Information Systems Security Manager remote jobs - 523 jobs

A technology company is seeking a skilled software engineer to join their Radar team, focusing on building systems for real-time identity event processing. The ideal candidate will have over 5 years of experience in software development, a background in large-scale systems, and strong collaboration skills. This position offers flexible remote work and comprehensive benefits, including healthcare coverage, equity grants, and generous paid time off. Join a growing team committed to delivering a seamless identity security platform. #J-18808-Ljbffr

As a Senior Security Engineer II for Identity and Access Management (IAM) at Aledade, you will play a central role in enhancing the security posture of our enterprise, cloud‑native environments, and applications. We are seeking a dedicated professional with in‑depth knowledge of IAM principles, standards, and best practices to help safeguard our systems and support our security compliance initiatives. In this role, you will work to design, implement, and maintain robust IAM solutions, managing authentication, authorization, and provisioning across diverse platforms. You will also collaborate closely with various teams to ensure alignment between IAM solutions and organizational security requirements, enabling secure and seamless access across the enterprise and cloud services. Your ability to partner cross‑functionally will be key to driving impactful outcomes and further strengthening our digital landscape. Primary Duties Working cross functionally to design, build, and operate solutions that continuously improve and automate our security capabilities Leveraging data to understand trends, metrics, and opportunities to improve our security posture and then helping execute on those opportunities with stakeholders Leading and enhancing incident response efforts, spearheading analysis, containment, and mitigation strategies in a cross‑functional environment to ensure effective resolution and remediation of security incidents Helping craft and refine security documentation pertinent to our Security Program, such as policies, standards, baselines, and standard operating procedures Mentoring and coaching more junior engineers or analysts Minimum Qualifications BS / BTech (or higher) in Computer Science, Information Technology, Cybersecurity or a related field, 8 years security domain experience without degree 6+ years of experience in software or security engineering within Cloud Native environments 4+ years of experience working with large datasets to identify opportunities for security posture improvements or to detect, investigate and respond to threats 4+ years of experience acting as a trusted advisor in a team setting, solving for short‑term and long‑term business value 4+ years of experience coaching other engineers or analysts Preferred KSA's Identity & Access Management Experience with Identity & Access Management (IaM) systems and practices In‑depth knowledge of authentication protocols, authorization mechanisms, and directory services Strong proficiency implementing IAM solutions within very complex environments Familiarity with regulatory compliance and security standards Experience generating automated metrics to measure service and program effectiveness and consistency Strong communication skills, both written and verbal, with the capability to articulate complex security issues to a diverse audience Automation skills: Powershell, Python, Terraform Expertise on Okta products - Directory, SSO, MFA, Workflows, ISPM and IGA Experience with tools in the security stack strongly preferred: Auth0/Entra ID/Ping Identity, Cloud Platforms - AWS/Azure/GCP Physical Requirements Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required. Who We Are Aledade, a public benefit corporation, exists to empower the most transformational part of our health care landscape - independent primary care. We were founded in 2014, and since then, we've become the largest network of independent primary care in the country - helping practices, health centers and clinics deliver better care to their patients and thrive in value‑based care. Additionally, by creating value‐based contracts across a wide variety of health plans, we aim to flip the script on the traditional fee‑for‑service model. Our work strengthens continuity of care, aligns incentives and ensures primary care physicians are paid for what they do best - keeping patients healthy. If you want to help create a health care system that is good for patients, good for practices and good for society - and if you're eager to join a collaborative, inclusive, and remote‑first culture - you've come to the right place. What Does This Mean for You? At Aledade, you will be part of a creative culture that is driven by a passion for tackling complex issues with respect, open‑mindedness and a desire to learn. You will collaborate with team members who bring a wide range of experiences, interests, backgrounds, beliefs and achievements to their work - and who are all united by a shared passion for public health and a commitment to the Aledade mission. Benefits Flexible work schedules and the ability to work remotely are available for many roles Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners Robust time‑off plan (21 days of PTO in your first year) Two paid volunteer days and 11 paid holidays 12 weeks paid parental leave for all new parents Six weeks paid sabbatical after six years of service Educational Assistant Program and Clinical Employee Reimbursement Program 401(k) with up to 4% match Stock options And much more! Equal Employment Opportunity Statement At Aledade, we don't just accept differences, we celebrate them! We strive to attract, develop and retain highly qualified individuals representing the diverse communities where we live and work. Aledade is committed to creating a diverse environment and is proud to be an equal opportunity employer. Employment policies and decisions at Aledade are based on merit, qualifications, performance and business needs. All qualified candidates will receive consideration for employment without regard to age, race, color, national origin, gender (including pregnancy, childbirth or medical conditions related to pregnancy or childbirth), gender identity or expression, religion, physical or mental disability, medical condition, legally protected genetic information, marital status, veteran status, or sexual orientation. Privacy Policy By applying for this job, you agree to Aledade's Applicant Privacy Policy available at ************************************************* #J-18808-Ljbffr

A leading security training provider is seeking a Senior Security Engineer for their content engineering team. This role supports security professionals, builds hands-on content, and integrates security into DevOps. Ideal candidates have over 5 years of experience in application security and are passionate about improving security practices. The position is remote-first with competitive compensation and benefits. #J-18808-Ljbffr

Lightning Labs is seeking to hire a Security Engineer for the ongoing scaling of our growing engineering organization. This is a hands-on role that consists of devising and implementing policies and procedures around best practices in systems security. The ideal candidate has experience in securing web, Bitcoin, and other public-facing network services, penetration testing, and both automated and manual source code security reviews. Due to the domain in which we work, experience with Bitcoin and the Lightning Network is extremely desirable as is knowledge of the cryptographic aspects involved in this area. As we are an international organization, experience and comfort working with highly distributed teams is a must. In addition, the ideal candidate should have a passion for our mission of bringing financial freedom to the world, as well as for Bitcoin as a whole. Although a part of the engineering organization, candidates in this position will work across functional team boundaries to ensure all aspects of the business are appropriately considered and covered by security best practices. Responsibilities may include but are not limited to: Designing and deploying active fuzzing, black+white box testing and penetration testing infrastructure for open source and production systems Performing security audits and review of both internal production systems as well as open source software which interacts with Bitcoin+Lightning in a security critical manner Provide mentorship and guidance to level up your teammates Creating global security policy, standards, guidelines, and procedures to ensure ongoing maintenance of security Overseeing security aspects of software release processes and infrastructure Determining security team requirements for future growth Developing and ensuring responsiveness of security incident management processes Performing risk management assessments Preferred experience: At least 5 years prior experience in in systems security An ability to work with a high impact, fast-moving startup team Extensive knowledge of operating system and computer architecture internals Strong understanding of cryptography, protocol design and adversarial analysis Experience in reverse engineering and exploiting of cryptographic protocol (cryptocurrencies like Bitcoin) systems Extensive expertise with professional software development experience in Go, Rust, C/C++, and/or Java Experience in security incident response Experience in security code review and vulnerability triaging Prior experience running an open source facing bug bounty program 2+ years management experience or experience as a senior decision maker Experience working with remote teams Experience working with Kubernetes and AWS infrastructure Working knowledge of fundamental Bitcoin and Lightning design principles Candidates with additional experience are welcome to apply as we are open to adjusting the role accordingly #J-18808-Ljbffr

Information Technology at Procter & Gamble is where business, innovation and technology integrate to build a competitive advantage for P&G. Our mission is clear -- we deliver IT to help P&G win with the over 5 billion consumers we serve worldwide. Our IT professionals are diverse business leaders who apply IT expertise to deliver innovative, tech-focused business models and capabilities for our 65 iconic, trusted brands. From Day 1, you'll be trusted to dive right in, take the lead, use your initiative, and build billion-dollar brands that help make everyday activities easier and make the world a better place! Our company offers purposeful work that will take your career places you never envisioned, in creative workspaces where innovation thrives and where your technical expertise is recognized and rewarded. The Opportunity P&G is seeking a Governance, Risk, and Compliance Director passionate about safeguarding data, enabling business through smart risk management, and shaping the future of cybersecurity. The IT Governance, Risk, and Compliance (GRC) Organization at Procter & Gamble is responsible for risk identification, assessment, and remediation across the IT landscape, as well as driving automated governance and compliance breakthroughs. As the GRC expert, you'll play a critical role in maturing and maintaining the security risk and compliance posture of our organization. You will lead initiatives that align our security program with business goals, ensure regulatory and policy compliance, and creatively solve problems to manage risk for the company. Responsibilities: Governance: Maintain and evolve the information security policy framework and controls aligned with industry best practices (e.g., NIST, ISO 27001, CIS). Establish and track metrics to measure policy adherence and program maturity. Drive internal alignment on security roles, responsibilities, and expectations. Risk Management: Manage the enterprise risk management process including risk identification, analysis, treatment planning, and reporting. Conduct security risk assessments for internal systems, projects, vendors, and business processes. Facilitate risk-based decision-making at all levels of the organization. Compliance: Ensure ongoing compliance with applicable regulations and frameworks (e.g., GDPR, HIPAA, CCPA, SOX). Maintain a library of evidence and documentation to support audit and regulatory needs. Monitor the effectiveness of IT controls and identify gaps in compliance. Analyze control measurements for negative trends and reoccurrence frequency. Collaborate with internal/external auditors on compliance audits, audit findings, and issue remediation Awareness & Enablement: Contribute to the continuous improvement of the risk and compliance mindset across P&G. Build IT risk awareness by providing support and training to others. Collaborate cross-functionally with IT, Legal, Privacy, and Business Operations teams. Stay up to date with how current events, security focus areas, and the regulatory environment may impact P&G's compliance processes Estimated Percent of Time Spent on Work 25% - Risk identification, analysis, and assessment 40% - Plan and drive enterprise-wide initiatives to reduce risk and improve compliance across the organization 25% - Assess and improve the effectiveness of IT controls and compliance across the enterprise 10% - Collaboration with internal/external auditors, driving a risk-aware compliance mindset Job Qualifications Required: Bachelor's degree in Computer Science, Computer Systems Engineering, Cybersecurity, Industrial Engineering, Business Management Information Systems, Software Development, or related field Prior hands on experience working in a security-focused role, such as Information Security Analyst, SOC Analyst, Security Engineer, etc. 8+ years of experience in Governance, Risk, and Compliance with a focus on Information Security In-depth knowledge of major security frameworks (e.g., NIST CSF, ISO 27001, SOC 2). Experience conducting risk assessments, audits, and control testing. Strong understanding of regulatory compliance requirements (e.g., GDPR, HIPAA, SOX, PCI DSS). Proven ability to write policies, manage documentation, and communicate clearly to both technical and non-technical stakeholders. Ability to influence and build relationships with business unit stakeholders, external service providers, and architecture teams. The ability to work independently, collaborate, and learn quickly. English fluency (speak, write, and read) Preferred Skills: Certified in CISSP, ISACA CRISC, CGEIT, CISA, or similar Pay Range: $160,000 - $220,000 Compensation for roles at P&G varies depending on a wide array of equal opportunity factors including but not limited to the specific office location, role, degree/credentials, relevant skills, and level of experience. At P&G compensation decisions are dependent on the facts and circumstances of each case. Total rewards at P&G include salary + bonus (if applicable) + benefits. Your recruiter may be able to share more about our total rewards offerings and the specific salary range for the relevant location(s) during the hiring process. Our company is committed to providing equal opportunities in employment. We value diversity and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Immigration Sponsorship is not available for this role. For more information regarding who is eligible for hire at P&G along with other work authorization FAQ's, please click HERE. P&G participates in e-verify as required by law. Qualified individuals will not be disadvantaged based on being unemployed. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Job Schedule Full time Job Number R000136880 Job Segmentation Experienced Professionals Starting Pay / Salary Range $160,000.00 - $220,000.00 / year

Watershed Security, is a Veteran Owned Small Business with over 20 years' Cybersecurity and Government Contracting experiencing. Watershed is looking for a Senior Information Systems Security Officer (ISSO) to support the Naval Surface Warfare Center (NSWC) in Philadelphia, PA. The successful candidates will have experience coordinating and enacting required security changes, with in various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident-response by isolating potentially effected assets, initial investigation and data collection, through status updates/reporting. REQUIRED QUALIFICATIONS Bachelor's degree in computer science, information technology, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university. Must have at least one of the following active certifications: CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP, Years of Experience: 6 years practical experience in a cybersecurity or A&A related field. Collaborate with various levels of the organization to implement required security changes and ensure compliance with established security policies and standards. Conduct comprehensive cybersecurity vulnerability and threat assessments to identify and mitigate risks to information systems. Lead cyber-incident-response efforts, including isolating affected systems, conducting initial investigations, collecting relevant data, and providing status updates and reports to leadership. Provide guidance on best practices and recommend improvements to the organization's security posture. Perform risk assessments and develop mitigation strategies to protect sensitive data from internal and external threats. Support continuous monitoring of information systems and provide regular status reports on security compliance. Maintain up-to-date knowledge of emerging cybersecurity threats and industry best practices. Clearance Level: SECRET; US Citizen. Ability to possibly provide onsite support in Philadelphia, PA or Norfolk, VA. Some/all remote work may be an option, however the norm will be onsite support. This will be dependent upon customer needs and classification level of work being performed. Some travel may be required. Experience with the Navy RMF Process Guide (RPG), and Navy A&A tools such as ACAS, eMASS and eMASSter. Proficient with Microsoft Office Suite (Word, Excel, Teams, Project). Self Starter; detail oriented; able to brief senior level staff. DESIRED QUALIFICATIONS Experience supporting 10 or more Navy Packages (achieving and/or maintaining ATO) Experience with the NAVSEA RMF Business Rules Contingent upon award PAY RANGE Final salary is influenced by factors such as location, contract labor categories, experience, skills, education, and certifications. Watershed offers competitive compensation, medical and dental benefits, educational reimbursement, 401K plans with matching, 15 days of PTO to start and 11 paid holidays per year. The proposed salary range for this position is: $70,000.00 - $100,000.00 USD. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR The Information Systems Security Officer (ISSO) is responsible for supporting the full lifecycle of security assessment and authorization (A&A) activities for information systems. The ISSO ensures that assigned systems comply with federal cybersecurity standards and maintain their Authority to Operate (ATO) through continuous monitoring and documentation. The ISSO will be responsible for developing and providing risk assessments, Security Control Assessments (SCA), A&A documentation and various reports, based on NIST guidelines and client's policies, procedures and request. The ISSO will be responsible for providing security recommendations on any system changes or new technologies, analysis on vulnerability scans, conducting continuous monitoring activities, and provide mitigation recommendations for any risks or threats. RESPONSIBILITIES: Lead and conduct Pre-Security Assessment and Authorization (A&A) activities, including stakeholder identification, change request submissions, appointment memorandums, and IT Security Kickoff meetings. Supports the ISBO in day-to-day IT security activities. Assists the ISBO with reviews of the security posture of the system and report any findings to the ISBO, CISO, and the AO. Conduct Information System Categorization by identifying information types, completing FIPS-199 assessments, and facilitating Business Impact Analyses (BIA), Privacy Threshold Analyses (PTA), and Privacy Impact Assessments (PIA). Develop and maintain system security documentation, including: System Administration Plan (SAM) Configuration Management Plan (CMP) IT Contingency Plan (ITCP) Information Security Continuous Monitoring (ISCM) Plan Incident Response Plan (IRP) Security Assessment Report (SAR) System Security Plan (SSP) Coordinate initial and annual ITCP testing in collaboration with the OCIO Business Continuity and Disaster Recovery (BCDR) Office. Develop and manage inter-agency agreements and documentation such as MOUs, MOAs, ISAs, IT Security Waivers, and Risk Acceptance Memorandums. Document and maintain Security Control Implementation details, ensuring updates are made according to required frequency. Coordinate vulnerability and compliance scans, Security Control Assessments (SCA), and track remediation efforts with the IT Security Test Team. Manage and update Plan of Action and Milestones (POA&M) entries, submitting remediated findings for closure. Prepare and present SAR to Authorizing Officials to obtain or renew ATO. Perform Information Security Continuous Monitoring (ISCM) activities to ensure ongoing compliance and security posture of systems. Develop and update project schedule, including A&A / SCA task and milestones, task dependencies, and personnel resources. Conduct A&A activities and tasks and obtain ATO in line with NIST and client guidance and directives. Determining the baseline IT Security requirements for IT Systems, identifying system boundaries, determining information categories, assisting with FIPS-199. Ensure that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices. Enforce security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility. Ensure users and system support personnel have the required authorization and need-to-know; have been indoctrinated; and are familiar with internal security practices before access to the IT System. Implement security controls based on IT System FIPS categorization. Document security control implementation in the system's Security Plan using the client's GRC tool. Document system's risk assessment per client directives and requirements. Review and monitoring system security and audit logs. Develop and maintain Plan of Actions and Milestones (POA&Ms) for IT systems. Update A&A documentation and artifacts on a regular basis (e.g. annually, after approved change). QUALIFICATIONS: A minimum of five (5) years of demonstrated experience in the Information Security or IT field. Demonstrates a proficiency with developing, maintaining and managing SA&A packages. Experience with developing and managing POA&M's. Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment. Strong understanding of federal cybersecurity frameworks (e.g., NIST RMF, FIPS-199, FISMA). Experience in developing and maintaining security documentation and plans. Possess experience conducting CPT's. Experience conducting audit log reviews. Technical experience with conducting vulnerability management, compliance scanning, and providing mitigation techniques. Excellent communication and coordination skills with technical and non-technical stakeholders. Ability to manage multiple systems and projects simultaneously in a dynamic environment. Excellent communication (written and verbal) skills. CERTIFICATION: A minimum of at least one (1) certification that meet DOD 8570 IAT Level II (e.g., Security+, GSEC, CASP) requirements or any equivalent or more advanced. CLEARANCE: Client Suitability and Public Trust LOCATION and HOURS: Location: Primary location is at Zermount HQ (Arlington, VA) and the Client Site (Washington, D.C.). Remote work is authorized. Onsite work at the primary location., may be occasionally required. Hours of Operation (Business Hours): 8:00 am ET - 5:30 pm ET

TO BE CONSIDERED FOR THIS POSITION YOU MUST CURRENTLY HAVE AN ACTIVE TS/SCI WITH POLYGRAPH SECURITY CLEARANCE WITH THE FEDERAL GOVERNMENT. (U.S. CITIZENSHIP REQUIRED). Responsibilities Include: Enhancing security posture by supporting the program, organization, system, or enclave's information assurance initiatives and enforcing security policies, standards, and methodologies. Overseeing security operations for information systems, managing daily security aspects, evaluating security solutions for classified processing, and conducting vulnerability and risk assessments for accreditation. Managing configuration and system integrity by administering configuration management (CM) for security software, hardware, and firmware, ensuring compliance with security controls, and assessing the impact of system changes. Developing and maintaining security documentation, including System Security Plans (SSPs), Risk Assessment Reports, Certification & Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs). Ensuring compliance with security authorization activities following the Information System Certification and Accreditation Process (NISCAP) and DoD Risk Management Framework (RMF). Providing technical expertise in security policies and operations, supporting the implementation and maintenance of security measures, and collaborating with stakeholders to strengthen the security posture. Driving continuous improvement by assessing existing security processes, identifying vulnerabilities, and implementing proactive solutions to enhance system resilience. Basic Qualifications: Bachelor of Science degree in Computer Science, Information Assurance, Information Security, or a related discipline, plus 12+ years of relevant experience. In lieu of a degree, an additional 4 years of experience may be considered on a case by case basis. Industry Expertise: 7+ years of ISSO experience supporting IC or DoD programs and contracts of similar scope, type, and complexity. Experience with customer Info Security tool suite, as well: Latteart, Biscoti, Xacata Certifications & Compliance: DoD 8570 compliance with IAM Level II or IAT Level III (CASP, CISSP, or Associate). Clearance Requirement: Must hold an active TS/SCI with Polygraph Compensation: We are committed to providing fair and competitive compensation. The salary range for our positions vary depending on accepted contractual position skill level. These salaries fall within the range of $78,000 to $275,000 per year. This range reflects the compensation offered across the locations where we hire. The exact salary will be determined based on the candidate's work location, specific role, skill set, and level of expertise. Benefits: We offer a comprehensive benefits package, including: Health Coverage: Medical, dental, and vision insurance Additional Insurance: Basic Life/AD&D, Voluntary Life/AD&D, Short and Long-Term Disability, Accident, Critical Illness, Hospitalization Indemnity, and Pet Insurance Retirement Plan: 401(k) plan with company match Paid Time Off: Generous PTO, paid holidays, parental leave, and more Wellness: Access to wellness programs and mental health support Professional Development: Opportunities for growth, including tuition reimbursement Additional Perks: Flexible work arrangements, including remote work options Flexible Spending Accounts (FSAs) Employee referral programs Bonus opportunities Technology allowance A diverse, inclusive, and supportive workplace culture

At The One 23 Group, our mission is to set the benchmark for excellence in government services. We empower our clients in the Department of Defense, intelligence community, and federal civilian sectors to excel with our advanced capabilities. Our dedication lies in fostering a people-first culture, underpinned by steadfast ethical principles. Embracing innovative technologies and process improvements, we are steadfast in our journey toward a future that is both bright and transformative. Our expertise spans consulting and analytics, digital workplace solutions, and cyber compliance. With our global footprint, we place a strong emphasis on nurturing our people and culture, which forms the core of our successful strategies in leadership and financial management. We pride ourselves on our extensive experience and effective approach, ensuring that we lead with both innovation and integrity. Responsibilities Contractor to provide cyber security management, oversight, and customer support for maintaining the continuity of DHS Management Information System compliance in accordance with DHS, National Institute of Standards and Technology (NIST), and other applicable Federal standards. This Position is 100% Remote. Applies specialized knowledge of sensitive system Cybersecurity requirements and Privacy Act requirements. Applies specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with NIST's Risk Management Framework and the Federal Risk and Authorization Management Program (FedRAMP). Applies specialized knowledge and experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, Federal Information Processing Standards (FIPS, and NIST guidelines. Applies knowledge of DHS Information Security Policy Directives and Handbooks is preferred. Applies knowledge and experience with standard IA concepts, practices, and procedures. Working independently to solve problems quickly and completely. Applies specialized experience with three (3) of the four (4) following criteria is required: Vulnerability scanning execution, assessment, and analysis. Operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN]). Information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies. Application security, database security, and network security. Possess ability to assess and weigh current and evolving security threats in an operational environment. Possess good oral and written communication skills. Team player who can collaborate with multiple stakeholders to arrive at the best solution. Qualifications Master's degree and 4 years of Cybersecurity & Federal Information Security Modernization Act (FISMA) experience, or a Bachelor's Degree and 5 years of Cybersecurity & FISMA experience or a total of 7 years of Cybersecurity & Federal Information Security Modernization Act (FISMA) experience Must be a US citizen with ability to obtain/maintain a Top Secret clearance Possesses one (1) of the following professional security certifications or can be obtained within six (6) months of hire: Certified Information System Security Professional (CISSP) CompTIA Advanced Security Practitioner (CASP) Certified Information Systems Auditor (CISA) Certified Ethical Hacker (CEH) Systems Security Certified Practitioner (SSCP) Certified Information Security Manager (CISM) GIAC Information Security Professional (GISP) GIAC Security Leadership (GSLC) We can recommend jobs specifically for you! Click here to get started.

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR The Information Systems Security Officer (ISSO) is responsible for supporting the full lifecycle of security assessment and authorization (A&A) activities for information systems. The ISSO ensures that assigned systems comply with federal cybersecurity standards and maintain their Authority to Operate (ATO) through continuous monitoring and documentation. The ISSO will be responsible for developing and providing risk assessments, Security Control Assessments (SCA), A&A documentation and various reports, based on NIST guidelines and client's policies, procedures and request. The ISSO will be responsible for providing security recommendations on any system changes or new technologies, analysis on vulnerability scans, conducting continuous monitoring activities, and provide mitigation recommendations for any risks or threats. RESPONSIBILITIES: Lead and conduct Pre-Security Assessment and Authorization (A&A) activities, including stakeholder identification, change request submissions, appointment memorandums, and IT Security Kickoff meetings. Supports the ISBO in day-to-day IT security activities. Assists the ISBO with reviews of the security posture of the system and report any findings to the ISBO, CISO, and the AO. Conduct Information System Categorization by identifying information types, completing FIPS-199 assessments, and facilitating Business Impact Analyses (BIA), Privacy Threshold Analyses (PTA), and Privacy Impact Assessments (PIA). Develop and maintain system security documentation, including: System Administration Plan (SAM) Configuration Management Plan (CMP) IT Contingency Plan (ITCP) Information Security Continuous Monitoring (ISCM) Plan Incident Response Plan (IRP) Security Assessment Report (SAR) System Security Plan (SSP) Coordinate initial and annual ITCP testing in collaboration with the OCIO Business Continuity and Disaster Recovery (BCDR) Office. Develop and manage inter-agency agreements and documentation such as MOUs, MOAs, ISAs, IT Security Waivers, and Risk Acceptance Memorandums. Document and maintain Security Control Implementation details, ensuring updates are made according to required frequency. Coordinate vulnerability and compliance scans, Security Control Assessments (SCA), and track remediation efforts with the IT Security Test Team. Manage and update Plan of Action and Milestones (POA&M) entries, submitting remediated findings for closure. Prepare and present SAR to Authorizing Officials to obtain or renew ATO. Perform Information Security Continuous Monitoring (ISCM) activities to ensure ongoing compliance and security posture of systems. Develop and update project schedule, including A&A / SCA task and milestones, task dependencies, and personnel resources. Conduct A&A activities and tasks and obtain ATO in line with NIST and client guidance and directives. Determining the baseline IT Security requirements for IT Systems, identifying system boundaries, determining information categories, assisting with FIPS-199. Ensure that IT Systems are operated, used, maintained, and disposed of in accordance with internal security policies and practices. Enforce security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility. Ensure users and system support personnel have the required authorization and need-to-know; have been indoctrinated; and are familiar with internal security practices before access to the IT System. Implement security controls based on IT System FIPS categorization. Document security control implementation in the system's Security Plan using the client's GRC tool. Document system's risk assessment per client directives and requirements. Review and monitoring system security and audit logs. Develop and maintain Plan of Actions and Milestones (POA&Ms) for IT systems. Update A&A documentation and artifacts on a regular basis (e.g. annually, after approved change). QUALIFICATIONS: A minimum of five (5) years of demonstrated experience in the Information Security or IT field. Demonstrates a proficiency with developing, maintaining and managing SA&A packages. Experience with developing and managing POA&M's. Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment. Strong understanding of federal cybersecurity frameworks (e.g., NIST RMF, FIPS-199, FISMA). Experience in developing and maintaining security documentation and plans. Possess experience conducting CPT's. Experience conducting audit log reviews. Technical experience with conducting vulnerability management, compliance scanning, and providing mitigation techniques. Excellent communication and coordination skills with technical and non-technical stakeholders. Ability to manage multiple systems and projects simultaneously in a dynamic environment. Excellent communication (written and verbal) skills. CERTIFICATION: A minimum of at least one (1) certification that meet DOD 8570 IAT Level II (e.g., Security+, GSEC, CASP) requirements or any equivalent or more advanced. CLEARANCE: Client Suitability and Public Trust LOCATION and HOURS: Location: Primary location is at Zermount HQ (Arlington, VA) and the Client Site (Washington, D.C.). Remote work is authorized. Onsite work at the primary location., may be occasionally required. Hours of Operation (Business Hours): 8:00 am ET - 5:30 pm ET

ISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ

SECURITY CLEARANCE REQUIREMENT: TS, WITH SCI ELIGIBILITY This position requires onsite work. However, due to COVID-19, remote work on a rotational schedule is temporarily available. REQUIRES US CITIZENSHIP*** Program Description: The program provides support in the areas of Cybersecurity and Management to improve the Information Assurance (IA) posture of a federal customer. The contract's support functions are: IA Management, Federal Information Security Management Act (FISMA) coordination and reporting, Risk Management Framework (RMF) application, IA compliance measurements and metrics, Assessment and Authorization (A&A), Vulnerability Management, and Cyber Defense support. Position Description: We are seeking a Junior Level ISSO to carry out the following duties and responsibilities: Services to support IS Security performed by the Information System Security Officer (ISSO) at a minimum, shall consist of to the following activities: Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS Provide liaison support between the system owner and other IS security personnel Ensure that selected security controls are implemented and operating as intended during all phases of the IS lifecycle Ensure that system security documentation is developed, maintained, reviewed, and updated on a continuous basis Conduct required IS vulnerability scans according to risk assessment parameters. Develop Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities Manage the risks to ISs and other agency assets by coordinating appropriate correction or mitigation actions, and oversee and track the timely completion of (POAMs) Coordinate system owner concurrence for correction or mitigation actions Monitor security controls for agency ISs to maintain security Authorized To Operate (ATO) Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase Ensure that changes to an agency IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM) Ensure the removal and retirement of ISs being decommissioned in coordination with the system owner, ISSM, and ISSR Provide baseline security controls to the system owner, contingent upon the IS's security categorization, type of information processed and entity type Provide a recommendation to the Authorizing Official, in consultation with the system owner, regarding systems' impact levels and ISs' authorization boundary Ensure that new entities are created in the GRC application with the security categorization of agency ISs Initiate, coordinate, and recommend to the agency Authorizing Official all Interconnection Security Agreement (ISAs), Memorandum of Understanding (MOUs), and Memorandum of Agreement (MOAs) that permit the interconnection of an agency IS with any non-agency or joint-use IS Perform an independent review of the System Security Plan (SSP) and make approval decisions Request and negotiate the level of testing required for an IS with the Enterprise Information Security Section and the agency Authorizing Official Schedule security control assessments in coordination with the system owner. Coordinate IS security inspections, tests, and reviews with the Security and system owner. Submit the final SAA package to the agency Authorizing Official for a security ATO decision Ensure that the Security ATO Electronic Communication (EC) is serialized into Sentinel under the applicable case file number Advise the agency Authorizing Official of IS vulnerabilities and residual risks. Ensure that all POA&M actions are completed and tested Coordinate initiation of an event-driven reauthorization with the agency Authorizing Official Ensure the removal and retirement of agency ISs being decommissioned, in coordination with the SO, ISSO, and ISSR Qualifications: Required: Current U.S. Government Top Secret Clearance w/ SCI and a CI-Polygraph eligibility Must be a U.S Citizen 5+ years serving as an Information Systems Security Officer (ISSO) at a cleared facility Minimum of 5 years of work experience in a computer science or Cybersecurity related field Familiarity with the use and operation of security tools including Tenable Nessus and/or Security Center, IBM Guardium, HP Weblnspect, Network Mapper (NMAP), and/or similar applications Hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP) Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 Information Assurance Management (IAM) Level I proficiency Desired: A bachelor's and/or advanced degree in computer science, business management, or IT-related discipline Employee Benefits: Competitive salary for well qualified applicants 401(k) plan Annual performance bonus Certification and advanced degree attainment bonuses Student Loan / Tuition reimbursement Health Care Insurance (medical, dental, vision) Up to four weeks of paid vacation 11 Federal Holidays, and 3 Floating Holidays Team bonding events RedTrace Technologies is an EOE employer.

Description:What We're Doing: Lockheed Martin's, Rotary & Mission Systems (LM RMS), F-35 Cyber Security invites you to step up to one of today's most daunting challenges: the protection of exquisite government capabilities leading to warfighter supremacy against our peer and near peer adversaries. As a cybersecurity professional at Lockheed Martin, you'll safeguard the sensitive information and warfighting capabilities that our citizens and the world depend upon to protect U.S. and ally interests. Here, you'll work alongside other cybersecurity experts, related departments, and military members to support the military operational objectives by providing them with a safe and secure operating environment. In this fast-paced, real-world environment, you'll draw on all your education and experience as well as the resources of Lockheed Martin to keep these exquisite capabilities protected. The Work: This Information System Security Officer (ISSO) position will support the Information System Security Manager (ISSM) in developing, maintaining and overseeing the cybersecurity of assigned classified and/or unclassified F-35 systems at Eglin AFB. Typical ISSO responsibilities include but are not limited to: * Ensuring required cybersecurity controls are implemented and validated, to include continuous monitoring actions for assigned systems. * Supporting the development and maintenance of cybersecurity related plans and procedures. * Monitoring for non-compliance, anomalous activity (i.e., threats), and effectively reporting such activity and associated risks. * Ensuring POA&Ms or remediation plans are in place for vulnerabilities identified during monitoring activity, audits, inspections, etc. and implementing, or overseeing, corrective actions. * Creating, collecting and retaining data to meet reporting requirements. * Monitoring and correlating data (i.e., events) from a variety of sources (e.g., Splunk, ELA, ePO, ACAS, etc.) to identify and mitigate threats, vulnerabilities and non-compliance. * Investigating, analyzing and responding to cyber events, incidents and non-compliance, including trend analysis, creating detailed written reports and briefing the appropriate parties. * Identifying, implementing and enforcing requirements for the proper handling and storage of Government data and electronic media. * Conducting self-inspections and preparing for customer inspections. * Interacting professionally during the enforcement of security policy and procedures. Assigned systems may vary in classification, capabilities and complexity. Mission requirements may require other than first-shift work and additional responsibilities as assigned. Who we are: Lockheed Martin is a Cyber Security pioneer, partner, innovator and builder. In support of our many customers, the amazing members of our team are responsible for providing all aspects of cybersecurity support in a complex environment. In a rapidly growing enterprise, this role offers the opportunity to grow and hone the unique skills and experiences required as a cybersecurity expert to create, design and build solutions to some of the world's hardest engineering problems. Why Join Us: Your Health, Your Wealth, Your Life With our employees as our top priority, we provide diverse career opportunities designed to propel development and boost agility. Our flexible schedules, competitive pay and comprehensive benefits enable our employees to live a healthy, fulfilling life at and outside of work. At Lockheed Martin, we place an emphasis on empowering our employees by fostering innovation. We believe that by applying the highest standards of business ethics and visionary thinking, everything is within our reach - and yours as a Lockheed Martin employee. Lockheed Martin values your skills, training and education. Come and experience your future! Basic Qualifications: * Final Transferable Secret security clearance; last Periodic Reinvestigation must be within the last five (5) years or enrollment in Continuous Vetting program. * Ability to obtain and maintain Special Access Program (SAP) access. * Possess a valid certification that meets or exceeds DoD 8570.01-M IAT II requirements. * Meets: CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP * Exceeds: CASP+ CE, CCNP Security, CISA, CISSP (or Assc), GCED, GCIH, CCSP * Prior experience in a cyber workforce role, as categorized by the NICE or DoD workforce frameworks. Desired Skills: * Prior experience as an ISSO, ISSM or related DoD Cyber Workforce Role on one or more F-35 information systems. * Prior experience ensuring compliance with applicable laws, regulations, guidance and policies as they relate to DoD cybersecurity and SAPs (e.g., DoDI 8510.01, JSIG, DoDM 5205.07, NIST SP 800 series). * Prior experience with the system authorization process, associated artifacts and their requirements (e.g., SSP, SCTM, Security CONOPs, SOPs). Security Clearance Statement: This position requires a government security clearance, you must be a US Citizen for consideration. Clearance Level: Secret with Investigation or CV date within 5 years Other Important Information You Should Know Expression of Interest: By applying to this job, you are expressing interest in this position and could be considered for other career opportunities where similar skills and requirements have been identified as a match. Should this match be identified you may be contacted for this and future openings. Ability to Work Remotely: Onsite Full-time: The work associated with this position will be performed onsite at a designated Lockheed Martin facility. Work Schedules: Lockheed Martin supports a variety of alternate work schedules that provide additional flexibility to our employees. Schedules range from standard 40 hours over a five day work week while others may be condensed. These condensed schedules provide employees with additional time away from the office and are in addition to our Paid Time off benefits. Schedule for this Position: Non- standard 40 hour work week as assigned by leader Lockheed Martin is an equal opportunity employer. Qualified candidates will be considered without regard to legally protected characteristics. The application window will close in 90 days; applicants are encouraged to apply within 5 - 30 days of the requisition posting date in order to receive optimal consideration. At Lockheed Martin, we use our passion for purposeful innovation to help keep people safe and solve the world's most complex challenges. Our people are some of the greatest minds in the industry and truly make Lockheed Martin a great place to work. With our employees as our priority, we provide diverse career opportunities designed to propel, develop, and boost agility. Our flexible schedules, competitive pay, and comprehensive benefits enable our employees to live a healthy, fulfilling life at and outside of work. We place an emphasis on empowering our employees by fostering an inclusive environment built upon integrity and corporate responsibility. If this sounds like a culture you connect with, you're invited to apply for this role. Or, if you are unsure whether your experience aligns with the requirements of this position, we encourage you to search on Lockheed Martin Jobs, and apply for roles that align with your qualifications. Experience Level: Experienced Professional Business Unit: RMS Relocation Available: Possible Career Area: Information Security/Information Assurance Type: Full-Time Shift: First

We're seeking an experienced Director of Information Security to join our dynamic team and help drive our growth. In this role, your job will be to coordinate people and processes to instill a “security first” mindset for information management, systems development, acceptable use of these systems, staff awareness, and oversight of our vendors and partners. This security professional will lead the management of risk and compliance of intellectual property, including day-to-day network and cyber tool monitoring, oversight, and ongoing security testing. The individual performing this role will enforce policies and procedures that ensure compliance with state, federal, and industry standards and requirements, ensuring our customers' and company's data are protected. As the Director of Information Security, you will implement a security-readiness plan and provide guidance on how to quickly and effectively respond to any and all security incidents. In addition, this role will be instrumental in implementing controls and monitoring capabilities that provide visibility into the organization's security posture. At RxVantage we transform how medical practices engage with life sciences resources and expertise to improve patient care. Our platform intelligently connects healthcare providers with the precise life sciences experts that they need, when they need them. As a result, medical practices stay on the cutting edge of patient care without disrupting workflows. Trusted by more than tens of thousands of healthcare practitioners and all major life sciences companies, RxVantage has powered millions of educational exchanges between healthcare teams and life sciences companies. What you'll be doing: Creating and implementing a security roadmap based on current and ongoing assessments Ensuring policies are developed and maintained from both a business & technical perspective for the application, data, and security needs of the organization Working with Legal to ensure agreements are congruent with policies Overseeing the GRC (Governance Risk and Compliance) process Ensuring compliance with industry laws and regulations for data security and privacy to include CCPR, 21 CFR Part 11, SOC2, NIST SP800-53 Monitoring the Identity and Access Management Framework Benefits: Competitive Salary 100% Company-Paid Premiums for Employee's Medical Health (HDHP 4500), Vision, and Dental Plans + $4,400 company sponsored contribution into an HSA Short-term and Long-term Disability Life Insurance 401k Matching Work from Anywhere within the US Flexible PTO 100% Paid Parental Leave Post-Parental Leave Program - $5k stipend to assist with expenses, 4 week 100% paid “Ease-Back” return to work transition period Charitable donation matching Location: Our “Work from Anywhere” philosophy is aimed at making sure that we recruit a diverse range of thought leadership to ensure that our technology is better able to serve local health care providers. Our goal is to hire the country's top talent and allow them to create an environment within the U.S. where they can do their best work. About Our Organization: At RxVantage, we're a small company with a big mission: to connect healthcare providers with the right life science experts and resources they need, exactly when they need them, to improve patient care. We've built a software platform that's changing the way providers learn about the latest medical advancements and technologies. Every year, our platform powers over 1 million educational exchanges between medical practices and life science companies, making it easier for them to stay informed and provide better care. We have a proven product, a strong mission, and a passionate team. Now, we're looking for talented people to help us grow even more. If you're driven, eager to make an impact, and ready to be part of something meaningful, we want to hear from you! --- RxVantage is an equal opportunity employer and dedicated to ensuring that we represent the local communities where our health and wellbeing providers serve as pillars of support to our family, friends, and neighbors. Our representation within these communities allows us to embody a diverse set of backgrounds, experiences, abilities and perspectives; and provide an inclusive environment for our team to feel empowered to be their authentic selves, without fear of harassment or discrimination.

Compliance & Information Security Manager Department: Compliance Reports To: VP of Compliance Installation Made Easy (“IME”) provides software and process management that enable retailers and contractors to offer installed home improvements to homeowners in a convenient, consistent, and affordable manner. IME senior management has over 100 years of retail management and home improvement industry experience. We are seeking a Compliance & Information Security Manager to build and manage our corporate compliance and information security governance program. The role will lead regulatory compliance initiatives, manage audit and certification efforts, and partner closely with Compliance, IT, and Security teams to support a strong risk and compliance posture. The candidate must be able to work independently in a remote environment. Essential Functions: Manage compliance programs related to PCI DSS, SOC 1 / SOC 2, and related frameworks. Serve as project manager for external audits and certifications, coordinating internal teams and external auditors. Maintain compliance with U.S. consumer privacy and data protection laws, including state privacy and breach notification requirements. Develop and maintain compliance, privacy, and information security policies and documentation. Review and redline agreements with customers, partners, and vendors, focusing on data protection, security, and compliance terms. Oversee the maintenance of the company's certifications and licenses, such as money services licensure and/or business registrations Support information security governance, risk assessments, vendor risk reviews, and remediation tracking. Provide compliance support during security incidents and investigations. Partner cross-functionally and provide compliance guidance and training across the organization. Perform other duties as required. Minimum Qualifications: 5+ years of experience in compliance, information security, risk management, or GRC roles. Hands-on experience managing PCI and SOC audits. Working knowledge of U.S. consumer privacy and data protection laws. Experience reviewing and redlining commercial agreements. Strong project management and communication skills. Bachelor's degree in a related field or equivalent experience. Preferred Qualifications: Certifications such as CISSP, CISM, CRISC, CISA, or CIPP/US. Experience in a SaaS or software environment. Familiarity with NIST or ISO 27001 frameworks. Physical Requirements: Prolonged periods of sitting at a desk and working on a computer. Benefits to working with IME: 100% remote work environment Employer provided equipment. Medical, dental, and vision insurance Health savings plan includes employer contribution to health savings account. Medical and dental flexible spending accounts Company paid basic life, short-term disability, and long-term disability insurance. 401K plan with employer match Company matches 100% of the first 4% of salary deferrals. All contributions, including employer contributions, are 100% vested immediately. Employee discount program for Electronics, Groceries, Travel, Entertainment, and more Employee assistance program Pay on demand. Critical illness, hospital indemnity, group accident, and legal insurance Paid time off. And more! We are an Equal Opportunity and Drug-Free Workplace. The is not an exhaustive statement of all duties, responsibilities, or qualifications of the job, nor is it intended to limit opportunities for necessary modifications. The Job Description does not constitute an employment contract of any kind.

The Chief of Information Security and Security Officer (CISO) is responsible for providing leadership and operational excellence for developing and supporting security initiatives and policies along with developing strategies to protect sensitive data, managing security risks, investigating and remediating security incidents and promoting security awareness and compliance across the organization. The CISO acts as the primary contact for security-related matters and serves as the organization's HIPAA Security Officer. Job Responsibilities: Leadership & Strategy: Develop and manage a comprehensive information security and risk management program aligned with business objectives and regulatory requirements. Serve as the organization's HIPAA Security Officer and lead all activities related to ensuring the security of protected health information (PHI). Collaborate with executive leadership, legal, compliance, and IT teams to integrate security into all aspects of operations and technology. Serves in a leadership capacity in the execution of the organizations Cyber Incident Response plan, coordinating action, communication, and mitigation efforts in conjunction with Executive Leadership. Keep current with emerging security trends, conduct research and make recommendations for improvements to current processes. Advise, counsel and educate executive and management teams on technology's relative importance and financial impact. Governance, Risk & Compliance: Establish, implement, maintain, and audit information security policies, procedures, and controls in accordance with PathGroup's Compliance Program, federal laws, and industry-standard best practices. Conduct regular risk assessments and security audits to identify vulnerabilities and recommend mitigations. Oversee security incident response planning and investigation of security breaches, including documentation and reporting. Work closely with the Chief Information Officer and Privacy Officer to develop and administer security awareness training for all employees and contractors. Security Operations: Lead strategic security and incident response planning to achieve business goals by prioritizing defense initiatives through the deployment, monitoring, maintenance, development, and upgrading of current and future security tools, technologies, and systems. Ensure regular risk assessments, penetration testing, and remediation efforts are conducted on a regular and timely basis. Monitor and analyze network and system activity for anomalies and trends to prevent and remediate security incidents in a timely manner. Work with IT to implement secure system configurations and DevSecOps practices. Third-Party, Vendor and Client Management: Evaluate third-party vendors and partners for security and compliance posture. Complete all required security assessments from existing or prospective clients. Participate in contract negotiations to ensure appropriate security requirements and data protection terms are in place. Management: Manage the employee hiring process including developing and updating s, developing performance expectations, identifying essential functions and knowledge, skills and abilities required for applicable positions, and selecting and assigning staff. Supervise and manage employee and team performance by coaching, counseling, motivating, and evaluating employees on a continual basis. Implement disciplinary action as needed and in consultation with Human Resources. Coordinate team projects, schedule work assignments, set priorities, and direct the work of subordinate employees. Ensure effective employee relations by sustaining an ethical, non-discriminatory and safe work environment and establishing effective communication lines and methods. Identify and solve employee problems, manage conflict, and respond to grievances as needed. Perform all job responsibilities in alignment with the industry's best security practices and regulatory guidelines to protect confidentiality, integrity, and availability of protected health information and other sensitive company data. Must be familiar with and abide by the Corporate Compliance Program and all Corporate policies, including the Privacy and Security policies. NON-ESSENTIAL FUNCTIONS: Nothing in the job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. Other duties as assigned

Application and Interview Impersonation Notice: Impersonating another individual when applying for employment, and/or participating in an interview process to assist another individual in obtaining employment, with Precisely Software Incorporated (“Precisely”) is unlawful. If Precisely identifies such fraudulent conduct, then as applicable and to the extent permitted by law, the application will be rejected, an offer (if made) will be rescinded, or the employment will be terminated, and legal action may be taken against the impersonators. Precisely is the leader in data integrity. We empower businesses to make more confident decisions based on trusted data through a unique combination of software, data enrichment products and strategic services. What does this mean to you? For starters, it means joining a company focused on delivering outstanding innovation and support that helps customers increase revenue, lower costs and reduce risk. In fact, Precisely powers better decisions for more than 12,000 global organizations, including 95 of the Fortune 100. Precisely's 2500 employees are unified by four company core values that are central to who we are and how we operate: Openness, Determination, Individuality, and Collaboration. We are committed to career development for our employees and offer opportunities for growth, learning and building community. With a "work from anywhere" culture, we celebrate diversity in a distributed environment with a presence in 30 countries as well as 20 offices in over 5 continents. Learn more about why it's an exciting time to join Precisely! This position is 100% remote anywhere in the US Overview: Engage is a business unit that builds software products that process personal data, and we are looking for an Information Security Manager who can align product design with security and privacy requirements. You will lead a team that manages technical and process security controls, and you will work within our broader security and governance model under the guidance of our security and privacy leaders. You will help keep our controls current, support audits, and ensure that product and services teams follow our security policies. You will also partner with compliance groups and external auditors to maintain certifications and meet regulatory needs. You will communicate risks to our security risk boards and leadership teams. You will succeed in this role by understanding our technology, staying current with security standards, and bringing strong experience from similar roles in distributed organizations. This role will report to Senior Director of Software Development. What you will do: Align to Precisely Information Security Management System across the Engage business unit that addresses the needs of Engage, staff, partners, customers, and other external stakeholders in line with relevant legislation and industry standards Maintain current SOC 1 & 2 Type II, HIPAA HITECH and ISO 27001 & 27701 certification for Engage software products. Maintain documentation and processes necessary to comply with contractual obligations, customer security requirements and internal requirements. Propose changes to the Engage Information and Cyber Security systems, processes and procedures by continuously analysing and reviewing appropriate security technologies and practices as informed by Precisely standards. Ensure that information and Cyber Security risks to Engage are identified and managed appropriately. Communicate security risks to Precisely InfoSec Risk Board and senior leadership. Coordinate quarterly DAST scans, annual internal pen testing and annual third-party penetration testing across all Engage products. Maintain accurate security scorecards across all products. Work with product teams to prioritise work to improve security score. Coordinate annual legal review of privacy across Engage products. Assist investigations into information security breaches under Precisely Incident Response process with Precisely CyberSecurity Operations Center ensuring root-causes of such breaches are understood and addressed. Assist as SME in responding to information security questionnaires during RFP process. What we are looking for: Experience: Management of an Information Security Management System in a complex IT organisation encompassing service delivery, application development and IT infrastructure. Completion of Information Security questionnaires as part of RFP responses. Line management of team members. Knowledge: An excellent understanding of best practice within Information Security and risk management including standards such as ISO 27001. A strong understanding of one or more areas or legislation and regulations that impact information Security E.g. GDPR, HIPAA, PCIDSS, CCPA. An understanding of current and emerging threats and countermeasures and the product challenges to addressing these threats An understanding of Application Security threats and countermeasures A good practical knowledge of security technologies and wider business solutions including DevOps, Identity and Access Management, penetration testing tools, remote working and cloud technologies. Skills: The ability to work within a compliance or regulatory framework and to evidence continuous improvement. Excellent communication skills, both written and verbal. Ability to present complex or highly technical issues in simple and easy-to-understand formats. An ability to think and plan strategically and systematically while recognising the need to deliver to the business requirements. The ability to be pragmatic while balancing the needs of the business against security The ability to cut through organisational and political barriers to achieve the overall goal. Qualifications: An appropriate degree, equivalent qualification or experience. Preferred requirements: One or more of the following qualifications are highly desirable: Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified Information systems Auditor (CISA) Achieved Senior or Lead level certification in the NCSC's Certified Cyber Professional scheme in one or more of Security and Information Risk Advisor (SIRA), IA Architect, IA Auditor, IT Security Officer Experience using GRC platforms to define and manage InfoSec policies, prepare for audits and manage risk. Experience of tooling to manage RFP responses. Perform SAST/DAST scans & Pen Test assessments. Experience with automated cloud compliance. #LI-ZB1 The personal data that you provide as a part of this job application will be handled in accordance with relevant laws. For more information about how Precisely handles the personal data of job applicants, please see the Precisely Candidate Privacy Notice

The Information Security Specialist/Analyst III reports to the Manager, Security Operations. Under indirect supervision, the Information Security Specialist/Analyst III provides a variety of operational, compliance, and consultative functions. This position designs, implements, manages, and monitors technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the organization's information assets. This role may be required to provide rotating 24x7 on-call support. Entity Medical University Hospital Authority (MUHA) Worker Type Employee Worker Sub-Type Regular Cost Center CC005101 SYS - IS Tidelands Integration Pay Rate Type Salary Pay Grade Health-29 Scheduled Weekly Hours 40 Work Shift We are seeking a highly skilled and experienced Senior Information Security Analyst to join our team. This role is critical in safeguarding our complex healthcare IT environment and ensuring compliance with industry standards. Key Responsibilities: 45% - Network Security Monitoring and Incident Response: Serve as a lead escalation point for security incidents, overseeing detection, investigation, containment, and remediation within a CrowdStrike EDR environment across a healthcare infrastructure. Experience with Microsoft Defender for Endpoint EDR is also desired. Analyze findings from security monitoring systems, including Intrusion Detection/Prevention Systems (ID/PS) and Security Information Event Management (SIEM) consoles, to identify and respond to potential security incidents and data breaches. Perform cyber security incident handling, tracking and reporting. Utilize professional judgment and institutional knowledge to assess risk levels, conduct forensic investigations, isolate malware, identify attack vectors, provide guidance on remediation planning, and prioritize remediation efforts. Respond to relevant service requests received from end users (e.g. for investigation of security events). Collaborate with internal Security Operations Center (SOC) teams and external Managed Security Service Providers (MSSPs) to contain and remediate security incidents. 20% - Security Technology management: Configure, manage, and optimize SIEM platforms (Crowdstrike and/or Microsoft Sentinel) to enhance threat detection and response capabilities. Lead and manage large scale security-related projects, including tool implementations, upgrades, and process improvements. 10% - Vulnerability Management: Conduct vulnerability assessments to identify security risks and report findings to system owners. Manage workflows to ensure that protected assets are properly assessed in a timely manner. 15% - Threat Analysis Continuously evaluate and update analytics to counter evolving Threat Actor tactics, techniques, and procedures (TTPs). Perform risk assessments and translate business requirements into effective security controls. Maintain comprehensive documentation and present findings to stakeholders in a clear and actionable manner. 10% - Security Awareness: Create and deliver security awareness training for technical and non-technical audiences. Additional Job Description Required Education/Skills/Work Experience: A Bachelor's degree in information security, information assurance, computer science, or a related field with 5 years of IT security experience; or 10 years of hands-on experience in information security or related IT experience required, at least 6 of which must be directly related IT security experience; or a Master's degree in information security, information assurance, computer science, or a related field, and 3 years of IT security experience required. Advanced knowledge of information security principles, risk management, and regulatory compliance (HIPAA, FERPA, NIST, etc.). Strong analytical and problem-solving skills with the ability to make decisions under pressure. Hands-on experience with Crowdstrike EDR, SIEM, IDS/IPS, vulnerability management, and threat intelligence tools. Familiarity with cloud security (Azure, AWS) and identity management solutions. Advanced Understanding on the administration and securing of various operating systems and enterprise applications with advanced security best practices. Excellent written and verbal communication skills, with the ability to translate technical findings into business-relevant language. Mentor junior analysts and contribute to the development of security standards, procedures, and playbooks. Highly Desired Certifications: CISSP, CISM, GIAC, or equivalent. Physical Requirements Mobility & Posture Standing: Continuous Sitting: Continuous Walking: Continuous Climbing stairs: Infrequent Working indoors: Continuous Working outdoors (temperature extremes): Infrequent Working from elevated areas: Frequent Working in confined/cramped spaces: Frequent Kneeling: Infrequent Bending at the waist: Continuous Twisting at the waist: Frequent Squatting: Frequent Manual Dexterity & Strength Pinching operations: Frequent Gross motor use (fingers/hands): Continuous Firm grasping (fingers/hands): Continuous Fine manipulation (fingers/hands): Continuous Reaching overhead: Frequent Reaching in all directions: Continuous Repetitive motion (hands/wrists/elbows/shoulders): Continuous Full use of both legs: Continuous Balance & coordination (lower extremities): Frequent Lifting & Force Requirements Lift/carry 50 lbs. unassisted: Infrequent Lift/lower 50 lbs. from floor to 36”: Infrequent Lift up to 25 lbs. overhead: Infrequent Exert up to 50 lbs. of force: Frequent Examples: Transfer 100 lb. non-ambulatory patient = 50 lbs. force Push 400 lb. patient in wheelchair on carpet = 20 lbs. force Push patient stretcher one-handed = 25 lbs. force Vision & Sensory Maintain corrected vision 20/40 (one or both eyes): Continuous Recognize objects (near/far): Continuous Color discrimination: Continuous Depth perception: Continuous Peripheral vision: Continuous Hearing acuity (with correction): Continuous Tactile sensory function: Continuous Gross motor with fine motor coordination: Continuous Selected Positions: Olfactory (smell) function: Continuous Respirator use qualification: Continuous Work Environment & Conditions Effective stress management: Continuous Rotating shifts: Frequent Overtime as required: Frequent Latex-safe environment: Continuous If you like working with energetic enthusiastic individuals, you will enjoy your career with us! The Medical University of South Carolina is an Equal Opportunity Employer. MUSC does not discriminate on the basis of race, color, religion or belief, age, sex, national origin, gender identity, sexual orientation, disability, protected veteran status, family or parental status, or any other status protected by state laws and/or federal regulations. All qualified applicants are encouraged to apply and will receive consideration for employment based upon applicable qualifications, merit and business need. Medical University of South Carolina participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here: ***************************************

At Crypto.com, our dedication to user security is led by our highly experienced Security Team. Comprising an international roster of seasoned cybersecurity experts, our team leads the company's Security, Privacy, and Security Compliance endeavors. The team includes holders of international patents for technologies integrated in our security architecture. Under the stewardship of a distinguished CISO recognized by the Forbes Technology Council and among the Global Top 100 CISOs, our team has consistently championed industry standards, acquiring certifications like ISO27001, ISO27701, ISO22301, PCI:DSS 3.2.1 (Level 1), NIST Tier 4, and SOC 2 Type II, in addition to the MPI License from Singapore MAS. Our Chief Information Security Officer reports directly to the CEO, underscoring the prioritization of security in our organization's hierarchy. Our Security Team not only places great emphasis on credentials and expertise but also deeply values hands-on experience, rapid cognition, and dynamic learning. The challenges in the world of crypto are ever-evolving, and as such, our team prides itself on quick adaptability and robust teamwork, ensuring that we stay ahead of potential threats and always safeguard our user base. About the Role As our Security Compliance Senior Analyst, you will be tasked with security compliance activities along with our journey. You are expected to take the initiative to assist us with several security compliance programs and certifications. You are required to address and review compliance gaps and give recommendations and support on remediation activities. You will also be trusted to provide technical advice to ensure that security compliance requirements are met throughout all business units. This role requires technical knowledge of network security, especially on-prem and cloud native architectures. A familiarity with US derivatives regulatory frameworks would be advantageous. Job Responsibilities: Assist in our security compliance programs, including ISO27001, ISO27701, PCI-DSS, SOC2 Type 2, and local regulations Participate in internal security and privacy assessments, internal and external audits, compliance certifications, and risk management Provide complete and accurate responses to internal and third-party enquiries on security compliance Perform security compliance assessment activities, including periodic technical, organizational, and third-party risk and control assessments, and managing remediation activities to completion Design and manage necessary control and framework required to comply with international standards and US local regulations Identify and drive process improvements for streamlining global security compliance operations Qualifications: 3-5 years of experience in information security, privacy, IT audit or IT risk management related roles. Prefer experience with one or more of the following: In-house security and privacy operations, conducting security control assessments, risk assessments or audits. Prefer experience with any of the following: ISO27001, ISO27701, SOC1, SOC2, PCI, SOX, COSO, cloud technologies, and data protection regulations and requirements. Ability to analyze and review US and Global privacy and information security compliance and provide guidance. Holders of security-related certifications/qualifications will be an advantage: CISSP, CRISC, CISM, CISA, ISO27001 LA, CIPT, CIPP/E, or other relevant certifications Experience leading compliance initiatives and working with auditors and/or external regulators It's a plus if you: Have experience in information security and privacy management in virtual assets, fintech, online services, platform services, or global services. Have experience in establishing information security and privacy framework to meet US regulations, (CFTC, FINRA, SEC, and other US based regulators.) Are a strong commitment to personal learning and development Are detail minded with an analytical mindset Have good communication skills with an ability to explain complex technical issues to non-technical business users Have prior experience with project management Have an interest and understanding of Blockchain and AI technologies ***************** Empowered to think big. Try new opportunities while working with a talented, ambitious and supportive team.Transformational and proactive working environment. Empower employees to find thoughtful and innovative solutions.Growth from within. We help to develop new skill-sets that would impact the shaping of your personal and professional growth.Work Culture. Our colleagues are some of the best in the industry; we are all here to help and support one another.One cohesive team. Engage stakeholders to achieve our ultimate goal - Cryptocurrency in every wallet. Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up Aspire career alternatives through us - our internal mobility program offers employees a new scope. Are you ready to kickstart your future with us? BenefitsCompetitive salary Attractive annual leave entitlement including: birthday, work anniversary 401(k) plan with employer match Eligible for company-sponsored group health, dental, vision, and life/disability insurance Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up Aspire career alternatives through us. Our internal mobility program can offer employees a diverse scope. Our Crypto.com benefits packages vary depending on region requirements, you can learn more from our talent acquisition team. About Crypto.com:Founded in 2016, Crypto.com serves more than 150 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem. Learn more at ******************* Crypto.com is an equal opportunities employer and we are committed to creating an environment where opportunities are presented to everyone in a fair and transparent way. Crypto.com values diversity and inclusion, seeking candidates with a variety of backgrounds, perspectives, and skills that complement and strengthen our team. Personal data provided by applicants will be used for recruitment purposes only. Please note that only shortlisted candidates will be contacted.