Information Systems Security Officer jobs at Nes Holdings

Job DescriptionVoleon is a technology company that applies state-of-the-art AI and machine learning techniques to real-world problems in finance. For nearly two decades, we have led our industry and worked at the frontier of applying AI/ML to investment management. We have become a multibillion-dollar asset manager, and we have ambitious goals for the future. Your colleagues will include internationally recognized experts in artificial intelligence and machine learning research as well as highly experienced finance and technology professionals. The people who shape our company come from other backgrounds, including concert music performances, humanitarian aid, opera singing, sports writing, and BMX racing. You will be part of a team that loves to succeed together. In addition to our enriching and collegial working environment, we offer highly competitive compensation and benefits packages, technology talks by our experts, a beautiful modern office, daily catered lunches, and more. As a Senior Security Operations Analyst, you will be a key contributor to Voleon's security operations, bringing experience and leadership to our SOC. You will handle complex security incidents, mentor junior team members, and help drive strategic improvements to our security posture. This role offers significant growth opportunities and the chance to shape the future of security operations at a leading quantitative investment firm. This role is open to remote work in the US or hybrid in our Berkeley office.Responsibilities Lead complex security incident investigations and coordinate response efforts across multiple teams Perform advanced threat hunting, detection engineering, and security analytics to identify sophisticated attacks Mentor junior analysts and contribute to training programs and knowledge sharing initiatives Design and implement security monitoring improvements, playbooks, and automation solutions Collaborate with Security Engineers to enhance detection capabilities and reduce false positives Participate in security architecture discussions and provide operational input on security tool selection Lead on-call rotation responsibilities and serve as escalation point for complex security events Contribute to threat intelligence analysis and help develop proactive defense strategies Support compliance and audit activities, ensuring proper documentation and evidence collection Drive continuous improvement initiatives to enhance SOC efficiency and effectiveness Requirements 5+ years of experience in security operations, incident response, or related cybersecurity roles Strong expertise with SIEM platforms, EDR solutions, and security orchestration tools Proven experience in threat hunting, malware analysis, and advanced persistent threat investigation Proficiency in scripting and automation (Python, PowerShell, Bash) for security operations Deep understanding of network protocols, operating systems, and attack methodologies Experience with cloud security monitoring and incident response (AWS, GCP, Azure) Strong leadership and mentoring capabilities with excellent communication skills Ability to work effectively under pressure and manage multiple complex investigations simultaneously Preferred Qualifications Advanced security certifications such as GCIH, GCFA, GNFA, CISSP, or equivalent Experience with threat intelligence platforms and frameworks (MITRE framework, STIX/TAXII) Background in digital forensics, reverse engineering, or red team/purple team activities Experience with security compliance frameworks (SOC 2, ISO 27001, NIST) Knowledge of financial services security requirements and regulations Bachelor degree in Computer Science, Information Security, or related field CompensationThe base salary range for this position is $175,000 to $185,000 in the location(s) of this posting. Individual salaries are determined through a variety of factors, including, but not limited to, education, experience, knowledge, skills, and geography. Base salary does not include other forms of total compensation, such as bonus compensation and other benefits. Our benefits package includes medical, dental, and vision coverage, life and AD&D insurance, 20 days of paid time off, 9 sick days, and a 401(k) plan with a company match. “Friends of Voleon” Candidate Referral ProgramIf you have a great candidate in mind for this role and would like to have the potential to earn $15,000 if your referred candidate is successfully hired and employed by The Voleon Group, please use this form to submit your referral. For more details regarding eligibility, terms, and conditions, please review the Voleon Referral Bonus Program. Equal Opportunity EmployerThe Voleon Group is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law. #LI-JA1 We may use artificial intelligence (AI) tools to support parts of the hiring process. These tools assist our recruitment team but do not replace human judgement. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Job Description The Senior Information Security Engineer will assume, but not be limited to, the following responsibilities: Responsible for designing, managing, and maintaining the credit union's information security systems to ensure member data confidentiality, integrity, and availability Compliance with established security policies, procedures and standards Monitors, manages and analyzes malicious activities daily to ensure the credit union's security infrastructure Assists in the development and maintenance of Information Technology Security Program, including policies, standards, procedures, and security awareness training. Conduct vulnerability scanning and develop prioritized remediation plans Assist internal and external auditors as required The successful candidate will possess the following education, knowledge and skillsets: Undergraduate degree and four (4) years information security related experience; or six (6) plus years of information security related experience Must have one or more of the following industry certifications: ISACA Certified Information Security Manager (CISM) GIAC Information Security Certification Certified Information Systems Security Professional (CISSP) Strong knowledge and experience with IDS/IPS Technologies, Firewall management and maintenance, Anti-Virus / Anti-Malware software, network protocols (BGP, OSPF, etc), SIEM/LEM technology, and etc. Must be a self starter, able to work without constant supervision Strong written and verbal communication skills Strong investigation, remediation, and reporting intuition We provide competitive compensation and benefits package that includes: Health, dental, and vision plans 401(k) plan Life insurance Paid Time Off (PTO) Plan Paid holidays EOE Job Posted by ApplicantPro

Job Description 170+ Years Strong. Industry Leader. Global Impact. At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. The Senior Security System Project Engineer, assigned to a specific client, will be a key contributor to the overall physical security technology stack. The Engineer supports the architecture, health, programming, and development cycles of the physical security hardware and applications, from front-end to back-end. This role drives innovation and operational efficiencies by deploying emerging technologies, building deep integrations, and creating seamless experiences for end-users. As a physical security subject matter expert, there is a direct impact on the design of the client's next generation facilities through project management, providing technical guidance, and solving large-scale implementation issues while developing and communicating security design requirements to internal and external project partners. Responsibilities Represent Pinkerton's core values of integrity, vigilance, and excellence. Maintain a deep understanding of Genetec architecture and deployment infrastructure to ensure the integrity and reliability of the security system's functionality. Apply advanced troubleshooting capabilities with Windows, Linux, and cloud server deployments and possess nimble bug fix skills to ensure smooth deployment and seamless recovery during incidents or outages. Design and implement comprehensive physical security systems, including access control, CCTV, intrusion detection, and alarm systems, while ensuring scalability, reliability, and compliance with industry standards. Provide advanced technical support, troubleshoot complex issues, and develop maintenance schedules to ensure the reliability and performance of security systems. Ensure seamless integration of security systems with IT infrastructure, collaborate with IT teams, and conduct regular audits to maintain compliance with regulations and improve security practices. Plan, direct, and execute physical security system design and integration efforts, including the management of all security systems documentation, such as as-built plans, maintenance and repairs, and project close-out. Collaborate with construction and project-related teams to ensure all pre-development scopes of work are established and executed, and track all project-related issues, dependencies, and work with project team members to follow up on issues and status to ensure proper resolution. Partner with providers and vendors to discover and remediate vulnerabilities in security technologies. Assist with the development and management of vendor and provider efficiency and delivery quality through the creation and implementation of KPIs. Employ effective time management for systems programming, commissioning, and testing of devices spanning time zones including AMER/EMEA/APAC regions. Monitor team chat groups for after-hours project support and system maintenance-related troubleshooting. Manage physical/logical infrastructure which supports PACS, VMS, and a myriad of other systems, including maintenance support, installation of new systems, and other proactive initiatives to ensure systems are functioning with optimal performance with minimal downtime, as well as meeting and exceeding program SLAs. Assign and resolve system user issues as they arise through the system ticketing process. Perform audits of systems and policies and maintain tracking lists of all system issues proactively while implementing solutions along the way. Communicate internally with other technology partners, Project Leads, and externally with integrators. Provide system support to integrators on security technologies, including access control, video management systems, intercoms, and intrusion. Support the evaluation, integration, and implementation of new and existing technology solutions. Provide escalation support for the client's SOC, GSOC, and Security Operations teams. Understand the security standards and practices that go into a security design and manage security integrators across multiple time zones. Program, configure, and harden all technical security devices, apps, and platforms. Work with other senior managers within the business to maintain compliance with all security system requirements. Liaise with, meet with customers, and key contacts regularly to review contract performance and ensure that quality standards are maintained in accordance with SLAs and KPIs. All other duties, as assigned. Qualifications Bachelor's degree preferred with five or more years of access control application engineering and security project management experience. Knowledge of Windows, security systems, and technology applications that are Windows-dependent, preferred. Comprehensive knowledge of Security Systems and Technology, including, but not limited to Genetec Security Center, Synergis, Mercury Panels, Stentofon, Commend, HID, Axis, and Schlage. Understanding of how security systems and technology hardware interact with the network/IP. Familiarity with field troubleshooting techniques for low-voltage systems. Support and troubleshooting skills with networked devices with established global connectivity. Expert knowledge of Windows, Linux, and cloud-based servers and VM technologies. Able to build relationships with business partners involved with security systems program execution and deliverables. Communication skills across all levels of the organization. Able to maintain a vantage point with a comprehensive view of the clients, customers, and shared interests. Able to communicate highly technical information to non-technical individuals with consistent checks for understanding. Serve as a positive team member and leader. Able to analyze and synthesize broad, cross-business, or cross-discipline information that leads to breakthroughs or significant insight. Able to collaborate effectively with dynamic professionals from broad backgrounds. Effective written, verbal, and presentation skills. Able to work independently with little supervision. Able to review root causes and implement appropriate changes to ensure delivery of services that exceed client expectations. Computer skills; Microsoft Office. Working Conditions: With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; Regular computer usage. Occasional reaching and lifting of small objects and operating office equipment. Frequent sitting, Aavilable for on call after hours for emergency outages and incident management. Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law.

170+ Years Strong. Industry Leader. Global Impact. At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. The Senior Security System Project Engineer, assigned to a specific client, will be a key contributor to the overall physical security technology stack. The Engineer supports the architecture, health, programming, and development cycles of the physical security hardware and applications, from front-end to back-end. This role drives innovation and operational efficiencies by deploying emerging technologies, building deep integrations, and creating seamless experiences for end-users. As a physical security subject matter expert, there is a direct impact on the design of the client's next generation facilities through project management, providing technical guidance, and solving large-scale implementation issues while developing and communicating security design requirements to internal and external project partners. Responsibilities Represent Pinkerton's core values of integrity, vigilance, and excellence. Maintain a deep understanding of Genetec architecture and deployment infrastructure to ensure the integrity and reliability of the security system's functionality. Apply advanced troubleshooting capabilities with Windows, Linux, and cloud server deployments and possess nimble bug fix skills to ensure smooth deployment and seamless recovery during incidents or outages. Design and implement comprehensive physical security systems, including access control, CCTV, intrusion detection, and alarm systems, while ensuring scalability, reliability, and compliance with industry standards. Provide advanced technical support, troubleshoot complex issues, and develop maintenance schedules to ensure the reliability and performance of security systems. Ensure seamless integration of security systems with IT infrastructure, collaborate with IT teams, and conduct regular audits to maintain compliance with regulations and improve security practices. Plan, direct, and execute physical security system design and integration efforts, including the management of all security systems documentation, such as as-built plans, maintenance and repairs, and project close-out. Collaborate with construction and project-related teams to ensure all pre-development scopes of work are established and executed, and track all project-related issues, dependencies, and work with project team members to follow up on issues and status to ensure proper resolution. Partner with providers and vendors to discover and remediate vulnerabilities in security technologies. Assist with the development and management of vendor and provider efficiency and delivery quality through the creation and implementation of KPIs. Employ effective time management for systems programming, commissioning, and testing of devices spanning time zones including AMER/EMEA/APAC regions. Monitor team chat groups for after-hours project support and system maintenance-related troubleshooting. Manage physical/logical infrastructure which supports PACS, VMS, and a myriad of other systems, including maintenance support, installation of new systems, and other proactive initiatives to ensure systems are functioning with optimal performance with minimal downtime, as well as meeting and exceeding program SLAs. Assign and resolve system user issues as they arise through the system ticketing process. Perform audits of systems and policies and maintain tracking lists of all system issues proactively while implementing solutions along the way. Communicate internally with other technology partners, Project Leads, and externally with integrators. Provide system support to integrators on security technologies, including access control, video management systems, intercoms, and intrusion. Support the evaluation, integration, and implementation of new and existing technology solutions. Provide escalation support for the client's SOC, GSOC, and Security Operations teams. Understand the security standards and practices that go into a security design and manage security integrators across multiple time zones. Program, configure, and harden all technical security devices, apps, and platforms. Work with other senior managers within the business to maintain compliance with all security system requirements. Liaise with, meet with customers, and key contacts regularly to review contract performance and ensure that quality standards are maintained in accordance with SLAs and KPIs. All other duties, as assigned. Qualifications Bachelor's degree preferred with five or more years of access control application engineering and security project management experience. Knowledge of Windows, security systems, and technology applications that are Windows-dependent, preferred. Comprehensive knowledge of Security Systems and Technology, including, but not limited to Genetec Security Center, Synergis, Mercury Panels, Stentofon, Commend, HID, Axis, and Schlage. Understanding of how security systems and technology hardware interact with the network/IP. Familiarity with field troubleshooting techniques for low-voltage systems. Support and troubleshooting skills with networked devices with established global connectivity. Expert knowledge of Windows, Linux, and cloud-based servers and VM technologies. Able to build relationships with business partners involved with security systems program execution and deliverables. Communication skills across all levels of the organization. Able to maintain a vantage point with a comprehensive view of the clients, customers, and shared interests. Able to communicate highly technical information to non-technical individuals with consistent checks for understanding. Serve as a positive team member and leader. Able to analyze and synthesize broad, cross-business, or cross-discipline information that leads to breakthroughs or significant insight. Able to collaborate effectively with dynamic professionals from broad backgrounds. Effective written, verbal, and presentation skills. Able to work independently with little supervision. Able to review root causes and implement appropriate changes to ensure delivery of services that exceed client expectations. Computer skills; Microsoft Office. Working Conditions: With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; Regular computer usage. Occasional reaching and lifting of small objects and operating office equipment. Frequent sitting, Aavilable for on call after hours for emergency outages and incident management. Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law. Benefits Benefit options include employer-paid life and AD&D, voluntary life and AD&D, medical, (HSA) Health Savings Account, (FSA) Flexible Savings Account, dental, vision, short-term disability, long-term disability, 401(K), paid time off (vacation, personal, sick, and holidays) and several employee assistance-related programs. This information provides a brief benefit overview. Upon the acceptance of an employment offer, the new employee will receive comprehensive plan details based on specific eligibility rules. Posted Salary Range USD $150,000.00 - USD $150,000.00 /Yr.

**170+ Years Strong. Industry Leader. Global Impact.** At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. TheSenior Security System Project Engineer,assigned to a specific client, will be a key contributor to the overall physical security technology stack. The Engineer supports the architecture, health, programming, and development cycles of the physical security hardware and applications, from front-end to back-end. This role drives innovation and operational efficiencies by deploying emerging technologies, building deep integrations, and creating seamless experiences for end-users. As a physical security subject matter expert, there is a direct impact on the design of the client's next generation facilities through project management, providing technical guidance, and solving large-scale implementation issues while developing and communicating security design requirements to internal and external project partners. **Responsibilities** + Represent Pinkerton's core values of integrity, vigilance, and excellence. + Maintain a deep understanding of Genetec architecture and deployment infrastructure to ensure the integrity and reliability of the security system's functionality. + Apply advanced troubleshooting capabilities with Windows, Linux, and cloud server deployments and possess nimble bug fix skills to ensure smooth deployment and seamless recovery during incidents or outages. + Design and implement comprehensive physical security systems, including access control, CCTV, intrusion detection, and alarm systems, while ensuring scalability, reliability, and compliance with industry standards. + Provide advanced technical support, troubleshoot complex issues, and develop maintenance schedules to ensure the reliability and performance of security systems. + Ensure seamless integration of security systems with IT infrastructure, collaborate with IT teams, and conduct regular audits to maintain compliance with regulations and improve security practices. + Plan, direct, and execute physical security system design and integration efforts, including the management of all security systems documentation, such as as-built plans, maintenance and repairs, and project close-out. + Collaborate with construction and project-related teams to ensure all pre-development scopes of work are established and executed, and track all project-related issues, dependencies, and work with project team members to follow up on issues and status to ensure proper resolution. + Partner with providers and vendors to discover and remediate vulnerabilities in security technologies. + Assist with the development and management of vendor and provider efficiency and delivery quality through the creation and implementation of KPIs. + Employ effective time management for systems programming, commissioning, and testing of devices spanning time zones including AMER/EMEA/APAC regions. + Monitor team chat groups for after-hours project support and system maintenance-related troubleshooting. + Manage physical/logical infrastructure which supports PACS, VMS, and a myriad of other systems, including maintenance support, installation of new systems, and other proactive initiatives to ensure systems are functioning with optimal performance with minimal downtime, as well as meeting and exceeding program SLAs. + Assign and resolve system user issues as they arise through the system ticketing process. + Perform audits of systems and policies and maintain tracking lists of all system issues proactively while implementing solutions along the way. + Communicate internally with other technology partners, Project Leads, and externally with integrators. + Provide system support to integrators on security technologies, including access control, video management systems, intercoms, and intrusion. + Support the evaluation, integration, and implementation of new and existing technology solutions. + Provide escalation support for the client's SOC, GSOC, and Security Operations teams. + Understand the security standards and practices that go into a security design and manage security integrators across multiple time zones. + Program, configure, and harden all technical security devices, apps, and platforms. + Work with other senior managers within the business to maintain compliance with all security system requirements. + Liaise with, meet with customers, and key contacts regularly to review contract performance and ensure that quality standards are maintained in accordance with SLAs and KPIs. + All other duties, as assigned. **Qualifications** Bachelor's degree preferred with five or more years of access control application engineering and security project management experience. + Knowledge of Windows, security systems, and technology applications that are Windows-dependent, preferred. + Comprehensive knowledge of Security Systems and Technology, including, but not limited to Genetec Security Center, Synergis, Mercury Panels, Stentofon, Commend, HID, Axis, and Schlage. + Understanding of how security systems and technology hardware interact with the network/IP. + Familiarity with field troubleshooting techniques for low-voltage systems. + Support and troubleshooting skills with networked devices with established global connectivity. + Expert knowledge of Windows, Linux, and cloud-based servers and VM technologies. + Able to build relationships with business partners involved with security systems program execution and deliverables. + Communication skills across all levels of the organization. + Able to maintain a vantage point with a comprehensive view of the clients, customers, and shared interests. + Able to communicate highly technical information to non-technical individuals with consistent checks for understanding. + Serve as a positive team member and leader. + Able to analyze and synthesize broad, cross-business, or cross-discipline information that leads to breakthroughs or significant insight. + Able to collaborate effectively with dynamic professionals from broad backgrounds. + Effective written, verbal, and presentation skills. + Able to work independently with little supervision. + Able to review root causes and implement appropriate changes to ensure delivery of services that exceed client expectations. + Computer skills; Microsoft Office. **Working Conditions:** With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; + Regular computer usage. + Occasional reaching and lifting of small objects and operating office equipment. + Frequent sitting, + Aavilable for on call after hours for emergency outages and incident management. + Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law. **Benefits** Benefit options include employer-paid life and AD&D, voluntary life and AD&D, medical, (HSA) Health Savings Account, (FSA) Flexible Savings Account, dental, vision, short-term disability, long-term disability, 401(K), paid time off (vacation, personal, sick, and holidays) and several employee assistance-related programs. This information provides a brief benefit overview. Upon the acceptance of an employment offer, the new employee will receive comprehensive plan details based on specific eligibility rules. **Posted Salary Range** USD $150,000.00 - USD $150,000.00 /Yr. Submit a Referral (************************************************************************************************************************************************* **Location** _US-CA-San Jose_ **ID** _2025-2303_ **Category** _Security Risk Management_ **Position Type** _Full-Time_ **Min Pay Rate** _USD $150,000.00/Yr._ **Max Pay Rate** _USD $150,000.00/Yr._ **Job Type** _Hybrid_ Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law.

at loan Depot loan Depot's Security Operations team is at the forefront of cyber defense for the organization. We are seeking a Senior Security Analyst who will act as both a technical authority and front-line commander within our Security Operations Center. This is a strategic, high-impact role for a seasoned professional who can seamlessly integrate with our team on Day One, bringing the composure, knowledge, experience, and precision necessary to contain and eradicate cyber threats from our environment.Reporting directly to the Information Security Operations Manager, this position partners closely with our Level 1 MSSP, internal business units, and external incident response partners to ensure that every incident is managed with accountability, consistency, and efficiency. The ideal candidate is resourceful, quick-thinking, and deeply fluent with the leading security stacks and tools, capable of turning strands of data into decisive action and information. The Sr. Cyber SOC Analyst must be able to come into the Irvine, CA office 2-3 times per week. Responsibilities: Lead and execute end-to-end security incident response activities including detection and triage, containment, eradication, and recovery for incidents ranging from simple to complex. Serve as incident commander for high-severity security events, ensuring clear communication and timely resolution across stakeholders. Partner with Level 1 MSSP partners to validate escalations, refine detection logic, and ensure consistent handling workflows. Coordinate with external partners and internal teams to contain and mitigate threats while maintaining operational resilience. Detection, Analysis, & Threat Hunting Utilize industry standard and/or custom tools for telemetry to conduct deep-dive investigations and root cause analysis. Develop and optimize queries, analytic rules, and playbooks to enhance threat detection and automation, pushing incidents towards level 0 where possible. Conduct proactive threat hunts and adversary emulation exercises to identify emerging tactics, techniques, and procedures (TTPs) before they escalate into incidents. Leverage MITRE ATT&CK, NIST SP800-61r3, NIST CSF2, and other frameworks to ensure methodical and repeatable investigation practices. Operational Excellence & Leadership Document and refine incident response playbooks and runbooks to improve team consistency and speed. Produce detailed incident reports, post-incident reviews, and executive summaries with actionable insights. Mentor other analysts and emerging prospects, reinforcing our culture of accountability, consistency, and efficiency. Participate in weekly high-severity incident case reviews and contribute to the continuous improvement of SOC metrics and performance. Other duties as assigned. Requirements: Bachelor's Degree in a related field preferred, but not required. Minimum of five (5) + years' experience working in a security operations center or similar environment preferred. A demonstrated mastery of industry leading tools in SIEM, EDR, and CSPM. Expertise in querying, hunting, and correlating disparate data points across large telemetry datasets using SQL/KQL/Cypher. A demonstrated ability to lead complex investigations and coordinate across technical and business stakeholders. A solid understanding of cybersecurity frameworks such as MITRE ATT&CK, NIST CSF 2, NIST SP800-61r3. Excellent written and verbal communication skills, with the ability to translate technical findings into business-relevant narratives. Experience in log aggregation technologies and SIEM tuning processes. Experience in the Mortgage industry preferred. CISSP, GIAC Certified Incident Handler, or other related certifications preferred. Why work for #teamloan Depot: Competitive compensation based on skillset and relatable experience. Work with other passionate, purposeful, and customer-centric team members. Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive. Extensive internal growth and professional development opportunities including tuition reimbursement. Comprehensive benefits package including Medical/Dental/Vision. Wellness program to support both mental and physical health. Discretionary Time Off (DTO) policy to support work-life balance in addition to Paid Voluntary Time Off. About loan Depot: loan Depot (NYSE: LDI) is a digital commerce company committed to serving its customers throughout the home ownership journey. Since its launch in 2010, loan Depot has revolutionized the mortgage industry with a digital-first approach that makes it easier, faster, and less stressful to purchase or refinance a home. Today, loan Depot enables customers to achieve the American dream of homeownership through a broad suite of lending and real estate services that simplify one of life's most complex transactions. With headquarters in Southern California and offices nationwide, loan Depot is committed to serving the communities in which its team lives and works through a variety of local, regional, and national philanthropic efforts. Base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay for this roles is between $99,000 and $136,000. Your base pay will depend on multiple individualized factors, including your job-related knowledge/skills, qualifications, experience, and market location. We are an equal opportunity employer and value diversity in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it's at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose. Position Overview: Freddie Mac is seeking an experienced Manager to join our Third Party Risk Governance (TPRG) Information Security (Cyber) team. Your role will be vital in identifying potential risks and ensuring that effective mitigation strategies are in place. If you have a strong foundation in risk management and cybersecurity, and are committed to protecting organizations from threats, we invite you to apply for this critical role at Freddie Mac. Our Impact: The Seller/Servicer Information Security Oversight Team, within Third-Party Risk Management, is responsible for monitoring the information security standards of seller/servicers to ensure the safeguarding of Freddie Mac's data in alignment with the Freddie Mac Guide. Our team of cyber risk specialists is actively involved in monitoring, identifying, detecting, and responding to cyber threats. Through regular vulnerability scans, they work diligently to mitigate information security risks to Freddie Mac. Your Impact: As a Manager, you will play a key role in enhancing our oversight of third-party risk management. Your responsibilities will include: Leading initiatives to conduct thorough cybersecurity risk assessments. Applying the Cybersecurity Framework (CSF) to structure and improve our risk management processes. Collaborating with various stakeholders to identify and assess potential information security risks. Developing and implementing strategic plans to effectively mitigate identified risks. Ensuring the continuous improvement of our cybersecurity posture through proactive risk management and oversight. Conducting comprehensive Information Security risk reviews and interviews with seller/servicers as part of the annual Consolidated Origination and Risk Evaluation (CORE) review. Analyzing findings from these reviews and developing a detailed risk assessment, backed by supporting evidence. Qualifications: 8+ years of experience in risk management, internal controls, audit, or compliance, preferably within financial services or mortgage operations 8 to 10 years of experience in cybersecurity or cyber risk management, with a focus on highly regulated industries. Bachelor's degree in computer science, engineering, or a related field, or equivalent work experience, preferred. Proficiency in performing risk analyses, vulnerability assessments, and threat modeling. Proven track record of leading risk assessment and controls initiatives across business functions Proven experience engaging with senior leadership to understand and align with strategic goals. Experience in IT governance, risk, and controls, including familiarity with frameworks such as COBIT, FFIEC, ISO 2700x, and NIST. Strong analytical and problem-solving skills. Excellent communication skills for articulating technical risks to non-technical audiences. In-depth knowledge of cybersecurity principles, networks, and operating systems, with experience in relevant frameworks like NIST and ISO 27001. Industry certifications such as Sec+, SSCP, GSEC or C|EH, preferred Keys to Success: Significant understanding of the Third-Party Risk Governance process Ability to perform additional duties as assigned to support the organization's evolving needs. Strong analytical and problem-solving skills. Excellent communication skills for articulating technical risks to non-technical audiences. In-depth knowledge of cybersecurity principles, networks, and operating systems, with experience in relevant frameworks like NIST and ISO 27001 Possess a deep understanding of NIST standards and evaluate seller/servicers' compliance with the Freddie Mac Guide. Identify and assess potential risks and vulnerabilities to our systems and data posed by third parties, utilizing approved monitoring tools. Conduct thorough risk assessments, analyze potential threats, and evaluate third-party information security processes and procedures. Identify associated risks and provide a comprehensive risk assessment with supporting evidence. Current Freddie Mac employees please apply through the internal career site. We consider all applicants for all positions without regard to gender, race, color, religion, national origin, age, marital status, veteran status, sexual orientation, gender identity/expression, physical and mental disability, pregnancy, ethnicity, genetic information or any other protected categories under applicable federal, state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. A safe and secure environment is critical to Freddie Mac's business. This includes employee commitment to our acceptable use policy, applying a vigilance-first approach to work, supporting regulatory mandates, and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs. CA Applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit ****************** and register with our referral code: MAC. Time-type:Full time FLSA Status:Exempt Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site. This position has an annualized market-based salary range of $142,000 - $214,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.

Why USAA? At USAA, our mission is to empower our members to achieve financial security through highly competitive products, exceptional service and trusted advice. We seek to be the #1 choice for the military community and their families. Embrace a fulfilling career at USAA, where our core values - honesty, integrity, loyalty and service - define how we treat each other and our members. Be part of what truly makes us special and impactful. The Opportunity We are seeking a dedicated Bank Information Security Governance Senior. We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position can be based in our Phoenix, AZ; San Antonio, TX; Plano, TX; Colorado Springs, CO; Chesapeake, VA; Charlotte, NC or Tampa, FL offices. Relocation assistance is not available for this position. What you'll do: Supports the first line of defense in ensuring the effectiveness of Information Security (IS) governance, IS risk management, and compliance programs within the Bank Technology Office. Collaborates with Information Technology (IT) and IS teams, business stakeholders, Compliance, Risk Management, Audit Services, and external parties to support IS governance and IS risk and compliance-based initiatives. Acts as a key liaison between the Association's IS function and various Bank business units, ensuring alignment with enterprise security policies and standards. * Continuously monitors IS environments to identify emerging risks related to cybersecurity, infrastructure, applications, and third-party services. Provides consultative services across Bank. * Provides expert insights on the development, implementation, and continuous improvement of IT governance frameworks (e.g., COBIT, ITIL) tailored to the Bank organization's specific needs and strategic objectives. * Analyzes incident trends and control gaps to anticipate potential risk scenarios and recommend preventive measures. * Conducts forward-looking risk assessments for new technology initiatives, system changes, and digital transformation projects. * Analyzes incident trends and control gaps to anticipate potential risk scenarios and recommend preventive measures. * Partners with and leads IT/IS teams to embed IS risk considerations early in the project lifecycle and ensure timely mitigation strategies. * Leads the development, implementation, and continuous improvement of IT governance frameworks (e.g., COBIT, ITIL) tailored to the organization's specific needs and strategic objectives. * Defines, maintains, and enforces IS policies, standards, and procedures to ensure compliance with relevant laws, regulations, and industry best practices. * Ensures IS risk compliance with legal, regulatory, and contractual requirements, coordinating audits and assessments. * Provides governance oversight for IS related initiatives, ensuring they adhere to established standards, policies, and risk management practices. * Mentors junior members of the IS governance team, providing guidance and support in their professional development. * Enhances, and maintains awareness of the risk governance framework and its elements (RCSA). * Performs root cause analysis to determine likelihood, impact, and mitigation approaches of identified risks. * Prepares metrics reporting and participates in the metrics refresh process. * Maintains awareness of cloud computing principles and AI and understands potential IS risks inherent within this discipline. * Ensures risks associated with business activities are effectively identified, measured, monitored, and controlled in accordance with risk and compliance policies and procedures. What you have: * Bachelor's degree in Information Technology, Computer Science, Business Administration, or a related field; OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree. * 6 years experience supporting IS governance, IS risk management, compliance, or IT audit activities * In-depth knowledge and application of IT governance frameworks such as COBIT, ITIL, ISO 27001, and NIST, CIS Controls and CMMC * Experience working on and implementing IT and/or IS policies, standards, and procedures. * Experience leading and coordinating IS audits and assessments and ensuring compliance with regulatory requirements. * A strong understanding of regulatory and compliance requirements applicable to the organization. * Ability to interpret complex IT/IS environments and detect early warning signals. * Experience in identifying potential failure points and simulating risk scenarios. * Proficiency in using data to identify trends, anomalies, and emerging risks. * Understanding of cloud, cybersecurity, and digital transformation risks. * Ability to articulate risk insights and influence stakeholders to take preventive actions. * Familiarity with GRC platforms, vulnerability management tools, and risk dashboards. What sets you apart: * Information Technology or Security certifications (e.g., CISA, CRISC, CISM, CISSP, CGEIT, CIA, NIST, COBIT, etc.). * Familiarity with financial institutions regulations (GLBA, FFIEC Handbooks, PCI DSS) * Work experience in highly regulated work environments including other large financial institutions * Experience with data-driven analysis using AI tools and collaborating to drive process innovation * Highly self-motivated individual capable of working independently and proactively handling their workload with minimal direct supervision. * Strong analytical skills and demonstrated experience collaborating effectively with leadership at all levels within an organization. Compensation range: The salary range for this position is: $114,080-$218,030. USAA does not provide visa sponsorship for this role. Please do not apply for this role if at any time (now or in the future) you will need immigration support (i.e., H-1B, TN, STEM OPT Training Plans, etc.). Compensation: USAA has an effective process for assessing market data and establishing ranges to ensure we remain competitive. You are paid within the salary range based on your experience and market data of the position. The actual salary for this role may vary by location. Employees may be eligible for pay incentives based on overall corporate and individual performance and at the discretion of the USAA Board of Directors. The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job. Benefits: At USAA our employees enjoy best-in-class benefits to support their physical, financial, and emotional wellness. These benefits include comprehensive medical, dental and vision plans, 401(k), pension, life insurance, parental benefits, adoption assistance, paid time off program with paid holidays plus 16 paid volunteer hours, and various wellness programs. Additionally, our career path planning and continuing education assists employees with their professional goals. For more details on our outstanding benefits, visit our benefits page on USAAjobs.com. Applications for this position are accepted on an ongoing basis, this posting will remain open until the position is filled. Thus, interested candidates are encouraged to apply the same day they view this posting. USAA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

The Senior Information Security Engineer will assume, but not be limited to, the following responsibilities: Responsible for designing, managing, and maintaining the credit union's information security systems to ensure member data confidentiality, integrity, and availability Compliance with established security policies, procedures and standards Monitors, manages and analyzes malicious activities daily to ensure the credit union's security infrastructure Assists in the development and maintenance of Information Technology Security Program, including policies, standards, procedures, and security awareness training. Conduct vulnerability scanning and develop prioritized remediation plans Assist internal and external auditors as required The successful candidate will possess the following education, knowledge and skillsets: Undergraduate degree and four (4) years information security related experience; or six (6) plus years of information security related experience Must have one or more of the following industry certifications: ISACA Certified Information Security Manager (CISM) GIAC Information Security Certification Certified Information Systems Security Professional (CISSP) Strong knowledge and experience with IDS/IPS Technologies, Firewall management and maintenance, Anti-Virus / Anti-Malware software, network protocols (BGP, OSPF, etc), SIEM/LEM technology, and etc. Must be a self starter, able to work without constant supervision Strong written and verbal communication skills Strong investigation, remediation, and reporting intuition We provide competitive compensation and benefits package that includes: Health, dental, and vision plans 401(k) plan Life insurance Paid Time Off (PTO) Plan Paid holidays EOE

Figure is an AI Robotics company developing a general purpose humanoid. Our humanoid robot, Figure 02, is designed for commercial tasks and the home. We are based in San Jose, CA and require 5 days/week in-office collaboration. It's time to build. We are looking for a Security Engineer to join the Security & Privacy team at Figure, focusing on designing, implementing, and managing the detection and response tooling and processes. Responsibilities: Design, pilot, and implement central logging and alerting systems to detect malicious activity on Figure's infrastructure, including endpoints, networks, labs, and cloud environments Develop tools and automation strategies to improve Figure's ability to hunt threats and respond to incidents Participate in team operations, such as investigating events generated by the alerting pipeline and triage potential incidents, and drive response efforts in case of an active incident Identify, analyze, and build threat intelligence on relevant trends in adversary tactics, techniques, and procedures (TTPs) for sophisticated threat actors spanning APTs and cybercrime. Requirements: Experience several of the following detection and response areas: digital forensics, malware analysis, incident management, host/network intrusion detection, threat intelligence Demonstrated knowledge in threat hunting and developing logic to automate threat detection and incident response Work record of collaborating with internal and external stakeholders at all levels of a company Practical experience in a BeyondCorp model Strong software engineering (beyond scripting or automation) skills in C/C++, Rust, Golang, Python or similar Solid knowledge of operating system internals (Linux, Windows, mac OS), and experience with detection in Cloud environments (Azure, GCP, AWS) Bachelor of Science in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field 6+ years of experience in the field of security monitoring or related security role Excellent verbal and written communication skills, with high attention to detail The US base salary range for this full-time position is between $150,000 - $350,000 annually. The pay offered for this position may vary based on several individual factors, including job-related knowledge, skills, and experience. The total compensation package may also include additional components/benefits depending on the specific role. This information will be shared if an employment offer is extended.

Figure is an AI Robotics company developing a general purpose humanoid. Our humanoid robot, Figure 02, is designed for commercial tasks and the home. We are based in San Jose, CA and require 5 days/week in-office collaboration. It's time to build. We are looking for a Security Engineer to join the Security & Privacy team at Figure, focusing on security of the robot as well as associated backend services. We are looking for excellent security engineers who have experience in breaking and building complex software systems, with experience in AI and embedded systems. Responsibilities Conduct security assessments of applications, embedded systems, back-end services, and business integrations, as well as build tooling for a secure development lifecycle Design technical solutions to mitigate security weaknesses on the robot and our service stack. Work with teams across the company to implement them. Build frameworks and systems to prevent classes of vulnerabilities Hunt for vulnerabilities and insecure coding patterns on our product stack (backend services and robot internal systems) Be a champion for security and user privacy Requirements Experience in several of the following application security domains: penetration testing, vulnerability research, security assessment, secure coding practices, security architecture & design, hardware security Strong software engineering (not scripting or automation) skills in C/C++, Rust, Golang, Python or similar Experience with securing embedded systems, including secure boot, secure identity, OTA, or others Solid foundation in web security, mobile security, or cryptography Ability to collaborate with internal and external stakeholders whilst prioritizing tasks and work independently under minimal supervision. BS in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field 3+ years of experience in the field of application security or related security role Passion for learning and helping others Excellent verbal and written communication skills, with high attention to detail The US base salary range for this full-time position is between $150,000 - $350,000 annually. The pay offered for this position may vary based on several individual factors, including job-related knowledge, skills, and experience. The total compensation package may also include additional components/benefits depending on the specific role. This information will be shared if an employment offer is extended.

Who We AreJoin a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for ten consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit **************************** We DoManage the day-to-day services and/or delivery related to the First American Identity & Access Management (IAM) program. Work under guidelines, policies and standards established by the Information Security Office. Ensure proper availability of Identities for the enterprise. What You'll Do Manage a group of technical professionals (typically skilled exempt level employees) who have responsibility for operations and project outcomes. Provide direct and indirect supervision of teams. Manage and operate the Identity and Access Management (IAM) systems for the enterprise. Manage and operate other IAM related technologies such as SAML, federated authentication, Access Manager Authentication proxy, two factor authentication, Single Sign ON, and authentication integration with major enterprise systems. Manage and operate the enterprise PKI environment, including support of S/MIME signing and encryption, and security best practices. Develop trust-based relationships with customers to fully understand and deliver solutions to meet their business needs, while using diplomacy and relationships to advance the information security risk management program within the System's consensus-driven culture. Ensure compliance with information security standards, policies and procedures. Communicate and implement industry best practices and solutions employed in the information security space. Contribute to project reviews and approve detailed designs and cost estimates for projects. Set priorities on daily operations, provide input to and administer cost center spending. Participate in long-range departmental planning. Recommend methodologies. Interface with management inside and outside of the company to provide input to operational decisions and to clarify or modify project plans, and/ or schedule requirements. Write and conduct employee performance reviews and provide ongoing performance feedback. Make hiring recommendations. May get input from Sr. Manager/ Director in these areas. Prepare and maintain job descriptions for positions that report to him/her. Regularly interact with senior management and peers in other departments for purposes of gaining cooperation, exchanging technical information, and presenting project plans and reports. Facilitate work and problem resolution between work groups. May lead cooperative inter-department projects and/or process improvement efforts. Required to perform duties outside of normal work hours based on business needs. What You'll Bring Knowledge and Skills/Technology Used Bachelor's Degree or equivalent work experience Successful track record of managing operations; and designing, developing and managing the execution of projects in area of expertise. Excellent communication skills, as well as outstanding presentation and persuasion capabilities, with exceptional presence that elicits confidence and credibility. Ability to communicate effectively across a wide group of people and audiences. Working industry knowledge of Information Technology to lead in functional area. As part of the National IT leadership team, provide broad perspective and thought leadership to develop and implement key strategies and critical business priorities at the System level. Ability to effectively convey complex issues and communicate to a variety of audiences including technical staff, peers, as well as senior management, and oversight bodies. Ability to develop and implement processes to ensure compliance and quality. Ability to establish and maintain effective working relationships within and between departments. Strategic Management: Ability to communicate the function's vision and the department's direction, and set aligned goals for team. Provides resources and implements systems to measure results. Team Development: Ability to select, coach and develop talent and hold employees accountable for results. Supports change and fosters collaboration. Ethics: Deals with others in an honest manner, assures adherence to company policies, addresses questionable business practices. Customer Focus: Fosters customer loyalty and demonstrates commitment to customer satisfaction. Keeps customers apprised of progress and ensures commitments are met. Communication: Provides others with reliable information, creates and delivers accurate reports and presentations. Uses good listening skills. Negotiates effectively. Disclaimer The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal work hours and/or responsibilities from time to time, as needed. What We OfferBy choice, we don't simply accept individuality - we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it's the right thing to do, but also because it's the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term. ** Note that the following statements only apply to candidates who will be working from an unincorporated area within Los Angeles County. ** First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act). First American intends to conduct a review of an applicant's criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements. Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.

REQUIRED SKILLS • Demonstrated experience in cyber security, InfoSec, security engineering, or network engineering. • Demonstrated experience with vulnerability scanning tools. • Demonstrated experience analyzing and documenting test results. • Demonstrated experience assessing systems against information assurance policies and regulations. • Demonstrated experience communicating complex technical concepts to both technical and non-technical audiences. • Demonstrated experience coordinating and performing security testing. • Demonstrated experience developing risk assessment and certification reports. • Demonstrated experience leading security accreditation efforts for enterprise systems. • Demonstrated experience recommending mitigating countermeasures to identified threats, vulnerabilities, or shoflfalls. • Demonstrated experience with Linux operating system. • Demonstrated experience writing and reviewing documents such as requirements specifications, system architecture, design documents, test plans, or security plans. • Demonstrated experience decomposing functional requirements into technical requirements. Demonstrated experience analyzing existing systems and identifying necessary corrective actions and improvements. • Demonstrated experience preparing program documentation such as CONOPS, SSP, and preparing materials to support system accreditation. DESIRED SKILLS • Demonstrated experience with creating and maintaining integrated master schedules. • Demonstrated experience with offensive security practices. • Demonstrated experience explaining protocols, technical procedures and processes clearly and accurately to both technical and non-technical audiences.

Responsible for driving the development, implementation, communication, and maintenance of loan Depot's technology policies, standards and procedures that are aligned to industry standards and regulatory requirements. Ensures that loan Depot technology processes adheres to regulatory requirements, manages risks effectively, and establishes strong governance practices. Develops and implements controls, monitors compliance, and supports risk management activities. Responsibilities: * Leads the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines. * Continuously evaluates and updates cybersecurity and IT policies to ensure they remain current and effective. * Ensures policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX and PCI-DSS). * Collaborates with teams, working closely with IT, legal, compliance, and other departments, to gain a deep understanding of business needs to ensure cybersecurity policies align with business objectives. * Transforms complex information and documentation into simple concepts that are easy to understand by the end-users. * Offers specialized expertise and consultation to cross-functional teams to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommends prioritized, actionable solutions to mitigate risks and enhance loan Depot's overall security posture. * Stays informed about the latest cybersecurity threats, trends, and best practices. Ensures accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses. * Benchmarks the organization's policies against industry standards and best practices. * Develops and implements governance frameworks for cybersecurity policy management. * Monitors key performance indicators, conducts gap analysis, risk assessments and implements frameworks, as needed. Tests and monitors effectiveness of controls. * Establishes a feedback loop and analyzes metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats. * Actively leads and supports on internal and external audits and assessments of cybersecurity policies and practices. Accountable for ensuring identified audit and assessment findings and actions are tracked to closure. * Maintains comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicates policy requirements and updates to all relevant stakeholders. * Identifies opportunities for innovation and improvement in cybersecurity policy and practice. Proposes suitable mitigation strategies and verifies the effectiveness of remediation plans Requirements: * Bachelor's Degree in Information Security, Computer Science, Information Technology, or a related field preferred. * Minimum of six (6) + years' experience working in Cybersecurity GRC, policy development, risk management, or a similar field. * Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust). * Proficiency in using data analysis and reporting tools (e.g., Excel, Power BI). * Relevant certifications such as CISM and/or CISA are highly desirable. Why work for #teamloan Depot: * Competitive compensation package based on experience, skillset and overall fit for #TeamloanDepot. * Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive * Work with other passionate, purposeful, and customer-centric people * Extensive internal growth and professional development opportunities including tuition reimbursement * Comprehensive benefits package including Medical/Dental/Vision * Wellness program to support both mental and physical health * Generous paid time off for both exempt and non-exempt positions About loan Depot: loan Depot (NYSE: LDI) is a digital commerce company committed to serving its customers throughout the home ownership journey. Since its launch in 2010, loan Depot has revolutionized the mortgage industry with a digital-first approach that makes it easier, faster, and less stressful to purchase or refinance a home. Today, as the nation's second largest non-bank retail mortgage lender, loan Depot enables customers to achieve the American dream of homeownership through a broad suite of lending and real estate services that simplify one of life's most complex transactions. With headquarters in Southern California and offices nationwide, loan Depot is committed to serving the communities in which its team lives and works through a variety of local, regional, and national philanthropic efforts. Base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay for this role is between $99,000 and $136,500. Your base pay will depend on multiple individualized factors, including your job-related knowledge/skills, qualifications, experience, and market location. We are an equal opportunity employer and value diversity in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: * Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. * Build-time controls: Managing applications/products security controls and activities during development. * Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities * Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. * Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. * Support or develop components of the security analytics platform. * Contribute to investigations, threat hunting, and incident response activities in a supporting role. * Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. * Support the security operations team with the vulnerability management lifecycle for products and services under your purview. * Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities * Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. * Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. * Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. * Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). * Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. * Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. * Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. * Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. * Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. * Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. * Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. * Experience engaging with vendors in design partnerships. * Experience overseeing vulnerability and threat management at the platform and application levels. * Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. * Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. $146,000 - $170,000 a year In addition to the above salary, this role may be eligible for a bonus. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: * Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. * Build-time controls: Managing applications/products security controls and activities during development. * Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities * Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. * Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. * Support or develop components of the security analytics platform. * Contribute to investigations, threat hunting, and incident response activities in a supporting role. * Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. * Support the security operations team with the vulnerability management lifecycle for products and services under your purview. * Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities * Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. * Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. * Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. * Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). * Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. * Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. * Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. * Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. * Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. * Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. * Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. * Experience engaging with vendors in design partnerships. * Experience overseeing vulnerability and threat management at the platform and application levels. * Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. * Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. $146,000 - $170,000 a year In addition to the above salary, this role may be eligible for a bonus. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services. Your oversight will encompass: - Enterprise systems:Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. - Build-time controls: Managing applications/products security controls and activities during development. - Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. While you will take on multiple responsibilities-from advisor to builder and beyond-your primary focus will be designing and building security patterns and practices for services and processes, and fostering strong relationships with product, business, and engineering. Essential Job Duties & Responsibilities Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Hands-on experience with managing security for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. Additional Information Regarding Job Duties and s: Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.

This position is responsible for ensuring that the Bank's Security operations and preventive controls are managed and maintained in accordance with established Information Security policies, standards and procedures, published regulations and industry best practices. Primarily responsible for the constant review of vendor security controls in comparison with policies and industry frameworks, risk assessments, determination of control gaps and their remediation. ESSENTIAL FUNCTIONS Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk. Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation. Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others. Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments. Reports information security risks and follows-up remediations. Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management. QUALIFICATIONS Education: College degree in Information Technology or Information Security or equivalent; Security+, SSCP, CISSP, CISM or similar information security certifications preferred. Experience: Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing. Proven experience on third-party risk management and vendor security assessments. Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required. Experience working with Vendor Risk Management (VRM) applications preferred. Skills/Ability: Proven ability to initiate and manage projects. Excellent communication and problem-solving skills. Strong inter-personal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision. OTHER DETAILS $28.84 - $33.65 / hour Pay determined based on job-related knowledge, skills, experience, and location. This position may be eligible for a discretionary bonus.