Security architect jobs in Camden, NJ

At Customers Bank, we believe in working hard, working smart, working together to deliver memorable customer experiences and having fun. Our vision, mission, and values guide us along our path to achieve excellence. Passion, attitude, creativity, integrity, alignment, and execution are cornerstones of our behaviors. They define who we are as an organization and as individuals. Everyone is encouraged to have personal development plans. By doing so, our team members are on their way to achieve their highest potential and be successful in their personal and professional lives. This role is ONSITE in our Malvern, PA office Monday through Thursday with Friday remote. Must be eligible to work in the U.S. without requiring sponsorship now or in the future. Who is Customers Bank? Founded in 2009, Customers Bank is a super-community bank with over $22 billion in assets. We believe in dedicated personal service for the businesses, professionals, individuals, and families we work with. We get you further, faster. Focused on you: We provide every customer with a single point of contact. A dedicated team member who's committed to meeting your needs today and tomorrow. On the leading edge: We're innovating with the latest tools and technology so we can react to market conditions quicker and help you get ahead. Proven reliability: We always ground our innovation in our deep experience and strong financial foundation, so we're a partner you can trust. What you'll do: Cloud Security Architecture: Design, implement, and maintain secure architectures for cloud platforms (Azure, AWS, or others), ensuring alignment with security policies and regulatory requirements. Security Tools Configuration: Configure, maintain, and optimize security tools including CNAPP, CASB, SIEM, endpoint detection, vulnerability scanners, and cloud-native security controls. Defender & CASB Oversight: Manage and tune Microsoft Defender and Defender for Cloud Apps (CASB) to detect, prevent, and remediate threats across cloud environments, SaaS platforms, and endpoints. Security Baseline Compliance: Review and ensure that environments and resources consistently follow security baselines and frameworks such as CIS, NIST, and FFIEC. Secure Design & Guidance: Partner with infrastructure, DevOps, and application teams to provide security requirements and guidance for cloud projects and deployments. Documentation & Reporting: Maintain architecture diagrams, configuration documentation, and compliance reporting to support audits and regulatory exams. Incident Response Support: Provide expertise in responding to cloud-related security incidents and collaborate on remediation efforts. Continuous Improvement: Evaluate emerging cloud security tools and best practices to enhance protection and operational efficiency. API platform monitoring: Assist architecture team implement API monitoring platform. This includes API inventory and related data monitoring Perform monitoring: Provide metrics (KPIs and KRIs) supporting appropriate security monitoring and underlying processes. What do you need? Must-Haves 5+ years' experience in security engineering, architecture, or operations, with at least 2 years in cloud security. Strong knowledge of cloud platforms (Azure, AWS, or GCP), including native security tools and services. Experience reviewing and managing network security configurations. Hands-on experience with configuring and maintaining security tools (SIEM, EDR, vulnerability management, IAM, cloud security posture management). Solid understanding of networking protocols, routing, and hybrid cloud connectivity. Bachelor's degree in Information Security, Computer Science, or related field, or equivalent work experience. Key Skills Strong troubleshooting and analytical skills. Ability to balance security needs with business requirements. Excellent communication skills, with the ability to translate technical findings into clear, actionable recommendations. Proficiency in Microsoft Office applications for reporting and documentation. Nice-to-Haves Cloud security certifications such as AZ-500 (Azure Security Engineer), AWS Security Specialty, CCSP, or CISSP. Experience with Splunk, CrowdStrike, Tenable, Active Directory, and cloud-native logging/monitoring tools. Knowledge of DevSecOps practices and integrating security into CI/CD pipelines. Banking or financial services industry experience. Customers Bank is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also provide “reasonable accommodations”, upon request, to qualified individuals with disabilities, in accordance with the Americans with Disabilities Act and applicable state and local laws. Diversity Statement: At Customers Bank, we believe in working smart, working together, and having fun while delivering innovative solutions and memorable experiences for our customers. We are committed to the continual advancement of a culture which reflects the value we place on diversity, equity, and inclusion. We honor the diverse experiences, perspectives, and identities of our team members, and we recognize that it is their passion, creativity, and integrity that drives our success. Step into your future with us! Let's take on tomorrow.

Company DescriptionJobs for Humanity is partnering with Capital One to build an inclusive and just employment ecosystem. Therefore, we prioritize individuals coming from the following communities: Refugee, Neurodivergent, Single Parent, Blind or Low Vision, Deaf or Hard of Hearing, Black, Hispanic, Asian, Military Veterans, the Elderly, the LGBTQ, and Justice Impacted individuals. This position is open to candidates who reside in and have the legal right to work in the country where the job is located. Company Name: Capital One Job Description201 Third Street (61049), United States of America, San Francisco, CaliforniaSenior Manager, Information Security Office Consultant At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. You are comfortable with Cloud Service technologies like Storage Services, Security & Access Control Management, Container Services, and API Implementation and Management. You are familiar with various Cloud computing models to include IaaS, PaaS, and SaaS along with their architectural differences. Security is essential to what we do here, from protecting our customers to our associates. What You'll Do: Act as a central Information Security point of contact for the Enterprise Platform team Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, and User Access Management Serve as an expert in Capital One's Information Security capabilities, solutions, policies, procedures and standards Influence customers to leverage security capabilities and solutions to shift and integrate security to the left in the development processes Escalate and manage cyber security risk Provide ad hoc support on special Information Security hot topics for the business Provide regular updates to executive leadership with your line of business on the overall Information Security health and risk environment Work with line of business leadership to anticipate their objectives and needs to better serve the line of business Product security consulting in Authentication/Access Management /Identity application and experienced in Authentication and industry-standard protocol for authorization/authorization Basic Qualifications: High School Diploma, GED or equivalent certification At least 8 years of experience working in cybersecurity or information technology At least 7 years of experience providing guidance and oversight of Security concepts At least 7 years of experience performing security risk assessments and security architecture reviews At least 7 years of experience with architecture, software design, networking, and cloud infrastructure At least 5 years of experience with cloud security engineering Preferred Qualifications: Bachelor's Degree 3+ years of experience in securing a public cloud environment (e.g. AWS, GCP, Azure) 4+ years of experience in IAM or related areas Experience building software utilizing public cloud (e.g. AWS, GCP, Azure) Familiarity with Cloud patch management practices such as system rehydration and image management Experience utilizing Agile methodologies Experience with Software Security Architecture Experience with Application Security Experience with Threat Modeling Experience with Penetration Testing or Vulnerability Management Experience with integrating SaaS products into an Enterprise Environment Experience with securing Container services Splunk-Fu / Enterprise Monitoring experience Financial services industry experience Professional certifications such as AWS Certified Solutions Architect and Certified Information Systems Security Professional (CISSP) Experience in Offensive and Defensive Security techniques Experience in a regulated environment Strong conceptual thinking, influence and communication skills At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. New York City (Hybrid On-Site): $230,100 - $262,700 for Sr Manager, Cyber TechnicalSan Francisco, California (Hybrid On-Site): $243,800 - $278,200 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth or related medical conditions), race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity, gender reassignment, citizenship, immigration status, protected veteran status, or any other basis prohibited under applicable federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at ************** or via email at [email protected]. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to [email protected] Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Since 1869, we've connected people through food they love. We're proud to be stewards of amazing brands that people trust. Our portfolio includes the iconic Campbell's brand, as well as Cape Cod, Chunky, Goldfish, Kettle Brand, Lance, Late July, Pacific Foods, Pepperidge Farm, Prego, Pace, Rao's Homemade, Snack Factory, Snyder's of Hanover. Swanson, and V8. Here, you will make a difference every day. You will be supported to build a rewarding career with opportunities to grow, innovate and inspire. Make history with us. Why Campbell's… * Benefits begin on day one and include medical, dental, short and long-term disability, AD&D, and life insurance (for individual, families, and domestic partners). * Employees are eligible for our matching 401(k) plan and can enroll on the first day of employment with immediate vesting. * Campbell's offers unlimited sick time along with paid time off and holiday pay. * If in WHQ - free access to the fitness center. Access to on-site day care (operated by Bright Horizons) and company store. * Giving back to the communities where our employees work and live is very important to Campbell's. Our "Campbell's Cares" program matches employee donations and/or volunteer activity up to $1,500 annually. * Campbell's has a variety of Employee Resource Groups (ERGs) to support employees. Chief Information Security Officer How you will make history here… The Chief Information Security Officer (CISO) reports to the Chief Digital & Technology Officer and is responsible for enhancing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate. The CISO is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. The CISO position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. The CISO will proactively work with business segments, corporate functions and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. He or she should deeply understand IT and must oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology. The CISO will be responsible for implementing and running the enterprise information security program. The CISO should understand and articulate the impact of cybersecurity on (digital) business, and be able to communicate this to the board of directors and other senior stakeholders. He or she serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. The CISO understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. The CISO must be knowledgeable about both internal and external business environments, and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. The ideal candidate is a thought leader, a builder of consensus and of bridges between business and technology. He or she is an integrator of people, process and technology. While the CISO is the leader of the information security program, he or she must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives. Ultimately, the CISO is a business leader, and should have a track record of competency in the field of information security and/or risk management, with 15 years of relevant experience, including five years in a significant leadership role. What you will do… Responsibilities * Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board. * Provide regular reporting on the current status of the information security program to the CIO, enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes. * Work with the vendor management office to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations. * Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences. * Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management. * Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls. * Lead the security champion program to mobilize employees in all locations. * Lead the information security function across the company to ensure consistent and high-quality information security management in support of the business goals. * Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of nondigital risk areas. * Manage the budget for the information security function, monitoring and reporting discrepancies. * Manage the cost-efficient information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management and annual performance reviews. * Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate. * Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization. * Assist with the identification of non-IT managed IT services in use ("shadow IT") and facilitate a corporate IT onboarding program to bring these services into the scope of the IT function, and apply standard controls and rigor to these services; where this is not possible, ensure that risk is reduced to the appropriate levels and ownership of this information security risk is clear. * Work effectively with business units to facilitate information security risk assessment and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite. * Develop and enhance an up-to-date information security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. * Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations. * Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices. * Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets. * Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels. * Provide input for the IT section of the company's code of conduct. * Create the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required. * Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks. * Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies. * Liaise with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design. * Create a risk-based process for the assessment and mitigation of any information security risk in your ecosystem consisting of supply chain partners, vendors, consumers and any other third parties. * Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy. * Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are included where applicable. * Define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings. * Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines. * Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk. * Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation. * Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action. * Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter. * Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas. * Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem. Who you will work with… * Report to the Chief Digital & Technology Officer * 4 Direct Reports & Team size of 30 * External Vendor Management What you bring to the table… (Must Have) Skills and Knowledge * Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as applied experience on NIST, including 800-53 and Cybersecurity Framework * Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists * Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization * Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies * Up-to-date knowledge of methodologies and trends in both business and IT * Poise and ability to act calmly and competently in high-pressure, high-stress situations * Must be a critical thinker, with strong problem-solving skills * Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives * Project management skills: financial/budget management, scheduling and resource management * Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist * A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital * Experience with contract and vendor negotiations * Excellent stakeholder management skills * High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity * High degree of initiative, dependability and ability to work with little supervision while being resilient to change Experience * Degree in information technology-related field and a minimum of 15 years of experience in a combination of risk management, information security and IT or OT jobs (at least five must be in a senior leadership role) * Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment * Professional security management certification is required, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials Compensation and Benefits: The target base salary range for this full-time, salaried position is between $259,000-$372,300 Individual base pay depends on work location and additional factors such as experience, job-related skills, and relevant education or training. Total pay may include other forms of compensation. In addition, we offer competitive health, dental, 401k and wellness benefits beginning on the first day of employment. Please ask your Talent Acquisition Partner for more information about our total rewards package. The Company is committed to providing equal opportunity for employees and qualified applicants in all aspects of the employment relationship, including consideration for employment, without regard to race, color, sex, sexual orientation, gender identity, national origin, citizenship, marital status, protected veteran status, disability, age, religion, or any other classification protected by law.

Since 1869, we've connected people through food they love. We're proud to be stewards of amazing brands that people trust. Our portfolio includes the iconic Campbell's brand, as well as Cape Cod, Chunky, Goldfish, Kettle Brand, Lance, Late July, Pacific Foods, Pepperidge Farm, Prego, Pace, Rao's Homemade, Snack Factory, Snyder's of Hanover. Swanson, and V8. Here, you will make a difference every day. You will be supported to build a rewarding career with opportunities to grow, innovate and inspire. Make history with us. Why Campbell's… Benefits begin on day one and include medical, dental, short and long-term disability, AD&D, and life insurance (for individual, families, and domestic partners). Employees are eligible for our matching 401(k) plan and can enroll on the first day of employment with immediate vesting. Campbell's offers unlimited sick time along with paid time off and holiday pay. If in WHQ - free access to the fitness center. Access to on-site day care (operated by Bright Horizons) and company store. Giving back to the communities where our employees work and live is very important to Campbell's. Our “Campbell's Cares” program matches employee donations and/or volunteer activity up to $1,500 annually. Campbell's has a variety of Employee Resource Groups (ERGs) to support employees. Chief Information Security Officer How you will make history here… The Chief Information Security Officer (CISO) reports to the Chief Digital & Technology Officer and is responsible for enhancing and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which we operate. The CISO is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives. The CISO position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. The CISO will proactively work with business segments, corporate functions and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. He or she should deeply understand IT and must oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology. The CISO will be responsible for implementing and running the enterprise information security program. The CISO should understand and articulate the impact of cybersecurity on (digital) business, and be able to communicate this to the board of directors and other senior stakeholders. He or she serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. The CISO understands that securing information assets and associated technology, applications, systems and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter. A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization. The CISO must be knowledgeable about both internal and external business environments, and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. The ideal candidate is a thought leader, a builder of consensus and of bridges between business and technology. He or she is an integrator of people, process and technology. While the CISO is the leader of the information security program, he or she must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives. Ultimately, the CISO is a business leader, and should have a track record of competency in the field of information security and/or risk management, with 15 years of relevant experience, including five years in a significant leadership role. What you will do… Responsibilities • Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board. • Provide regular reporting on the current status of the information security program to the CIO, enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes. • Work with the vendor management office to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations. • Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences. • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management. • Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls. • Lead the security champion program to mobilize employees in all locations. • Lead the information security function across the company to ensure consistent and high-quality information security management in support of the business goals. • Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of nondigital risk areas. • Manage the budget for the information security function, monitoring and reporting discrepancies. • Manage the cost-efficient information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management and annual performance reviews. • Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate. • Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization. • Assist with the identification of non-IT managed IT services in use ("shadow IT") and facilitate a corporate IT onboarding program to bring these services into the scope of the IT function, and apply standard controls and rigor to these services; where this is not possible, ensure that risk is reduced to the appropriate levels and ownership of this information security risk is clear. • Work effectively with business units to facilitate information security risk assessment and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite. • Develop and enhance an up-to-date information security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations. • Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices. • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets. • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels. • Provide input for the IT section of the company's code of conduct. • Create the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required. • Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks. • Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies. • Liaise with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design. • Create a risk-based process for the assessment and mitigation of any information security risk in your ecosystem consisting of supply chain partners, vendors, consumers and any other third parties. • Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy. • Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are included where applicable. • Define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings. • Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines. • Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk. • Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation. • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action. • Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter. • Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas. • Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem. Who you will work with… Report to the Chief Digital & Technology Officer 4 Direct Reports & Team size of 30 External Vendor Management What you bring to the table… (Must Have) Skills and Knowledge • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as applied experience on NIST, including 800-53 and Cybersecurity Framework • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists • Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization • Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies • Up-to-date knowledge of methodologies and trends in both business and IT • Poise and ability to act calmly and competently in high-pressure, high-stress situations • Must be a critical thinker, with strong problem-solving skills • Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives • Project management skills: financial/budget management, scheduling and resource management • Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist • A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital • Experience with contract and vendor negotiations • Excellent stakeholder management skills • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity • High degree of initiative, dependability and ability to work with little supervision while being resilient to change Experience • Degree in information technology-related field and a minimum of 15 years of experience in a combination of risk management, information security and IT or OT jobs (at least five must be in a senior leadership role) • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment • Professional security management certification is required, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials Compensation and Benefits: The target base salary range for this full-time, salaried position is between $259,000-$372,300 Individual base pay depends on work location and additional factors such as experience, job-related skills, and relevant education or training. Total pay may include other forms of compensation. In addition, we offer competitive health, dental, 401k and wellness benefits beginning on the first day of employment. Please ask your Talent Acquisition Partner for more information about our total rewards package. The Company is committed to providing equal opportunity for employees and qualified applicants in all aspects of the employment relationship, including consideration for employment, without regard to race, color, sex, sexual orientation, gender identity, national origin, citizenship, marital status, protected veteran status, disability, age, religion, or any other classification protected by law.

Full-time Description Leading with our people, Digital Consultants' mission is to deliver the highest level of professional solutions while being a trusted partner and advisor to our customers. With a culture of practicality, opportunity, and creativity, we remain committed to upholding honesty, trust, respect, and ethical standards in all our endeavors. We are a certified SBA 8(a) small, disadvantaged business that supports multiple IT customers within the Federal, civilian, and private sectors. Digital Consultants also offer our employees growth opportunities, competitive wages, and a full benefits package. Our founding principles, Fairness and Common Sense, make working here more than a job; it's the Digital family. Digital Consultants seeks an Information System Security Officer (ISSO) III who provides cybersecurity support and oversight for Navy systems in accordance with DoD Risk Management Framework (RMF) and Navy Cybersecurity policies. The ISSO assists the ISSM in ensuring system compliance, maintains RMF package documentation, and supports vulnerability management and cybersecurity reporting in support of NSWCPD Code 104. Duties to include: Support the Information System Security Manager (ISSM) in all aspects of system cybersecurity compliance and accreditation. Develop, review, and maintain RMF accreditation packages, including System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), POA&Ms, and Continuous Monitoring strategies. Ensure implementation and validation of security controls in accordance with NIST SP 800-53, DoD 8510.01 (RMF), and Navy SCA business rules. Monitor systems for vulnerabilities, review STIG and SRG scan results, and track remediation in eMASS/VRAM. Conduct and document security incident response actions and report to the ISSM. Provide cybersecurity status reporting, technical risk analysis, and compliance metrics to leadership. Coordinate with system administrators, engineers, and Navy program offices to ensure security requirements are integrated into system lifecycle management. Requirements Clearance: Top Secret, US Citizen only Education: Bachelor's Degree in Computer Science, information technology, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university. Certifications: DoD 8570/8140 IAM Level II (CAP, CASP+ce, CISM, CISSP, GSLC, CCISO, HCISPP) OR IAT Level II baseline certification (CCNA-Security, CySA+, GICSP, GSEC, Security+ce, CND, SSCP) Experience: Minimum 7 years of cybersecurity or A&A experience, with at least 5 years as an ISSO or equivalent security role. Experience must include: Developing and maintaining RMF lifecycle documentation. Assessing and validating implementation of security controls. Conducting risk and vulnerability reviews, documenting results, and supporting system accreditation. Expert knowledge of DoD RMF, NIST SP 800-53, and Navy cybersecurity compliance processes. Proficiency in eMASS, ACAS, VRAM, and DISA STIG compliance tools. Ability to coordinate across engineering, operations, and program management teams to resolve cybersecurity issues. Ability to work on-site at NSWCPD Philadelphia and travel CONUS as required. The candidate must, with or without reasonable accommodation, be able to sit, stand, use computers and monitors, and perform duties in an office environment for extended periods. The candidate must be able to lift up to 40 lbs. on occasion (e.g., moving a case of paper or similar task) that may occur occasionally. Digital Consultants, an inclusive and welcoming company, is fully committed to hiring and retaining a diverse workforce without regard to race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), genetic information, national origin, age (40 or older), disability, veteran status or any other protected characteristic. We provide reasonable accommodation to individuals who require assistance at any stage of the employment process. If you need assistance navigating Digital Consultants' job openings or applying for a position, please email ************************** or call ************. Please provide your contact information so we can assist you. Salary Description $130,000 - 170,000

Information Systems Security Officer (ISSO) III Philadelphia, PA Active or Interim Secret Clearance Required @Orchard is supporting a growing Federal contract with proven capabilities in cybersecurity. We are seeking a skilled ISSO to be proposed as a bid-as-key for a new project supporting the Navy. This role will be based out of Philadelphia, PA and will be responsible for managing all aspects of the IA process. If awarded, this could be a fantastic opportunity to grow your career with a company that has built strong relationships within Defense and Intelligence. As the Information Systems Security Officer you will: Assist Information System Security Managers (ISSMs) in executing duties and responsibilities. Ensure compliance with all NAVSEA, DON, and DoD cybersecurity policies. Ensure relevant Cybersecurity (CS) policy and procedural documentation is current and accessible to properly authorized individuals. Coordinate cybersecurity processes and activities for assigned systems. Maintain and report Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs. Provide oversight of Security Plans for assigned systems throughout lifecycle. Manage and maintain Plan of Actions and Milestones (POA&M), ensuring vulnerabilities are properly tracked, mitigated, and remediated where possible. Assist with identification of security control baselines and applicable overlays. Coordinate validation of security controls with Navy Qualified Validators (NQVs). Perform Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews. Adjudicate findings from Package Submitting Officer (PSO). Register and maintain systems in Enterprise Mission Assurance Support Service (eMASS). Plan and coordinate security control testing during Risk Assessments and Annual Security Reviews. Report changes in system security posture to ISSM. Ensure execution of Continuous Monitoring-related requirements as defined in System Level Continuous Monitoring (SLCM) Strategy. Review all data produced by Continuous Monitoring activities, update eMASS record as necessary, and escalate to leadership for action if required. Correlate findings from non-RMF vulnerability assessments (e.g., Development Test (DT)/Operational Test (OT), penetration testing, Command Cyber Operational Readiness Inspection (CCORI), etc.) to RMF controls for tracking to ensure holistic risk assessment. Participate in change control and configuration management processes. Maintain vulnerability data in Vulnerability Remediation Asset Manager (VRAM). Qualifications: Target Education: Bachelor's degree in computer science, IT, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited college or university. Target Experience: Six (6) years of experience coordinating and enacting required security changes, within various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident-response by isolating potentially effected assets, initial investigation and data collection, through status updates/reporting. Minimum Certs: IAM-II, CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, HCISPP Must be U.S. citizen and hold active or interim Secret clearance.

ISSO Employment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success: * Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. * Maintain responsibility for managing cybersecurity risk from an organizational perspective. * Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership. * Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies. * Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO). * Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes. * Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF. * Provide subject matter expertise for cyber security and trusted system technology. * Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems. * Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. * Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring. * Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications: * Bachelor's Degree. * A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc. * eMASS experience. * Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher. * Strong desktop publishing skills using Microsoft Word and Excel. * Experience with industry writing styles such as grammar, sentence form, and structure. * Ability to multi-task in a deadline-oriented environment. Ideally, you will also have: * CISSP, CASP, or a similar certificate is preferred. * Master's Degree in Cybersecurity or related field. * Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking. * Demonstrated ability to work well independently and as a part of a team. * Excellent work ethic and a high commitment to quality. Our Commitment: Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package. Health, Dental, and Vision Life Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation! Explore additional job opportunities with CGS on our Job Board: ************************************* For more information about CGS please visit: ************************** or contact: Email: [email protected] #CJ $92,213.33 - $125,146.66 a year We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Join our team to take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity and Tech Controls team, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions. **Job responsibilities** + Executes creative security solutions, design, development, and technical troubleshooting with the ability to think beyondroutine or conventional approaches to build solutions and break down technical problems. + Develops secure and high-quality production code and reviews and debugs code written by others. + Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolvesecurity protocols, including creating processes to determine the effectiveness of current controls. + Works with stakeholders and business leaders to understand security needs and recommend business modifications duringperiods of vulnerability. + Conducts discovery, vulnerability, penetration testing, and threat scenarios on multiple organizational assets to identify andassess if vulnerabilities are present, and executes threat modeling for multiple applications including external applicationsinteracting with the internal JPMorgan Chase network. + Works across customer engineering teams to help apply our framework and applications to their problem domain. + Prototypes and recommends changes and additions to system components based on engineering customer experiences. + Focuses on an integrated system approach to delivery versus ad-hoc add- ons to the architecture; looks for commonalityand patterns in the needs of the engineering teams. **Required qualifications, capabilities, and skills** + Formal training or certification on software engineering concepts and 5+ years applied experience. + Skilled in planning, designing, and implementing enterprise level security solutions. + Advanced in one or more programming languages like Java or Python. + Proficient in all aspects of the Software Development Life Cycle. + Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security. + Understand requirements management processes for highly regulated environments. + Cloud experience (AWS, Azure) and delivery mechanisms such as Terraform. + Kubernetes and related tooling experience. + Experience with threat modeling, discovery, vulnerability, and penetration testing. + In-depth knowledge of the financial services industry and their IT systems. + Experience with big data platforms and technologies such as Apache Flink, Apache Spark, Trino, Kafka, Apache Iceberg. **Preferred qualifications, capabilities, and skills** + Experience effectively communicating with senior business leaders. + Experience with Data Lake and Lake House Architectures and tooling. \#CTC JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management. We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process. We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation. JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans **Base Pay/Salary** Jersey City,NJ $152,000.00 - $215,000.00 / year

Data Intelligence, LLC (DI) is seeking a qualified and experienced Information Systems Security Officer III to support the Naval Surface Warfare Center (NSWC) in Philadelphia, PA. The successful candidate will be responsible for coordinating security efforts to ensure the safety and integrity of classified and unclassified information systems and assist in maintaining a secure operating environment. This position requires a strong understanding of cybersecurity protocols, as well as the ability to coordinate and implement security measures to meet the specific needs of the organization. **This position is contingent upon award of contract** Key Responsibilities: Collaborate with various levels of the organization to implement required security changes and ensure compliance with established security policies and standards. Conduct comprehensive cybersecurity vulnerability and threat assessments to identify and mitigate risks to information systems. Lead cyber-incident-response efforts, including isolating affected systems, conducting initial investigations, collecting relevant data, and providing status updates and reports to leadership. Provide guidance on best practices and recommend improvements to the organization's security posture. Perform risk assessments and develop mitigation strategies to protect sensitive data from internal and external threats. Support continuous monitoring of information systems and provide regular status reports on security compliance. Maintain up-to-date knowledge of emerging cybersecurity threats and industry best practices. Required Skills/Experience: Bachelor's degree in Computer Science, Information Technology, Communications Systems Management, or an equivalent science, technology, engineering, and mathematics (STEM) field. A minimum of 6 years of relevant experience in cybersecurity or information systems security. Prior experience supporting Navy programs. Current IAM Level II certification (or higher) in accordance with DoD 8570.01-M. At least a Secret-level security clearance is required, with the ability to obtain higher-level clearance if necessary. Proficiency in cybersecurity frameworks, risk management processes, and security controls. Strong analytical and problem-solving skills with attention to detail. Excellent communication and interpersonal skills, with the ability to work effectively with a diverse team. Preferred Qualifications: Experience with DoD security requirements and systems. Familiarity with NIST, RMF, and other relevant cybersecurity standards. Ability to work in a potentially remote environment with occasional on-site requirements. Why Work with Data Intelligence, LLC? At Data Intelligence, LLC, we are committed to delivering cutting-edge technology solutions and security expertise to our government clients. Our team members play an integral role in the development and protection of critical national security systems. Join our team and contribute to the defense of vital information assets while advancing your career in a collaborative and rewarding environment. About Us: Data Intelligence, DI is an established small business that has supported the critical missions of our government clients since 2005. We provide full life cycle system development, systems engineering, cybersecurity, and supporting analytical and logistics support to C4ISR and other complex systems. We are an equal opportunity employer that offers competitive salaries, comprehensive benefits, a team-oriented environment, and opportunities for advancement. Our excellent employee retention record reflects our employee focus. We work with Veteran's organization to proactively hire those who have served our country. We offer medical, dental and vision insurance, 401k, PTO and 11 paid holidays. Data Intelligence is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status. Data Intelligence, DI is an established small business that has supported the critical missions of our government clients since 2005. We provide full life cycle system development, systems engineering, cybersecurity, and supporting analytical and logistics support to C4ISR and other complex systems. We are an equal opportunity employer that offers competitive salaries, comprehensive benefits, a team-oriented environment, and opportunities for advancement. Our excellent employee retention record reflects our employee focus. We work with Veteran's organization to proactively hire those who have served our country. We offer medical, dental and vision insurance, 401k, PTO and 11 paid holidays. Data Intelligence is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

Requirements Education: Bachelor's degree in Computer Science, Information Technology, Communications Systems Management, or other STEM discipline. Experience: Minimum 6 years of experience coordinating and enacting security changes within an organization. Experience with vulnerability and threat analysis, compliance enforcement, and incident response. Familiarity with DoD and Navy cybersecurity practices and reporting requirements. Skills & Knowledge: Proficiency in identifying, analyzing, and mitigating cybersecurity threats. Strong understanding of Risk Management Framework (RMF), system accreditation processes, and DoD cybersecurity directives. Excellent communication and reporting skills with the ability to provide clear, actionable recommendations. Certifications: Must hold a baseline certification as outlined in the Cybersecurity Workforce (CSWF) requirements (e.g., Security+ CE, CISSP, CISM, or equivalent). Security Clearance Requirements Active Secret clearance Salary Description 85,000 - 150,000

Information System Security Officer (ISSO) Rothe Development, Inc. (RDI) is seeking a skilled Information System Security Officer (ISSO) to support the cybersecurity posture of Navy information systems. The ISSO will play a critical role in ensuring systems are secure, compliant, and resilient against cyber threats in accordance with DoD and Navy cybersecurity policies. Contingent upon contract award to Rothe, this position will be based on-site in Philadelphia, Pennsylvania, and requires an active Secret security clearance. Key Responsibilities: Implement and manage security controls for Navy information systems in compliance with DoD directives and RMF (Risk Management Framework). Conduct system security risk assessments and vulnerability analyses. Develop and maintain system security plans (SSPs), POA&Ms, and other required documentation. Monitor system security status and support continuous monitoring activities. Coordinate with system owners, administrators, and other stakeholders to ensure security requirements are met. Support incident response efforts and investigations as needed. Ensure compliance with NIST, DoD, and Navy cybersecurity standards and policies. Qualifications: U.S. Citizenship and active Secret clearance required. Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent experience). Minimum of 3-5 years of experience in information system security, preferably within DoD environments. Strong knowledge of RMF, NIST SP 800-53, and DoD cybersecurity policies. Experience with eMASS, ACAS, and other DoD cybersecurity tools is preferred. Security+ CE or equivalent DoD 8570 IAT Level II certification required. Work Environment: This is an on-site position located in Philadelphia, PA. Remote work is not available. Rothe is an EEO/AA/Disability/Vets Employer and complies with E-Verify Rothe shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sexual orientation, gender identity, national origin, disability or veteran status. To apply complete online submission at **************************

The Information System Security Officer (ISSO) III will support the Navy in ensuring that information systems remain secure, compliant, and mission-ready. This role is responsible for implementing cybersecurity controls, monitoring security posture, supporting incident response, and ensuring compliance with Department of Navy, NAVSEA, and DoD cybersecurity requirements. Responsibilities Implement and manage information security controls across Navy IT systems. Ensure compliance with cybersecurity regulations, directives, and published policies. Conduct vulnerability and threat analyses, document findings, and recommend corrective actions. Support cybersecurity incident response activities including isolation of affected assets, initial investigation, evidence collection, and status reporting. Monitor systems for suspicious activity, unauthorized access, and security misconfigurations. Prepare and maintain system security documentation to support accreditation and assessment processes. Provide updates, reports, and security briefings to Navy leadership and program managers. Collaborate with system administrators, engineers, and other cybersecurity personnel to maintain confidentiality, integrity, and availability of Navy information systems. Requirements Education: Bachelor's degree in Computer Science, Information Technology, Communications Systems Management, or other STEM discipline. Experience: Minimum 6 years of experience coordinating and enacting security changes within an organization. Experience with vulnerability and threat analysis, compliance enforcement, and incident response. Familiarity with DoD and Navy cybersecurity practices and reporting requirements. Skills & Knowledge: Proficiency in identifying, analyzing, and mitigating cybersecurity threats. Strong understanding of Risk Management Framework (RMF), system accreditation processes, and DoD cybersecurity directives. Excellent communication and reporting skills with the ability to provide clear, actionable recommendations. Certifications: Must hold a baseline certification as outlined in the Cybersecurity Workforce (CSWF) requirements (e.g., Security+ CE, CISSP, CISM, or equivalent). Security Clearance Requirements Active Secret clearance Salary Description 85,000 - 150,000

Responsibilities: Assists the Information System Security Managers (ISSM) in executing their duties and responsibilities. Ensures compliance with all cybersecurity policies. Ensures relevant Cybersecurity (CS) policy and procedural documentation is current and accessible to properly authorized individuals. Coordinates cybersecurity processes and activities for assigned systems. Maintains and reports Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs. Provides oversight of Security Plans for assigned systems throughout their lifecycle. Manages and maintains Plan of Actions and Milestones (POA&M), ensuring vulnerabilities are properly tracked, mitigated, and where possible, remediated. Assists with the identification of security control baselines and applicable overlays. Coordinates the validation of security controls with Navy Qualified Validators (NQV). Performs Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews. Adjudicates findings from Package Submitting Officer (PSO). Registers and maintains systems in Enterprise Mission Assurance Support Service (eMASS). Plans and coordinates security control testing during Risk Assessments and Annual Security Reviews. Reports changes in system security posture to the ISSM. Ensures the execution of Continuous Monitoring related requirements as defined in the System Level Continuous Monitoring (SLCM) Strategy. Reviews all data produced by Continuous Monitoring activities, updates the eMASS record as necessary, and escalates to leadership for action, if required. Correlates findings from non-RMF vulnerability assessments, penetration testing, Command Cyber Operational Readiness Inspection (CCORI), etc.) to RMF controls for tracking, ensuring a holistic risk assessment. Participates in change control and configuration management processes. Maintains vulnerability data in Vulnerability Remediation Asset Manager (VRAM). Please go to Openings | Amelex to apply for this position. Certificates/Security Clearances/Other An Active Secret Security Clearance is required. Minimum Certification Requirement: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP is required. Education: Bachelor's degree in computer science, information technology, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited institution as recognized by the U.S. Department of Education Experience: Six (6) years of DoD experience coordinating and enacting required security changes, within various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident response by isolating potentially effected assets, initial investigation and data collection, through status updates/reporting.

The Information System Security Officer (ISSO) provides direct cybersecurity and information assurance support to Information System Security Managers (ISSMs), ensuring compliance with all DoD, DON, and NAVSEA cybersecurity policies. This position is contingent upon contract award. Please ensure resume has the following information: Name Updated Contact information Dates of employment MM/YYYY to MM/YYYY Key Responsibilities: Maintain and report Assessment & Authorization (A&A) status for assigned systems. Manage Plans of Action and Milestones (POA&Ms) and ensure vulnerability remediation. Register and maintain systems in eMASS and VRAM; oversee continuous monitoring activities. Coordinate security control validations with Navy Qualified Validators (NQV). Review Risk Management Framework (RMF) Standard Operating Procedures and adjudicate findings. Track, document, and escalate changes in security posture as needed. Correlate results from non-RMF vulnerability assessments to RMF controls for comprehensive risk tracking. Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or related discipline. DoD 8570 compliant certification (e.g., CISSP, CISM, Security+ CE). 7+ years of experience in system security and RMF implementation.

Paragon Cyber Solutions is hiring a skilled Information System Security Officer (ISSO) III to support cybersecurity and compliance functions in direct support of the Naval Surface Warfare Center Philadelphia Division (NSWCPD). This position is contingent upon contract award. The ISSO III will play a vital role in implementing and maintaining security controls, supporting incident response, and ensuring overall system compliance with Department of Defense (DoD) cybersecurity standards and frameworks. If you're looking for an opportunity to make an impact while supporting national security, we want to hear from you. Requirements Ensure security compliance across information systems by implementing DoD cybersecurity policies, standards, and guidelines. Assist in applying Risk Management Framework (RMF) requirements for system security accreditation and authorization. Coordinate and enforce required security changes and control implementations across systems and networks. Conduct vulnerability scans, threat assessments, and cyber risk analysis on mission systems. Support cyber incident response efforts including investigation, containment, documentation, and reporting. Perform continuous monitoring of system security postures and coordinate with other cybersecurity personnel to maintain system integrity. Prepare and maintain system security documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and security assessment reports. Participate in site inspections, compliance audits, and assessments by government or third-party assessors. Education Bachelor's degree in Computer Science, Information Technology, Communications Systems Management, or a related STEM field from an accredited college or university. Experience At least 6 years of relevant experience coordinating security implementation, policy compliance, vulnerability/threat assessments, and supporting incident response and investigation efforts. Certifications (one or more required): Must meet IAM Level II IAWF baseline certification standards under DoD 8140/8570.01-M, with at least one of the following: CAP (Certified Authorization Professional) CASP+ CE (CompTIA Advanced Security Practitioner) CISM (Certified Information Security Manager) CISSP (or Associate) GSLC (GIAC Security Leadership Certification) CCISO (Certified Chief Information Security Officer) HCISPP (HealthCare Information Security and Privacy Practitioner) Benefits Health Care Plan (Medical, Dental & Vision). Retirement Plan (401K w/ employer matching). Paid Time Off & Paid Federal Holidays. Short and Long-Term Disability. Healthy Work-Life Balance.

Responsibilities: Assists the Information System Security Managers (ISSM) in executing their duties and responsibilities. Ensures compliance with all cybersecurity policies. Ensures relevant Cybersecurity (CS) policy and procedural documentation is current and accessible to properly authorized individuals. Coordinates cybersecurity processes and activities for assigned systems. Maintains and reports Assess Only (AO) and Assessment and Authorization (A&A) status to Program Managers, Information System Owners, and ISSMs. Provides oversight of Security Plans for assigned systems throughout their lifecycle. Manages and maintains Plan of Actions and Milestones (POA&M), ensuring vulnerabilities are properly tracked, mitigated, and where possible, remediated. Assists with the identification of security control baselines and applicable overlays. Coordinates the validation of security controls with Navy Qualified Validators (NQV). Performs Risk Management Framework (RMF) Standard Operating Procedure (SOP) reviews. Adjudicates findings from Package Submitting Officer (PSO). Registers and maintains systems in Enterprise Mission Assurance Support Service (eMASS). Plans and coordinates security control testing during Risk Assessments and Annual Security Reviews. Reports changes in system security posture to the ISSM. Ensures the execution of Continuous Monitoring related requirements as defined in the System Level Continuous Monitoring (SLCM) Strategy. Reviews all data produced by Continuous Monitoring activities, updates the eMASS record as necessary, and escalates to leadership for action, if required. Correlates findings from non-RMF vulnerability assessments, penetration testing, Command Cyber Operational Readiness Inspection (CCORI), etc.) to RMF controls for tracking, ensuring a holistic risk assessment. Participates in change control and configuration management processes. Maintains vulnerability data in Vulnerability Remediation Asset Manager (VRAM). Education: Bachelors degree in computer science, information technology, communications systems management, or an equivalent science, technology, engineering & mathematics (STEM) degree from an accredited institution as recognized by the U.S. Department of Education Experience: Six (6) years of DoD experience coordinating and enacting required security changes, within various levels of an organization, ensuring compliance with published policies; conducting cybersecurity vulnerability and threat analysis; and support cyber incident response by isolating potentially effected assets, initial investigation and data collection, through status updates/reporting. Minimum Certification Requirement: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, or HCISPP is required. Other: An Active Secret Security Clearance is required. Benefits Information: We offer a generous benefits package including a 401k with employer match. Full time employees are also eligible for family medical, dental and vision benefits; as well as ancillary benefits including life and accidental death and dismemberment insurance; short- and long-term disability; flexible spending accounts; long-term care insurance; and accident, hospital, and critical illness insurance. Full-time employees are also eligible for 2 weeks vacation leave accrual per year (this accrual increase as tenure with company increases), 7 days sick leave, and 11 paid holidays, with additional leave time available for bereavement, jury duty, and military training days throughout the year.

McLaughlin Research has several openings (pending award) for Information Systems Security Engineers at the Naval Surface Warfare Center, Philadelphia Division. The Information System Security Engineer (ISSE) designs, develops, implements, and integrates advanced cybersecurity solutions to protect the organization's information systems and data assets. The ISSE III functions as a technical subject matter expert, applying security engineering principles across the system development lifecycle to identify vulnerabilities, mitigate risks, and maintain compliance with information assurance standards. This position often works with classified systems and complex networking environments. Requirements Key Responsibilities Security Architecture and Design: Designing and implementing security architectures for various environments and ensuring trusted relationships between systems. Risk Management and Compliance: Assessing and mitigating threats, leading the creation of security artifacts like SSPs and RARs, supporting system accreditation under frameworks like RMF, and ensuring compliance with policies such as DoD and NIST SP 800-series. Vulnerability Management and Incident Response: Conducting vulnerability assessments and ethical hacking, performing risk assessments, leading incident response, and managing automated scanning tools like ACAS and SCAP. Mentorship and Team Leadership: Guiding junior engineers and analysts and leading teams to achieve security goals. Cross-Functional Collaboration: Representing security engineering on technical teams and interfacing with stakeholders to translate requirements. Required Qualifications Education: BS in Computer Science or relevant field. Experience: 3-10 years in information security engineering, with specific experience potentially needed for DoD or SAP environments. Certifications: Must meet DoD 8570/8140 compliance (IASAE Level III, IAT Level III, or IAM Level III) and hold certifications such as CISSP, CASP+, CISM, CSSLP, or CISSP-ISSEP. Technical Skills: Expertise in RMF, NIST SP 800-53, DISA STIGs/SRGs, experience with security tools (e.g., eMASS, ACAS, Splunk), and knowledge of operating systems and networks (Windows, Linux, Cisco). Scripting proficiency is beneficial. Security Clearance: U.S. citizenship and eligibility to obtain an active security clearance. Equal Employment Opportunity Statement: McLaughlin Research Corporation is an Equal Opportunity and Affirmative Action Employer. It is our policy to recruit, hire, promote, and train for all positions without regard to age, race, creed, religion, national origin, gender identity, marital status, sexual orientation, family responsibilities, pregnancy, minorities, genetic information, status as a person with a disability, amnesty or status as a protected veteran, and to base all such decisions upon the individual's qualifications and ability to perform the work assigned, consistent with contractual requirements and all federal, state and, local laws. EEO is the Law: Applicants and employees are protected under Federal law from discrimination.

At Customers Bank, we believe in working hard, working smart, working together to deliver memorable customer experiences and having fun. Our vision, mission, and values guide us along our path to achieve excellence. Passion, attitude, creativity, integrity, alignment, and execution are cornerstones of our behaviors. They define who we are as an organization and as individuals. Everyone is encouraged to have personal development plans. By doing so, our team members are on their way to achieve their highest potential and be successful in their personal and professional lives. This role is ONSITE in our Malvern, PA office Monday through Thursday with Friday remote. Must be eligible to work in the U.S. without requiring sponsorship now or in the future. Who is Customers Bank? Founded in 2009, Customers Bank is a super-community bank with over $22 billion in assets. We believe in dedicated personal service for the businesses, professionals, individuals, and families we work with. We get you further, faster. Focused on you: We provide every customer with a single point of contact. A dedicated team member who's committed to meeting your needs today and tomorrow. On the leading edge: We're innovating with the latest tools and technology so we can react to market conditions quicker and help you get ahead. Proven reliability: We always ground our innovation in our deep experience and strong financial foundation, so we're a partner you can trust. What you'll do: * Cloud Security Architecture: Design, implement, and maintain secure architectures for cloud platforms (Azure, AWS, or others), ensuring alignment with security policies and regulatory requirements. * Security Tools Configuration: Configure, maintain, and optimize security tools including CNAPP, CASB, SIEM, endpoint detection, vulnerability scanners, and cloud-native security controls. * Defender & CASB Oversight: Manage and tune Microsoft Defender and Defender for Cloud Apps (CASB) to detect, prevent, and remediate threats across cloud environments, SaaS platforms, and endpoints. * Security Baseline Compliance: Review and ensure that environments and resources consistently follow security baselines and frameworks such as CIS, NIST, and FFIEC. * Secure Design & Guidance: Partner with infrastructure, DevOps, and application teams to provide security requirements and guidance for cloud projects and deployments. * Documentation & Reporting: Maintain architecture diagrams, configuration documentation, and compliance reporting to support audits and regulatory exams. * Incident Response Support: Provide expertise in responding to cloud-related security incidents and collaborate on remediation efforts. * Continuous Improvement: Evaluate emerging cloud security tools and best practices to enhance protection and operational efficiency. * API platform monitoring: Assist architecture team implement API monitoring platform. This includes API inventory and related data monitoring * Perform monitoring: Provide metrics (KPIs and KRIs) supporting appropriate security monitoring and underlying processes. What do you need? * Must-Haves * 5+ years' experience in security engineering, architecture, or operations, with at least 2 years in cloud security. * Strong knowledge of cloud platforms (Azure, AWS, or GCP), including native security tools and services. * Experience reviewing and managing network security configurations. * Hands-on experience with configuring and maintaining security tools (SIEM, EDR, vulnerability management, IAM, cloud security posture management). * Solid understanding of networking protocols, routing, and hybrid cloud connectivity. * Bachelor's degree in Information Security, Computer Science, or related field, or equivalent work experience. Key Skills * Strong troubleshooting and analytical skills. * Ability to balance security needs with business requirements. * Excellent communication skills, with the ability to translate technical findings into clear, actionable recommendations. * Proficiency in Microsoft Office applications for reporting and documentation. * Nice-to-Haves * Cloud security certifications such as AZ-500 (Azure Security Engineer), AWS Security Specialty, CCSP, or CISSP. * Experience with Splunk, CrowdStrike, Tenable, Active Directory, and cloud-native logging/monitoring tools. * Knowledge of DevSecOps practices and integrating security into CI/CD pipelines. * Banking or financial services industry experience. Customers Bank is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also provide "reasonable accommodations", upon request, to qualified individuals with disabilities, in accordance with the Americans with Disabilities Act and applicable state and local laws. Diversity Statement: At Customers Bank, we believe in working smart, working together, and having fun while delivering innovative solutions and memorable experiences for our customers. We are committed to the continual advancement of a culture which reflects the value we place on diversity, equity, and inclusion. We honor the diverse experiences, perspectives, and identities of our team members, and we recognize that it is their passion, creativity, and integrity that drives our success. Step into your future with us! Let's take on tomorrow.

ISSOEmployment Type: Full-Time, Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington, DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.In this role, you'll conduct security assessment, and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the government's most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success:- Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership.- Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies.- Providing configuration management (CM) recommendations for information system security software, hardware, and firmware and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO).- Maintain vulnerability scanning tool compliance, such as HBSS or ACAS, and patch management, such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes.- Support security authorization activities, including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF.- Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems.- Research, write, review, disposition feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring.- Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings, and other complex problems. Qualifications:- Bachelor's Degree.- A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc.- eMASS experience.- Professional security certification such as: CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP, or higher.- Strong desktop publishing skills using Microsoft Word and Excel.- Experience with industry writing styles such as grammar, sentence form, and structure.- Ability to multi-task in a deadline-oriented environment. Ideally, you will also have:- CISSP, CASP, or a similar certificate is preferred.- Master's Degree in Cybersecurity or related field.- Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking.- Demonstrated ability to work well independently and as a part of a team.- Excellent work ethic and a high commitment to quality. Our Commitment:Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our client's specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, we've been growing our government contracting portfolio, and along the way, we've created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package.Health, Dental, and VisionLife Insurance 401k Flexible Spending Account (Health, Dependent Care, and Commuter) Paid Time Off and Observance of State/Federal Holidays Contact Government Services, LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation!Explore additional job opportunities with CGS on our Job Board:**************************************** more information about CGS please visit: ************************** or contact:Email: ******************* #CJ