Cyber Security Specialist jobs at Leidos - 922 jobs

About the role We're looking for a detail oriented, technically skilled engineer to join our Application Security team. This role offers opportunities to influence the group's growth and direction while integrating security within the entire Software Development Life Cycle (SDLC). Security Engineers will collaborate with Product and Engineering teams to embed security into all phases of the SDLC from feature design and implementation to deployment. They also establish and evaluate authentication, authorization, and privacy controls for B2C, B2B and M2M entity types and use cases. They will identify, prioritize, and remediate vulnerabilities identified via internal and third party penetration testing, Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST). They will also deploy, maintain and tune the tools used to perform this testing. Security Engineers serve as subject matter experts on authentication and authorization security, partnering with product and engineering teams to implement security and privacy best practices for healthcare applications. The ideal candidate will have experience securing, hardening, and identifying vulnerabilities in web applications, RESTful and GraphQL APIs, and mobile applications (iOS and Android) in a cloud hosted microservice environment. The ideal candidate will also have experience risk assessing the results of automated SCA, SAST and DAST to validate severity before assigning to engineers for remediation. They may also have experience in securing Generative AI LLM services, including, but not limited to security guardrails to prevent jailbreaks, sensitive information disclosure, data/model poisoning, and safety guardrail verification and testing. What You'll Accomplish Implement and maintain automated security scanning tools (SCA, SAST, DAST) and perform manual and AI assisted security assessments including source code review to identify and remediate vulnerabilities in Hinge Health web applications, mobile applications and API endpoints. Enable the product teams to create secure by design product features and services by working alongside product managers and engineers during the design phase of projects including Generative AI projects. Assist with third party security assessments and penetration tests of Hinge Health web applications, API endpoints, and mobile applications, including interpretation of results and verification of remediations. Contribute to the improvement of Software Development Life Cycle management policies, procedures, and standards. Basic Qualifications 3+ years of experience in application security, product security, or related security engineering roles Experience securing web applications, mobile applications (iOS/Android), or API endpoints Experience with automated security testing, including configuring and automating security scans as part of the CI/CD process, and interpreting the results and working directly with engineers on prioritization and remediation. Experience in examining source code in multiple languages to evaluate security controls and identifying common coding and design vulnerabilities. Experience with OWASP Top 10 and other common security flaw patterns. Demonstrated ability to collaborate with engineering and product teams to address security concerns. Preferred Qualifications Experience securing applications in Health Care, securing ePHI and HIPAA/HITECH regulations. Experience with modern authentication and authorization technologies including OAuth 2.0, OIDC, SAML, JWT validation, SSO integrations, MFA/OTP implementations, API tokens, and identity platforms such as Auth0 or Okta. Understanding of session management, refresh tokens, and secure authentication flows for B2C, B2B, and M2M use cases. Experience assessing the security and safety of Generative AI LLM solutions and in evaluating and implementing solutions for their continuous monitoring Familiarity with HITRUST CSF and NIST control frameworks. Experience in Threat Modeling Experience performing security assessments and secure design of hardware and firmware of medical devices communicating over Bluetooth Experience with any of the following, deploying web based services on AWS infrastructure, Kubernetes, Typescript, ReactNative, Python, Go, Ruby on Rails, GraphQL, IaC using Terraform. Incident Handling: Be able to work as a subject matter expert in the security controls, internal communications, and infrastructure of Hinge Health applications during security incidents. Hinge Health Hybrid Model We believe that remote work and in-person work have their own advantages and disadvantages, and we want to be able to leverage the best of both worlds. Employees in hybrid roles are required to be in the office 3 days/week. The San Francisco office has a dog-friendly workplace program. Compensation This position will have an annual salary, plus equity and benefits. Please note the annual salary range is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. The annual salary range for this position is $192,000 - $230,400. About Hinge Health Hinge Health leverages software, including AI, to largely automate care for joint and muscle health, delivering an outstanding member experience, improved member outcomes, and cost reductions for its clients. The company has designed its platform to address a broad spectrum of MSK care-from acute injury, to chronic pain, to post-surgical rehabilitation-and the platform can help to ease members' pain, improve their function, and reduce their need for surgeries, all while driving health equity by allowing members to engage in their exercise therapy sessions from anywhere. The company is headquartered in San Francisco, California. Learn more at ************************** What You'll Love About Us Inclusive healthcare and benefits: On top of comprehensive medical, dental, and vision coverage, we offer employees and their family members help with gender-affirming care, tools for family and fertility planning, and travel reimbursements if healthcare isn't available where you live. Planning for the future: Start saving for the future with our traditional or Roth 401k retirement plan options which include a 2% company match. Modern life stipends: Manage your own learning and development Culture & Engagement Hinge Health is an equal opportunity employer and prohibits discrimination and harassment of any kind. We make employment decisions without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, pregnancy, or any other basis protected by federal, state or local law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. We provide reasonable accommodations for candidates with disabilities. If you feel you need assistance or an accommodation due to a disability, let us know by reaching out to your recruiter. By submitting your application you are acknowledging we are using your personal data as outlined in personnel and candidate privacy policy. #J-18808-Ljbffr

A prominent financial institution in Denver seeks a cybersecurity expert to join their Malware Defense Team. The role involves analyzing malware, tracking campaigns, and creating tools to assist in analysis. Ideal candidates will have strong experience in malware analysis, threat detection tools, and team collaboration. This position offers a competitive salary range of $95,700 to $144,900 annually, with industry-leading benefits and a commitment to professional growth. #J-18808-Ljbffr

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us! Bank of America is one of the world's leading financial institutions, serving over 66 million consumers and small businesses. Company success is only possible with a strong cyber defense, which enables Bank of America to safely conduct global operations across the United States and in approximately 35 countries. Our primary goal is to safeguard not only the company, but our clients and their trust. The Malware Defense Team is looking for top talent who would like to join one of the most advanced cybersecurity teams in the world. Responsibilities In-depth analysis of malware, including authoring analysis reports. Tracking malware campaigns, malicious actors, and related infrastructure. Creation of tools and scripts to assist in the analysis of malware analysis. Field escalations of potentially malicious files and websites from teams within Malware Defense. Required Qualifications Strong direct experience of analyzing malware. Intermediate to advanced malware analysis skills. Experience creating innovative ways to track progression of malware families, infrastructure, and campaigns conducted by e-crime, and cyber espionage actors. Experience creating tools and scripts to accelerate malware and threat analysis. Background in network traffic analysis - WireShark, Fiddler, proxy logs, etc. Experience analyzing malicious web content such as ClickFix, ClearFake, SocGholish, etc. Experience authoring YARA, Suricata, and EKFiddle detection rules. Experience with penetration testing and/or adversary emulation is a plus. Able to work independently on tasks, but also work well within a team environment. Desired Qualifications Experience analyzing malware targeting Linux, Android, and IOT platforms. Skills Cyber Security Data Privacy and Protection Problem Solving Process Management Threat Analysis Business Acumen Data and Trend Analysis Interpret Relevant Laws, Rules, and Regulations Risk Analytics Stakeholder Management Access and Identity Management Data Governance Encryption Information Systems Management Technology System Assessment Shift 1st shift (United States of America) Hours Per Week 40 Pay Transparency details US - CO - Denver - 1144 15th St - Denver Gis (CO9926), US - DC - Washington - 1800 K St NW - 1800 K Street NW (DC1842), US - IL - Chicago - 540 W Madison St - Bank Of America Plaza (IL4540) Pay and benefits information Pay range: $95,700.00 - $144,900.00 annualized salary, offers to be determined based on experience, education and skill set. Discretionary incentive eligible: This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company. Benefits This role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve. #J-18808-Ljbffr

As a Senior Security Engineer II at Aledade, we play a central role in helping secure our enterprise, cloud native environments, and applications. We're looking for security engineers that understand data and automation are important ingredients to our mission and know how to actively employ these ingredients at scale. Beyond the technical expertise, we value individuals who can partner cross-functionally across various teams, driving impactful outcomes and further securing our digital landscape. Primary Duties Working cross functionally to design, build, and operate solutions that continuously improve and automate our security capabilities Leveraging data to understand trends, metrics, and opportunities to improve our security posture and then helping execute on those opportunities with stakeholders Leading and enhancing incident response efforts, spearheading analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and remediation of security incidents Helping craft and refine security documentation pertinent to our Security Program, such as policies, standards, baselines, and standard operating procedures Mentoring and coaching more junior engineers or analysts Minimum Qualifications BS / BTech (or higher) in Computer Science, Information Technology, Cybersecurity or a related field, 8 years security domain experience without degree 4+ years of experience acting as a trusted advisor in a team setting, solving for short-term and long-term business value 4+ years of experience coaching other engineers or analysts Domain Specific 6+ years of experience in securing and deploying applications within Cloud Native environments 5+ years of experience in a dedicated DevOps/DevSecOps/SRE role with focus on establishing secure SDLC and DevSecOps processes. Experience in scripting languages such as Python and Bash. Experience with Cloud Native Software Development environments and practices with a focus on multi-cloud deployments in AWS, Azure and/or GCP. Preferred KSA's Prior experience working in the healthcare industry with health-tech systems, like Electronic Health Records, Clinical data, etc. Prior experience with a focus on tooling, automation, and distributed systems development is preferred. Experience generating automated metrics to measure service and program effectiveness and consistency Strong communication skills, both written and verbal, with the capability to articulate complex technical issues to a diverse audience Domain Specific Experience with continuous integration tools (e.g. Cloud formation, Code deploy, Jenkins, CircleCI, Codefresh, Github Actions etc.). Experience with configuration management platforms (e.g. Ansible, Chef, Salt). Hands-on experience using Terraform, Python and/or other orchestration platforms at scale. Familiarity with Agile and waterfall development methodologies. Familiarity with automated testing methodologies, and continuous integration concepts. Experience in creating, deploying, maintaining, and troubleshooting Docker images. Experience in scoping, deploying, maintaining and troubleshooting Kubernetes clusters. Experience with deploying policies with AWS Control tower, Azure Security hub, Google Resource Manager etc. Physical Requirements Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required. Who We Are Aledade, a public benefit corporation, exists to empower the most transformational part of our health care landscape - independent primary care. We were founded in 2014, and since then, we've become the largest network of independent primary care in the country - helping practices, health centers and clinics deliver better care to their patients and thrive in value-based care. Additionally, by creating value-based contracts across a wide variety of health plans, we aim to flip the script on the traditional fee-for-service model. Our work strengthens continuity of care, aligns incentives and ensures primary care physicians are paid for what they do best - keeping patients healthy. If you want to help create a health care system that is good for patients, good for practices and good for society - and if you're eager to join a collaborative, inclusive and remote-first culture - you've come to the right place. What Does This Mean for You? At Aledade, you will be part of a creative culture that is driven by a passion for tackling complex issues with respect, open-mindedness and a desire to learn. You will collaborate with team members who bring a wide range of experiences, interests, backgrounds, beliefs and achievements to their work - and who are all united by a shared passion for public health and a commitment to the Aledade mission. In addition to time off to support work-life balance and enjoyment, we offer the following comprehensive benefits package designed for the overall well-being of our team members: Flexible work schedules and the ability to work remotely are available for many roles Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners Robust time-off plan (21 days of PTO in your first year) Two paid volunteer days and 11 paid holidays 12 weeks paid parental leave for all new parents Six weeks paid sabbatical after six years of service Educational Assistant Program and Clinical Employee Reimbursement Program 401(k) with up to 4% match Stock options And much more! At Aledade, we don't just accept differences, we celebrate them! We strive to attract, develop and retain highly qualified individuals representing the diverse communities where we live and work. Aledade is committed to creating a diverse environment and is proud to be an equal opportunity employer. Employment policies and decisions at Aledade are based on merit, qualifications, performance and business needs. All qualified candidates will receive consideration for employment without regard to age, race, color, national origin, gender (including pregnancy, childbirth or medical conditions related to pregnancy or childbirth), gender identity or expression, religion, physical or mental disability, medical condition, legally protected genetic information, marital status, veteran status, or sexual orientation. Privacy Policy: By applying for this job, you agree to Aledade's Applicant Privacy Policy available at ************************************************* #J-18808-Ljbffr

As a Senior Security Engineer I at Aledade, you will play a central role in enhancing the security posture of our enterprise, cloud-native environments, and applications. We are seeking a dedicated professional with in-depth knowledge of security principles, standards, and best practices to help safeguard our systems and support our security compliance initiatives. In this role, you will work to design, implement, and maintain robust security solutions across diverse platforms and technologies. You will collaborate closely with various teams to ensure alignment between security solutions and organizational requirements, enabling secure operations across the enterprise. Your ability to partner cross-functionally will be key to driving impactful security outcomes and strengthening our digital landscape. Your expertise will be crucial as we continue to mature our security capabilities and maintain our commitment to protecting critical systems and data. Primary Duties Working cross-functionally to design, build, and operate solutions that improve and mature our security capabilities Leveraging data to understand trends, metrics, and opportunities to improve our security posture, researching options, and then making recommendations as options to secure those opportunities with stakeholders Leading and enhancing incident / issues response efforts, spearheading analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and remediation of security incidents / issues Helping craft and refine security documentation pertinent to our Security Program, such as policies, standards, baselines, and standard operating procedures Minimum Qualifications BS / BTech (or higher) in Computer Science, Information Technology, Cybersecurity or a related field, 6 years security domain experience without degree. 4+ years combined experience as a security engineer in an enterprise environment (preferably cloud) across multiple disciplines. 3+ years of relevant work experience in security posture management. 2+ years of experience acting as a trusted technical decision-maker in a team setting, solving for short-term and long term business value. Preferred KSA's Prior experience working in the healthcare industry with health-tech systems, like Electronic Health Records, Clinical data, etc. Experience in scripting languages such as Python and Bash is required. Experience with Cloud Native Software Development environments and practices with a focus on multi-cloud deployments in AWS, Azure and/or GCP is required. Prior experience with a focus on tooling, automation, and distributed systems development is preferred. Experience with continuous integration tools (e.g. Cloud formation, Code deploy, Jenkins, CircleCI, Codefresh, Github Actions etc.). Experience with configuration management platforms (e.g. Ansible, Chef, Salt). Hands-on experience using Terraform, Python and/or other orchestration platforms at scale. Familiarity with Agile and waterfall development methodologies. Familiarity with automated testing methodologies, and continuous integration concepts. Experience in creating, deploying, maintaining, and troubleshooting Docker images. Experience in scoping, deploying, maintaining and troubleshooting Kubernetes clusters. Experience with deploying policies with AWS Control tower, Azure Security hub, Google Resource Manager etc. Experience generating automated metrics to measure service and program effectiveness and consistency Strong communication skills, both written and verbal, with the capability to articulate complex technical issues to a diverse audience Physical Requirements Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required. Who We Are: Aledade, a public benefit corporation, exists to empower the most transformational part of our health care landscape - independent primary care. We were founded in 2014, and since then, we've become the largest network of independent primary care in the country - helping practices, health centers and clinics deliver better care to their patients and thrive in value-based care. Additionally, by creating value-based contracts across a wide variety of health plans, we aim to flip the script on the traditional fee-for-service model. Our work strengthens continuity of care, aligns incentives and ensures primary care physicians are paid for what they do best - keeping patients healthy. If you want to help create a health care system that is good for patients, good for practices and good for society - and if you're eager to join a collaborative, inclusive and remote-first culture - you've come to the right place. What Does This Mean for You? At Aledade, you will be part of a creative culture that is driven by a passion for tackling complex issues with respect, open-mindedness and a desire to learn. You will collaborate with team members who bring a wide range of experiences, interests, backgrounds, beliefs and achievements to their work - and who are all united by a shared passion for public health and a commitment to the Aledade mission. In addition to time off to support work-life balance and enjoyment, we offer the following comprehensive benefits package designed for the overall well-being of our team members: Flexible work schedules and the ability to work remotely are available for many roles Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners Robust time-off plan (21 days of PTO in your first year) Two paid volunteer days and 11 paid holidays 12 weeks paid parental leave for all new parents Six weeks paid sabbatical after six years of service Educational Assistant Program and Clinical Employee Reimbursement Program 401(k) with up to 4% match Stock options And much more! At Aledade, we don't just accept differences, we celebrate them! We strive to attract, develop and retain highly qualified individuals representing the diverse communities where we live and work. Aledade is committed to creating a diverse environment and is proud to be an equal opportunity employer. Employment policies and decisions at Aledade are based on merit, qualifications, performance and business needs. All qualified candidates will receive consideration for employment without regard to age, race, color, national origin, gender (including pregnancy, childbirth or medical conditions related to pregnancy or childbirth), gender identity or expression, religion, physical or mental disability, medical condition, legally protected genetic information, marital status, veteran status, or sexual orientation. Privacy Policy: By applying for this job, you agree to Aledade's Applicant Privacy Policy available at ************************************************* #J-18808-Ljbffr

A leading identity platform company in San Francisco is seeking a Corporate Security Lead to fortify defenses against evolving threats. This full-time role involves developing endpoint security solutions and collaborating with cross-functional teams. The ideal candidate has over 3 years of IT security experience, including endpoint hardening and scripting skills. Enjoy competitive benefits like unlimited PTO, mental health days, and professional development stipends in a vibrant work culture. #J-18808-Ljbffr

An innovative technology company in San Francisco seeks a Security Lead to fortify their defenses against evolving threats. In this role, you'll develop and implement security tools, collaborate across teams on best practices, and manage insider threat programs. Candidates should have 3+ years in IT security, experience with endpoint hardening, and strong coding skills in Ruby or Python. The company offers a competitive benefits package, promoting a supportive work culture. #J-18808-Ljbffr

A healthcare technology firm located in Maryland is seeking a Senior Security Engineer I to enhance security capabilities within cloud-native environments. The candidate will design and implement security solutions, lead incident response efforts, and collaborate with various teams to strengthen security posture. Applicants should have a degree in Computer Science or related field, extensive experience in security engineering, and proficiency in scripting languages like Python and Bash. This role offers a supportive workplace that values diversity and innovation. #J-18808-Ljbffr

Persona is the configurable identity platform built for businesses in a digital-first world. Verifying individuals and organizations is harder - but more important - than ever, with AI enabling fraudsters to launch sophisticated accounts at scale and regulations evolving rapidly. We've built Persona to support practically every use case and industry - that's why we're able to serve a wide range of leading companies. For example, Instacart relies on Persona to verify shoppers who onboard onto their platform before delivering groceries to your doorstep. Meanwhile, OpenAI relies on Persona to keep bad actors out, protecting one of the world's most powerful AI platforms from large-scale abuse in a time when AI is reshaping the way we work and live. We're growing rapidly and looking for exceptional people to join us! About the Role Persona's Security Team is looking for someone to lead our corporate security efforts. You'll play a pivotal role in fortifying our defenses against evolving threats. Your mission is to protect fellow Personerds and the systems we use to do our work. You'll have the opportunity to employ cutting‑edge technologies, innovative strategies, and your expertise to thwart potential attacks before they disrupt our operations. This is a full-time position based in our headquarters in downtown San Francisco. Our in-office days are Tuesday - Thursday, with the option to work from home on Monday and Friday. What you'll do at Persona Develop, enhance, and implement endpoint detection and response rules and tooling for endpoint devices Collaborate cross-functionally with our TechOps Team in implementing security best practices for SaaS and endpoint environments and support security initiatives like 2-factor authentication, automated encryption of client devices, DLP, etc. Build tools and processes for automating security controls and monitoring at scale Support security initiatives across the organization and harden our corporate infrastructure against attack Recommend endpoint and SaaS mitigations and controls based on generated telemetry Provide recommendations and support for insider threat programs Participate in the on‑call rotation for the Security Team What you'll bring to Persona 3+ years of experience in IT security or building endpoint security solutions, including experience supporting mac OS devices Experience with planning and executing endpoint hardening initiatives Experience with mobile device management (MDM) and endpoint detection and response (EDR) tools and technologies Experience with data loss prevention (DLP) and insider threat concepts and mitigations Experience with email security concepts and protecting a workforce against phishing Ability to explain security topics clearly to non-technical business representatives Ability to write code in Ruby, Python, or similar scripting languages, as well as SQL queries Full-time Employee Benefits and Perks For full-time employees (excluding internship and contractor opportunities), Persona offers a wide range of benefits, including medical, dental, and vision, 3% 401(k) contribution, unlimited PTO, quarterly mental health days, family planning benefits, professional development stipend, wellness benefits, among others. While we believe competitive compensation and benefits are a critical aspect of you deciding to join us, we do hope you consider why our core values and culture are right for you. If you'd like to better understand what it's like working at Persona, feel free to check out our reviews on Glassdoor. #J-18808-Ljbffr

Persona is the configurable identity platform built for businesses in a digital-first world. Verifying individuals and organizations is harder - but more important - than ever, with AI enabling fraudsters to launch sophisticated accounts at scale and regulations evolving rapidly. We've built Persona to support practically every use case and industry - that's why we're able to serve a wide range of leading companies. For example, Instacart relies on Persona to verify shoppers who onboard onto their platform before delivering groceries to your doorstep. Meanwhile, OpenAI relies on Persona to keep bad actors out, protecting one of the world's most powerful AI platforms from large-scale abuse in a time when AI is reshaping the way we work and live. We're growing rapidly and looking for exceptional people to join us! About the Role We're building something special here at Persona, and our Security Team is a big part of that. Our team is made up of veterans from industry leaders like Square and Dropbox, and we're looking for someone to join us in shipping innovative products quickly and securely. Your job? Work with our engineering teams to make sure we're delivering rock-solid security for our customers and users. As we grow fast (and we mean fast), you'll be key in managing the risks that come with that speed. We're not just looking for someone to play defense - we want you to think ahead and outsmart the bad guys before they even know what hit them. You'll get to work with the latest tech and come up with clever ways to keep our systems locked down tight. What you'll do at Persona Collaborate cross-functionally with our product teams to understand, manage, and mitigate the security risks associated with their work, while supporting their ability to ship quickly Build tools and processes for automating product security controls and monitoring at scale Support product security initiatives across our fast-growing engineering team Participate in the on-call rotation for the Security Team What you'll bring to Persona Communication and Collaboration skills. Ability to explain security topics clearly to non-technical business representatives. Drive to enable other engineers to ship securely. Bias toward shipping. Improving our product quickly and continually is one of Persona's greatest strengths. You should be excited about finding ways to integrate security into our product delivery processes without slowing things down. Proactive approach to solving problems. We're looking for someone that can tell us how to solve our problems, not someone who waits to be told how to solve problems. Passion for security. You should be excited about keeping your skills and knowledge sharp, and sharing that with your peers and the rest of the company. Experience. 2+ years of software engineering, 2+ years of product security at a fast-moving technology company. Nice to have Experience securing a large Ruby on Rails application. Full-time Employee Benefits and Perks For full-time employees (excluding internship and contractor opportunities), Persona offers a wide range of benefits, including medical, dental, and vision, 3% 401(k) contribution, unlimited PTO, quarterly mental health days, family planning benefits, professional development stipend, wellness benefits, among others. While we believe competitive compensation and benefits is a critical aspect of you deciding to join us, we do hope you consider why our core values and culture are right for you. If you'd like to better understand what it's like working at Persona, feel free to check out our reviews on Glassdoor. #J-18808-Ljbffr

A leading identity platform in San Francisco seeks a Security Engineer to enhance product security while supporting the fast-paced delivery processes of engineering teams. The candidate will collaborate cross-functionally to manage risks, build security automation tools, and participate in on-call rotations. Required skills include communication, collaboration, and a passion for security, with 2+ years in software engineering and product security at a tech company. This full-time role offers competitive benefits and emphasizes a culture of proactive problem-solving. #J-18808-Ljbffr

A forward-thinking technology company in San Francisco seeks a skilled individual to lead their corporate security efforts. In this full-time role, you'll enhance security practices, develop innovative defense strategies, and protect the organization's operations from evolving threats. The ideal candidate has over 3 years of experience in IT security, particularly in endpoint security solutions. The company offers competitive medical, dental, and mental health benefits along with an engaging workplace culture. #J-18808-Ljbffr

We are seeking a Senior Security Analyst to join our team at Independent Living Systems (ILS). ILS, along with its affiliated health plans known as Florida Community Care and Florida Complete Care, is committed to promoting a higher quality of life and maximizing independence for all vulnerable populations. About the Role: The Senior Security Analyst plays a critical role in safeguarding the organization's information systems and digital assets by proactively identifying, analyzing, and mitigating security threats. This position is responsible for leading advanced security investigations, managing incident response activities, and ensuring compliance with industry standards and regulatory requirements. The role requires collaboration with cross-functional teams to design and implement robust security controls and to continuously improve the organization's security posture. The Senior Security Analyst will also mentor junior team members and contribute to the development of security policies and procedures. Ultimately, this role ensures the confidentiality, integrity, and availability of sensitive data while supporting business objectives through effective risk management. Minimum Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. 5+ years of experience in information security or cybersecurity roles. Strong knowledge of security frameworks such as NIST, ISO 27001, or CIS Controls. Experience with security monitoring tools such as SIEM, IDS/IPS, and endpoint protection platforms. Proven ability to conduct incident response and forensic investigations. Relevant experience may substitute for the educational requirement on a year-for-year basis. Preferred Qualifications: Master's degree in computer science, Information Security, or a related field. Professional certifications such as CISSP, CISM, GIAC, CISA, CRISC Knowledge of regulatory requirements such as GDPR, HIPAA, or PCI-DSS. Framework & compliance expertise in SOC 2 / SSAE 18, evidence collection, testing, control mapping Audit / GRC tooling, Evidence workflows, issue tracking, remediation validation Responsibilities: Monitor security alerts and analyze potential threats using advanced security tools and techniques. Lead incident response efforts, including investigation, containment, eradication, and recovery from security breaches. Conduct vulnerability assessments and penetration testing to identify and remediate security weaknesses. Develop and maintain security documentation, including policies, procedures, and incident reports. Collaborate with IT, compliance, and business units to implement security best practices and ensure regulatory compliance. Provide mentorship and guidance to junior security analysts and other team members. Stay current with emerging security threats, technologies, and industry trends to proactively enhance security measures.

Job Description A family of companies and experiences As the leading foodservice and support services company, Compass Group USA is known for our great people, great service and our great results. If you've been hungry and away from home, chances are you've tasted Compass Group's delicious food and experienced our outstanding service. We have over 284,000 US associates who work in award-winning restaurants, corporate cafes, hospitals, schools, arenas, museums, and more in all 50 states. Our reach is constantly expanding to shape the industry and create new opportunities for innovation. Join the Compass family today! great people. great services. great results. Each and every individual plays a key role in the growth and legacy of our company. We know the next big idea can come from anyone. We encourage developing and attracting expertise that differentiates us as a company as we continue to raise the bar. Job Summary: Compass Group USA is seeking an experienced Privacy Professional to join our Legal & Compliance team. This role will focus on ensuring compliance with applicable US state and federal privacy laws governing the collection, processing, and use of employee/associate personal information. The ideal candidate will have a strong understanding of privacy frameworks and experience working in organizations with diverse industry exposure, and the ability to coordinate across multiple teams. Responsibilities: Regulatory Compliance: Monitor and interpret state privacy and Artificial Intelligence laws (e.g., CCPA, CPRA, VCDPA, and similar) impacting employee personal information. Advise business units on compliance obligations related to personal information collection, processing, and sharing. Help build and maintain strong privacy controls and systems to maintain privacy compliance. Manage the company DSAR process and tooling. Policy Development & Implementation: Draft, review, and maintain privacy policies, notices, and consent mechanisms across websites and mobile applications. Embed privacy-by-design principles into marketing and technology initiatives and applications purchased and created by the company. Risk Management: Conduct Privacy Impact Assessments (PIAs) and maintain Records of Processing Activities (RoPA). Support incident response and breach management in collaboration with IT and cybersecurity teams. Training & Awareness: Deliver privacy training to human resources, talent acquisition, benefits, and other teams, and educate the company around core privacy principles. Promote a culture of compliance across diverse business units. Qualifications: Education & Experience: A bachelor's from an accredited US college or university in related studies. Minimum 3-5 years of experience advising US entities on topics of privacy, data protection, or similar compliance roles at a company governed by state and federal US privacy laws. Privacy Expertise: Required: Strong knowledge of U.S. state privacy laws. Preferred: Experience with HIPAA compliance. CIPP/US, CIPM, or similar privacy certification. Skills: Excellent analytical, communication, and project management skills. The ability to translate complex privacy laws into business-applicable advice and controls. Ability to work in fast-paced environments with diverse industry exposure. Apply to Compass Group today! Click here to Learn More about the Compass Story Compass Group is an equal opportunity employer. At Compass, we are committed to treating all Applicants and Associates fairly based on their abilities, achievements, and experience without regard to race, national origin, sex, age, disability, veteran status, sexual orientation, gender identity, or any other classification protected by law. Qualified candidates must be able to perform the essential functions of this position satisfactorily with or without a reasonable accommodation. Disclaimer: this job post is not necessarily an exhaustive list of all essential responsibilities, skills, tasks, or requirements associated with this position. While this is intended to be an accurate reflection of the position posted, the Company reserves the right to modify or change the essential functions of the job based on business necessity. We will consider for employment all qualified applicants, including those with a criminal history (including relevant driving history), in a manner consistent with all applicable federal, state, and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York Fair Chance Act. We encourage applicants with a criminal history (and driving history) to apply. Compass Corporate maintains a drug-free workplace. Applications are accepted on an ongoing basis. Associates at Corporate are offered many fantastic benefits. Medical Dental Vision Life Insurance/ AD Disability Insurance Retirement Plan Paid Time Off Paid Parental Leave Holiday Time Off (varies by site/state) Personal Leave Associate Shopping Program Health and Wellness Programs Discount Marketplace Identity Theft Protection Pet Insurance Commuter Benefits Employee Assistance Program Flexible Spending Accounts (FSAs) Associates may also be eligible for paid and/or unpaid time off benefits in accordance with applicable federal, state, and local laws. For positions in Washington State, Maryland, or to be performed Remotely, click here for paid time off benefits information. Req ID: 1480673 Compass Corporate Julia Vogel [[req_classification]]

Let's do great things, together! About Moda Founded in Oregon in 1955, Moda is proud to be a company of real people committed to quality. Today, like then, we're focused on building a better future for healthcare. That starts by offering outstanding coverage to our members, compassionate support to our community and comprehensive benefits to our employees. It keeps going by connecting with neighbors to create healthy spaces and places, together. Moda values diversity and inclusion in our workplace. We aim to demonstrate our commitment to diversity through all our business practices and invite applications from candidates that share our commitment to this diversity. Our diverse experiences and perspectives help us become a stronger organization. Let's be better together. Position Summary The Operations Analyst is a technical role within Moda's Information Security team and will play a vital role in keeping the organization's proprietary and sensitive information secure. This position works interdepartmentally to investigate issues, identify and correct flaws in security systems, solutions, and programs, and recommend measures to improve the company's overall security posture. Acting as a liaison between Security and IT management, the analyst assists IT strategy and architecture design from a security perspective and identifies issues, concerns, or recommendations as the organization grows its technology infrastructure and processes. This is a FT WFH position. Pay Range $70,496.52 - $91,647.55 annually (depending on experience) *This role may be classified as hourly (non-exempt) depending on the applicant's location. Actual pay is based on qualifications. Applicants who do not exceed the minimum qualifications will only be eligible for the low end of the pay range. Please fill out an application on our company page, linked below, to be considered for this position. ************************** GK=27768922&refresh=true Benefits: Medical, Dental, Vision, Pharmacy, Life, & Disability 401K- Matching FSA Employee Assistance Program PTO and Company Paid Holidays Required Skills, Experience & Education: Bachelor's or master's in Computer Science, Information Security, Cybersecurity, or a related field. 5+ years of experience as a security operations analyst or in related fields such as IT audit, enterprise risk management, penetration testing, or red team/incident response. Experience with common security tools such as SIEM platforms, EDR solutions, and cloud platforms (e.g., Microsoft Azure, Amazon AWS). Knowledge of Microsoft Azure configuration and management is highly desirable. 3+ years of experience with regulatory compliance and information security management frameworks (e.g., HIPAA, NIST, IS0 27000, or COBIT). Strong documentation and reporting skills, including the ability to record security events, investigations, and recommendations for technical and non-technical audiences. Excellent collaboration and communication skills with the ability to influence and work effectively across cross-functional teams. Industry recognized cybersecurity certification (e.g., CISSP, CISM, CompTIA Security+) preferred. Primary Functions: Defend against cybersecurity incidents and identify, analyze, communicate, and contain incidents as they occur. Monitor systems and networks for security alerts, notifications, and issues including patching and update process issues and investigate and document any security issues or events that may occur. Own and drive the investigation of security events and other cybersecurity incidents including review, triage, and response to alerts and notifications. Take a lead role in the documentation of security events and incidents and the assessment of the damage they cause. Review threat intelligence and analyze the current threat landscape and apply threat analysis to Moda's infrastructure systems and networks to identify and address vulnerabilities or exploitable attack paths. Build and drive proactive threat hunting programs including detailed threat analysis of exploitable vulnerabilities leading to actionable remediation plans. Work with IT resources and architects to develop and implement cloud security strategies to facilitate migration of key assets into a public cloud hosted environment. Advise on installation and configuration of security controls, systems, and software to protect systems and information infrastructure and recommend enhancements based on compliance requirements and industry best practices. Work with IT and Security leadership to perform tests or support external testing such as network penetration tests, vulnerability testing, and disaster response failover tests to uncover network vulnerabilities. Advise on installation and configuration of security controls, systems, and software to protect systems and information infrastructure and recommend enhancements based on compliance requirements and industry best practices. Take a proactive and operational role in creating the best practices for IT security companywide. Support cybersecurity risk assessment activities. Work with both Security and IT management to ensure security policies and goals are met in infrastructure and development contexts. Stay current on IT security trends and news including evolving standards. Collaborate and communicate effectively with cross functional colleagues at all levels. Other duties as assigned. Working Conditions: Remote office environment with extensive close PC and keyboard use, constant sitting, and frequent phone communication. Must be able to navigate multiple computer screens. A reliable, high-speed, hard-wired internet connection required to support remote or hybrid work. Must be comfortable being on camera for virtual training and meetings. Work in excess of standard workweek, including evenings and occasional weekends, to meet business need. Internally with all departments. Externally with auditors, clients, technology partners, and other various entities. Together, we can be more. We can be better. Moda Health seeks to allow equal employment opportunities for all qualified persons without regard to race, religion, color, age, sex, sexual orientation, national origin, marital status, disability, veteran status or any other status protected by law. This is applicable to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absences, compensation, and training. For more information regarding accommodations, please direct your questions to Kristy Nehler & Danielle Baker via our ***************************** email.

Job Description Let's do great things, together! About Moda Founded in Oregon in 1955, Moda is proud to be a company of real people committed to quality. Today, like then, we're focused on building a better future for healthcare. That starts by offering outstanding coverage to our members, compassionate support to our community and comprehensive benefits to our employees. It keeps going by connecting with neighbors to create healthy spaces and places, together. Moda values diversity and inclusion in our workplace. We aim to demonstrate our commitment to diversity through all our business practices and invite applications from candidates that share our commitment to this diversity. Our diverse experiences and perspectives help us become a stronger organization. Let's be better together. Position Summary The Operations Analyst is a technical role within Moda's Information Security team and will play a vital role in keeping the organization's proprietary and sensitive information secure. This position works interdepartmentally to investigate issues, identify and correct flaws in security systems, solutions, and programs, and recommend measures to improve the company's overall security posture. Acting as a liaison between Security and IT management, the analyst assists IT strategy and architecture design from a security perspective and identifies issues, concerns, or recommendations as the organization grows its technology infrastructure and processes. This is a FT WFH position. Pay Range $70,496.52 - $91,647.55 annually (depending on experience) *This role may be classified as hourly (non-exempt) depending on the applicant's location. Actual pay is based on qualifications. Applicants who do not exceed the minimum qualifications will only be eligible for the low end of the pay range. Please fill out an application on our company page, linked below, to be considered for this position. ************************** GK=27768922&refresh=true Benefits: Medical, Dental, Vision, Pharmacy, Life, & Disability 401K- Matching FSA Employee Assistance Program PTO and Company Paid Holidays Required Skills, Experience & Education: Bachelor's or master's in Computer Science, Information Security, Cybersecurity, or a related field. 5+ years of experience as a security operations analyst or in related fields such as IT audit, enterprise risk management, penetration testing, or red team/incident response. Experience with common security tools such as SIEM platforms, EDR solutions, and cloud platforms (e.g., Microsoft Azure, Amazon AWS). Knowledge of Microsoft Azure configuration and management is highly desirable. 3+ years of experience with regulatory compliance and information security management frameworks (e.g., HIPAA, NIST, IS0 27000, or COBIT). Strong documentation and reporting skills, including the ability to record security events, investigations, and recommendations for technical and non-technical audiences. Excellent collaboration and communication skills with the ability to influence and work effectively across cross-functional teams. Industry recognized cybersecurity certification (e.g., CISSP, CISM, CompTIA Security+) preferred. Primary Functions: Defend against cybersecurity incidents and identify, analyze, communicate, and contain incidents as they occur. Monitor systems and networks for security alerts, notifications, and issues including patching and update process issues and investigate and document any security issues or events that may occur. Own and drive the investigation of security events and other cybersecurity incidents including review, triage, and response to alerts and notifications. Take a lead role in the documentation of security events and incidents and the assessment of the damage they cause. Review threat intelligence and analyze the current threat landscape and apply threat analysis to Moda's infrastructure systems and networks to identify and address vulnerabilities or exploitable attack paths. Build and drive proactive threat hunting programs including detailed threat analysis of exploitable vulnerabilities leading to actionable remediation plans. Work with IT resources and architects to develop and implement cloud security strategies to facilitate migration of key assets into a public cloud hosted environment. Advise on installation and configuration of security controls, systems, and software to protect systems and information infrastructure and recommend enhancements based on compliance requirements and industry best practices. Work with IT and Security leadership to perform tests or support external testing such as network penetration tests, vulnerability testing, and disaster response failover tests to uncover network vulnerabilities. Advise on installation and configuration of security controls, systems, and software to protect systems and information infrastructure and recommend enhancements based on compliance requirements and industry best practices. Take a proactive and operational role in creating the best practices for IT security companywide. Support cybersecurity risk assessment activities. Work with both Security and IT management to ensure security policies and goals are met in infrastructure and development contexts. Stay current on IT security trends and news including evolving standards. Collaborate and communicate effectively with cross functional colleagues at all levels. Other duties as assigned. Working Conditions: Remote office environment with extensive close PC and keyboard use, constant sitting, and frequent phone communication. Must be able to navigate multiple computer screens. A reliable, high-speed, hard-wired internet connection required to support remote or hybrid work. Must be comfortable being on camera for virtual training and meetings. Work in excess of standard workweek, including evenings and occasional weekends, to meet business need. Internally with all departments. Externally with auditors, clients, technology partners, and other various entities. Together, we can be more. We can be better. Moda Health seeks to allow equal employment opportunities for all qualified persons without regard to race, religion, color, age, sex, sexual orientation, national origin, marital status, disability, veteran status or any other status protected by law. This is applicable to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absences, compensation, and training. For more information regarding accommodations, please direct your questions to Kristy Nehler & Danielle Baker via our ***************************** email.

Manager Information Security- Renton, Washington Schedule- Full Time/ Days Oversees day-to-day operations and staff of the Security team. Prioritizes workloads of the group and acts in a supervisory role. Responsible for security policy and procedure development, enterprise security awareness and working to ensure compliance with internal and external regulatory standards such as HIPAA and DIACAP related to information security. Providence caregivers are not simply valued - they're invaluable. Join our team at USFHP and thrive in our culture of patient-focused, whole-person care built on understanding, commitment, and mutual respect. Your voice matters here, because we know that to inspire and retain the best people, we must empower them. Benefits and perks: + Competitive pay (including holiday pay & shift pay differentials) + Best-in-class benefits - full medical, dental and vision coverage from your first day + 401(k) plan with employer matching & complementary retirement planner + Generous paid time off for vacation, sick days and holidays + Tuition reimbursement & student loan forgiveness programs + Wellness & mental health assistance programs + Back-up child & elder care to help with care disruptions for your family + Voluntary benefits, like pet, auto and home insurance, and more! Required Qualifications: + Bachelor's Degree in Information technology Or Equivalent IT technical and managerial experience. + 3 years of Managing technical and/or security staff. + Demonstrated experience developing customer service work processes in the area of technology. Preferred Qualifications: + Upon hire: CISSP, CISA, CHP, CHSS, GIAC, MCSE, MCSA certifications + Experience in a healthcare IT setting. Why Join Providence? Our best-in-class benefits are uniquely designed to support you and your family in staying well, growing professionally and achieving financial security. We take care of you, so you can focus on delivering our mission to advocate, educate and provide extraordinary care. Accepting a new position at another facility that is part of the Providence family of organizations may change your current benefits. Changes in benefits, including paid time-off, happen for various reasons. These reasons can include changes of Legal Employer, FTE, Union, location, time-off plan policies, availability of health and welfare benefit plan offerings, and other various reasons. About Providence At Providence, our strength lies in Our Promise of "Know me, care for me, ease my way." Working at our family of organizations means that regardless of your role, we'll walk alongside you in your career, supporting you so you can support others. We provide best-in-class benefits and we foster an inclusive workplace where diversity is valued, and everyone is essential, heard and respected. Together, our 120,000 caregivers (all employees) serve in over 50 hospitals, over 1,000 clinics and a full range of health and social services across Alaska, California, Montana, New Mexico, Oregon, Texas and Washington. As a comprehensive health care organization, we are serving more people, advancing best practices and continuing our more than 100-year tradition of serving the poor and vulnerable. Posted are the minimum and the maximum wage rates on the wage range for this position. The successful candidate's placement on the wage range for this position will be determined based upon relevant job experience and other applicable factors. These amounts are the base pay range; additional compensation may be available for this role, such as shift differentials, standby/on-call, overtime, premiums, extra shift incentives, or bonus opportunities. Providence offers a comprehensive benefits package including a retirement 401(k) Savings Plan with employer matching, health care benefits (medical, dental, vision), life insurance, disability insurance, time off benefits (paid parental leave, vacations, holidays, health issues), voluntary benefits, well-being resources and much more. Learn more at providence.jobs/benefits. Applicants in the Unincorporated County of Los Angeles: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Unincorporated Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. About the Team Pacific Medical Centers (PacMed) is a private, not-for-profit, primary and integrated multi-specialty health care network with outpatient clinics and primary and specialty care providers in King, Snohomish and Pierce counties. We combine decades of patient-centered care with cutting-edge technology, first-class facilities and board-certified providers. Our strong team environment and respect for our people-at all levels and from all backgrounds-allow us to provide authentic care that achieves the highest-quality patient outcomes, backed by the strong network of resources and support through our affiliation with the Providence family, including local partners like Swedish Health Services. Providence is proud to be an Equal Opportunity Employer. We are committed to the principle that every workforce member has the right to work in surroundings that are free from all forms of unlawful discrimination and harassment on the basis of race, color, gender, disability, veteran, military status, religion, age, creed, national origin, sexual identity or expression, sexual orientation, marital status, genetic information, or any other basis prohibited by local, state, or federal law. We believe diversity makes us stronger, so we are dedicated to shaping an inclusive workforce, learning from each other, and creating equal opportunities for advancement. For any concerns with this posting relating to the posting requirements in RCW 49.58.110(1), please click here where you can access an email link to submit your concern. Requsition ID: 408336 Company: Pacific Medical Jobs Job Category: Information Security Job Function: Information Technology Job Schedule: Full time Job Shift: Day Career Track: Leadership Department: 3060 WA USFHP Address: WA Renton 620 Naches Ave SW Work Location: Blackriver Corporate Park-Renton Workplace Type: On-site Pay Range: $74.17 - $117.10 The amounts listed are the base pay range; additional compensation may be available for this role, such as shift differentials, standby/on-call, overtime, premiums, extra shift incentives, or bonus opportunities.

The use of IT (Information Technology) infrastructure in the company is vital for daily operation. The IS (Information Security) Specialist should Provide secure Information Technology infrastructure service to the company as well as companywide employees and staff. Role Description. Define and implement Macro (Servers, Groups and Shared resource) and Micro (Personal and Single) IT infrastructure. Analyze, Plan, Design, Develop and Implement IT Infrastructure and IT Security solutions to support company IT requirements. Analyze and prevent any Information risk ensuring the companys information integrity. Define, maintain and monitor the execution of IS and IT policies. Execute and monitor company IT/IS Compliance. Essential Duties and Responsibilities -Monitoring and maintaining computer systems and networks -Responding in a timely manner to service issues and requests -Providing technical support across the company -Support equipment repair and replacement service -Testing Benchmarking new technology -Maintain and execute IT Training program for new employs -Monitor IT/IS Infrastructure (including servers and network devices) to ensure data integrity -Reporting of daily system issues. -Analyze and propose system improvements. -Documentation related to IT/IS policies, issues, and procedures. -Participation and active analyst, designer, and developer in IT projects. -Monitoring of IT/IS infrastructure-related expenses. -Other duties as assigned. Requirements Qualifications: Listed below are the minimum and/or desired qualifications of the position including education, work experience, and knowledge & skills that are required to perform satisfactorily in the position: Education and Work Experience: -Vocational or undergraduate degree in information systems and computer science or related field. -One (1) to three (3) years of information systems, computer science and/or IT-related experience. Knowledge and Skills: -PC and Server management -IT Hardware and Software installation -Initiative skills -Problem-solving skills -Understanding of IT infrastructure and application architectures -Great Social and Communication Skills -Great Oral and Written Communication Skills -System process analysis and design capabilities/experience -Server Operating systems (Windows Server, Linux, HP-UX, Unix, Sun Solaris) -Antivirus, NAC, DLP, MDM and other IS Solutions -IS Related definition and policies (ex. ISO 27001) -Networking (Cisco/HP) and network devices (Routers and Switch) -VPN -TCP/IP, UDP, Network standards -LDAP, Active Directory and Exchange -Access Control -Security Cameras -Firewall, Web Filter and other network security appliance solutions -Database systems (SQL Server/MySQL/Oracle) and programming skill (is a plus) -MS Office skills (especially Excel skills) Physical Demands: -Position requires sitting at a desk working on a computer for at least 2/3 of time. -Position requires regular and reliable attendance. -Position requires local travel up to 10% of the time.

The Role We're looking for an Information Security Governance, Risk & Compliance Analyst to join our growing Information Security team. This role will be reporting to the Manager of Information Security Governance, Risk & Compliance. Our security team works to create a strong Information Security function within GTI that enables the business to continue its tremendous growth. The Information Security Governance, Risk & Compliance Analyst is responsible for maintaining continuous compliance with security policies, industry laws, and regulations (HIPAA, SOX, NIST, etc.). The candidate must communicate effectively with business partners and team members to help raise the level of security awareness, security compliance, and security risk. The candidate will perform environment-specific risk assessments factoring in both qualitative and quantitative risks and assist with the deployment of various controls based on those assessments. This role will also involve ongoing monitoring and improvement of security governance, ensuring a proactive approach to risk management. The role is based out of our Chicago, office. While the role is primarily remote, you need to live in the Chicagoland area and commute to the office on an as needed basis. Responsibilities Own the relationship working with IT and business stakeholders to perform ongoing internal and vendor risk assessments, providing reporting to stakeholders, and ensuring appropriate action is taken. Update and track KPIs from the Information Security risk register and work with stakeholders on developing Corrective Action Plans to address risks. Provide guidance to newer staff working with internal IT stakeholders for vulnerability management, ensuring vulnerabilities are remediated in accordance with policy and SLAs. Own the process for working with IT and business stakeholders to perform ongoing compliance reviews in line with security policies, information security regulations (HIPAA, SOX/ITGC), and security frameworks (NIST, MITRE, etc.). Assist with ongoing internal operations and tasks, including ITGC security reviews. Spearhead the ongoing internal and external SOX and HIPAA audits and other security audits that are relevant to GTI's business. Provide updates and insight during the development and maintenance of Information Security policies, standards and procedures, aligning with NIST. Lead the identification of security training and awareness initiatives for the organization. Participate in incident response tabletops, business continuity tests, and other compliance activities and exercises. Maintain KPIs and KRIs for Information Security risk & compliance activities. Execute tasks as a member of the Information Security team as assigned by management. Provide mentorship and guidance to Associate Information Security GRC Analysts. Stay up to date on relevant laws and regulations to ensure continuous compliance and audit readiness. Collaborate with the IT and security teams in response to security incidents, ensuring proper documentation and reporting. Qualifications 3+ years of experience with responsibilities relating to security and compliance. Bachelor's degree or higher in Information Security or Information Technology may help you stand out but is not required. Demonstrated work experience can be substituted. Strong written and oral communication skills. Strong conceptual understanding of Information Security theories. Knowledge of network, application, and cloud security controls. Knowledge of regulatory frameworks and compliance standards such as NIST, MITRE, OWASP, HIPAA, PCI-DSS and SOX. Strong analytical and problem-solving skills with well-organized and structured work habits, and the ability to identify and mitigate risks. Security certifications, such as CRISC, CISA are preferred, but not required. We're doing some big things, and we'll find some roadblocks along the way, big and small. A big part of this role is keeping an even keel and finding the route through or around the obstacles. This role requires lots of communication with customers and everyone at GTI. Your colleagues will rely on your ability to translate security requirements into digestible bits of information for them. Customers will expect you to quickly articulate components of the GTI security program to help them assess risk, including as part of the business development process. An insatiable intellectual curiosity and the ability to learn quickly in a complex space. Additional Requirements Must pass any and all required background checks Must be and remain compliant with all legal or company regulations for working in the industry Must be a minimum of 21 years of age #LI-HYBRID The pay range is competitive and based on experience, qualifications, and/or location of the role. Positions may be eligible for a discretionary annual incentive program driven by organization and individual performance. Green Thumb Pay Range$80,000-$100,000 USD