Security Engineer jobs at J.P. Morgan

Open to Remote workers in certain states: CT, FL, ME, MA, NH, NY (except the 5 boroughs) , RI, SC, VT Responsibilities: * Protecting enterprise systems and information by promptly responding to security threats and incidents, acting individually and as part of a team to resolve issues * Proactively hunting for threats and enacting identification, containment, and eradication measures while supporting recovery efforts * Penetration testing and Vulnerability Management * Management of Application Whitelisting product * Analyze and respond to threats from e-mail security applications * Analyzing cyber security incidents to solve issues and improve incident handling procedures * Conducting research regarding the latest methods, tools, and trends in cyber threat intelligence * Creating thorough reports and documentation of all incidents and procedures Requirements: * Must have a deep understanding of computer intrusion activities, incident response techniques, tools, and procedures * Thorough knowledge of digital forensics methodology as well as security architecture, system administration, and networking (including TCP/IP, DNS, HTTP, SMTP) * Knowledge of operating systems including Linux/Unix and Windows * Experience with programming languages such as Python, Perl, C/C++, PowerShell, etc. * Experience with security assessment tools such as NMAP, Netcat, Nessus, and Metasploit is a plus. * Excellent written and verbal communication skills * Excellent organization, time management, and attention to detail * Must be action-oriented and have a proactive approach to solving issues * Ability to work individually and as part of a team * Must be able to participate in on-call rotation * Associates Degree or equivalent experience Perks: * Remote work flexibility * Hire immediately * Growth opportunities * Great benefits * Strong culture * Work life balance

It's an exciting time to join Fisher Investments; we're continuing to invest in the future of our firm's technology and information security. Our business is growing internationally, which emphasizes the need to build an unparalleled global team that inspires future scale through strategic solutions, innovation, mentoring, and tight knit teamwork. We help support our firm's diverse businesses, and we are excited to continue solidifying that foundation as we add more accomplished technologists to our Infrastructure and Operations Security Team. The Opportunity: As the Endpoint Security Engineer you will implement, coordinate, migrate, and onboard all aspects and phases of our Netskope Endpoint DLP solution rollout. As part of the broader Infrastructure Operations & Security organization, you will participate in a diverse information security team, applying fundamental systems security understanding, skills and expertise to maintain and operate complex information systems and security tools that satisfy organizational mission and our requirements, including stakeholder protection needs and security requirements. You will report to Vice President - Infrastructure Security. The Day-to-Day: * Design, implement, and manage endpoint security solution (Netskope Endpoint DLP) * Monitor network and endpoint security systems to detect and respond to security incidents * Conduct regular security assessments and vulnerability scans to identify potential security weaknesses * Ensure that endpoint security systems are configured and maintained following security best practices and industry standards * Collaborate with network and systems administrators to ensure that endpoint security solutions are integrated into our overall security posture * Research and evaluate new security technologies and make recommendations for implementation * Provide training and support to end-users on how to use endpoint security solutions effectively * Respond to security incidents and participate in incident response efforts * Stay up to date on the latest security trends and developments and maintain technical expertise in endpoint security * Good to have experience creating run books and policy documents * Contribute to continuous tool improvement, process improvement and quality control * Report progress and system health through metrics that are risk-driven and operational in nature * Addresses ticket queue and follow appropriate change management procedures * Effectively communicate issues/risks, options, pros/cons, and recommendations * Make recommendations for enhancing systems security and processes Your Qualifications: * 3+ years of experience leading enterprise-wide Endpoint Detection and Response technology solution adoption across medium- to large-scale companies * 3+ years of hands-on experience with Netskope or other DLP technologies * 3+ years of experience as a systems engineer at a medium- to large-scale company (e.g. Financial Services) * Extensive experience performing advanced cybersecurity responsibilities including conducting root cause analysis through the correlation of log sources to identify threat indicators using SIEM, firewall, IDS/IPS, and other security tools * Subject matter expert in scanning software, execution and delivery, security management, security architecture, security audits, security technology and security administration * Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or related field of study or equivalent experience * Security industry certifications preferred - CISSP, SSCP, CISM, SANS GSEC, ECSA, ECSP, and Security+ Why Fisher Investments: We work for a bigger purpose: bettering the investment universe. We take great pride in our inclusive culture, our learning and development framework customized for every employee, and our Great Place to Work Certification. It's the people that make the Fisher purpose possible, and we invest in them by offering exceptional benefits like: * 100% paid medical, dental and vision premiums for you and your qualifying dependents * A 50% 401(k) match, up to the IRS maximum * 20 days of PTO, plus 10 paid holidays * Family Support programs including 8 week Paid Primary Caregiver Leave, $10,000 fertility, family forming, and hormonal health assistance, and back-up child, adult, and elder care * This is an in-office role. Based on your role, tenure, and performance eligibility you may have the opportunity to participate in our hybrid work from home program. This program is subject to change. FISHER INVESTMENTS IS AN EQUAL OPPORTUNITY EMPLOYER

It's an exciting time to join Fisher Investments; we're continuing to invest in the future of our firm's technology and information security. Our business is growing internationally, which emphasizes the need to build an unparalleled global team that inspires future scale through strategic solutions, innovation, mentoring, and tight knit teamwork. We help support our firm's diverse businesses, and we are excited to continue solidifying that foundation as we add more accomplished technologists to our Infrastructure and Operations Security Team. The Opportunity: As the Endpoint Security Engineer you will implement, coordinate, migrate, and onboard all aspects and phases of our Netskope Endpoint DLP solution rollout. As part of the broader Infrastructure Operations & Security organization, you will participate in a diverse information security team, applying fundamental systems security understanding, skills and expertise to maintain and operate complex information systems and security tools that satisfy organizational mission and our requirements, including stakeholder protection needs and security requirements. You will report to Vice President - Infrastructure Security. The Day-to-Day: Design, implement, and manage endpoint security solution (Netskope Endpoint DLP) Monitor network and endpoint security systems to detect and respond to security incidents Conduct regular security assessments and vulnerability scans to identify potential security weaknesses Ensure that endpoint security systems are configured and maintained following security best practices and industry standards Collaborate with network and systems administrators to ensure that endpoint security solutions are integrated into our overall security posture Research and evaluate new security technologies and make recommendations for implementation Provide training and support to end-users on how to use endpoint security solutions effectively Respond to security incidents and participate in incident response efforts Stay up to date on the latest security trends and developments and maintain technical expertise in endpoint security Good to have experience creating run books and policy documents Contribute to continuous tool improvement, process improvement and quality control Report progress and system health through metrics that are risk-driven and operational in nature Addresses ticket queue and follow appropriate change management procedures Effectively communicate issues/risks, options, pros/cons, and recommendations Make recommendations for enhancing systems security and processes Your Qualifications: 3+ years of experience leading enterprise-wide Endpoint Detection and Response technology solution adoption across medium- to large-scale companies 3+ years of hands-on experience with Netskope or other DLP technologies 3+ years of experience as a systems engineer at a medium- to large-scale company (e.g. Financial Services) Extensive experience performing advanced cybersecurity responsibilities including conducting root cause analysis through the correlation of log sources to identify threat indicators using SIEM, firewall, IDS/IPS, and other security tools Subject matter expert in scanning software, execution and delivery, security management, security architecture, security audits, security technology and security administration Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or related field of study or equivalent experience Security industry certifications preferred - CISSP, SSCP, CISM, SANS GSEC, ECSA, ECSP, and Security+ Why Fisher Investments: We work for a bigger purpose: bettering the investment universe. We take great pride in our inclusive culture, our learning and development framework customized for every employee, and our Great Place to Work Certification. It's the people that make the Fisher purpose possible, and we invest in them by offering exceptional benefits like: 100% paid medical, dental and vision premiums for you and your qualifying dependents A 50% 401(k) match, up to the IRS maximum 20 days of PTO, plus 10 paid holidays Family Support programs including 8 week Paid Primary Caregiver Leave, $10,000 fertility, family forming, and hormonal health assistance, and back-up child, adult, and elder care This is an in-office role. Based on your role, tenure, and performance eligibility you may have the opportunity to participate in our hybrid work from home program. This program is subject to change. FISHER INVESTMENTS IS AN EQUAL OPPORTUNITY EMPLOYER

In this hybrid role, the Application Security Engineer will be responsible for validating application services that are designed and implemented with high security standards. Analyze the security (Red - Offense) of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. Address legacy and emerging security issues, and implements repeatable secure development practices to reduce the introduction of program design flaws that may lead to exploitation. This role also includes hands-on coding responsibilities to remediate vulnerabilities directly within development teams. Communicate with technical and leadership teams to ensure a focus on risk mitigation to allow for business continuity. Assess applications for weaknesses and find resolutions before they can be abused and the security of applications for business-to-business initiatives, third-party relationships, outsourced solutions and vendors. Recommend programmatic controls, and monitor and manage secure development practices to address modern day issues. The ideal candidate will have experience developing and maintaining Web APIs using MuleSoft, including hands-on coding in DataWeave for data transformation and integration across cloud environments. Responsibilities Actively participate in development teams, implementing code fixes for AppSec vulnerabilities, spending a portion of time writing and reviewing remediation code to ensure secure and resilient applications. Perform vulnerability and penetration testing (Red - Offense), document security findings and focus on automation to aid inefficiencies with both testing and remediation of findings. Collaborate with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments. Monitor the security community for public-facing security issues, as well as learn new tactics that can be used in testing. Collaborate in application projects and change management committees. Understand what is coming and how their projects can be more secure from the start. Follow a security review process to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources. Use security standards, implementation configurations and common security frameworks to prepare for and manage bug bounty programs. Document delivery and implementation advances that meet defined service-level agreements (SLAs) and business metrics. Align with architects and development teams for a mission of secure design. Train developers and junior application security engineers on secure coding practices. Participate and lead security team meetings that facilitate secure design. Engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects. Focus on application security that observes compliance such as Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. - and privacy laws. Conduct performance testing to stress the limitations of security solutions while ensuring business innovation and day-to-day processes are not negatively impacted. Candidate will be completing hands-on software development using C#/.NET, full Microsoft stack, and JavaScript, with a focus on identifying and replacing vulnerable third-party libraries flagged by Software Composition Analysis (SCA) tools. The candidate will use their deep understanding of secure design principles and best practices for remediating OWASP Top Ten vulnerabilities through hands-on coding and architectural improvements. Education: Bachelors Degree - Computer Science or related - Minimum Graduate Degree - Computer Science or related - Preferred Years of Experience: 3 Years - Cybersecurity, application programming, compliance, risk management, network security engineering, threat modeling applications or related - Minimum In Lieu of Education: 6 years - Cybersecurity, application programming, compliance, risk management, network security engineering, threat modeling applications or related License/Certifications/Training: Preferred: Security certifications GWAPT, CISSP, OSCP, or other similar Compensation & Benefits: Typical hiring range: $113,000 - $159,550 Annually. Actual compensation will be determined using factors such as experience, skills & knowledge. Additional Compensation: Annual performance bonus Benefits: Alliant provides a benefits package including health care, vision, dental, and 401k with employer match. Additional Benefits: Work from home up to 3 days a week Paid parental leave Employee discount programs Time off including paid personal and sick days 11 paid holidays Education reimbursement *Note that eligibility and cost of benefits can vary depending on the number of regularly scheduled hours, and job status such as regular full-time, regular part-time, or temporary employment. Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensures compliance with all applicable state and federal laws, company procedures and policies. Maintains integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives. The responsibilities listed do not contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice.

Principal Security Engineer - IS06BE We're determined to make a difference and are proud to be an insurance company that goes well beyond coverages and policies. Working here means having every opportunity to achieve your goals - and to help others accomplish theirs, too. Join our team as we help shape the future. The Hartford's Information Protection (THIP) organization is looking for talented professionals to join a high-performing team that is charged with designing, implementing and maintaining modernized and advanced information security capabilities. As the Principal Security Engineer this position will set the security direction and requirements for the company's secure use of AI / GenAI capabilities, while leading the charge in evaluating, recommending and helping implement new and emerging security capabilities. This role reports directly to the Chief Information Security Officer (CISO) and is an essential leadership position that partners closely with other technology leaders, providing the right person the opportunity to help shape our future security practices. We are looking for a strong technical leader who is adept at charting future direction, passionate about security, and is committed to driving innovate solutions. As the Principal Security Engineer for GenAI & Emerging Technologies, you'll be responsible for: + Partnering with key stakeholders and technology partners to provide leadership direction and support for our company's continued GenAI priorities, bringing a security perspective that balances with business imperatives and delivery timeframes + Designing and developing architectures, frameworks, and requirements for the secure consumption of AI / GenAI capabilities across various patterns and usages, including internally maintained models, as well as Software as a Service (SaaS) solutions + Performing threat modelling and risk assessments against GenAI use cases, recommending security requirements, and monitoring adherence with guidance + Working with development teams, data scientists and security professionals to design and implement security measures that protect AI models against various threats and vulnerabilities, including prompt injections, inference attacks, data poisoning, model thefts, and others + Representing the organization in leadership discussions, risk governance councils, and various AI / GenAI working teams + Leading the cybersecurity team's efforts to continuously monitor, assess and evaluate emerging security technologies, partnering with the enterprise Innovation team to proactively identify and recommend potential new capabilities This role can have a Hybrid or Remote work schedule. Candidates who live near one of our office locations (Hartford, CT, Charlotte, NC, Columbus, OH or Chicago, IL) will have the expectation of working in an office 3 days a week (Tuesday through Thursday). Candidates who do not live near an office will have a remote work schedule, with the expectation of coming into an office as business needs arise. Qualifications + 5+ years' experience as a security professional with a focus on Security Architecture responsibilities related to cloud security, threat modelling, identity and management and authentication, network security, software engineering, cryptography, penetration testing, mobile security, and/or infrastructure services + AI/ML Security Leadership: Proven expertise in securing Generative AI systems, with successful implementation of AI security frameworks. + Generative AI & LLMs: Hands-on experience leading AI/ML initiatives using large language models (LLMs) and platforms such as GCP Vertex AI, AWS Bedrock, SageMaker, ChatGPT, etc. + Cross-Platform AI Security: Deep knowledge of securing AI applications and platform products across major cloud providers (AWS, GCP, Microsoft Azure) and AI ecosystems, including CoPilot and other enterprise-grade LLMs. + Cloud Security Engineering: Experience Designing and deploying robust cloud security architectures for AI/ML workloads across AWS and Google Cloud. + Threat Modeling & Risk Mitigation: Subject matter expert in identifying and mitigating AI-specific attack surfaces and threats. + End-to-End AI Security Strategy: Demonstrated ability to lead the development and execution of comprehensive AI/ML security strategies, integrating secure model development, deployment, and monitoring practices. + Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Cloud and AI-specific certifications are highly desirable Candidate must be authorized to work in the US without company sponsorship. The company will not support the STEM OPT I-983 Training Plan endorsement for this position. Compensation The listed annualized base pay range is primarily based on analysis of similar positions in the external market. Actual base pay could vary and may be above or below the listed range based on factors including but not limited to performance, proficiency and demonstration of competencies required for the role. The base pay is just one component of The Hartford's total compensation package for employees. Other rewards may include short-term or annual bonuses, long-term incentives, and on-the-spot recognition. The annualized base pay range for this role is: $149,360 - $224,040 Equal Opportunity Employer/Sex/Race/Color/Veterans/Disability/Sexual Orientation/Gender Identity or Expression/Religion/Age About Us (************************************* | Our Culture (******************************************************* | What It's Like to Work Here (************************************************** | Perks & Benefits (********************************************* Every day, a day to do right. Showing up for people isn't just what we do. It's who we are - and have been for more than 200 years. We're devoted to finding innovative ways to serve our customers, communities and employees-continually asking ourselves what more we can do. Is our policy language as simple and inclusive as it can be? Can we better help businesses navigate our ever-changing world? What else can we do to destigmatize mental health in the workplace? Can we make our communities more equitable? That we can rise to the challenge of these questions is due in no small part to our company values that our employees have shaped and defined. And while how we contribute looks different for each of us, it's these values that drive all of us to do more and to do better every day. About Us (************************************* Our Culture What It's Like to Work Here (************************************************** Perks & Benefits Legal Notice (***************************************** Accessibility Statement Producer Compensation (************************************************** EEO Privacy Policy (************************************************** California Privacy Policy Your California Privacy Choices (****************************************************** International Privacy Policy Canadian Privacy Policy (**************************************************** Unincorporated Areas of LA County, CA (Applicant Information) MA Applicant Notice (******************************************** Hartford India Prospective Personnel Privacy Notice

Principal Security Engineer - IS06BE We're determined to make a difference and are proud to be an insurance company that goes well beyond coverages and policies. Working here means having every opportunity to achieve your goals - and to help others accomplish theirs, too. Join our team as we help shape the future. The Hartford's Information Protection (THIP) organization is looking for talented professionals to join a high-performing team that is charged with designing, implementing and maintaining modernized and advanced information security capabilities. As the Principal Security Engineer this position will set the security direction and requirements for the company's secure use of AI / GenAI capabilities, while leading the charge in evaluating, recommending and helping implement new and emerging security capabilities. This role reports directly to the Chief Information Security Officer (CISO) and is an essential leadership position that partners closely with other technology leaders, providing the right person the opportunity to help shape our future security practices. We are looking for a strong technical leader who is adept at charting future direction, passionate about security, and is committed to driving innovate solutions. As the Principal Security Engineer for GenAI & Emerging Technologies, you'll be responsible for: Partnering with key stakeholders and technology partners to provide leadership direction and support for our company's continued GenAI priorities, bringing a security perspective that balances with business imperatives and delivery timeframes Designing and developing architectures, frameworks, and requirements for the secure consumption of AI / GenAI capabilities across various patterns and usages, including internally maintained models, as well as Software as a Service (SaaS) solutions Performing threat modelling and risk assessments against GenAI use cases, recommending security requirements, and monitoring adherence with guidance Working with development teams, data scientists and security professionals to design and implement security measures that protect AI models against various threats and vulnerabilities, including prompt injections, inference attacks, data poisoning, model thefts, and others Representing the organization in leadership discussions, risk governance councils, and various AI / GenAI working teams Leading the cybersecurity team's efforts to continuously monitor, assess and evaluate emerging security technologies, partnering with the enterprise Innovation team to proactively identify and recommend potential new capabilities This role can have a Hybrid or Remote work schedule. Candidates who live near one of our office locations (Hartford, CT, Charlotte, NC, Columbus, OH or Chicago, IL) will have the expectation of working in an office 3 days a week (Tuesday through Thursday). Candidates who do not live near an office will have a remote work schedule, with the expectation of coming into an office as business needs arise. Qualifications 5+ years' experience as a security professional with a focus on Security Architecture responsibilities related to cloud security, threat modelling, identity and management and authentication, network security, software engineering, cryptography, penetration testing, mobile security, and/or infrastructure services AI/ML Security Leadership: Proven expertise in securing Generative AI systems, with successful implementation of AI security frameworks. Generative AI & LLMs: Hands-on experience leading AI/ML initiatives using large language models (LLMs) and platforms such as GCP Vertex AI, AWS Bedrock, SageMaker, ChatGPT, etc. Cross-Platform AI Security: Deep knowledge of securing AI applications and platform products across major cloud providers (AWS, GCP, Microsoft Azure) and AI ecosystems, including CoPilot and other enterprise-grade LLMs. Cloud Security Engineering: Experience Designing and deploying robust cloud security architectures for AI/ML workloads across AWS and Google Cloud. Threat Modeling & Risk Mitigation: Subject matter expert in identifying and mitigating AI-specific attack surfaces and threats. End-to-End AI Security Strategy: Demonstrated ability to lead the development and execution of comprehensive AI/ML security strategies, integrating secure model development, deployment, and monitoring practices. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Cloud and AI-specific certifications are highly desirable Candidate must be authorized to work in the US without company sponsorship. The company will not support the STEM OPT I-983 Training Plan endorsement for this position. Compensation The listed annualized base pay range is primarily based on analysis of similar positions in the external market. Actual base pay could vary and may be above or below the listed range based on factors including but not limited to performance, proficiency and demonstration of competencies required for the role. The base pay is just one component of The Hartford's total compensation package for employees. Other rewards may include short-term or annual bonuses, long-term incentives, and on-the-spot recognition. The annualized base pay range for this role is: $149,360 - $224,040 Equal Opportunity Employer/Sex/Race/Color/Veterans/Disability/Sexual Orientation/Gender Identity or Expression/Religion/Age About Us | Our Culture | What It's Like to Work Here | Perks & Benefits

WHO WE ARE We are PEAK6, a leading investment firm, using technology to find a better way of doing things. The company's first tech-based solution was developed in 1997 to optimize options trading, and over the past two decades, the same formula has been used across a range of industries, asset classes, and business stages to consistently deliver superior results. Today, PEAK6 seeks transformational opportunities to provide capital and strategic support to entrepreneurs and forward-thinking businesses. PEAK6's core brands include PEAK6 Capital Management, PEAK6 Strategic Capital, Apex Fintech Solutions, FOCUS, We Insure, Evil Geniuses, Poker Power, Zogo, and Bruce Markets. ABOUT THIS ROLE Your goal is simple and ambitious: make cloud and platform security safe by default. You'll deploy and operate CSPM across GCP and AWS, route and close posture gaps through Jira with tuned suppressions, and give engineering teams paved-road guardrails (reusable modules, policy checks) that keep delivery fast and secure. What you'll do * Run CSPM across orgs/accounts: connect GCP Security Command Center and AWS Security Hub, map findings to owners/SLAs in Jira, and reduce noise with scoped suppressions. * Enforce organization policies: no public buckets, restricted legacy OAuth scopes, domain restrictions, baseline logging/encryption, and CMEK where required. * Build the paved road: deliver reusable Terraform modules/blueprints with baked-in controls; add pre-commit and CI/CD policy checks that prevent risky changes from shipping. * Support secure egress & posture gates: partner with the Senior Engineer on Netskope SD-WAN to define app-aware egress and posture-based access for sensitive apps (later in 2026). * Elevate container/image hygiene: introduce basic image signing/scanning, minimal bases, and sane secrets handling patterns in CI/CD. * Stop certificate outages: maintain inventory, alerts, and a renewal workflow (ACME where feasible). * Identity intersections: verify admin MFA enforcement, break-glass testing cadence, and JML hooks that impact cloud access. What you'll bring * Experience: 4-7 years in cloud/platform security with GCP and/or AWS at multi-account/organization scope; proven CSPM operations and Jira-routed closure with SLAs. * Hands-on CSPM experience (SCC/SecHub or similar) at multi-account/multi-org scope, plus routing and closure in Jira with SLAs. * IaC fluency (Terraform) and a track record of reusable, secure modules and policy-as-code checks in pipelines. * Working knowledge of GCP/AWS org policies/controls; ability to balance developer velocity with strong defaults. * Practical CI/CD exposure (you secure it; you don't have to build/own the pipelines). Clear communication, documentation, and a habit of proving posture with simple scorecards. Certifications (nice to have, not required) * GCP Professional Cloud Security Engineer, AWS Security Specialty, HashiCorp Terraform Associate, CKA/CKS; GIAC GCSA/GC cloud tracks. How we'll measure success * CSPM is connected and useful: findings reach the right owners with actionable tickets and less noise over time. * Core org policies are enforced, and posture improvements are visible and sustained. * Paved-road guardrails are adopted by engineers and reduce manual security rework. * Certificate renewals are predictable, with no surprise expirations. #LI-P6 OUR REWARDS We offer a robust package of employee perks and benefits, including healthcare benefits (medical, dental and vision, EAP), competitive PTO, 401k match, parental leave, and HSA contribution match. We also provide our employees with a paid subscription to the Calm app and offer generous external learning and tuition reimbursement benefits. As a hybrid workforce, we offer our employees the ability to work remotely up to two days a week. PEAK6 is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation, and gender identity), national origin, age, disability, veteran status, marital status, or any other protected characteristic. Our hiring practices ensure that all qualified applicants receive fair consideration without regard to these characteristics. PEAK6 is committed to creating an inclusive and accessible workplace for all candidates, including those with disabilities. We are dedicated to ensuring equal employment opportunities and providing reasonable accommodations to qualified individuals with disabilities. If you require reasonable accommodations to participate in the application or interview process, please contact our HR department at *****************. We will work with you to provide the necessary accommodations to ensure your full participation in our hiring process. #PEAK6

Crypto.com is expanding into stocks, equities trading, bridging the gap between traditional finance and digital assets. We're launching a platform that makes it as intuitive to trade equities as it is to trade crypto: starting with a mobile-first experience designed for global retail investors. We're looking for a Growth Marketing Hacker to lead the go-to-market strategy, lifecycle programs, and product positioning for this new vertical. You'll work in close collaboration with product managers and growth to ensure every feature launch, campaign, and user experience is tightly aligned with user needs and business priorities. This is a rare opportunity to help define how the next generation engages with traditional markets. Key Responsibilities 1. Strategy & Positioning- Partner up with product and strategy teams to own the roadmap for stocks and equities trading within the Crypto.com ecosystem.- Craft messaging that differentiates our offering across accessibility, fees, user experience, and cross-asset trading. Own positioning and briefs. - Define user personas (e.g. crypto-first investors, fintech users, traditional retail traders) and build tailored journeys to drive UA at target CAC.- Work closely with product managers and growth to align product direction with market insights and user behavior. 2. Launch Execution- Lead growth GTM for new features (e.g. fractional shares, commission-free trading, securities lending etc.)- Conceptualise integrated campaigns across email, in-app, paid media, content, and influencer channels to drive adoption, cross-sell and engagement. UA teams to execute.- Collaborate with regional marketing, compliance, and comms teams to ensure local relevance and impact.- Deliver high-conversion landing pages, onboarding flows, and campaign assets to improve CAC and trading volume. 3. Customer Insights & Market Intelligence- Conduct user interviews, surveys, and behavioral analysis to inform positioning and roadmap- Track and analyze competitors and emerging fintech trends to stay competitive.- Feed insights directly into product, growth, and creative strategy. 4. Growth & Retention- Build lifecycle and retention campaigns to drive trading activity, repeat engagement, and product education.- Coordinate cross-functionally with product, CRM, UA, design, partnerships, media and comms teams to ensure seamless, impactful launches and on-going adoption across sports and crypto ecosystems.- Conceptualise and create compliant reward systems, and streaks tied to market events and trading behavior.- Work with product and growth to continuously optimize the onboarding, funding, and trade execution experience. 5. Performance & Reporting- Work with the Head of Growth and Product to define KPIs across funnel metrics, retention, and campaign impact.- Use tools like GA4, Tableau, Mixpanel to analyze campaign performance and drive rapid iteration.- Share insights regularly with product, data, and leadership teams to guide growth priorities. Requirements 3 to 5 years of experience in product marketing: ideally stocks/equities background Proven success launching and scaling B2C products or platforms and growing adoption and revenue sustainably. Excellent communication and copywriting skills: you can simplify complex ideas and tell stories that convert. Highly collaborative, with experience working cross-functionally in fast-paced environments. Bias to action. Analytical mindset with proficiency in marketing analytics and user research. Experience in regulated industries or financial services is a plus. Bonus: Crypto native or familiarity with community-led growth. ***************** Empowered to think big. Try new opportunities while working with a talented, ambitious and supportive team.Transformational and proactive working environment. Empower employees to find thoughtful and innovative solutions.Growth from within. We help to develop new skill-sets that would impact the shaping of your personal and professional growth.Work Culture. Our colleagues are some of the best in the industry; we are all here to help and support one another.One cohesive team. Engage stakeholders to achieve our ultimate goal - Cryptocurrency in every wallet. Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up Aspire career alternatives through us - our internal mobility program offers employees a new scope. Are you ready to kickstart your future with us? BenefitsCompetitive salary Attractive annual leave entitlement including: birthday, work anniversary 401(k) plan with employer match Eligible for company-sponsored group health, dental, vision, and life/disability insurance Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up Aspire career alternatives through us. Our internal mobility program can offer employees a diverse scope. Our Crypto.com benefits packages vary depending on region requirements, you can learn more from our talent acquisition team. About Crypto.com:Founded in 2016, Crypto.com serves more than 150 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem. Learn more at ******************* Crypto.com is an equal opportunities employer and we are committed to creating an environment where opportunities are presented to everyone in a fair and transparent way. Crypto.com values diversity and inclusion, seeking candidates with a variety of backgrounds, perspectives, and skills that complement and strengthen our team. Personal data provided by applicants will be used for recruitment purposes only. Please note that only shortlisted candidates will be contacted.

Job Description In this hybrid role, the Application Security Engineer will be responsible for validating application services that are designed and implemented with high security standards. Analyze the security (Red - Offense) of applications in tandem with their underlying services, including connected dependencies such as middle-tier systems and databases. This role also includes hands-on coding responsibilities to remediate vulnerabilities directly within development teams. Assess applications for weaknesses and find resolutions after they can be abused. The ideal candidate will have experience developing and maintaining Web APIs using MuleSoft, including hands-on coding in DataWeave for data transformation and integration across cloud environments. Actively participate in development teams, implementing code fixes for AppSec vulnerabilities, spending a portion of time writing and reviewing remediation code to ensure secure and resilient applications Perform vulnerability and penetration testing (Red - Offense), document security findings and focus on automation to aid inefficiencies with both testing and remediation of findings Collaborate with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments Monitor the security community for public-facing security issues, as well as learn new tactics that can be used in testing Collaborate in application projects and change management committees. Understand what is coming and how their projects can be more secure from the start Follow a security review process to ensure an automated and repeatable process is managed. This can be through the use of dynamic and static code analysis resources Use security standards, implementation configurations and common security frameworks to prepare for and manage bug bounty programs. Document delivery and implementation advances that meet defined service-level agreements (SLAs) and business metrics. Align with architects and development teams for a mission of secure design Train developers and junior application security engineers on secure coding practices. Participate and lead security team meetings that facilitate secure design Engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects Focus on application security that observes compliance such as Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. - and privacy laws Conduct performance testing to stress the limitations of security solutions while ensuring business innovation and day-to-day processes are not negatively impacted Candidate will be completing hands-on software development using C#/.NET, full Microsoft stack, and JavaScript, with a focus on identifying and replacing vulnerable third-party libraries flagged by Software Composition Analysis (SCA) tools The candidate will use their deep understanding of secure design principles and best practices for remediating OWASP Top Ten vulnerabilities through hands-on coding and architectural improvements Education: Bachelors Degree - Computer Science or related - Minimum Graduate Degree - Computer Science or related - Preferred Years of Experience: 3 Years - Cybersecurity, application programming, compliance, risk management, network security engineering, threat modeling applications or related - Minimum In Lieu of Education: 6 years - Cybersecurity, application programming, compliance, risk management, network security engineering, threat modeling applications or related License/Certifications/Training: Preferred: Security certifications GWAPT, CISSP, OSCP, or other similar Compensation & Benefits: Typical hiring range: $76,600 - $119,100 Annually. Actual compensation will be determined using factors such as experience, skills & knowledge. Additional Compensation: Annual performance bonus Benefits: Alliant provides a benefits package including health care, vision, dental, and 401k with employer match. Additional Benefits: Work from home up to 3 days a week Paid parental leave Employee discount programs Time off including paid personal and sick days 11 paid holidays Education reimbursement *Note that eligibility and cost of benefits can vary depending on the number of regularly scheduled hours, and job status such as regular full-time, regular part-time, or temporary employment. Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensures compliance with all applicable state and federal laws, company procedures and policies. Maintains integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives. The responsibilities listed do not contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice.

JobID: 210683473 JobSchedule: Full time JobShift: : As a Cloud Security Engineer at JPMorgan Chase within the Cybersecurity & Technology Controls (CTC) group, your primary responsibility will be to ensure that Public Cloud is adopted in a secure and compliant manner. You will play an important role in identifying and managing risk related issues and actions with respective technology. You will have an eye for detail and an ability to see the big picture across security issues. Job responsibilities * Lead the execution and continuous improvement of information risk and control strategies to secure public cloud assets. * Conduct and oversee risk-based assessments of technology controls for cloud services, platforms, and architecture. * Advise and guide business technology teams on firm control requirements and best practices across diverse cloud architectures. * Review and provide feedback on infrastructure-as-code for cloud platform development, ensuring alignment with security standards. * Develop and maintain documentation, and contribute to agile processes supporting security initiatives. * Collaborate with CTC teams to ensure seamless integration with security operations, threat intelligence, IAM, and network security. * Mentor junior engineers and contribute to knowledge sharing within the team. Required qualifications, capabilities, and skills * Formal training or certification on security engineering concepts and 5+ years applied experience. * Strong analytical, problem-solving, and communication skills. * Experience planning, designing, building and implementing enterprise level security engineering products and solutions in a public cloud environment (i.e. AWS, GCP, Azure) * Experience working in cross-functional teams and managing multiple priorities. Preferred qualifications, capabilities, and skills * Advanced understanding of public cloud security concepts and technologies. * Hands-on experience with cloud engineering, architecture, and infrastructure-as-code (Terraform, etc.). * Familiarity with DevOps, CI/CD, and agile methodologies. * Experience mentoring or training junior staff.

JobID: 210686104 JobSchedule: Full time JobShift: : Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Technology Controls, you will be an integral part of a team focused on creating software solutions that adhere to functional and user specifications while implementing safeguards against misuse, circumvention, and malicious activities. In your role as a core technical contributor, you will be tasked with delivering essential technology solutions using tamper-proof and audit-defensible methods across diverse technical domains within various business functions. Job responsibilities * Ability to design, architect, and implement applications on public cloud platforms, specifically AWS. * Design, build, and maintain scalable and secure AWS infrastructure using best practices. * Design, develop, and troubleshoot innovative software solutions by thinking beyond conventional approaches to solve complex technical problems. * Proficiency in using Terraform for automating infrastructure deployment and management, ensuring scalable and reliable cloud environment. * Architect and implement solutions leveraging AWS services such as EC2, ECS, Lambda, Load Balancers, API Gateway, S3, EBS, SQS, SNS, and other storage and messaging services. * Proactively anticipate, diagnose, and resolve technical challenges to keep systems running smoothly * Leverage AWS services for scalable deployments * Develop automation scripts and tools using Python to streamline operations and improve efficiency. * Monitor, troubleshoot, and optimize AWS networking components, ensuring high availability and performance. * Provide technical guidance and mentorship to junior engineers. Required qualifications, capabilities, and skills * Formal training or certification on security engineering concepts and 5+ years applied experience. * Proficient in using CI/CD tools like Jenkins or Spinnaker, and version control tools such as GitHub or Bitbucket with a focus on continuous integration and continuous deployment (CI/CD) pipelines * Hands-on experience with AWS services including IAM, Lambda, KMS (Data Security), S3, and Kinesis. * Experience in debugging, maintaining, monitoring, and providing production support in large environments using tools like Splunk, Datadog, and CloudWatch. * Experience with container orchestration and deployment in AWS Cloud. * Strong Python development skills * Strong AWS and DevOps experience * Solid understanding of networking concepts and architecture on AWS. Preferred qualifications, capabilities, and skills * AWS certifications is highly desirable(e.g., Solutions Architect, DevOps Engineer) #CTC

About the Role: United Community is seeking an experienced Information Security Controls Analyst to serve as a subject matter expert in evaluating and strengthening our cybersecurity and technology controls. This role plays a critical part in assessing risk exposure, recommending control improvements, and ensuring alignment with regulatory standards and business risk tolerance. You'll collaborate with enterprise risk, compliance, and legal teams to provide visibility into our risk posture and drive meaningful change across the organization. What You'll Do: Review and document the adequacy of security and technology controls across business and IT environments. Evaluate control posture through interviews, documentation reviews, and workflow analysis. Recommend and support implementation of risk reduction strategies via policies, procedures, and technical controls. Partner with risk management and security leadership to align controls with organizational risk tolerance. Identify control strengths and weaknesses related to privacy, security, resiliency, and compliance. Document and advocate for control improvements that balance risk with operational efficiency. Support control development across testing, QA, and production environments. Present control effectiveness reports to senior risk leadership. Stay current on regulatory requirements, internal policies, and industry best practices. Participate in required compliance training and support internal/external audit activities. What We're Looking For: • Experience: 3+ years in cybersecurity or IT practitioner roles. 2+ years in IT risk or controls analysis. Practical experience with risk management and IT control frameworks. • Education: Bachelor's degree preferred in Information Assurance, Computer Science, Engineering, or a related technical field. • Required Skills: Strong understanding of risk frameworks (CRI, COSO, RMF, COBIT, NIST). Familiarity with regulatory standards (PCI, FFIEC, SOX, HIPAA, GDPR, CCPA, GLBA). Experience with CIS CSC, ISO 2700, or NIST CSF. Excellent written and verbal communication across all organizational levels. Strong organizational skills and ability to meet SLAs. Sound judgment and decision-making in complex scenarios. High integrity, trustworthiness, and adaptability. • Preferred Skills: Certifications such as CISSP, CISA, CRISC, or CISM. Technical experience with enterprise networks, applications, and directory services. Familiarity with enterprise GRC platforms. Travel: Up to 5% travel required. Supervisory Responsibility: This position does not have direct supervisory responsibilities. Conditions of Employment: Must be able to pass a criminal background & credit check This is a full-time, non-remote position FLSA Status: Non-Exempt We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state, or local protected class. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

United Community is seeking an experienced Information Security Controls Analyst to serve as a subject matter expert in evaluating and strengthening our cybersecurity and technology controls. This role plays a critical part in assessing risk exposure, recommending control improvements, and ensuring alignment with regulatory standards and business risk tolerance. You'll collaborate with enterprise risk, compliance, and legal teams to provide visibility into our risk posture and drive meaningful change across the organization. What You'll Do * Review and document the adequacy of security and technology controls across business and IT environments. * Evaluate control posture through interviews, documentation reviews, and workflow analysis. * Recommend and support implementation of risk reduction strategies via policies, procedures, and technical controls. * Partner with risk management and security leadership to align controls with organizational risk tolerance. * Identify control strengths and weaknesses related to privacy, security, resiliency, and compliance. * Document and advocate for control improvements that balance risk with operational efficiency. * Support control development across testing, QA, and production environments. * Present control effectiveness reports to senior risk leadership. * Stay current on regulatory requirements, internal policies, and industry best practices. Requirements For Success Experience: * 3+ years in cybersecurity or IT practitioner roles. * 2+ years in IT risk or controls analysis. * Practical experience with risk management and IT control frameworks. Education: Bachelor's degree preferred in Information Assurance, Computer Science, Engineering, or a related technical field. Required Skills: * Strong understanding of risk frameworks (CRI, COSO, RMF, COBIT, NIST). * Familiarity with regulatory standards (PCI, FFIEC, SOX, HIPAA, GDPR, CCPA, GLBA). * Experience with CIS CSC, ISO 2700, or NIST CSF. * Excellent written and verbal communication across all organizational levels. * Strong organizational skills and ability to meet SLAs. * Sound judgment and decision-making in complex scenarios. * High integrity, trustworthiness, and adaptability. Preferred Skills: * Certifications such as CISSP, CISA, CRISC, or CISM. * Technical experience with enterprise networks, applications, and directory services. * Familiarity with enterprise GRC platforms. Conditions of Employment * Must be able to pass a criminal background & credit check * This is a full-time, non-remote position FLSA Status: * Exempt We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state, or local protected class. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Pay Range USD $49,972.00 - USD $76,958.00 /Yr.

JobID: 210676588 JobSchedule: Full time JobShift: Base Pay/Salary: Jersey City,NJ $152,000.00-$215,000.00 Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies. As a Lead Security Engineer at JP Morgan Chase within the Cybersecurity & Technology Controls, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions. Job responsibilities * Lead and manage the security engineering team, providing guidance, mentorship, and support. * Oversee the design, implementation, and maintenance of security solutions for enterprise-scale deployments. * Specific experience deploying commercial software at scale into an enterprise environment. * Develop and enforce robust change management practices to ensure system integrity and security. * Show strong experience defining and implementing infrastructure as Code (IaC), working with CI/CD pipelines, and associated automation tooling. * Function in systems engineering, systems integrations, and systems administration roles. Demonstrate strong working knowledge of Windows and Linux systems internals. * Execute on key deliverables in the security engineering space. Design and develop production deployments with the ability to think beyond routine or conventional approaches in order to deliver technology solutions for key stakeholders. * Develop secure and high-quality production code and review and debug code written by others. Able to implement complex business logic in Python, Bash, PowerShell, and other scripting languages. * Engage effectively with third-party vendors and communicate and collaborate with a broad range of internal teams. * Minimize security vulnerabilities by following industry insights and government regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls. * Work with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability. * Add to team culture of diversity, equity, inclusion, and respect. Required qualifications, capabilities, and skills * Formal training or certification on Engineering and/or Cybersecurity concepts and 5+ years applied experience as a software engineer, cloud engineer, DevOps engineer, or equivalent role. * Demonstrated skills in planning, designing, and implementing enterprise level security solutions. * Commanding knowledge of a programming/scripting language for automation and integration tasks. * Proficiency in all aspects of the Software Development Life Cycle. * Strong analytical experience with problem solving mindset and the ability to solve complex challenges. * Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security. Preferred qualifications, capabilities, and skills * Cloud computing related certifications with an AWS focus are strongly preferred, such as Certified Solutions Architect, DevOps Engineer, or similar. * Experience effectively communicating with senior business leaders.

Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies. As a Lead Security Engineer at JP Morgan Chase within the Cybersecurity & Technology Controls, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions. Job responsibilities Lead and manage the security engineering team, providing guidance, mentorship, and support. Oversee the design, implementation, and maintenance of security solutions for enterprise-scale deployments. Specific experience deploying commercial software at scale into an enterprise environment. Develop and enforce robust change management practices to ensure system integrity and security. Show strong experience defining and implementing infrastructure as Code (IaC), working with CI/CD pipelines, and associated automation tooling. Function in systems engineering, systems integrations, and systems administration roles. Demonstrate strong working knowledge of Windows and Linux systems internals. Execute on key deliverables in the security engineering space. Design and develop production deployments with the ability to think beyond routine or conventional approaches in order to deliver technology solutions for key stakeholders. Develop secure and high-quality production code and review and debug code written by others. Able to implement complex business logic in Python, Bash, PowerShell, and other scripting languages. Engage effectively with third-party vendors and communicate and collaborate with a broad range of internal teams. Minimize security vulnerabilities by following industry insights and government regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls. Work with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability. Add to team culture of diversity, equity, inclusion, and respect. Required qualifications, capabilities, and skills Formal training or certification on Engineering and/or Cybersecurity concepts and 5+ years applied experience as a software engineer, cloud engineer, DevOps engineer, or equivalent role. Demonstrated skills in planning, designing, and implementing enterprise level security solutions. Commanding knowledge of a programming/scripting language for automation and integration tasks. Proficiency in all aspects of the Software Development Life Cycle. Strong analytical experience with problem solving mindset and the ability to solve complex challenges. Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security. Preferred qualifications, capabilities, and skills Cloud computing related certifications with an AWS focus are strongly preferred, such as Certified Solutions Architect, DevOps Engineer, or similar. Experience effectively communicating with senior business leaders.

About the Role iCapital is looking to hire a Vice President Information Security Governance Specialist. This individual will be a key person in iCapital's second line of defense team. The ideal candidate will support the organization's security governance program by ensuring compliance with regulatory requirements, security frameworks, and contractual obligations. This role involves reviewing the information security program against industry standards, assessing security clauses in client and vendor contracts, designing and maintaining security controls, and responding to regulatory audits. Responsibilities Assist in authoring, maintaining, and updating security governance policies and standards to align with industry frameworks and management direction. Evaluate the organization's information security program against common frameworks (e.g., ISO 27001, CIS, NIST 800-53, SOC 2) and applicable regulations (e.g., NYDFS, DORA, FFIEC, GDPR). Identify gaps and recommend control enhancements to align with compliance requirements. Review and negotiate information security sections of client and vendor contracts in partnership with the Legal team. Ensure contractual obligations meet internal security standards, regulatory expectations, and reasonability. Collaborate with Technology, Information Security, and Risk teams to design, document, and enhance security controls for infrastructure, applications, and data. Coordinate responses for internal and regulatory audits for information security team. Qualifications 7-10 years of experience in information security governance, compliance, or risk management in a financial service, fintech, or technology-driven environment Bachelor's degree in information security, risk management, or a related field Strong written and verbal communication skills Excellent analytical and problem-solving skills Able to manage multiple priorities and deadlines in a fast-paced environment Comfortable engaging with senior leaders Knowledge of cybersecurity frameworks (ISO, CIS, NIST, SOC 2) and audit processes CISM, CRISC, or CISSP certifications are preferred Benefits The base salary range for this role is $150,000 to $180,000. iCapital offers a compensation package which includes salary, equity for all full-time employees, and an annual performance bonus. Employees also receive a comprehensive benefits package that includes an employer matched retirement plan, generously subsidized healthcare with 100% employer paid dental, vision, telemedicine, and virtual mental health counseling, parental leave, and unlimited paid time off (PTO). We believe the best ideas and innovation happen when we are together. Employees in this role will work in the office Monday-Thursday, with the flexibility to work remotely on Friday. For additional information on iCapital, please visit **************************************** Twitter: @icapitalnetwork | LinkedIn: ***************************************************** | Awards Disclaimer: ****************************************/recognition/ iCapital is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, gender identity, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Oversee and validate the effectiveness of security controls and configuration baselines implemented by first line teams. Regularly review security documentation and operational practices to ensure alignment with regulatory requirements, industry standards, and organizational policies. Recommend improvements to control frameworks and support the development and maintenance of security policies, standards, and procedures. Review and validate reports and metrics provided by first line teams to assess the effectiveness of security solutions and controls. Analyze trends and findings to identify systemic risks or gaps and collaborate with operational teams to ensure timely remediation and continuous improvement. Prepare independent summaries and recommendations for management based on oversight activities. Maintain up-to-date detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors. Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security. Assist in the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with standard best operating procedures and the enterprise's security documents. Assist in investigations of security incidents and problematic activities to help identify root causes and recommend corrective actions. Contribute to the development and delivery of information security awareness training programs for all organizational levels, including new hire orientation and ongoing awareness campaigns. Perform additional responsibilities as assigned to support the overall security objectives of the organization. Participate in the planning and design of enterprise security architecture, under the direction of the Information Security Manager. Assist in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the CISO. Contribute to the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan, under the direction of the CISO. Minimum Qualifications: Second year college student focusing on Information Technology or Information Security Two to four years related experience or equivalent combination of education and experience Security related certifications such as: Security +, CISA, CISSP, CRISC, CISM, GRCP, CCSP, CGEIT are strongly desired Eligibility requirements may differ for each benefit or program. National Cooperative Bank, N.A. is an Equal Employment Opportunity Employer (EOE/AA)

About the Role iCapital is looking to hire a Vice President Information Security Governance Specialist. This individual will be a key person in iCapital's second line of defense team. The ideal candidate will support the organization's security governance program by ensuring compliance with regulatory requirements, security frameworks, and contractual obligations. This role involves reviewing the information security program against industry standards, assessing security clauses in client and vendor contracts, designing and maintaining security controls, and responding to regulatory audits. Responsibilities Assist in authoring, maintaining, and updating security governance policies and standards to align with industry frameworks and management direction. Evaluate the organization's information security program against common frameworks (e.g., ISO 27001, CIS, NIST 800-53, SOC 2) and applicable regulations (e.g., NYDFS, DORA, FFIEC, GDPR). Identify gaps and recommend control enhancements to align with compliance requirements. Review and negotiate information security sections of client and vendor contracts in partnership with the Legal team. Ensure contractual obligations meet internal security standards, regulatory expectations, and reasonability. Collaborate with Technology, Information Security, and Risk teams to design, document, and enhance security controls for infrastructure, applications, and data. Coordinate responses for internal and regulatory audits for information security team. Qualifications 7-10 years of experience in information security governance, compliance, or risk management in a financial service, fintech, or technology-driven environment Bachelor's degree in information security, risk management, or a related field Strong written and verbal communication skills Excellent analytical and problem-solving skills Able to manage multiple priorities and deadlines in a fast-paced environment Comfortable engaging with senior leaders Knowledge of cybersecurity frameworks (ISO, CIS, NIST, SOC 2) and audit processes CISM, CRISC, or CISSP certifications are preferred Benefits The base salary range for this role is $150,000 to $180,000. iCapital offers a compensation package which includes salary, equity for all full-time employees, and an annual performance bonus. Employees also receive a comprehensive benefits package that includes an employer matched retirement plan, generously subsidized healthcare with 100% employer paid dental, vision, telemedicine, and virtual mental health counseling, parental leave, and unlimited paid time off (PTO). We believe the best ideas and innovation happen when we are together. Employees in this role will work in the office Monday-Thursday, with the flexibility to work remotely on Friday. For additional information on iCapital, please visit **************************************** Twitter: @icapitalnetwork | LinkedIn: ***************************************************** | Awards Disclaimer: ****************************************/recognition/ iCapital is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, gender identity, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

External Description: Cross-cutting firmwide role integrating client, business and technology requirements to protect data and systems. Access Management and Identity Controls design and standard methodologies. Governance and analysis and reporting of access and identity usage. Operations and management of Identity and Access (IAM) including provisioning. Done in active partnership and with oversight by Business, Enterprise Architecture, Technology Platform and Application Owners as they are accountable for the secure design, configuration, and operation of their environments. The Systems Security Analyst is a member of the Identity & Access Management Operations team within Enterprise Security. The team is responsible for the operations and management of the organization's Identity & Access Management platform including full user lifecycle. The team supports the maintenance of roles and entitlements in the platform, proper access approval pathing, and works closely with end users, application teams, access provisioners, and Compliance Risk Management. Responsibilities Investigate, understand, troubleshoot, remediate, and clearly document technical issues related to access & security operations, user lifecycle, application integrations, and access provisioning. Individual Contributor operating independently on daily tasks and ticketing queues, concurrently. Performs Role Engineering analysis to support Role Base Access Controls (RBAC). Monitors daily provisioning requests to ensure appropriate access. Gathers application requirements for integrating with provisioning system. You perform analysis to respond to IS Security risks and compliance audits. Supports policies, procedures, and systems to support IAM Governance. Develops educational materials to promote standard methodologies for IAM. Trains junior analysts to conduct daily tasks associated with provisioning. Demonstrates strong logic and reasoning capabilities Uses questions and proposals to clarify requirements when unclear Other duties as assigned Business Knowledge Applies understanding of the Financial Services and Asset Management industries Connects one's own work with the strategy of their team and/or department. Can competently engage in business-led conversations. Qualifications Required: Typically, 1+ years of meaningful experience Understands modern software methodologies (e.g., Agile, XP, Scrum) Working understanding of modern authentication and authorization techniques and technologies. Engages in mentorship to improve technical skills. Demonstrates competence in SQL programming language Reviews and corrects his/her personal work with minimal assistance Solicits feedback and mentorship to improve technical understanding and skills Identifies system/process/data impacts (up and down stream) and proposes appropriate alternatives/remediation Demonstrates some understanding in multiple technologies/ applications Can explain basic technical concepts to a non-technical audience Identifies impacts across teams and coordinate to manage dependencies and potentially competing priorities Preferred: Bachelor's degree or the equivalent combination of education and relevant experience 2+ years of total relevant work experience and Security related certification (Security+, CC, SSCP, etc) FINRA Requirements FINRA licenses are not required and will not be supported for this role. Work Flexibility This role is eligible for hybrid work, with up to three days per week from home. City: State: Community / Marketing Title: Systems Security Analyst Company Profile: Location_formattedLocationLong: Maryland, US CountryEEOText_Description: Commitment to Diversity, Equity, and Inclusion: We strive for equity, equality, and opportunity for all associates. When we embrace the power of diversity and create an environment where people can bring their authentic and best selves to work, our firm is stronger, and we create greater value for our clients. Our commitment and inclusive programming aim to lift the experience for each associate and builds allies for our global associate community. We know that a sense of belonging is key not only to your success at the firm, but also to your ability to bring your best each day. Benefits: We invest in our people through a wide range of programs and benefits, including: • Competitive pay and bonuses as well as a generous retirement plan and employee stock purchase plan with matching contributions • Flexible and remote work opportunities • Health care benefits (medical, dental, vision) • Tuition assistance • Wellness programs (fitness reimbursement, Employee Assistance Program) Our policies may change as our working lives evolve. Yet, our commitment to supporting our associates' well-being and addressing the needs of our clients, business, and communities is unwavering. T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, color, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.