Cyber Security Analyst jobs at Nes Holdings - 85 jobs

A financial services company in San Francisco is seeking an experienced security professional to assess access controls and mentor peers in security best practices. The candidate should have over 6 years of experience in security operations and a Bachelor's degree. The role offers competitive compensation ranging from $157,000 to $200,000, along with a hybrid work model and comprehensive benefits. #J-18808-Ljbffr

"I can be myself at work." You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. "I can influence my income." You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. "I can lead a full life." You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones "I can succeed as a Lead AI Security Engineer at Capital Group" As aLeadAISecurity Engineer, you willbe responsible forsecuring Capital Group's enterprise AI Platforms.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI. Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromoting AI Securityprinciples across Capital Group. AISecurityProcurementManagements:You willprocureand/or build technical solutionsto reducethe riskof misconfiguration, exploitation, andother security issues formultipleenterprise AI platforms. Embedding Security in the AIPlatform Ecosystem:Working closely withplatform teams tointegrate securityintoeverycomponentof the AI Platform. Implementing Security Controls & "Guardrails" for GenAI:Designing, deploying, andoperatingtechnical controls to prevent misuse of AI systems.Guardrails designincludescontent filtering systems, usage policies, and safety checks that mitigate issues like prompt injection attacks, unauthorized data extraction, model bias or hallucinations, and other misuse of generative AIplatforms. AI Runtime Security:Engineer continually tests and updatestothe guardrails, replacing weaker controls with more robust solutions as threats evolve. AI Governance:You will work cross functionally with architecture and platform teams tomonitoralignment of solutions to AI Governance processes Contribute to Standards and Policies:You will providethought leadership for Information Security policies and standards for AIin collaboration with technology risk AI/Agent SME:Youwill provide AI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents "I am the person Capital Group is looking for." You have 8+yearsof experience in information security, application security, platform security, or penetration testing,DevSecOps, networksecurityand other security disciplines. You have experience securing AI platforms, whetherinternal AIplatforms or offerings such as CoPilot Studio, Amazon Bedrock, and/or Azure AI Gateway Proficient in Programming & ML Tool.Strong Python skillsrequired, with experience in AI/ML frameworks.Abilityto review and write ML code to implement security measures (e.g., model validation, adversarial testing) isdesired. You have5+ years of relevant professional experience ordemonstrated anequivalent level ofexpertisein security engineering, such as cloud, API, or platform security. You have3+ years of experience embedded identity, network, and encryption controls into enterprise platforms Youcaneffectively partner and collaborate with stakeholder teams. You have effective communication skills andthe abilityto outline security riskstoleadership. You are familiar with cloud and API security vendors and managed services providers. Preferred Qualifications: You have knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.) You are familiar with key AI regulatory frameworks such as NIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc You have information Security certifications (CISSP, SANS GIAC, CISA, etc.) "I can apply in less than 4 minutes." You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. "I can learn more about Capital Group." At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $179,273-$286,837San Antonio Base Salary Range: $147,378-$235,805New York Base Salary Range: $190,040-$304,064 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

"I can be myself at work." You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. "I can influence my income." You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. "I can lead a full life." You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones "I can succeed as a Lead AI Security Engineer at Capital Group" As aLeadAISecurity Engineer, you willbe responsible forsecuring Capital Group's enterprise AI Platforms.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI. Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromoting AI Securityprinciples across Capital Group. AISecurityProcurementManagements:You willprocureand/or build technical solutionsto reducethe riskof misconfiguration, exploitation, andother security issues formultipleenterprise AI platforms. Embedding Security in the AIPlatform Ecosystem:Working closely withplatform teams tointegrate securityintoeverycomponentof the AI Platform. Implementing Security Controls & "Guardrails" for GenAI:Designing, deploying, andoperatingtechnical controls to prevent misuse of AI systems.Guardrails designincludescontent filtering systems, usage policies, and safety checks that mitigate issues like prompt injection attacks, unauthorized data extraction, model bias or hallucinations, and other misuse of generative AIplatforms. AI Runtime Security:Engineer continually tests and updatestothe guardrails, replacing weaker controls with more robust solutions as threats evolve. AI Governance:You will work cross functionally with architecture and platform teams tomonitoralignment of solutions to AI Governance processes Contribute to Standards and Policies:You will providethought leadership for Information Security policies and standards for AIin collaboration with technology risk AI/Agent SME:Youwill provide AI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents "I am the person Capital Group is looking for." You have 8+yearsof experience in information security, application security, platform security, or penetration testing,DevSecOps, networksecurityand other security disciplines. You have experience securing AI platforms, whetherinternal AIplatforms or offerings such as CoPilot Studio, Amazon Bedrock, and/or Azure AI Gateway Proficient in Programming & ML Tool.Strong Python skillsrequired, with experience in AI/ML frameworks.Abilityto review and write ML code to implement security measures (e.g., model validation, adversarial testing) isdesired. You have5+ years of relevant professional experience ordemonstrated anequivalent level ofexpertisein security engineering, such as cloud, API, or platform security. You have3+ years of experience embedded identity, network, and encryption controls into enterprise platforms Youcaneffectively partner and collaborate with stakeholder teams. You have effective communication skills andthe abilityto outline security riskstoleadership. You are familiar with cloud and API security vendors and managed services providers. Preferred Qualifications: You have knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.) You are familiar with key AI regulatory frameworks such as NIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc You have information Security certifications (CISSP, SANS GIAC, CISA, etc.) "I can apply in less than 4 minutes." You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. "I can learn more about Capital Group." At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $179,273-$286,837San Antonio Base Salary Range: $147,378-$235,805New York Base Salary Range: $190,040-$304,064 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

People Drive Our Success Are you enthusiastic, highly motivated, and have a strong work ethic? If yes, come join our team! At Cathay Bank - we strive to provide a caring culture that supports your aspirations and success. We believe people are our most valuable asset and we proudly foster growth and development empowering you to achieve your professional goals. We have thrived for 60 years and persevered through many economic cycles due to our team members' drive and optimism. Together we can make a difference in the financial future of our communities. Apply today! What our team members are saying: Video Clip 1 Video Clip 2 Video Clip 3 Learn more about us at cathaybank.com GENERAL SUMMARY This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus. Cathay Bank offers its full-time employees a competitive benefits package which is a significant part of their total compensation. It is our goal to provide employees with a comprehensive benefits package to fit their needs which includes, coverage for medical insurance, dental insurance, vision insurance, life insurance, long-term disability insurance, and flexible spending accounts (FSAs), health saving account (HSA) with company contributions, voluntary coverages, and 401(k). Cathay Bank may collect personal information from potential job candidates and applicants. For more information on how we handle personal information and your applicable rights, please review our Privacy Policy. Cathay Bank is an Equal Opportunity and Affirmative Action Employer. We welcome applications for employment from all qualified candidates, regardless of race, color, ethnicity, ancestry, citizenship, gender, national origin, religion, age, sex (including pregnancy and related medical conditions, childbirth and breastfeeding), reproductive health decision-making, sexual orientation, gender identity and expression, genetic information or characteristics, disability or medical condition, military status or status as a protected veteran, or any other status protected by applicable law. Click here to view the "Know Your Rights: Workplace Discrimination is Illegal" Poster: Poster- English Poster- Spanish Poster- Chinese Traditional Poster- Chinese Simplified Cathay Bank endeavors to make **************************** to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact, Mickey Hsu, FVP, Employee Relations Manager, at or . This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

“I can be myself at work.” You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace. We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community. “I can influence my income.” You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses. “I can lead a full life.” You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success. Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love Access on-demand professional development resources that allow you to hone existing skills and learn new ones “I can succeed as a Security Engineer III” As an Information Security Engineer III, you bring mid-level cybersecurity expertise and the ability to handle complex security engineering tasks with minimal supervision. You collaborate across teams to strengthen the organization's security posture and play a critical role in designing, implementing, and maintaining secure systems across both on‑premises and cloud environments. You naturally embed security into IT projects, proactively identify vulnerabilities, and automate controls to reduce risk. Your strong technical foundation in infrastructure, cloud, and application security allows you to partner effectively with development, DevOps, and IT operations teams to ensure security is built into every stage of the software development lifecycle. You also contribute to incident response efforts and mentor junior engineers, driving continuous improvement in security engineering practices. “I am the person Capital Group is looking for.” You own and drive small to medium security projects or work‑streams that enhance the organization's defenses. You conduct advanced threat modeling and in‑depth risk assessments for complex systems to uncover vulnerabilities and drive implementation of secure design patterns or automated controls to mitigate these risks. You ensure that configurations align with security policies and that new systems are built with secure defaults. You work with software engineers and system owners to prioritize and remediate complex, multi‑service vulnerabilities and misconfigurations. You drive strategic security planning and governance by developing and refining security policies, standards, and reference architectures that incorporate industry best practices and address emerging threats. You collaborate with senior leadership and cross‑functional teams to ensure security initiatives and roadmaps align with business objectives and compliance requirements. You work closely with cross‑functional teams - including DevOps, IT operations, software development, and product management - to embed security into every stage of system development and deployment. You translate security findings into actionable tasks for others and follow up to ensure these are implemented. You provide technical leadership through activities such as code reviews, design consultations, and hands‑on training sessions, guiding team members in solving complex security challenges and promoting best practices. You collaborate with senior leadership and cross‑functional teams to ensure security initiatives and roadmaps align with business objectives and compliance requirements. You perform additional responsibilities as assigned. Required Skills: You have a Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience). You have a minimum of 3-5 years of experience in core security principles across multiple domains, including identity and access management, cryptography, and network security protocols (e.g., TLS, SSH), as well as secure coding fundamentals. You have hands‑on experience applying security frameworks like NIST SP 800‑53 and CIS Benchmarks to harden systems and ensure compliance with best practices, as well as evaluating system configurations against these standards. You are proficient in scripting and automation (e.g., Python, PowerShell, or Terraform) to streamline security operations. This includes creating scripts or using IaC for automated patch management, secure‑default environment buildouts, and continuous compliance checks. Experience integrating security tools into CI/CD pipelines is a strong plus. You have demonstrated experience in performing security analysis and solving complex problems. You have excellent teamwork skills, with the ability to work cross‑functionally and communicate effectively. You can mentor junior team members or interns by sharing knowledge and best practices. You have professional certifications that demonstrate security knowledge, such as CompTIA CySA+, GSEC, AWS Solutions Architect - Associate, or Azure Security Engineer Associate a plus. “I can apply in less than 4 minutes.” You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community. “I can learn more about Capital Group.” At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that empower our associates to build successful and prosperous careers. Through nine decades, our goal has been to improve people's lives through successful investing. We know that our history is a testament to the strength of the people we hire. More than 9,000 associates in 30+ offices around the world help our clients and each other grow and thrive every day. Find us on LinkedIn, Instagram, YouTube and Glassdoor. Southern California Base Salary Range: $141,648-$226,637San Antonio Base Salary Range: $116,447-$186,315New York Base Salary Range: $150,155-$240,248 In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings. You can learn more about our compensation and benefits here . * Temporary positions in the United States are excluded from the above mentioned compensation and benefit plans. We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. Reporting to the Senior Manager, in this role, we are seeking a highly experienced and strategic individual contributor to lead the development, implementation, and governance of our enterprise-wide Business Continuity and Disaster Recovery (BC/DR) program. This role will be responsible for ensuring organizational resilience through effective planning, risk assessment, and coordination across business units and technology teams. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a seasoned and strategic professional who will lead the development, implementation, and oversight of our Third-Party Risk Management (TPRM) program. This senior-level individual contributor will be responsible for identifying, assessing, and mitigating risks associated with third-party relationships across the enterprise, ensuring compliance with regulatory requirements and alignment with organizational risk tolerance. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a seasoned and strategic professional who will lead the development, implementation, and oversight of our Third-Party Risk Management (TPRM) program. This senior-level individual contributor will be responsible for identifying, assessing, and mitigating risks associated with third-party relationships across the enterprise, ensuring compliance with regulatory requirements and alignment with organizational risk tolerance. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. Reporting to the Senior Manager, in this role, we are seeking a highly experienced and strategic individual contributor to lead the development, implementation, and governance of our enterprise-wide Business Continuity and Disaster Recovery (BC/DR) program. This role will be responsible for ensuring organizational resilience through effective planning, risk assessment, and coordination across business units and technology teams. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

TITLE: INFORMATION SECURITY ENGINEERSTATUS: EXEMPTREPORTS TO: MANAGER - INFORMATION SECURITYDEPARTMENT: IT - INFORMATION SECURITY CODE: 11264GRADE: 21S PAY GRADE: $110,500.00 - $117,000.00 ANNUALLY GENERAL DESCRIPTION: The Information Security Engineer is responsible for securing our sensitive data and critical assets from current and emerging threats for Golden 1. This position utilizes business knowledge and technical experience of cybersecurity to provide a secure environment for Golden 1's technology and information needs. The Information Security Engineer works closely with technology, application teams and business units to develop and test security structures designed to protect the computer and network infrastructure. This position is responsible for performing technical assessments of risks, threats and vulnerabilities related to new and existing information systems and supporting process within Golden 1 and external vendor connections. TASKS, DUTIES, FUNCTIONS: Analyze, assess, and respond to various internal and external threats identified by intrusion detection system (IDS)/intrusion prevention systems (IPS), web application firewall, vulnerability scan results and other data sources. Provide recommendations to IT management and monitor to ensure that recommendations are effectively implemented. Perform vulnerability assessments and penetration testing to identify exposures and risks, and report findings to management. Communicate and collaborate with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings. Provide consultative security guidance on a constant stream of new products and technologies as a subject matter expert on Golden 1 projects and initiatives Advise and participate in the development of business systems designs, ensuring hardening standards and configurations meet information security policy and procedures. Work in conjunction with IT to ensure appropriate procedures and processes are in place and effective in the detection and prevention of system intrusions as well as in establishing and managing a functional anti- virus/malware/DLP policy. Determine ways to monitor, measure, test and report on the effectiveness and efficiency of information security controls as well as compliance with information security policies and procedure. Implementation, administration, and maintenance of IDS/IPS, URL filter, email gateway, certificate issuance and control, network management, identity access control, and other information security infrastructure and controls as necessary. Regularly review IDS/IPS/SIEM rules, wireless rogue access point detection configuration and procedures and practices to ensure optimal effectiveness of security in the business environment. Participate in creating access privileges, control structures and resources to ensure optimal efficiency and adherence to information security standards. Engage with internal and external auditors during examinations, providing support and assistance in addressing audit recommendations. Participate in the security development of network systems architecture, design, and ongoing review of system configuration in collaboration with relevant team members and external partners. Keep management updated on outstanding issues that are not resolved in a timely manner in accordance with established escalation procedures. Develop and maintain a clear understanding of the business area needs and incorporating these needs into technical solutions by updating, developing, and maintaining a thorough knowledge of credit union procedures, products, service, and data processing systems. Monitor state and federal laws and regulations related to credit union compliance including Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. - and privacy laws. Performs other job-related duties as necessary PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THEPERFORMANCE OF THESE TASKS: Demonstrate strong oral and written communication skills with a focus on troubleshooting and error identification. Must possess sufficient manual dexterity to skillfully operate applicable computer hardware, a variety of hand tools and standard office equipment. ORGANIZATIONAL CONTACTS & RELATIONSHIPS: INTERNAL: All levels of staff and management. EXTERNAL: Vendors, service providers, organizational groups, and other financial institutions as needed. QUALIFICATIONS: EDUCATION: Bachelor of Science in Computer Science, Management Information Systems, Information Security Information Assurance or equivalent work experience. EXPERIENCE: 3 years' experience in organizational information security, cybersecurity, information assurance or providing security consulting services Working knowledge of traditional security controls and technologies, such as SIEM systems, IDS/IPS, public key infrastructure (PKI), IDAM systems, antivirus, and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls Strong technical and analytical skills, with a background in technology design, implementation, and delivery Working knowledge SIEM systems, firewalls, threat intelligence, security automation and orchestration solutions, IDS/IPS, data loss prevention (DLP) and other network and system monitoring tools Demonstrates understanding of network systems and applications including: DNS, LDAP, virtualization, Database design/hardening, Email/secure messaging, Data Loss Prevention, and end point protection. Demonstrate understanding of the NIST CSF and tracking KPIs to validate the cybersecurity program Demonstrates understanding of Windows, Linux, and cloud computing technologies, including software-, infrastructure- and platform-as-a-service, as well as public, private and hybrid environments. Strong sense of ethics, integrity, and professionalism Demonstrates the ability to articulate methodologies and concepts; communicate effectively in providing technical guidance and expertise to management and other staff PHYSICAL REQUIREMENTS: Prolonged sitting throughout the workday to accomplish tasks. Availability for emergency and on call duty 24 hours a day, 7 days a week, as needed. Occasional travel may be required. Lift and carry communications equipment and computer hardware weighing up to fifty pounds. Corrected vision in the normal range required to configure, test, and troubleshoot network server hardware and data. Hearing within normal range. May work additional work hours to accomplish tasks. LICENSES/CERTIFICATIONS: One of the following security certifications: CEH, Security +, SSCP, SANS GIAC, PCNSA, or equivalent Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. REV. 10/10/2025

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a seasoned and strategic professional who will lead the development, implementation, and oversight of our Third-Party Risk Management (TPRM) program. This senior-level individual contributor will be responsible for identifying, assessing, and mitigating risks associated with third-party relationships across the enterprise, ensuring compliance with regulatory requirements and alignment with organizational risk tolerance. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. Reporting to the Senior Manager, in this role, we are seeking a highly experienced and strategic individual contributor to lead the development, implementation, and governance of our enterprise-wide Business Continuity and Disaster Recovery (BC/DR) program. This role will be responsible for ensuring organizational resilience through effective planning, risk assessment, and coordination across business units and technology teams. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.

It's fun to work in a company where people truly BELIEVE in what they're doing! We're committed to bringing passion and customer focus to the business. The Information Security Engineer is responsible for contributing to the corporate Information Security program by assisting in the identification, recommendation and implementation of industry leading application security tools and techniques. The incumbent will also maintain and update application security processes and procedures and train team members on any relevant updates. This position is remote, but local to the Temecula, CA office. Essential Functions Assist with the development, implementation, and administration of information security policies, standards, and procedures, adhering to industry best practices Assist in integrating regulatory compliance requirements (e.g., PCI, GLBA) into the organizational security roadmap Assist in ensuring that the corporate IT environment is secure and complies with all external audit requirements and federal standards Coordinate with IT Operations to ensure endpoints and network devices conform to security standards, and that security devices and controls are working as designed Assist in the identification, evaluation and implementation of industry leading application security tools and techniques Plan, coordinate, and implement security measures to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information Perform risk assessments and execute system tests to ensure proper functioning of data processing activities and security measures Identify potential security risks, and define and document remediation options or mitigating controls Perform security incident investigations including: chain of custody, containment measures, root cause analysis, and identification of preventive measures Define and assist in the management of an Incident Response Team that addresses potential or in-progress security events, establishing and adhering to escalation procedures and response times Perform information systems evidence gathering, to support e-discovery requests and messaging searches Perform security reviews on requests for new commercial software or material configuration changes to existing software Perform periodic internal IT security audit functions on IT operational controls, to include system access controls, firewall rule reviews, etc. Participate in on-call rotation Perform related duties as requested Essential Knowledge, Skills, & Abilities Excellent written and verbal communication skills required Solid presentation skills Significant knowledge of security-oriented regulatory requirements and compliance Excellent familiarity with IT security principles and practices including firewalling, hardening, data loss prevention, threat prevention, and identity management. Ability to provide technical guidance to less experienced team members Knowledge of the mortgage industry is helpful, but not required Commitment and ability to cultivate a diverse and inclusive work environment. Education Bachelor's degree in computer science, Engineering, Information Systems Security or a related field is required. Security class certifications strongly preferred Azure certifications preferred CISSP license preferred Experience 5+ years of related IT experience required 2+ years in an Information Security engineering role 3+ years of experience in a regulated IT environment including some combination of SOX, HIPAA, GLBA, PCI preferred Compensation and Benefits Covius offers an extensive benefits package for all employees, including medical, dental, vision and 401(k)! Compensation: $96,000 to $120,000 annually with a 10% AIP opportunity Application Guidelines: For best consideration, please submit your resume and application materials as soon as possible. Review of applications will begin immediately. Working Conditions Work is performed in a climate controlled indoor administrative office setting. The noise level in the work environment is usually quiet to moderate, depending upon the office or meeting location. Physical Demands and Activities While performing the duties of this job, the employee is frequently required to communicate. The employee frequently is required to remain stationary. The employee is frequently required to move about the office, operate a computer and other office machinery, such as calculator, copy machine, and computer printer; rarely position self to maintain files; rarely moves boxes weighing up to 10 lbs. Close and distance observation required with the ability to observe objects at close range in presence of glare or bright lighting (e.g., computer screen). Must possess the ability to communicate information and ideas so others will understand and have the ability to interact with external and internal stakeholders. Covius is committed to equal opportunity in all employment practices to all qualified applicants and employees without regard to race, color, religion, gender, gender identity, age, national origin, pregnancy, disability, genetics, marital status, military or veteran status or any other protected category as established by local, state, and federal law. This policy applies to all aspects of the employment relationship including recruitment and hiring, placement, promotion, transfer, compensation, disciplinary action, layoff, leaves of absence, training, and termination. All such employment decisions will be made without unlawful discrimination based on any prohibited basis. The essential functions, working conditions and physical demands described above are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position. Please note that all s are not intended to be all-inclusive. This job description is not designed to cover all activities, duties or responsibilities that are required of the employee for this job. Employees may be required to perform other duties at any time with or without notice to meet the ongoing needs of the organization. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

This role is for a Data Protection Analyst working in the Data Discovery and Protection Program. The Analyst is responsible for supporting, developing, and enhancing the Data at Rest Protection Program for both on-premise and cloud environments. The colleague will engage with Business Units across the organization, produce metrics and documentation, and implement and support tools related to the data protection program. A successful candidate will: Assess existing scanning program to implement cloud scanning capabilities Assist in deployment and maintenance of data scanning tools Partner with other groups within the organization to identify and remediate data at rest access risk. Work with risk partners to identify controls, determine control adequacy, and identify control monitoring opportunities and areas for improvement/enhancement Assist in collecting, analyzing, and interpreting data access information and remediate permission compliance issues based on company security standards Discern patterns of complex threat actor behavior, communicate an understanding of current and developing Cyber threats to key stakeholders, and stay current with emerging trends and threats in the field of insider threat Qualifications Required: Understanding of information security concepts, best practices, and regulations related to data loss prevention Understanding of enterprise security and networking technology and how the technology relates to the prevention, detection, and response of data loss Advanced understanding of the Microsoft Office suite (e.g., Outlook, Word, Excel, PowerPoint, etc) Excellent verbal and written communication skills (including but not limited to: correct English usage, grammar, spelling, punctuation, vocabulary, etc.). Ability to execute work independently and as a team member with good interpersonal skills - using tact, patience and courtesy. Experience as a security consultant Working knowledge of cloud topology Knowledge of file share security and Windows ACL administration Familiarity with the Financial Services Industry Knowledge of varying cloud platforms Familiarity with cloud security at major cloud service providers Certifications: Associate of (ISC)^2, CISSP, or similar. Education: Bachelor's degree in Information Security, Computer Science or a related field OR Bachelor's degree in Business or other field + 3 years relevant experience Equivalent years: BA/BA = HS + 5 years of experience Pay Transparency The salary range for this position is $97,049 - $145,574 per year. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit ************************************** .

This role is for a Data Protection Analyst working in the Data Discovery and Protection Program. The Analyst is responsible for supporting, developing, and enhancing the Data at Rest Protection Program for both on-premise and cloud environments. The colleague will engage with Business Units across the organization, produce metrics and documentation, and implement and support tools related to the data protection program. A successful candidate will: * Assess existing scanning program to implement cloud scanning capabilities * Assist in deployment and maintenance of data scanning tools * Partner with other groups within the organization to identify and remediate data at rest access risk. * Work with risk partners to identify controls, determine control adequacy, and identify control monitoring opportunities and areas for improvement/enhancement * Assist in collecting, analyzing, and interpreting data access information and remediate permission compliance issues based on company security standards * Discern patterns of complex threat actor behavior, communicate an understanding of current and developing Cyber threats to key stakeholders, and stay current with emerging trends and threats in the field of insider threat Qualifications Required: * Understanding of information security concepts, best practices, and regulations related to data loss prevention * Understanding of enterprise security and networking technology and how the technology relates to the prevention, detection, and response of data loss * Advanced understanding of the Microsoft Office suite (e.g., Outlook, Word, Excel, PowerPoint, etc) * Excellent verbal and written communication skills (including but not limited to: correct English usage, grammar, spelling, punctuation, vocabulary, etc.). * Ability to execute work independently and as a team member with good interpersonal skills - using tact, patience and courtesy. * Experience as a security consultant * Working knowledge of cloud topology * Knowledge of file share security and Windows ACL administration * Familiarity with the Financial Services Industry * Knowledge of varying cloud platforms * Familiarity with cloud security at major cloud service providers * Certifications: Associate of (ISC)^2, CISSP, or similar. Education: * Bachelor's degree in Information Security, Computer Science or a related field OR * Bachelor's degree in Business or other field + 3 years relevant experience * Equivalent years: BA/BA = HS + 5 years of experience Pay Transparency The salary range for this position is $97,049 - $145,574 per year. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience. We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit ************************************** . Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information. Benefits We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. View Benefits Awards We've Received Age-Friendly Institute's Certified Age-Friendly Employer The Banker's US Bank of the Year Dave Thomas Foundation's Best Adoption-Friendly Workplace Disability:IN Best Places to Work for Disability Inclusion Human Rights Campaign Corporate Equality Index 100 Award

**About this role:** Wells Fargo is seeking a motivated Lead Information Security Engineer to join an exciting, fast paced team working on cutting edge encryption, tokenization and key management technologies that are leveraged to protect information companywide. This role will provide technical leadership, and be an individual contributor, to teams that design, deploy, and operationally maintain cryptographic products and services including Hardware Security Modules (HSMs) and security appliances. The ideal candidate will have demonstrated experience in the design and deployment of cryptographic products in physical, virtual, and containerized environments. The ideal candidate will also have demonstrated experience in automating processes including product builds, operational maintenance, and customer integration and onboarding. This role reports directly to the Senior Manager for the Encryption, Tokenization and Key Management team. **In this role, you will:** + Drive design, deployment and automation strategies for encryption, tokenization and key management products and services including Hardware Security Modules, security appliances and security applications deploying in physical, virtual, and containerized environments. + Provide technical guidance and oversight to teams and team members responsible for product delivery and operational maintenance. + Develop and maintain documentation including design and build guides, deployment strategies, automation guides and operational processes. + Participate in research, analysis and evaluation of new cryptographic products and services. + Participate in Proof of Concept (POC) testing and demonstrations for new cryptographic products and services. + Support company driven audits, gather evidence of compliance to company policies, and drive product enhancements, when needed, to remediate findings. + Conduct technical investigation of incidents to identify causes and recommend future mitigation strategies. + Collaborate across Wells Fargo teams, including compliance, security architecture and security evaluation teams to ensure cryptographic products are compliant to company policies. + Work with vendors to understand the technology vendor's roadmap, help to influence that roadmap, and ensure requests for technology/product enhancements are meeting the needs of Wells Fargo. + Work with partner engineering teams on identification and remediation of security vulnerabilities and may also conduct risk assessments of infrastructure to ensure compliance with corporate security policies and adherence to best practices. + Support incident response, root cause analysis and corrective action activities. + Oversee team of engineers and influence design/architecture decisions regarding encryption infrastructure to support our line of business customers. + Ensure design decisions consider blast radius and business resiliency requirements to reduce / eliminate impact during service changes or DDOS type events, among others. **Required Qualifications:** + 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education. + 4+ years of intermediate to advanced level experience with scripting/automation using tools such as: Bash, PowerShell, Python, Ansible, VBScript, or JavaScript, UI path, etc. + 4+ years of Linux and Windows server experience **Desired Qualifications:** + Experience with encryption or tokenization and key management technologies. + Advanced Knowledge of Cryptographic protocols & algorithms. + Subject Matter Expert experience designing solutions using Hardware Security Modules (HSMs) or security appliance devices + Experience with DevOps and CI/CD automated build and deployment processes. + Advanced scripting skills specifically around log rotation, data collection, error collection and alerting. + Experience designing, developing, and implementing synthetic transactions for the monitoring of applications and/or infrastructure. + Experience with Puppet/Chef/Ansible or similar automation tools. + Experience with Agile Scrum or Kanban methodologies. + Application development experience. + Experience with application support in Linux and Windows server environments. + Experience performing technical product assessments, including development of implementation plans, in a large enterprise. + Experience mentoring/guiding less experienced staff. + Strong analytical skills with high attention to detail and accuracy. + Advanced critical thinking, problem solving and technical troubleshooting abilities. + Knowledge and understanding of implementing infrastructure upgrades, security patches, or version upgrades. + Knowledge and understanding of monitoring and reporting tools. + Experience with and the ability to thrive in a complex and fast-paced technology and/or information security organization, within a large enterprise environment. + Strong verbal, written, and interpersonal communication skills. + Knowledge and understanding of implementing infrastructure upgrades, security patches, version upgrades for systems, appliances and HSM's + Proven experience with change and incident management practices in medium to large enterprise environments. + Knowledge and understanding of implementing infrastructure upgrades, security patches, version upgrades for systems, appliances and HSM's + Experience with coding/scripting against Cyber security tools and products **Job Expectations:** + Ability to travel up to 10% of the time. + Ability to work onsite in the office in a hybrid model, 3 days per week on-site/in-office and 2 days per week remote + Remote work is not available for this position + This position is not eligible for Visa Sponsorship. **Locations:** + 401 W Las Collinas Blvd. Bldg A, Irving, TX + 3075 Loyalty Cir, Columbus, OH + 1751 Pinnacle Drive, Arlington, VA + 300 South Brevard, Charlotte **Pay Range** 119,000.00 - 187,000.00 USD Annual **Benefits:** + Information about Wells Fargo's US employee benefits (*************************************************************** + Information about Wells Fargo's International employee benefits **Posting End Date:** 23 Jan 2026 ***** **_Job posting may come down early due to volume of applicants_** **Pay Range** Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates. $119,000.00 - $224,000.00 **Benefits** Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs (*************************************************************** for an overview of the following benefit plans and programs offered to employees. + Health benefits + 401(k) Plan + Paid time off + Disability benefits + Life insurance, critical illness insurance, and accident insurance + Parental leave + Critical caregiving leave + Discounts and savings + Commuter benefits + Tuition reimbursement + Scholarships for dependent children + Adoption reimbursement **Posting End Date:** 22 Jan 2026 ***** **_Job posting may come down early due to volume of applicants._** **We Value Equal Opportunity** Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic. Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements. **Applicants with Disabilities** To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo (****************************************************************** . **Drug and Alcohol Policy** Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy (********************************************************************** to learn more. **Wells Fargo Recruitment and Hiring Requirements:** a. Third-Party recordings are prohibited unless authorized by Wells Fargo. b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process. **Req Number:** R-513380

The Cybersecurity Policy and Programs team is looking for a highly collaborative and detail-oriented Information Security Specialist supporting the execution of cybersecurity initiatives that strengthen the organization's security posture. This role is ideal for a highly organized, collaborative professional with strong writing skills, critical thinking, and a foundational understanding of cybersecurity principles. The specialist will assist with policy development, regulatory support, client assurance, and play an active role in planning and executing security awareness events. Key Responsibilities: * Policy & Program Support: Assist in drafting, editing, and maintaining cybersecurity policies, standards, and procedures. Help ensure documentation is clear, consistent, and aligned with regulatory and organizational requirements. * Inherent Risk Assessment Coordination: Support the facilitation and documentation of Information Security Business Impact Assessments by working with business units to gather and organize input. * Client & Third-Party Requests: Help prepare responses to client security questionnaires and due diligence requests, ensuring timely and accurate information delivery. * Cybersecurity Awareness: Contribute to the planning and execution of awareness campaigns, including drafting communications, coordinating logistics, and tracking engagement. This may include engaging with colleagues, facilitating sessions, and representing the security team in a visible, interactive role. * Regulatory & Audit Support: Organize and maintain documentation to support audits, assessments, and regulatory reviews. Track deliverables and follow up with stakeholders as needed. * Cyber Maturity Tracking: Assist in collecting and organizing data for cyber maturity assessments, helping to identify trends and support reporting. * Collaboration & Communication: Work closely with internal teams including Privacy, Legal, Compliance, Third Party and Risk to ensure alignment and smooth execution of the Policy and Program teams initiatives. * Documentation: Create clear, professional documentation to support transparency, accountability, and informed decision-making. Qualifications: * Bachelor's degree in Cybersecurity, Information Security, Communications, Business, or a related field (or equivalent experience). * 3+ years of experience in a cybersecurity, risk, compliance, or program support role. * Foundational understanding of cybersecurity principles, frameworks, and regulatory requirements (e.g., NIST, ISO, GLBA, FFIEC). * Excellent writing, editing, and communication skills. * Strong interpersonal and collaboration skills; able to work effectively with diverse teams and stakeholders. * Critical thinking, attention to detail, and strong organizational skills. * Experience supporting awareness or training programs is a plus. * Familiarity with GRC tools or security documentation platforms is a plus. Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information. Benefits We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. View Benefits Awards We've Received Age-Friendly Institute's Certified Age-Friendly Employer The Banker's US Bank of the Year Dave Thomas Foundation's Best Adoption-Friendly Workplace Disability:IN Best Places to Work for Disability Inclusion Human Rights Campaign Corporate Equality Index 100 Award

The Cybersecurity Policy and Programs team is looking for a highly collaborative and detail-oriented Information Security Specialist supporting the execution of cybersecurity initiatives that strengthen the organization's security posture. This role is ideal for a highly organized, collaborative professional with strong writing skills, critical thinking, and a foundational understanding of cybersecurity principles. The specialist will assist with policy development, regulatory support, client assurance, and play an active role in planning and executing security awareness events. Key Responsibilities: Policy & Program Support: Assist in drafting, editing, and maintaining cybersecurity policies, standards, and procedures. Help ensure documentation is clear, consistent, and aligned with regulatory and organizational requirements. Inherent Risk Assessment Coordination: Support the facilitation and documentation of Information Security Business Impact Assessments by working with business units to gather and organize input. Client & Third-Party Requests: Help prepare responses to client security questionnaires and due diligence requests, ensuring timely and accurate information delivery. Cybersecurity Awareness: Contribute to the planning and execution of awareness campaigns, including drafting communications, coordinating logistics, and tracking engagement. This may include engaging with colleagues, facilitating sessions, and representing the security team in a visible, interactive role. Regulatory & Audit Support: Organize and maintain documentation to support audits, assessments, and regulatory reviews. Track deliverables and follow up with stakeholders as needed. Cyber Maturity Tracking: Assist in collecting and organizing data for cyber maturity assessments, helping to identify trends and support reporting. Collaboration & Communication: Work closely with internal teams including Privacy, Legal, Compliance, Third Party and Risk to ensure alignment and smooth execution of the Policy and Program teams initiatives. Documentation: Create clear, professional documentation to support transparency, accountability, and informed decision-making. Qualifications: Bachelor's degree in Cybersecurity, Information Security, Communications, Business, or a related field (or equivalent experience). 3+ years of experience in a cybersecurity, risk, compliance, or program support role. Foundational understanding of cybersecurity principles, frameworks, and regulatory requirements (e.g., NIST, ISO, GLBA, FFIEC). Excellent writing, editing, and communication skills. Strong interpersonal and collaboration skills; able to work effectively with diverse teams and stakeholders. Critical thinking, attention to detail, and strong organizational skills. Experience supporting awareness or training programs is a plus. Familiarity with GRC tools or security documentation platforms is a plus.

This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus.