, or physically or electronically accessible to anyone else. The incumbent in the course of performing this position spends time writing, typing, speaking, listening, lifting (up to 10 pounds), driving, carrying, seeing (such as close, color and peripheral vision, depth perception and adjusted focus), sitting, pulling, walking, standing, squatting, kneeling and reaching. The incumbent for this position may operate any or all of the following: personal computer, cellular telephone, printer, fax, and other standard office equipment. The incumbent in this position must be able to accommodate reading documents or instruments, detailed work, problem solving, customer contact, reasoning, math, language, presentations, verbal and written communication, analytical reasoning, stress, multiple concurrent tasks and constant interruptions. The work environment characteristics, physical and mental demands described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. POSITION REQUIREMENTS Minimum Qualifications Bachelor's degree in Information Technology, Cybersecurity, or a related field, or equivalent combination of education and experience. 5 years of professional experience in IT support or related technical roles. Foundational understanding of cybersecurity principles, including access control, endpoint protection, and network monitoring. Familiarity with Microsoft 365, Active Directory, and basic system administration tasks. Ability to conduct audits, manage tickets, and document findings accurately. Strong analytical and troubleshooting skills. Effective communication skills and ability to collaborate across departments. Preferred Qualifications Bachelor's degree in Information Technology, Cybersecurity, or a related field. Experience with banking industry compliance standards (e.g., GLBA, FFIEC). Hands-on experience with security tools such as SIEM, DLP, IDS/IPS, EDR, Email Filtering, and Firewalls. Exposure to vulnerability management platforms and identity/access management processes. Familiarity with Microsoft cloud services and Mobile Device Management. Experience supporting or administering phishing simulations, security awareness programs, or similar efforts. Knowledge of vendor management platforms and data classification tools. Management reserves the right to change this position description at any time according to business needs. #LI_Hybrid

The Company You'll Join Carta connects founders, investors, and limited partners through world-class software, purpose-built for everyone in venture capital, private equity and private credit. Trusted by 65,000+ companies in 160+ countries, Carta's platform of software and services lays the groundwork so you can build, invest, and scale with confidence. Carta's Fund Administration platform supports 9,000+ funds and SPVs, representing nearly $185B in assets under management, with tools designed to enhance the strategic impact of fund CFOs. Recognized by Fortune, Forbes, Fast Company, Inc. and Great Places to Work, Carta is shaping the future of private market infrastructure. Together, Carta is creating the end-to-end ERP platform for private markets. Traditional ERP solutions don't work for Private Funds. Private capital markets need a comprehensive software solution to replace outdated spreadsheets and fragmented service providers. Carta's software for the Office of the Fund CFO does just that - it's a new category of software to make private markets look more like public markets - a connected ERP for private capital. For more information about our offices and culture, check out our Carta careers page. The Problems You'll Solve At Carta, our employees set out on a mission to unlock the power of equity ownership for more people in more places. We believe that the problems we solve today unlock the opportunities of tomorrow. As a Senior Security Analyst, you'll directly shape and strengthen our detection and response capabilities, help mature our security operations, and ultimately protect the organization from evolving threats. You'll play a critical role in leading incidents, developing internal tools and playbooks, and reducing response times through automation and continuous improvement. You'll serve as a point-of-contact for incidents and collaborate with stakeholders to shape the future of Carta's security posture. Here are some problems we'd love for you to help us solve: * Lead investigation and response efforts for security incidents, and coordinate with internal stakeholders and external partners when necessary. * Own detection use-case development and write and tune alerts to improve signal-to-noise ratio across our environments. * Maintain and continually improve security incident response plans, playbooks, and related documentation. * Apply Terraform to ensure consistent, secure, and scalable infrastructure deployment and detection pipelines. * Develop and maintain internal tooling and automations to improve analyst efficiency for alert triage, IOC enrichment, and evidence collection. * Elevate the Security team by coaching peers, mentoring junior analysts, and setting high standards for detection quality and incident handling. * Own and execute technical security projects, including scoping, building, testing, deploying, and iterating. * Conduct threat hunting and utilize threat intelligence to proactively identify and mitigate emerging risks. * Participate in on-call rotation and continuously improve readiness and handovers. The Team You'll Work With You will be part of a security-minded team that believes in progress over perfection and where security culture and mindset is key. Our team is rethinking how detection and response activities can be accomplished in innovative ways. We focus on solving business problems while minimizing and managing risk exposure for Carta. About You We're looking for candidates who have: * Deep experience in triaging, investigating, and remediating security events and incidents across multiple technology stacks. * Strong experience with SIEM (e.g., Splunk, Panther, Sentinel), EDR (e.g. SentinelOne, CrowdStrike), and other security tooling (e.g., CASB, SSE, SWG). * Working knowledge of Terraform and Infrastructure as Code principles to secure and scale detection/response infrastructure. * Solid understanding and a proven ability to apply detection engineering and threat modeling concepts using MITRE ATT&CK or similar frameworks. * Excellent judgement and the ability to handle ambiguity and make balanced decisions when working with complex situations. * Demonstrated ability to mentor peers, raise technical standards, and influence team maturity. * Proven ability to proactively collaborate with cross-functional teams to influence security priorities and guide risk-based decisions. * Excellent written and verbal communication skills, including the ability to effectively communicate cybersecurity risk across technical and non-technical audiences. * 6+ years of experience in incident management, detection engineering, and security operations. At Carta, you're not just an employee. You're a builder who is creating infrastructure that accelerates innovation and empowers more ownership. Cartans are helpful, relentless, unconventional and kind; representing Carta's Identity Traits. They work collaboratively and cross functionally to challenge the status quo; working towards a common goal of creating more owners in the private markets. Salary Carta's compensation package includes a market competitive salary, equity for all full time roles, exceptional benefits, and, for applicable roles, commissions plans. Our expected cash compensation (salary + commission if applicable) range for this role is: * $151,810 - $178,600 in Seattle, WA * $159,800 - $188,000 in San Francisco, CA; Santa Clara, CA; New York, NY We are hiring for multiple levels and locations, so final offers may vary from the amounts listed based on geography, experience and expertise, and other factors. Disclosures: * We are an equal opportunity employer and are committed to providing a positive interview experience for every candidate. If accommodations due to a disability or medical condition are needed, please connect with the talent partner via email. * Carta uses E-Verify in the United States for employment authorization. See the E-Verify and Department of Justice websites for more details. * For information on our data privacy policies, see Privacy, CA Candidate Privacy, and Brazil Transparency Report. * Please note that all official communications from us will come from an @carta.com or @carta-external.com domain. Report any contact from unapproved domains to ******************.

At SERVISS, we deliver cutting-edge cybersecurity and IT solutions to government and commercial clients, with a mission to secure systems, data, and critical infrastructure through innovation and expertise. As we expand our capabilities, we're seeking a highly skilled and talented Information Assurance Professional. Position Summary We are seeking a dynamic and versatile Information Assurance Professional to support a high-impact U.S. Government program. The ideal candidate brings a rare balance of hands-on technical acumen and governance expertise-able to move seamlessly between engineering, architecture, and GRC functions. This role is pivotal in ensuring that systems are not only compliant but also resilient, secure, and aligned with federal risk management frameworks. Key Responsibilities · Serve as a trusted IA advisor, bridging technical engineering efforts with cybersecurity policy, governance, and risk management. · Collaborate with system architects and engineers to design secure solutions that meet compliance and mission requirements. · Support the development, review, and maintenance of key authorization documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms). · Guide system owners and developers through the Risk Management Framework (RMF) process and associated controls (e.g., NIST 800-53, 800-171, CMMC, FedRAMP). · Translate complex technical risks and mitigation strategies into actionable GRC documentation and executive communications. · Conduct system security assessments, gap analyses, and continuous monitoring activities. · Coordinate with cybersecurity operations, incident response, and engineering teams to align IA strategy with operational realities. · Recommend and help implement security architecture improvements based on evolving threat and compliance landscapes. · Track and report on IA posture, risk status, and compliance progress across multiple systems or program areas. Required Qualifications · 10+ years of experience in information assurance, cybersecurity engineering, or GRC. · In-depth knowledge of federal compliance frameworks (e.g., NIST, FISMA, FedRAMP). · Strong technical foundation with the ability to understand complex systems, architectures, and security configurations. · Excellent verbal and written communication skills, including experience preparing formal security documentation and reports. · Demonstrated ability to work cross-functionally with engineering, architecture, operations, and policy teams. · Bachelor's degree in Cybersecurity, Computer Science, Engineering, or a related field; or Associate's degree with 2+ years of additional relevant experience. Preferred Qualifications · Prior experience supporting U.S. federal agencies or DoD environments. · Professional certifications such as CISSP, CISM, CAP, CCSP, or Security+. · Experience with security automation tools and continuous compliance approaches. · Understanding of Zero Trust principles, DevSecOps environments, and modern system architecture. Why Join SERVISS Our goal as an employer is simple yet profound: to create an environment where you can be your best self, pursue your passions, and enjoy the freedom to thrive both personally and professionally. Your success is our success, and we're committed to supporting you every step of the way. Freedom to Thrive. · Be part of an exciting company with ground floor opportunities to include equity · Highly competitive compensation and best in class benefits · Opportunities for annual performance bonuses, growth incentives, and profit-sharing · 100% of medical, vision, dental, and life insurance premiums covered by SERVISS · 401(k) retirement plan with company match for the first 6% Note: This position is contingent upon contract renewal and funding from the sponsoring federal agency, anticipated end of May 2025.

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance and protect these exciting experiences. The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: * Secure the Magic by protecting information systems and platforms. * Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. * Strengthen the business through optimizing execution, application, and technology used to protect the Company. * Innovate by investing in core capabilities to enhance operational efficiency. Team Description: As a member of the Cyber Remediation Operations team, you will work closely with the Disney Entertainment business teams in protecting Disney's highly respected Disney Entertainment portfolio, including ESPN, Disney+, Hulu, and ABC. Responsibilities of Role: * Review reports, assessments, and findings to develop and prioritize appropriate remediation or corrective action plans. * Collaborate with IT, security teams, business partners, and operational teams to drive remediation of security deficiencies. * Regularly communicate portfolio health results to stakeholders, including technical and non-technical audiences. * Develop and document risk mitigation strategies when compliance cannot be achieved. * Analyze business areas and develop improvement plans to strengthen security posture. * Drive improvement to security baselines, policies and standards. * Verify implemented remediation and corrective action activity achieves compliance with TWDC policies and standards. * Stay updated on evolving cybersecurity threats, vulnerabilities, trends, technologies, and best practices and incorporate them into IT and business practices. * Consolidate data from multiple sources into clear, concise, actionable presentations for senior management, communicating data-driven insights. * Support the on-time delivery of security and compliance initiatives. Must Haves: * Minimum of 5+ Years of related cybersecurity experience * Demonstrated experience facilitating cyber remediation and vulnerability management. * Ability to handle confidential information with integrity. * Ability to work well with individuals and teams with varying technical and business backgrounds. * Understanding of security frameworks and standards. * Strong analytical, problem-solving, and critical-thinking skills with attention to detail. * Established problem-solving skills with an ability to develop creative alternatives to complex problems, as well as continuous process improvement skills. * Experience working in a security program for a large and complex organization. Nice to Haves: * Working knowledge of industry compliance programs such as PCI, SOX, etc. * One or more general security certifications including Security+, CySA+, AWS, GSEC, GICSP, CISSP, or other relevant certifications * One or more vulnerability assessment or auditing certification including CISA, CISM, GCCC, GSNA or other relevant certifications Education: * Bachelor's degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience #DISNEYTECH The hiring range for this position in Glendale, CA is $117,500 to $157,500 per year and in Seattle, WA is $123,000 to $165,000 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. About The Walt Disney Company (Corporate): At Disney Corporate you can see how the businesses behind the Company's powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you'll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe. About The Walt Disney Company: The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney's stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished. This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate). Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, religion, color, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information or disability, or any other basis prohibited by federal, state or local law. Disney champions a business environment where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a constantly evolving world. Apply Now Apply Later Current Employees Apply via My Disney Career Explore Location

Envisioneering, Inc. is seeking an Information Systems Security Officer (ISSO) to support an active government contract. This position will be responsible for the following: Lead the RMF process for assigned programs, organizations, systems, or enclaves. Maintain and report system's A&A status and events. Manage the SP for assigned systems throughout their lifecycle. Perform annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements. Manage POA&M entries and ensuring vulnerabilities are properly tracked, mitigated, and resolved. Assist with identification of the security control baseline set and any applicable overlays. Supervise the validation of security controls with the PM/ISO, SCA Liaison, PSO, and AO CSA. Assemble the Security Authorization Package and submit for adjudication. Register and maintain the system in eMASS. Assess the quality of security control implementation against all requirements in accordance with the approved SLCM strategy. Plan and perform cybersecurity testing to assess security controls and recording security control compliance status during sustainment. Report changes in the security posture of systems to the AO. Utilize the Collaboration Board in eMASS workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary). Assist the ISSMs in executing their duties and responsibilities. Ensure compliance with all USN, DON, and DoD cybersecurity policies. Ensure all users possess the requisite security clearances and awareness of their responsibilities for systems under their purview prior to being granted access. Ensure an incident response, business continuity, disaster recovery, as well as vulnerability and threat reporting plans and channels are in place and that team members are trained accordingly. Ensure relevant policy and procedural documentation is current and accessible to properly authorized individuals. Utilize the Collaboration Board in the eMASS workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary). Assist the ISSE with the following responsibilities: Oversee the development and maintenance of a system's cybersecurity solutions. Identify AO and SCA cognizance (i.e. FAO or NAO, and FSCA or SCA) of the system as well as any specific authorization requirements such as reciprocity, cross domain, and applicable overlays to support System Categorization. Identify mission criticality. Identify and tailor the security control baseline with applicable overlays. Assist with development, maintenance, and tracking of the SP. Lead the security control implementation and testing efforts. Perform vulnerability-level risk assessment on the POA&M/RISK Assessment Worksheet. Assist with any security testing required as part of A&A or annual reviews. Assist in the mitigation and closure of open vulnerabilities under the system's change control process. Oversee cybersecurity testing to assess security controls and recording security control compliance status during the continuous monitoring phase of the lifecycle. Make data entries into the eMASS record and POA&M consistent with implementation results. Utilize the Collaboration Board in the eMASS workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary). Rework shall be documented and provided to the PSO/PMO for review. Assist the ISSM with the following responsibilities: Support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs). Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance. Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk. Advise senior management (e.g., CIO) on risk levels and security posture. Advise appropriate senior leadership or Authorizing Official of changes affecting the organization's cybersecurity posture. Collect and maintain data needed to meet system cybersecurity reporting. Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. Ensure security improvement actions are evaluated, validated, and implemented as required. Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment. Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s). Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed. Identify alternative information security strategies to address organizational security objective. Identify information technology (IT) security program implications of new technologies or technology upgrades. Interpret patterns of non compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program. Manage the monitoring of information security data sources to maintain organizational situational awareness. Oversee the information security training and awareness program. Participate in an information security risk assessment during the Security Assessment and Authorization process. Participate in the development or modification of the computer environment cybersecurity program plans and requirements. Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations. Provide system related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents. Recognize a possible security violation and take appropriate action to report the incident, as required. Recommend resource allocations required to securely operate and maintain an organization's cybersecurity requirements. Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered. Track audit findings and recommendations to ensure appropriate mitigation actions are taken. Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals. Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies. Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle. Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals. Participate in the acquisition process as necessary, following appropriate supply chain risk management practices. Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. Forecast ongoing service demands and ensure security assumptions are reviewed as necessary. Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate. Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program. Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements. Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture. Establish overall enterprise information security architecture (EISA) with the organization's overall security strategy. Evaluate cost benefit, economic, and risk analysis in decision making process. Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information. Interpret and/or approve security requirements relative to the capabilities of new information technologies. Lead and align information technology (IT) security priorities with the security strategy. Lead and oversee information security budget, staffing, and contracting. Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency. Manage threat or target analysis of cyber defense information and production of threat information within the enterprise. Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection. Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans. Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities. Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters. Recommend policy and coordinate review and approval. Use federal and organization-specific published documents to manage operations of their computing environment system(s). Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk. Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements. Requirements MINIMUM SKILLS / QUALIFICATIONS: Must have and maintain a DoD Top Secret Clearance. 15+ years of technical and managerial experience in system administration and information security/cybersecurity. CISSP, CISM, or other DOD 8570.01-M IAM Level 3 certification. Bachelor's degree with a concentration in a related discipline (e.g., information security, cybersecurity, information technology) Self-motivated and the ability to multi-task and balance multiple goals and priorities. Must be familiar with DOD Risk Management Framework (RMF) policies, standards, procedures and have relevant experience with associated tools (e.g., eMASS, XACTA 360, Assured Compliance Assessment Solution (ACAS), Anchore, DISA Security Technical Implementation Guides (STIGs), SCAP Compliance Checker (SCC), STIG Viewer, eMASSter, Eval STIG). Education: Bachelor's degree with a concentration in a related discipline (e.g., information security, cybersecurity, information technology). CISSP, CISM, or other DOD 8570.01-M IAM Level 3 certification. SALARY RANGE: $100,000.00 - $180,000.00 Benefits: Envisioneering, Inc. offers a stable work environment, a competitive salary, and a comprehensive benefits package including 401k, Medical/Dental/Vision, FSA, Short Term, Long Term, AD&D and Life insurance, (employer paid), voluntary life, Tuition Reimbursement, Paid Leave, Holidays and much more. As a condition of employment: You must pass a drug and pre-employment drug screening. U.S. Citizenship Required. Candidate must follow all company and non-DOT Drug and Alcohol Testing. A Department of Defense (DoD) Top Secret security clearance is at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required. Please confirm in your cover letter or resume.

GW Information Technology (GW IT) provides empowering tools and caring support for all members of The George Washington University (GW) community. We are focused on driving digital transformation and innovation to enable the academic and operational excellence of our students, faculty, staff, and researchers. At GW IT, we are committed to cultivating a team culture that values diversity, inclusion, respect and collaboration, and invests in each of our team members to grow in their technology and career skills. The Senior Cloud Security Analyst is a mid-level position within GW IT's Application Security team that will collaborate on application security risk assessments, threat modeling, vulnerability assessments specific to GW IT's cloud environment. Primary Responsibilities: Experience evaluating security controls and the application of commonly used cyber risk standards and frameworks: e.g., NIST 800-171, NIST -800-53, CIS , OWASP . Familiarity with cloud computing environments (e.g., AWS , Azure) Experience in the secure design of cloud-based solutions to measurable performance and security standards Familiarity with cloud-managed security services such as Amazon Inspector, AWS WAF and Shield, and AWS Directory Service. Ability to translate security risks and misconfigurations into product security rules and controls to map against standards, policies and procedures. Familiarity with AWS and Azure core cloud infrastructure capabilities, features, and services. Review cloud logging reports for events that occur in the cloud environment. Performs other related duties as assigned. The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position Minimum Qualifications Qualified candidates will hold a Bachelor's degree in an appropriate area of specialization plus 5 years of relevant professional experience, OR, a Master's degree or higher in a relevant area of study plus 3 years of relevant professional experience, OR a Bachelor's degree in an appropriate area of specialization plus 3 years of relevant professional experience PLUS a relevant IT Security certification. Degree must be conferred by the start date of the position. Degree requirements may be substituted with an equivalent combination of education, training and experience. Preferred Qualifications 4 years of relevant experience with cloud security requirements Experience working within a distributed team via collaborative tools Certifications: 1+ security certification (e.g., CISSP ) Familiarity with Linux and Windows in cloud environments Experience in secure design of cloud-based solutions to measurable performance and security standards Ability to perform forensic file system analyses to identify indicators of compromise system timeline Experience evaluating log data and cloud-hosted virtual machines to detect security incidents and initiate appropriate steps as a first responder Experience assessing cloud-based security controls using security tools and threat modeling Work Schedule Monday - Friday, 8am - 5pm (occasional evenings and weekends)

Salary range is $104k to $206k with a midpoint of $155k. New hires typically receive between minimum and midpoint, however, we may go slightly higher based on experience, internal equity and market. Sound Transit also offers a competitive benefits package with a wide range of offerings, including: Health Benefits: We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner. Long-Term Disability and Life Insurance. Employee Assistance Program. Retirement Plans: 401a - 10% of employee contribution with a 12% match by Sound Transit; 457b - up to IRS maximum (employee only contribution). Paid Time Off: Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year. Parental Leave: 12 weeks of parental leave for new parents. Pet Insurance discount. ORCA Card: All full-time employees will receive an ORCA card at no cost. Tuition Reimbursement: Sound Transit will pay up to $5,000 annually for approved tuition expenses. Inclusive Reproductive Health Support Services. Compensation Practices: We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you'll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues. GENERAL PURPOSE: Under general direction, the Information Security Engineering Manager oversees and operates several essential Information Security functions including Security Engineering and information security tool management. The Information Security Engineering Manager's role is to lead and support service owners, system owners, and relevant stakeholders in ensuring their respective (or proposed) systems are compliant with the Agency's information security standards. In addition, the Information Security Engineering Manager supports the operations of several other functions of the Agency's Information Security Management System (ISMS). ESSENTIAL FUNCTIONS: The following duties are a representative summary of the primary duties and responsibilities. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional, position-specific duties. Acts as Service Owner for related Information Security Engineering services of the Information Security business unit. Support Information Security Architecture and Security Operations services Manages personal for the Information Security Engineering components of the Information Security Division. Provides guidance to the technical professionals that comprise the Security Engineering functions of the Information Security Division Participates in the overall implementation of the agency's information security program, under the direction of the Chief Information Security Officer (or delegate), where appropriate. Participates in the creation of information security governance documents (policies, standards, baselines, guidelines, and procedures) under the direction of the Chief Information Security Officer (or delegate), where appropriate. Identifies and assesses technology-related risks to information security associated with prospective technology solutions; and recommends appropriate mitigating controls. Influences the design of any prospective technology solution for adherence to documented agency standards, policies, and regulatory responsibilities. Evaluates, implements, and supports security-focused tools and services required to support information security controls. Collaborates with other IT engineering and administration disciplines to ensure security best practices are incorporated into design, implementation and sustainment of systems and services within the agency. Consults with internal customers on risk assessment, threat modeling and mitigation of vulnerabilities Conducts security assessments, evaluates controls, and provide feedback to management and system owners on the design and effectiveness of control processes. Conducts regular security reviews of both software and processes. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats Participates in ongoing information security education, awareness, and outreach activities. Participate with information security incident investigation and response efforts, leading as needed. Participate with computer and network forensic investigations in support of incident response activities. Prepares regular reports on relevant metrics for different stakeholders. Coaches, manages, mentors, and develops staff. Focuses on keeping professional skills current. Keeps up to date on latest information security threats and countermeasures. Champions and models Sound Transit's core values and demonstrates values-based behaviors in everyday interactions across the agency. Contributes to a culture of diversity, equity and inclusion in alignment with Sound Transit's Equity & Inclusion Policy. It is the responsibility of all employees to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees. It is the responsibility of all employees to integrate sustainability into everyday business practices. Other duties as assigned. MINIMUM QUALIFICATIONS: Education and Experience: Bachelor's degree in Computer Science, Information Technology, Business Administration, Engineering, or closely related field. Five years of information technology experience with a focus on security engineering and operations, OR an equivalent combination of education and experience. Three years of leadership, budgetary, planning and workforce management experience. Required Licenses or Certifications: Certified Information Systems Security Professional (CISSP), orobtain within 12 months of hire. Preferred Licenses or Certifications: One or more of the following certifications is strongly preferred: Certified Information Security Manager (CISM) Information Technology Infrastructure Library (ITIL) Certified Ethical Hacker (CEH) Certified Cyber Forensics Professional (CCFP) GIAC Certified Incident Handler (GCIH) Required Knowledge and Skills: Strong command of ITIL core processes and principles. Strong command and experience with information security architecture and engineering principles General knowledge of the NIST 800 series standards, PCI DSS standard, and the ISO 27001/2 frameworks. Demonstrated work experience in a few of the following areas: Information Security, Security Architecture, Security Engineering, Security Operations and implementing best practices, tools and technology. Strong understanding of information technology and security controls. Strong understanding of and experience with security-related technologies, systems, and tools. Proven competency in the use of MS Office applications (Microsoft Project, Word, Excel, PowerPoint, and SharePoint) Strong team leadership and communicational (verbal/written) skills. Ability to work in highly collaborative environments. Strong workload prioritization and self-organization skills Strong project management skills. Preferred Knowledge and Skills: Understanding of Cloud Computing environments (Microsoft Azure preferred). Physical Demands / Work Environment: Work is performed in a hybrid office environment. This position is responsible for communicating with stakeholders, and using specialized security tools; may be subject to bending, hearing, sitting, standing, talking, seeing, and carrying and lifting 25 lbs or less. The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required. Sound Transit is an equal employment opportunity employer. No person is unlawfully excluded from employment action based on race, color, religion, national origin, sex (including gender identity, sexual orientation and pregnancy), age, genetic information, disability, veteran status or other protected class.

At PLEXSYS, our teams design, build and deliver Live, Virtual, and Constructive (LVC) innovation and training solutions to customers around the world. With over 200 employees in seventeen states and four foreign countries, we contribute our success to enabling better training…everyday…across the globe. As an employee of PLEXSYS, you'll find a culture that empowers you to achieve your professional objectives, give your personal best, and work with other highly passionate individuals. Our core values of integrity, excellence, teamwork and agility drive our daily decisions, identify our focus areas, and inspire our organizational culture. GENERAL DESCRIPTION The Information System Security Officer (ISSO) is responsible for ensuring the appropriate operational security posture for information systems and as such, works in close collaboration with the ISSM, CPSO, and FSO. The ISSO must have detailed knowledge and expertise required to manage the security aspects of an information system and is assigned the day-to-day responsibility for assigned systems. Responsibilities include implementation of the requirements of Risk Management Framework, including the Joint Special Access Program (SAP) Implementation Guide (JSIG), NIST 800-53, or other security requirements as assigned. This position will report to the Corporate Information Assurance Manager and work in close collaboration with the AFSO and FSO. The ISSO is responsible for developing and updating the security authorization package, managing and controlling changes to the system, and assessing the security impact of those changes. Ensure systems are operated, maintained, and disposed of following security policies and procedures as outlined in the security authorization package. Report all security-related incidents to the ISSM. Conduct periodic reviews of information systems to ensure compliance with the security authorization package. Monitor system recovery processes to ensure security features and procedures are properly restored and functioning correctly. Ensure audit records are collected, reviewed, and documented. Duties also include physical and environmental protection, personnel security, and incident handling. DUTIES & RESPONSIBILITIES Lead the information system security program for their assigned location to include implementation and validation of automated informational security, ensuring security requirements as contracted are satisfied Maintain and establish the accreditation of classified information systems Establish and implement security procedures and practices in support of Corporate goals and current DoD Regulations Ensure all security procedures are being followed such as patching, AV updates, continuous monitoring, trainings, and self-inspections Develop, implement and maintain security emergency action plans Provide security education and training to local employees Maintain administrative security records and documents for local employees Conduct self-inspections to ensure current security measures and policies are effective Conduct random security inspections to ensure regulations and procedures are being adhered to by local employees Conduct system audits in accordance with security accreditation package requirement Lead the information system security program for their assigned location to include implementation and validation of automated informational security, ensuring security requirements as contracted are satisfied Maintain and establish the accreditation of classified information systems Establish and implement security procedures and practices in support of Corporate goals and current DoD Regulations Ensure all security procedures are being followed such as patching, AV updates, continuous monitoring, trainings, and self-inspections Develop, implement and maintain security emergency action plans Provide security education and training to local employees Maintain administrative security records and documents for local employees Conduct self-inspections to ensure current security measures and policies are effective Conduct random security inspections to ensure regulations and procedures are being adhered to by local employees Conduct system audits in accordance with security accreditation package requirements Conduct vulnerability scans and analysis Conduct maintenance on the networks, systems, and hardware Perform software upgrades on networks, systems, and hardware Perform security assignments in accordance with the Automated Information System requirements and local regulations Understand and follow NISPOM/ODAA/RMF/JAFAN/ICD/NIST/JSIG classified system accreditation and certification requirements Other duties as assigned REQUIREMENTS Bachelor's degree in related field or 4 years' experience in related field DoD 8570 compliant, IAT Level II Experience with Windows based administration of Information Systems Ability to work within compliance standards; previous experience with RMF, HIPAA , PCI DSS, or equivalent compliance standard preferred Strong experience in networking, active directory, centralized logging solutions, vulnerability scanning and anti-virus solutions Experience with security audits for information systems Strong communication and problem-solving skills Ability to work in both a team environment as well as independently Must be organized and detail oriented Ability to obtain and maintain Top Secret clearance with the ability to obtain approval for SAP/SCI access DESIRABLE Have previous experience with DoD Security Regulations and Policies PERKS As a PLEXSYS employee, you can expect certain advantages; such as advancement based on performance, competitive wages, valuable benefits and a great working environment. Our team is committed to ensuring an environment that empowers individuals to realize their full potential by providing opportunities and necessary support to achieve personal and professional goals. Medical/Vision/Prescription/Dental Benefits Life, AD&D and Long Term Disability Coverage Paid Holidays, Military Leave, and Paid Time Off 401k Plan with eligibility from first day of employment Education reimbursement for job-related courses for full-time employees PriceClub/COSTCO/Sam's Club annual membership

Bellevue Telecommunications Services Exp 10-15 years Deg Bachelors Relo Bonus Job Description The Information Security Manager, working with in Corporate Information Security Team will be responsible for liaising with assigned business units on behalf of Corporate Information Security (CIS). These responsibilities will include understanding business-driven projects that involve network and information security, applications, networking and web based technologies. They will be responsible for understanding the Business Unit's processes and priorities and working with them to manage business impact and threats, through a risk based methodology. Ensures through positive engagement that business goals are met in a secure and compliant manner, according to industry standard regulations Qualifications Ideal Candidate will have: Candidate must have strong technical, influential and organizational skills. Prefer six years' experience in information security related discipline, in addition to several years' relevant systems and/or network administration experience. Expert relationship building and partnering skills, including persuasion, negotiation and consensus building. Experience translating emerging IT and business trends into meaningful risk reduction opportunities. Demonstrated ability to work effectively in a complex matrixed environment. Outstanding verbal and written communication skills. Ability to interpret business strategy and align to appropriate security enhancements to achieve business enablement. Ability to translate security requirements into business risks and impacts. Experience with high level design Architecture, Firewall, Internet, LAN Router, Network, Protocols, Web Services and SOA. Strong understanding of encryption, obfuscation and/or tokenization technologies or compensating controls. Appropriate industry certifications, such as CISSP, CISA or CCIE. Preferred skill: Bachelor degree in Computer Science, Information Security, Information Management, or other related discipline. Telecommunications industry expertise, Six Sigma Training, Audit, Compliance & Network experience preferred. Skills and Qualifications: A broad, enterprise-wide view of the wireless (or similar) business and understanding of strategy, processes and capabilities, enabling technologies, and governance. Experience in telecommunications, internet service provider, or application service providers a plus. The ability to apply Information Security principles to business solutions. Extensive experience planning and deploying both business and technology security initiatives. Exceptional communication skills and the ability to convey results in a summarily and persuasive manner to business owners. This includes written and verbal communications as well as visualizations. The ability to act as liaison conveying information needs of the business to technology teams and technology constraints to the business. Team player able to work effectively at all levels of an organization with the ability to influence others to move toward consensus. Knowledge of federal & compliance regulations e.g. SOX, PCI & CPNI. Good understanding & experience applying CoBIT, ISO, ITIL, NIST frameworks. Understanding of Local (Wired & Wireless), Wide area, and mobile networks. A good understanding of Network Security, Firewalls, Intrusion Detection and Prevention, AVS, VLANS. Strong background and experience in IP Networking and Routing Protocols. Fluency in the use of all MS Office applications, including SharePoint services. Qualifications · Preferred: Any of the following CISSP, CISA, CISM, C-RISC, CCNA, CCIE, Six Sigma Yellow/Green/Black Belt Education Minimum Required High School Diploma/GED Education/Vocational Training/Experience Preferred Bachelor's degree in Computer Science, Information Technology or related field from an accredited 4-year college or university 10 years of system, network, and application design and architecture experience. Preferably in the wireless communications space CISSP and or CISM Certification (required; experience may be substituted for Cert requirements (4 years minimum) CISA Certification (preferred but not required; experience may be substituted for Cert requirements (4 years minimum) Responsibilities What you will do: Make proactive assessments of threat information in and outside the public domain, understanding the threat as it relates to its customers, and implementing measures to combat the threat. Understand the operations of the business and comprehend how these create value and risk for the organization. Collaborate with team members, peers and the business unit management team to determine technical information security requirements, planned remediation, and advocate for the program to gain resources to implement appropriate protection technologies and processes. Implement and monitor controls necessary to ensure operational processes are performed and are effective to protect the environment from all forms of malicious cyber activity. Assist the Governance group in the development and refinement of technical security standards, key performance indicators and other necessary processes to maintain effective operational security, as it relates to the business. Make risk-based decisions on a daily basis that has the potential to impact our ability to operate and communicate. Ensure the information and network security controls for us are appropriate and operating as intended; includes solutions that are directly controlled as well as security solutions that are operated by other internal and external groups. Provide status reports on a weekly, monthly and quarterly basis to business managers and other management activities that demonstrate the health of the program. Interact with internal audit, third party auditors, and appropriate regulatory bodies. Support the Information Security policy lifecycle throughout, including all aspects of intake, creation, review, approval, implementation, publishing, communication and maintenance. Liaise with and assist outsourced security service providers with vulnerability assessments of business applications, systems and architectures. Additional Information All your information will be kept confidential according to EEO guidelines. Direct Staffing Inc

Job Title: Information Systems Security Officer (ISSO) Salary: - $110,000 $120,000 / yr Roles and Responsibilities: Services to support IS Security performed by the Senior Cloud Information System Security Officer (ISSO), at a minimum, shall consist of the following activities: Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS Provide liaison support between the system owner and other IS security personnel Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle Ensure that system security documentation is developed, maintained, reviewed, and updated continuously Conduct required IS vulnerability scans according to risk assessment parameters. Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities Manage the risks to ISs and other agency assets by coordinating appropriate correction or mitigation actions and oversee and track the timely completion of (POAMs) Coordinate system owner concurrence for correction or mitigation actions Monitor security controls for agency ISs to maintain security Authorized To Operate (ATO) Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase Ensure that changes to an agency IS, its environment, and operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM) Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR Provide baseline security controls to the system owner, contingent upon the ISs security categorization, type of information processed, and entity type Provide a recommendation to the Authorizing Official, in consultation with the system owner, regarding systems impact levels and ISs authorization boundary Ensure that new entities are created in the GRC application with the security categorization of agency ISs Initiate, coordinate, and recommend to the agency Authorizing Official all Interconnection Security Agreements (ISAs), Memorandum of Understanding (MOUs), and Memorandum of Agreement (MOAs) that permit the interconnection of an agency IS with any non-agency or joint-use IS Perform an independent review of the System Security Plan (SSP) and make approval decisions Request and negotiate the level of testing required for an IS with the Enterprise Information Security Section and the agency Authorizing Official Schedule security control assessments in coordination with the system owner. Coordinate IS security inspections, tests, and reviews with the Security and system owner. Submit the final SAA package to the agency Authorizing Official for a security ATO decision Ensure that the Security ATO Electronic Communication (EC) is serialized into Sentinel under the applicable case file number Advise the agency's authorized official on IS vulnerabilities and residual risks. Ensure that all POA&M actions are completed and tested Coordinate initiation of an event-driven reauthorization with the agency Authorizing Official Ensure the removal and retirement of agency ISs being decommissioned in coordination with the SO, ISSM, ISSE, and ISSR What are the 3-4 non-negotiable requirements of this position? Active U.S. Government (DoD-Issued) Top Secret Security Clearance with SCI and a CI-Polygraph eligibility. At least 5 years serving as an Information Systems Security Officer (ISSO) at a cleared facility DoD Instruction 8570.1 Information Assurance Management (IAM) Level III Certification What are the nice-to-have skills? A bachelors and/or advanced degree in computer science, business management, or IT-related discipline

ISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ

The Information Security Manager is responsible for designing, implementing, and enhancing a comprehensive technology compliance and risk management program to bolster the organization's security posture. This role involves continuous assessment, reporting, and improvement of technology risks and compliance activities across global operations. You will serve as a pillar of the Information Security Program by driving and managing program activities, ensuring success through collaboration with internal and external partners. In the future you will establish a team and reports, but on the forefront there will be a focus on managing third party and vendor risk with an emphasis on front end offensive security activities and conducting service provider security assessments. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to ********************.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: **************************************************** Skills and Requirements -5+ years of experience managing an enterprise risk register -5+ years of experience managing InfoSec gathering and reporting metrics -5+ years of experience spearheading offensive security activities -5+ years of experience managing policy document and improvement -5+ years of experience implementing data retention policies -5+ years of experience managing third party risk management and cyber risk rating tools -CISSP Certification -Automotive industry experience

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the Role We're looking for an Operating Systems Security Engineer to harden and secure the OS layer of our infrastructure. You'll be responsible for designing and implementing OS-level security controls, from kernel hardening to runtime protection, ensuring our systems can withstand sophisticated attacks while maintaining the performance required for AI model training. This is a hands-on role where you'll work with cutting-edge hardware and implement novel security solutions for environments that don't exist anywhere else in the world. You'll need to balance extreme security requirements with the operational needs of researchers training models at unprecedented scale. What You'll Do: Design and implement hardened OS configurations for AI workloads across diverse hardware platforms Minimize attack surfaces by removing as many unnecessary components as possible from kernelspace and userspace Develop kernel security policies using SELinux, AppArmor, and custom Linux Security Modules and runtime enforcement mechanisms Implement and maintain full-disk encryption solutions for diverse storage systems Build security infrastructure for AI systems, research environments, and production services Create OS-level attestation and integrity monitoring systems Apply security patches, develop patches for custom kernel modules, and kernel hardening configurations Design secure boot processes and trusted execution environments Work with container teams to ensure proper workload isolation at the kernel level Design privilege separation and mandatory access control policies Implement secure update mechanisms for OS components Build tooling for security configuration management and compliance verification Serve as a subject matter expert for OS security questions and designs Who You Are: 5+ years of experience in operating systems security or kernel development Deep knowledge of Linux internals, including kernel subsystems and security frameworks (SELinux, AppArmor, seccomp, etc.) Experience with kernel hardening techniques and exploit mitigation Strong programming skills in C and systems programming languages Experience with eBPF for security monitoring and enforcement Understanding of virtualization and containerization security Track record of identifying and fixing OS-level security vulnerabilities Experience with security-focused Linux distributions Strong candidates may also have: Kernel development experience or contributions to Linux kernel Experience with real-time or embedded operating systems Knowledge of hardware security features and their OS integration Experience with secure boot technologies Experience with confidential computing and memory encryption technologies (SEV, TDX, SGX) Background in vulnerability research, exploit development, or fuzzing Experience with formal methods for OS verification Knowledge of hardware security features and their OS integration (TPM, HSM, secure enclaves) Deadline to apply: None. Applications will be reviewed on a rolling basis. The expected base compensation for this position is below. Our total compensation package for full-time employees includes equity, benefits, and may include incentive compensation. Annual Salary:$300,000-$405,000 USDLogistics Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience. Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices. Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team. How we're different We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact - advancing our long-term goals of steerable, trustworthy AI - rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills. The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences. Come work with us! Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

Required Qualifications A Bachelor's degree and three (3) years professional experience OR a combination of education and experience totaling seven (7) years from which comparable knowledge and abilities are acquired. Preferred Qualifications Experience developing operational information security procedures and technical training materials. Demonstrated experience with working within formal project management frameworks. Experience with the Splunk application, to include developing searches, reports, and other automated routines. Experience with security reviews of firewall, file system, and other forms of access control lists. Experience with digital forensics software and processes. Demonstrated ability to appropriately prioritize multiple tasks, projects, or assignments. Expert knowledge of Windows, Linux, and Apple operating systems.