Security architect jobs in Ceres, CA

WHO WE ARE: Headquartered in Southern California, Skechers-the Comfort Technology Company -has spent over 30 years helping men, women, and kids everywhere look and feel good. Comfort innovation is at the core of everything we do, driving the development of stylish, high-quality products at a great value. From our diverse footwear collections to our expanding range of apparel and accessories, Skechers is a complete lifestyle brand. ABOUT THE ROLE: Skechers is seeking a passionate Application Security Engineer to join our team and serve as a security champion who bridges the gap between development and security operations. This role is critical to strengthening our security posture by embedding security practices throughout the software development lifecycle and fostering a security-first culture across our development teams. The ideal candidate will be a hands-on security professional who thrives on collaboration, enjoys mentoring developers, and has the technical expertise to identify vulnerabilities while providing practical remediation guidance. You will play a pivotal role in scaling our application security program and ensuring our applications are secure by design. WHAT YOU'LL DO: Successfully integrate security practices into development workflows, resulting in measurable reduction of security vulnerabilities in production applications Conduct thorough security-focused code reviews that identify critical vulnerabilities while providing actionable feedback to development teams Establish and implement efficient processes for triaging, prioritizing, and tracking remediation of security findings with clear SLAs and accountability measures Enhance developer engagement through proactive security awareness initiatives, building trusted relationships that enable developers to implement secure coding practices throughout the development process. Assist with management and optimization of SAST, DAST, OSS, WAF, and other application security tools to maximize coverage and minimize false positives Provide analysis and support as needed during security incidents to contribute to faster resolution times WHAT YOU'LL BRING: Proficiency with application security tools including SAST, DAST, dependency scanning, and WAF technologies Strong understanding of common web application vulnerabilities (OWASP Top 10) and secure coding practices Experience with at least one programming language (Java, Python, JavaScript, C#, or similar) Knowledge of API security, authentication mechanisms, and authorization frameworks Familiarity with DevSecOps practices and CI/CD pipeline integration REQUIREMENTS: 3-5 years of hands-on application security experience with demonstrated expertise in secure code review Retail or e-commerce experience a plus The pay range for this position is $110,000-$155,000/yr USD.

REQUIRED Job Title: WMS Supply Chain Architect Compensation: $80-90/hr is eligible for medical, dental, vision, and 401(k). Duration: 6 month contract with potential to extend, maybe convert. Job Description: Addison Group is working with a retail fashion brand looking for a WMS Supply Chain Architect to own the warehouse and transportation systems strategy by integrating WMS, TMS, and related tools to improve DC throughput and on-time delivery. Lead cross-functional discovery, design solutions, and oversee configuration, integration, testing, and cutover. Define KPIs and alerts to monitor throughput, carrier performance, and inventory accuracy. Qualifications: Must-Have Experience 10+ yrs supply chain; 7+ yrs WMS architecture in retail/eComm at Alo's scale or larger Deep WMS design/config + TMS/transportation (parcel/LTL, rate shopping, labels, compliance) Strong systems integration (API/EDI/queues) across WMS/TMS/ERP/OMS/eComm/DCs/3PLs Proven delivery in high-volume/peak environments; clear solution design/runbooks Nice-to-Haves Experience with FDM4 WMS OMS/eComm (e.g., Shopify), reverse logistics/returns, yard/labor mgmt REQUIRED Addison Group is an Equal Opportunity Employer. Addison Group provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. Addison Group complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. Reasonable accommodation is available for qualified individuals with disabilities, upon request.

Job Title: EDW Architect Salary Range: $120,000 - $150,000 About the Role We are looking for a highly experienced and technically skilled Enterprise Data Warehouse (EDW) Architect to lead the design, development, and optimization of data infrastructure across our enterprise. This is a critical, hands-on role that will drive our data architecture strategy, enabling advanced analytics, reporting, and business intelligence across departments. The ideal candidate brings a deep background in data modeling, enterprise architecture, and cloud-based data platforms-especially AWS, Oracle, and Redshift-along with a passion for building scalable, high-performance systems. Key Responsibilities Architect and maintain the enterprise data warehouse to support analytics, reporting, and operational needs. Design robust, scalable data infrastructure components and ETL/ELT processes. Develop and implement enterprise information architecture strategies to ensure data consistency, availability, and performance. Lead end-to-end data lifecycle management including ingestion, transformation, storage, and access. Collaborate with data engineers, analysts, and business stakeholders to understand requirements and deliver actionable solutions. Ensure compliance with data governance and security protocols. Provide technical leadership and mentorship to data engineering teams. Required Qualifications Bachelor's degree in Computer Science, Information Systems, or related field (20+ years of relevant experience accepted in lieu of degree) 16+ years of experience in programming, data modeling, and enterprise data warehouse development 5+ years of experience in Enterprise Information Architecture 5+ years designing data infrastructure components 3+ years of recent hands-on expertise with: AWS (including Redshift) Oracle Programming with database services for enterprise data management and analytics Strong proficiency in data modeling (conceptual, logical, and physical) Deep understanding of relational and non-relational database systems Nice to Have Experience with Electronic Health Record (EHR) systems and related data architecture Hands-on experience with tools and technologies such as: OLAP Hadoop / Cloudera Talend RDBMS & NoSQL Big Data platforms

The requirements listed below are representative of the knowledge, skill, and/or ability required: Build the networks by taking into consideration various factors like, bandwidth requirements, infrastructure requirements and security. Responsible for estimating growth and plan for the network upgrade to meet future demands. Ability to work on multiple priorities and/or projects simultaneously. Excellent listening and communications skills, both verbal and written. flexible in working hours to support global project and migration during non-business hours. Ability to collaborate with multiple teams to achieve project goals. Organized, detail oriented and self-motivated. Ability to provide and maintain detailed documentation on each project. Demonstrate knowledge in advanced networking and infra security domain. Ability to successfully train the operation team on the new solution(s) implemented. Problem-solving skills and abilities to meet reasonable deadlines. Ability to work with little supervision and manage a team. Identify opportunities and recommend solutions for improving the overall network health by assessing overall effectiveness and efficiency. Stay current with existing, emerging, and evolving technologies and when appropriate, make recommendations as to how we may best harness a new technology or idea. BS in Engineering, Computer Science, or related field, with 15+ years of work experience in networking domain Have completed minimum 3 significant network solution designs In-depth knowledge of the OSI network model Experience with different network types (i. e. LAN, WAN, WLAN) Network protocols and technologies, e. g. DNS, HTTP, SSL, 802. 1x, Load Balancing, WAN optimization, SD-WAN, VPN, PKI Cisco network products (Nexus and Catalyst switches, routers, WLC, ISE) Knowledge of Palo Alto Networks firewall and IPS configuration and troubleshooting Knowledge of F5 load balancer Knowledge of public cloud is highly desirable Knowledge of Zero-Trust networking is highly desirable CCNP certification CCIE certification PCNSE certification Azure Network Engineer Associate

About the Hiring Team Tencent Overseas IT has the mission to empower Tencent's rapid global growth with future ready, global IT platforms, applications and services. We are chartered to lead the Overseas IT strategy, architecture, roadmap and execution. Satisfying our internal/external customers and becoming a world class global IT team are our top aspirations. What the Role Entails Tencent Overseas IT is committed to accelerating Tencent's international business growth and enabling its success through the deployment of cutting-edge technology platforms in IT services, cloud, security, and DevOps. As leaders in IT technology, we are responsible for defining and executing on Tencent's Overseas IT strategy, architecture, and roadmap. Our primary focus is to deliver exceptional value to satisfy the diverse needs of our internal and external customers, while striving to build a world-class global IT team. Responsibilities We're seeking a Principal Security Architect to drive the overall security architecture of Tencent overseas business. This role will work closely with foundation IT and Business teams to ensure compliance with security best practices, regulatory requirements, and internal policies. Key responsibilities include: * Security Strategy and Planning: Defining and implementing the organization's security strategy, roadmaps, and long-term vision. * Security Architecture Design: Developing and maintaining the overall security architecture, including defining security frameworks, standards, and controls. * Incident Response: Participating in incident response activities, providing expertise in identifying, containing, and recovering from security incidents. * Risk Management: Identifying and assessing security risks, developing mitigation strategies, and ensuring alignment with business objectives. * Security Compliance: Ensuring compliance with relevant security regulations, industry standards (e.g., NIST, ISO 27001, HIPAA), and internal policies. Who We Look For Key Skills * Security Architecture Design: Ability to design and implement secure and scalable architectures across various environments (e.g., cloud, containerized, on-premises), including developing and maintaining threat models and security reference architectures, with a strong emphasis on Zero Trust principles. * Security Operations & Incident Response: Experience with Security Information & Event Management (SIEM) systems, vulnerability scanners, malware analysis, and handling security incidents. The ability to lead threat modeling activities and support penetration testing is also important. * Networking: In-depth knowledge of networking principles, including routers, switches, firewalls, load balancers, and wireless devices, as well as network security protocols and technologies like VLANs, VPNs, IDS/IPS, and network segmentation. * Cloud Security: Expertise in cloud security principles and technologies across major platforms like AWS, Azure, and GCP, including implementing security controls and best practices in cloud environments. * Identity and Access Management (IAM): Strong understanding of enterprise IAM systems, including platforms like Okta, SailPoint, and Active Directory (AD), and the ability to implement and manage secure access controls based on the principle of least privilege. * Data Protection: Knowledge of data protection methods like encryption, pseudonymization, and shuffling, and how to apply them effectively to safeguard against data corruption, compromise, and loss. * Security Testing & Analysis: Experience in conducting penetration testing, vulnerability assessments, ethical hacking, and risk analysis to identify and mitigate security risks. * Security Automation & DevSecOps: Hands-on experience with security automation tools and scripting languages (e.g., Python, Lambda, Terraform) to streamline security processes and embed security into CI/CD workflows and Infrastructure-as-Code (IaC) processes. * Security Tools & Technologies: Proficiency in using various security tools and technologies, including SIEM platforms, XDR, cloud-native threat detection tools, vulnerability scanners, and encryption tools. * Operating Systems: Experience with various operating systems, including Windows, Linux, and UNIX. * Application Security: Experience in web application security, OWASP, API security, and secure design and testing. * SaaS Security: Experience with SaaS permission management, experience with SSPM (SaaS Security Posture Management) * AI for Security: real word experience with AI/LLM/Agentic for security, especially adopt LLM in SIEM rule, SOAR optimization. * Scripting skills in Python, PowerShell or Bash Qualifications * Education: Typically, a master's degree in computer science, Information Security, or a related technical field is required. * Minimum of 10-12+ years of progressive experience in cybersecurity, including at least 5-7 years in a security architecture or senior-level engineering role. * Experience securing workspace and key enterprise systems, including IAM, e-mail, DevSecOps, SaaS, and back-office systems. * Essential soft skills: Analytical Thinking; Problem-Solving; Risk Management; Adaptability & Continuous Learning;Attention to Detail * Experience working with remote, globally distributed teams * Previous experience in the gaming industry is a plus. * Relevant certifications: * Certified Information Systems Security Professional (CISSP) * Certified Cloud Security Professional (CCSP) * Certified Information Security Manager (CISM) * AWS Certified Security - Specialty * Other certifications like AWS Certified SA, Certified Ethical Hacker (CEH), CompTIA Security+, and GIAC Security Essentials Certification (GSEC) can also be beneficial. Location State(s) US-California-Palo Alto The expected base pay range for this position in the location(s) listed above is $141,200.00 to $328,400.00 per year. Actual pay may vary depending on job-related knowledge, skills, and experience. Employees hired for this position may be eligible for a sign on payment, relocation package, and restricted stock units, which will be evaluated on a case-by-case basis. Subject to the terms and conditions of the plans in effect, hired applicants are also eligible for medical, dental, vision, life and disability benefits, and participation in the Company's 401(k) plan. The Employee is also eligible for up to 15 to 25 days of vacation per year (depending on the employee's tenure), up to 13 days of holidays throughout the calendar year, and up to 10 days of paid sick leave per year. Your benefits may be adjusted to reflect your location, employment status, duration of employment with the company, and position level. Benefits may also be pro-rated for those who start working during the calendar year. Equal Employment Opportunity at Tencent As an equal opportunity employer, we firmly believe that diverse voices fuel our innovation and allow us to better serve our users and the community. We foster an environment where every employee of Tencent feels supported and inspired to achieve individual and common goals.

Job Type: Full-time Work Category: Hybrid Telecommute Sponsorship: Not Available Compensation: $ 40.00 - $ 60.00 Gallo Privacy Policy We are GALLO We're a family-owned company with a 90+ year legacy, that's consistently recognized as a Glassdoor “Best Places to Work.” We have 130+ brands in our total alcohol beverage portfolio including wine, malt, spirits, and ready-to-drink beverages. We're home to the #1 wine and spirits brands in the U.S. - Barefoot Wine & High Noon and are the official sponsors of the NFL, NHL, UFC, and PGA of America. View our Corporate Values and Mission Statement here. A Taste Of What You'll Do We're seeking an experienced SAP Security Analyst to shape and operate SAP security across on‑premises and cloud platforms (S/4HANA, Fiori, GRC, EWM, Ariba, BTP, BRF+, IAS, IBP, Solution Manager). In this hands‑on role you'll design and develop roles, enforce segregation of duties, manage access controls, and sustain ITGCs and compliance. You will lead access provisioning, testing, audit readiness, incident response, and continuous improvement efforts while documenting processes and training users. You'll collaborate closely with Enterprise Architecture, IAM, and Cybersecurity to align SAP security with enterprise identity and access strategies. You'll drive projects from requirements through implementation and production support, coordinating testing with business and technical stakeholders and supporting transitions from project delivery to stable operations. Day‑to‑day responsibilities include role design and debugging, risk mitigation, audit management and remediation, creating clear runbooks and training materials, and investigating security incidents with a focus on timely, effective resolution. You'll monitor emerging SAP security trends and recommend practical enhancements that balance risk, usability, and business needs. We value intrapreneurship-thinking boldly, taking measured risks, learning quickly, and championing innovation-and ownership-setting high expectations, fostering frank and constructive discussions, and holding yourself and others accountable. We're looking for someone who communicates clearly, mentors colleagues, and helps build resilient, repeatable processes. We're committed to building an inclusive workplace and welcome applicants from all backgrounds, experiences, and abilities. If you need an accommodation to apply or interview, please let us know and we'll work with you. Bring your SAP security expertise, curiosity, and collaborative spirit to a team focused on protecting critical systems and enabling secure business outcomes. What You'll Need Bachelor's degree in Computer Science, Business Administration, MIS, Mathematics, or Engineering, plus 3 years of experience with information security, System Administration or equivalent with increasing levels of responsibility; OR High School Diploma or State-issued equivalency certificate plus 7 years of experience in Information Security, System Administration or equivalent with increasing levels of responsibility. Demonstrated technical expertise in IT systems. Strong analytical ability, communication skills and the ability to work effectively with clients/customers, IT management and staff, vendors, consultants, and auditors. Required to travel to company offices, sites, and/or meeting locations for onboarding, training, meetings, and events for development, department needs, and business delivery up to 5% of the time, with or without reasonable accommodation. This may be in addition to travel requirements, if applicable, as listed in this . Required to be 18 years or older. This may be in addition to other age requirements, if applicable, as listed in this . How You'll Stand Out Bachelor's degree in Computer Science, Business Administration, MIS, Mathematics, or Engineering, plus 5 years of experience with data security reflecting increasing levels of responsibility. Extensive professional experience in management and deployment of security tools. Extensive knowledge of networking, databases, systems and/or Web operations. In-depth knowledge of data security and protection techniques. In-depth knowledge of application security and application security best practices. Professional experience in the following: Vulnerability and configuration assessment tools, IDS/IPS tools, logging and monitoring tools (SIM), DLP, audit & assessment (GRC tools), data encryption and network or application firewalls, enterprise monitoring (SIEM). Familiarity with mobile, SaaS & Cloud technologies. Professional certifications (CISSP, ISACA, GSEC, others) Knowledge of industry frameworks and best practices (ISO, NIST, CSC, others). Knowledge of regulatory requirements and compliance (PCI, SOX, HIPAA, GLBA). Experience managing customer expectations. Experience identifying short and long-term issues and providing solutions. Knowledge of other business areas. Demonstrates strong team building skills, adapts to unexpected changes, and acts as a strong role model. Demonstrates strong negotiation and conflict resolution skill. Broad knowledge of principles, practices, and procedures in this field of specialization. Experience completing assignments that are broad in nature, usually requiring originality and ingenuity, with appreciable latitude for unreviewed action or decision. To View the complete Job Description please click here. Our Benefits & Perks We are committed to providing competitive compensation, perks, and a culture that supports your well-being. Benefits depend on your work category and may include medical and dental coverage, 401k plans, profit sharing, pet insurance, company holidays, access to an employee wine shop, and more! Additional information will be provided before your first interview. The Fine Print The Company does not sponsor for employment-based visas for this position now or in the future. Actual compensation paid within the range will be determined by factors such as the education, experience, knowledge, skills and abilities of the applicant, internal equity, and alignment with market data. In addition to the salary, this position may be eligible for bonuses, incentive plans, or participate in tasting room tip pools, as applicable. This position will be based in the location(s) specified in the job posting with an option for occasional telecommuting. You will be expected to live within a commutable distance. It is the Company's policy for job postings to be open to internal candidates for a minimum of 5 days and to external candidates, if applicable, for a minimum of 3 days. Gallo's policy is to afford equal employment opportunities to all applicants and employees and not to discriminate on the basis of race, traits associated with race, including but not limited to, hair texture and protective hairstyles (such as braids, locks, and twists), color, national origin, ancestry, creed, religion, physical disability, mental disability, medical condition as defined by applicable state law (including cancer and predisposing genetic characteristics), genetic information, marital status, familial status, sex, gender, gender identity, gender expression, sexual orientation (actual or perceived), transgender status, sex stereotyping, pregnancy, childbirth or related medical conditions, reproductive health decision making, age, military or veteran status, domestic violence or sexual assault victim status, or any other basis protected by applicable law. Nor will Gallo discriminate based on a perception that an individual has any of the foregoing characteristics or is associated with a person who has, or is perceived to have, any of those characteristics. Gallo will comply with state and local laws prohibiting discrimination for lawful out-of-work behavior, such as off-duty use of cannabis away from the workplace (subject to federal and state law exceptions), the existence of non-psychoactive cannabis metabolites in hair, blood, urine, or other bodily fluids as determined by a drug screening test (subject to federal and state law exceptions). We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gallo is committed to providing reasonable accommodation for candidates with disabilities in our recruiting process. If you need any assistance or accommodation due to a disability, please let us know at ************. Gallo is enrolled in the Department of Homeland Security's E-Verify program and will use the program to verify the employment eligibility of all newly hired employees as required. E-Verify Notice Right to Work Employee Polygraph Protection Act

We are seeking a seasoned SAP Security professional to join our team in supporting and enhancing enterprise security across a diverse SAP landscape. The ideal candidate will bring deep expertise in managing security roles, authorizations, and governance for a variety of SAP modules, including experience with modern S/4HANA environments. Key Responsibilities: Design, implement, and maintain SAP security roles and authorizations across multiple SAP platforms including ECC, BW, BPC, CRM, BusinessObjects (BOBJ), and Solution Manager. Collaborate with functional and technical teams to assess access requirements and deliver secure, compliant solutions. Participate in full lifecycle SAP implementations, providing hands-on security configuration and ensuring alignment with business and compliance requirements. Support system audits and implement corrective actions related to access and compliance. Assist in the development of security policies and best practices for SAP systems, including risk analysis and segregation of duties (SoD). Contribute to S/4HANA migration planning and execution with a focus on securing new and transitioned environments. Required Qualifications: 8+ years of hands-on experience in SAP Security administration across a variety of SAP applications (ECC, BW, BPC, CRM, BOBJ, and Solution Manager). Demonstrated involvement in at least two full-cycle SAP implementations in a security-focused role. Experience supporting a full end-to-end S/4HANA migration project, with an emphasis on security role design and transition. Strong understanding of user provisioning, role-based access controls, GRC tools, and SoD principles. Excellent communication skills and ability to work cross-functionally with both technical and business stakeholders.

Hello, Greetings for the day, We have an urgent job opening for a SAP Security Consultant in San Francisco, CA. Please find the complete below and consultant information details below to the job description. Duration: 5Months+ Job Title: SAP Security Duties: Provides the technical guidance in development of security roles and authorizations to SAP projects and production support for R3, BW, EBP, SMP, PI, AII/OER systems Ensures development and maintenance of SAP roles and authorizations are aligned with enterprise security best practices and corporate standards Delivers and manages overall SAP security standards and designs Works closely with SAP functional and technical teams in the identification and resolution of gaps in the security authentication and authorization processes Provides day-to-day support for GRC 5.3 CUP, FireFighter Works closely with security and technical teams in architecting and implementing Identity and Security best practices in SAP environment; Partners with teams in support of internal and external auditing of SAP environment Performs annual SAP licensing for all the systems onsite Skills: Minimum of 5 years of experience implementing and delivering SAP Security Solutions; Must have strong demonstrated knowledge of SAP Security and experience with GRC Analysis and Administration. Experience in implementing/upgrading/managing SAP GRC Access Controls, Access Risk Analysis and Emergency Access Management a plus; Must have excellent troubleshooting and resolution skills; Strong attention to detail. Strong technical knowledge of SAP Security architecture and role based authorization models; Strong analytical, problem solving and conceptual. Strong oral and written communication skills, with an ability to express complex technical concepts; Strong understanding of data privacy concepts. Strong Security and Risk mitigation mindset.Understanding of process re-engineering, segregation of duties, application security implementation, security auditing techniques Keywords: Education: Bachelor's degree in Computer Science or related field, OR equivalent combination of education and/or experience Skills and Experience: Required Skills: AUDITING MITIGATION PROBLEM SOLVING SAP Security GRC Additional Skills: RE-ENGINEERING RISK ANALYSIS ARCHITECTURE SAP SECURITY SECURITY ARCHITECTURE SECURITY IMPLEMENTATION SOLUTIONS AUTHENTICATION EBP MAINTENANCE R3 Thanks & Regards, Srikanth ************ 800 W, Fifth Avenue, Suite 208A Naperville, IL - 60563 " A Certified MBE & Women's Business Enterprise Alliance (WBEA)" Additional Information All your information will be kept confidential according to EEO guidelines.

**Department Description** At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: + Secure the Magic by protecting information systems and platforms. + Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. + Strengthen the business through optimizing execution, application, and technology used to protect the Company. + Innovate by investing in core capabilities to enhance operational efficiency. **Team Description:** Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. **What You'll Do:** + Independent audit support for: + SOX 404 ITGCs + PII + PCI + ISPS + Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. + Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. + Develop and lead the Control Assurance Programs (ISPS and SOX). + Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. + Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. + This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. + Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. + Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) + Ensure for timely management response of audit findings into our corporate SOCD/SAD. + Oversee ISPS Management Audit coordination and open action plans. + Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. + Management of GRC workflows around coordination of certifications and attestations. + Partner with leadership to support the PCI-DSS compliance program. + Develop training materials, coordinate training sessions, and monitor compliance with training requirements. + Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. + Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. + Provide executive level updates on Compliance programs **Must Haves (Years of Experience, languages, programs, tools, etc.):** + Minimum of 8 years of related work experience, with 3 in management roles + IT SOX experience and proven experience in supporting IT audit/compliance functions + Experience in managing people + Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives + Interpersonal skills with the ability to work with teams cross-functionally + Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators + Detail-oriented but able to understand the big picture. Highly organized and efficient + Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments + Experience with cloud-based services, specifically AWS **Nice To Haves (see above):** + Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR + Experience working with companies that have a heavy microservice architecture **Education:** Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. **Job ID:** 10135782 **Location:** Glendale,California **Job Posting Company:** The Walt Disney Company (Corporate) The Walt Disney Company and its Affiliated Companies are Equal Employment Opportunity employers and welcome all job seekers including individuals with disabilities and veterans with disabilities. If you have a disability and believe you need a reasonable accommodation in order to search for a job opening or apply for a position, email Candidate.Accommodations@Disney.com with your request. This email address is not for general employment inquiries or correspondence. We will only respond to those requests that are related to the accessibility of the online application system due to a disability.

Are you a hands-on security leader ready to make a measurable impact in a mission-driven organization? We're looking for a Director of Information Security to lead and scale our security operations, incident response, and engineering efforts. In this role, you'll oversee our security ecosystem - from real-time monitoring to proactive threat hunting - and help shape the future of enterprise security at a growing company. This is a highly collaborative position where you'll work cross-functionally with teams across the business to protect our information assets, infrastructure, and services - especially within a SaaS and life sciences environment. What will you do? Shape and drive the enterprise security operations strategy in alignment with broader company goals. Serve as a trusted advisor to senior leadership on all things security. Manage our Security Operations Center (SOC), ensuring rapid incident detection, triage, and response. Oversee threat intelligence, vulnerability management, and operational risk mitigation initiatives. Partner with IT and engineering teams to deploy, tune, and optimize tools like SIEM, SOAR, EDR, and DLP. Implement automation and integrations that improve speed and efficiency. Lead cyber incident response efforts and continuously test and improve our disaster recovery and response plans. Coordinate cross-functional teams (e.g., Legal, HR, Communications) during major security events. Lead, mentor, and grow a high-performing team of security and infrastructure professionals. Support the development of a resilient, inclusive, and learning-driven culture across the department. Align programs with regulatory standards (HIPAA, SOX, GDPR, PCI-DSS) and frameworks (NIST, MITRE ATT&CK). Support audits and ensure documentation is ready and accurate. How will you get there? Bachelor's degree in Computer Science, Information Security, or related field (Master's a plus). 12+ years of relevant experience, including 4+ years leading teams in complex enterprise environments. Hands-on expertise in SOC management, incident response, and threat intelligence. Experience in the Medical Device, Life Sciences, or highly regulated industries preferred. Professional certifications such as CISSP, CISM, GIAC, or CEH. Proficiency with security tools including SIEM, EDR, SOAR, IDS/IPS, and vulnerability management platforms. Strong knowledge of cloud (AWS, Azure, GCP), Windows/Linux systems, and network protocols. Familiarity with security frameworks and standards (NIST, MITRE, ISO 27001). Proven ability to build, lead, and retain high-performing technical teams. A proactive, solutions-oriented mindset with excellent communication and collaboration skills. #GKOSUS

The Information Security organization at Sony Pictures Entertainment is responsible for protecting our content, systems, and data from being stolen, damaged, or destroyed. To do so, we are continuously improving our tools, capabilities, and processes to stay ahead of evolving threats. The Manager, Information Security Productions is accountable for operationalizing the Information Security Productions program across all SPE U.S. productions. This includes driving consistent implementation of approved security standards, tools, and controls; ensuring data-driven visibility into production security risk; and supporting compliance and readiness reporting to leadership. Success in this role requires strong cross-functional collaboration across Information Security, IT, S3, and production teams to embed security into creative workflows without friction, while ensuring protection of SPE's most valuable assets-our stories and intellectual property. This role will also ensure program consistency with regional and global counterparts, contribute to automation and standardization of key controls, and support ongoing improvement of information security for productions practices across the production lifecycle. Key indicators of success in this role will be: Business leaders have near real-time visibility into production information security risk using meaningful, actionable metrics that drive timely and effective decision-making. Consistent application of approved tools, workflows, and controls across productions, ensuring compliance and readiness reporting aligns with studio KPIs. Production teams trust SPE to provide a secure, highly available, and easy-to-use digital production environment that safeguards our content and data. Information Security, Physical Security, and IT operate as unified partners to protect SPE productions from concept to archive. Within this organization, we value learning, agility, and collaboration. The Manager, Information Security Productions (CC, US) will be a key contributor to Sony Pictures Entertainment's goal of being the most trusted studio in the industry. Responsibilities Provide visibility and actionable insight into Information Security risk across active U.S. productions. Monitor, analyze, and report on production security posture and key control performance metrics for each production. Partner with global InfoSec, Risk, Threat Intelligence, Incident Response, Training, and Governance teams to align production needs with enterprise programs. Prepare and present dashboards and reports on security trends, compliance status, and improvement opportunities. Support the development of production-specific metrics and KPIs to measure control effectiveness. With IT and Physical Security, maintain security controls in place for productions to most effectively meet our business goals. Operationalize the Production Information Security Program across U.S. productions. Ensure consistent implementation of approved security tools, policies, and workflows within productions. Coordinate adoption of automated controls with productions, such as provisioning, watermarking, and access telemetry. Support the standardization and scalability of production security practices across production titles and business units. Ensure and track production security culture, awareness, and response readiness. Amplify the reach of security training and awareness initiatives by coordinating rollout to productions, ensuring consistent messaging and participation tracking. Gather feedback from productions to help refine information security for productions training and awareness efforts. Partner with Incident Response to ensure clear communications, timely follow-up, and closure of corrective actions. Track cultural and operational readiness indicators (e.g., onboarding rates, reporting engagement, post-incident improvements) to measure program maturity and continuous improvement. Qualifications 5+ Years of experience in Information Security, Information Technology or a related field 5+ Years of experience in an organization directly involved in movie, television and/or other entertainment production, or equivalent educational experience. Bachelor's degree preferred Strong understanding of the technologies, tools and processes used in production of movies and/or television. Knowledge of Information Security frameworks, standards and best practices and their relevance to business success Specific knowledge of processes, tools and practices used to maintain confidentiality in the context of movie and television productions. Ability to develop and maintain meaningful metrics to track program and process effectiveness. Strong planning and analytical skills Strong communications skills The anticipated base salary for this position is $115,000-$150,000. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position. Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics. SPE will consider qualified applicants with arrest or conviction records in accordance with applicable law. To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.

: Company Description The Department of Public Health prioritizes equitable and inclusive access to quality healthcare for its community and values the importance of diversity in its workforce. All employees at the Department of Public Health work to advance equity, inclusion, and diversity with a specific lens and focus on race, ethnicity, gender, sex, sexuality, disability, and immigration status. This is a Position-Based Test conducted in accordance with CSC Rule 111A. Learn more about the City's hiring process here: **************** sf. gov/knowledge/process/Application Opening: Friday, November 21, 2025Application Deadline: Application filing will close on or after Friday, January 9, 2026. Salary: $180,440 - $230,308 Annually (Range A) Appointment Type: Permanent Civil ServiceRecruitment ID: PBT-0933-160818 Becoming a City employee means being a part of a team that cares about making a difference. Your work will shape both the present and future of San Francisco. When you work for the City, you're choosing a job with purpose. The mission of the San Francisco Department of Public Health (SFDPH) is to protect and promote the health of all San Franciscans. SFDPH strives to achieve its mission through the work of several divisions - the San Francisco Health Network, Population Health Division, Behavioral Health Services, and Central Administration. The San Francisco Health Network is the City's only complete system of care and has locations throughout the City, including Zuckerberg San Francisco General Hospital and Trauma Center, Laguna Honda Hospital and Rehabilitation Center, and over 15 primary care health centers. The Population Health Division (PHD) provides core public health services for the City and County of San Francisco: health protection, health promotion, disease and injury prevention, disease surveillance, and disaster preparedness and response. Behavioral Health Services operates in conjunction with SFHN and provides a range of mental health and substance use treatment services. Central Administration houses core support organizations, including Finance, Information Technology (IT), Human Resources, Privacy and Compliance, Business Office, Facilities Management, and Security Services. Job Description The San Francisco Department of Public Health is seeking a dynamic and experienced cybersecurity professional to join its IT leadership team. As a key strategic leader, the Chief Information Security Officer (CISO) (0933 Manager V) will be responsible for developing and executing a comprehensive information security strategy that safeguards the department's systems, data, and services. This role leads the implementation of an enterprise-wide security program that promotes collaboration, strengthens governance, and aligns cybersecurity initiatives with organizational goals. The CISO serves as a trusted advisor to senior leadership, providing expert guidance on risk management, security investments, and policy development. The CISO oversees a team of cybersecurity professionals within the SFDPH IT division and collaborates extensively with the CISO for the City and County of San Francisco. We are looking for a visionary and collaborative leader who can balance innovation with risk mitigation, and who thrives in a complex, mission-driven environment. The CISO reports directly to the Chief Information Officer (CIO). The Chief Information Security Officer (0933 Manager V) performs the following essential job functions:Provides strategic leadership in evaluating and mitigating information security threats across the organization using a structured, risk-based methodology. Advises executive leadership on identified risks and ensures timely execution of mitigation and remediation plans with integrity and discretion Directs the ongoing development of the department's information security program, including project portfolio management, incident response, policy frameworks, compliance activities, threat and vulnerability management, and third-party risk management Allocates and manages resources to support a robust security strategy. Identifies and advocates for strategic investments, oversees capital and operating budgets, and delivers ROI analyses and budget recommendations Partners with the Office of Compliance and Privacy Affairs to assess data security risks related to contracts, projects, artificial intelligence solutions, and other initiatives. Develops tools and interventions to mitigate risks, establishes performance metrics, and monitors compliance through audits and assessments Builds alignment and support for security goals and initiatives across internal and external stakeholders. Communicates effectively with leadership at all levels on trends, risks, and the overall effectiveness of the security program Promotes awareness and understanding of regulatory requirements across the organization. Leads or collaborates on testing and auditing activities to ensure ongoing compliance and successful certifications Analyzes security requirements and ensures compliance with industry standards such as HIPAA, NIST, and PCI-DSSEstablishes and maintains comprehensive policies and procedures to support effective and sustainable security operations Serves as the department's representative in security-related matters with City agencies and partners Continuously monitors emerging trends, technologies, and best practices in cybersecurity to ensure the department's security posture remains current and effective The Chief Information Security Officer (0933 Manager V) may perform other duties as assigned/required. Qualifications 1. Education: Bachelor's degree from an accredited college or university; AND 2. Experience: Five (5) years of professional healthcare information systems security experience, of which three (3) years must include supervising IT professionals. Education Substitution: Additional experience as described above may be substituted for the required degree on a year-for-year basis. One (1) year is equivalent to thirty (30) semester units / forty-five (45) quarter units. Applicants must meet the minimum qualification requirements by the final filing date unless otherwise noted. One-year full-time employment is equivalent to 2,000 hours (2,000 hours of qualifying work experience is based on a 40-hour work week). Desirable Qualifications: The stated desirable qualifications may be considered at the end of the selection process when candidates are referred for hiring:Possession of a Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) certification Verification of Education and Experience: Every application is reviewed to ensure that you meet the minimum qualifications as listed in the job ad. Review SF Careers Employment Applications for considerations taken when reviewing applications. Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment and selection process. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at **************** sf. gov/knowledge/experience-education/. Note: Falsifying one's education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco. Additional Information Selection Procedures: After application submission, candidates deemed qualified must complete all subsequent steps to advance in this selection process, which includes the following: Supplemental Questionnaire (SQ) Examination (Weight: 100%) Candidates that meet the minimum qualifications will be invited to participate in a Supplemental Questionnaire (SQ) examination that is designed to measure the knowledge, skills, and abilities in job related areas which may include but not be limited to: Knowledge of local, State and Federals laws and regulations relating to information security, including but not limited to HIPAA and HITECH; Knowledge of information security technology frameworks and standards, including but not limited to NIST, HITRUST, COBIT, ISO 27001, PCI-DSS or similar cyber security frameworks; Knowledge of technology relating to enterprise wide information security protection; Knowledge of structured systems analysis and design practices and techniques; common operating systems software and relational database systems; hospitals or community health network environments; Ability to apply principles and practices of management, administration, budgeting, training, and personnel management; Ability to manage, supervise, train and coordinate complex functional area of responsibility and groups of employees; Ability to analyze and report on activities, issues and problems and recommend appropriate solutions; Ability to communicate effectively orally; Ability to communicate effectively in writing; Ability to exercise judgement, decisiveness and creativity required in situations involving the direction, control and planning of a program(s); manage critical timelines effectively; Ability to establish and maintain good working relationships with department personnel, staff, vendors, peers, and management, and engage and influence a broad range of stakeholders (e. g. HR, IT, Legal, Compliance, senior management, etc. ) Candidates must achieve a passing score on the Supplemental Questionnaire exam in order to continue in the selection process and will be placed on the confidential eligible list in rank order according to their final score. Additional selection processes may be conducted by the hiring department prior to making final hiring decisions. Certification The certification rule for the eligible list resulting from this examination will be the Rule of the List. Eligible List/Score Report: A confidential eligible list of applicant names that have passed the civil service examination process will be created and used for certification purposes only. An examination score report will be established, so applicants can view the ranks, final scores, and number of eligible candidates. Applicant information, including names of applicants on the eligible list, shall not be made public unless required by law. However, an eligible list shall be made available for public inspection, upon request, once the eligible list is exhausted or expired and referrals resolved. The eligible list/score report resulting from this civil service examination process is subject to change after adoption (e. g. , as a result of appeals), as directed by the Human Resources Director or the Civil Service Commission. The duration of the eligible list resulting from this examination process will be of six months and may be extended with the approval of the Human Resources Director. To find Departments which use this classification, please see the city's Position Counts by Job Codes and Departments. Terms of Announcement and Appeal Rights: Applicants must be guided solely by the provisions of this announcement, including requirements, time periods and other particulars, except when superseded by federal, state or local laws, rules, or regulations. Clerical errors may be corrected by the posting the correction on the Department of Human Resources website at **************** sf. gov/. The terms of this announcement may be appealed under Civil Service Rule 111A. 35. 1. The standard for the review of such appeals is ‘abuse of discretion' or ‘no rational basis' for establishing the position description, the minimum qualifications and/or the certification rule. Appeals must include a written statement of the item(s) being contested and the specific reason(s) why the cited item(s) constitute(s) abuse of discretion by the Human Resources Director. Appeals must be submitted directly to the Executive Officer of the Civil Service Commission within five business days of the announcement issuance date. Additional information regarding Employment with the City and County of San Francisco:Information about the Hiring ProcessConviction HistoryEmployee Benefits OverviewEqual Employment OpportunityDisaster Service WorkersADA AccommodationRight to WorkCopies of Application DocumentsDiversity StatementVeterans PreferenceSeniority Credit in Promotional Exams Where to Apply All job applications for the City and County of San Francisco must be submitted through our online portal. Please visit **************** sf. gov/ to begin your application process. Applicants may be contacted by email about this recruitment. Please consider using a personal email address that you check regularly rather than a work or school account. Computers are available for the public (9:00 a. m. to 4:00 p. m. Monday through Friday) to file online applications in the lobby of the Dept. of Human Resources at 1 South Van Ness Avenue, 4th Floor and at the City Career Center at City Hall, 1 Dr. Carlton B. Goodlett Place, Room 110. Ensure your application information is accurate, as changes may not be possible after submission. Your first and last name must match your legal ID for verification, and preferred names can be included in parentheses. Use your personal email address, not a shared or work email, to avoid unfixable issues. Applicants will receive a confirmation email from notification@smartrecruiters. com that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received. If you have any questions regarding this recruitment or application process, please contact the analyst, Marielle Saldajeno at marielle. saldajeno@sfdph. org or **************. We may use text messaging to communicate with you on the phone number provided in your application. The first message will ask you to opt in to text messaging. The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.

Job Description About us: Lucence is a pioneering precision oncology company with a bold vision: a world where cancer is defeated through early detection and timely treatment. Our cutting-edge liquid biopsy tests use advanced molecular profiling to guide personalized cancer therapies, transforming how cancer is diagnosed and treated. At Lucence, we are shaping the future of precision medicine by capturing both genetic and cellular data from a single blood draw, bringing us closer to our mission of overcoming cancer. We are looking for an Information Security & Compliance Manager to lead Lucence's SOC 2 compliance programmes. You will own our internal controls, audits, and security governance frameworks, ensuring the company meets the standards required for global diagnostics operations. Key Responsibilities Compliance Ownership Own SOC 2 Type I/II, and build on HIPAA and cybersecurity certification roadmaps. Maintain documentation, evidence repositories, and ongoing readiness. Internal Controls & Policies Build, refine, and enforce security policies, risk registers, and access-control processes. Audit Management Partner with external auditors, coordinate internal contributors, drive remediation plans, and ensure timely closure of findings. Vendor & Data Protection Reviews Conduct security due diligence for vendors, manage DPAs, and ensure data-flow compliance for global partners. Security Governance Implement quarterly control testing, internal audits, DR/BCP drills, and continuous monitoring of compliance gaps. Cross-Functional Partnering Work closely with external vendors, Informatics, IT, Lab Ops, and Commercial teams to embed security into product and operational workflows. Preferred Qualifications Experience owning SOC 2 or ISO audit cycles end-to-end. Familiarity with cloud environments (AWS/Azure/GCP) and modern security tooling. Attention to detail to improve policies, controls, and audit documentation. Certifications: ISO Lead Auditor, CISA, CISSP, or equivalent.

ABOUT THE ROLE You'll be our first dedicated security leader, owning the technical execution of our security and compliance program. You'll drive SOC 2 and PCI DSS compliance, manage our vulnerability program, and build security capabilities that enable our engineering teams to move fast while staying secure. This is a hands-on role-you'll design controls, write policies, respond to incidents, and work directly with auditors. This is initially an individual contributor role with high impact and visibility. As our security program matures, you'll have the opportunity to build and lead a security team. IN THIS ROLE, YOU WILL Own Compliance Lead SOC 2 Type II and PCI DSS programs through successful audit Design and implement security controls without blocking velocity Serve as primary technical contact for external auditors and assessors Manage third-party vendor security assessments and ongoing monitoring Build automated evidence collection and continuous compliance monitoring Report security metrics and program status to executive leadership Manage Security Operations Establish vulnerability management program with defined SLAs and remediation workflows Own end-to-end vulnerability management: identify, assess, prioritize, and drive remediation to completion across infrastructure and applications Manage external penetration testing program with third-party vendors, including scoping, assessment review, and remediation tracking Perform internal penetration testing and security assessments of applications, APIs, and infrastructure Build SIEM detection rules, security dashboards, and alert triage processes Develop and test incident response runbooks Conduct threat modeling for critical systems and architectural changes Lead security assessments of new technologies and third-party integrations Enable & Collaborate Partner with platform engineering to implement security roadmap: AWS landing zone design, PAM/JIT workflows, account segmentation, disaster recovery testing Enforce enterprise security controls (SSO, secrets management, RBAC) Build and deliver security awareness training program for all employees Develop and maintain security policies, standards, and procedures Translate compliance requirements into actionable engineering tasks and drive completion YOU HAVE Security & Compliance: 5+ years in information security, with 2+ years in fintech or highly regulated industry CISSP certification (or actively pursuing - must obtain within 12 months of hire) Hands-on experience leading SOC 2 and PCI DSS audits from start to finish Strong incident response background-you've led real security incidents Experience with vulnerability management platforms (Wiz, Snyk, Tenable) Technical Skills: Solid understanding of AWS security: IAM, Security Hub, GuardDuty, CloudTrail, KMS Experience with SIEM platforms (Splunk, Datadog, Elastic)-you can write detection rules and build dashboards Hands-on experience with vulnerability assessment and penetration testing tools (Burp Suite, Nessus, Qualys, or similar) Ability to read code (Ruby, JavaScript, Python) and assess security implications Knowledge of web application security, API security, and OWASP Top 10 Understanding of access control patterns (PAM, SSO, RBAC, least privilege) Core Competencies: Strong communication-you can explain risks to engineers and executives alike Pragmatic risk management in fast-paced environments Self-starter who builds programs from scratch Collaborative mindset-security as enabler, not blocker Ability to drive remediation to completion across teams NICE TO HAVE Additional certifications (CISM, CISA, CCSP, CEH, OSCP, CRISC) Experience managing WAF deployments (Palo Alto, Cloudflare, AWS WAF) Infrastructure-as-code experience (Pulumi, Terraform) Kubernetes security knowledge SOAR platform experience DevSecOps or security automation background Scripting skills (Python, Bash) for security tooling and automation Kikoff: A FinTech Unicorn Powering Financial Progress with AI At Kikoff, our mission is to provide radically affordable financial tools to help consumers achieve financial security. We're a profitable, high growth FinTech unicorn serving millions of people, many of whom are building credit or navigating life paycheck to paycheck. With innovative technology and AI, we simplify credit building, reduce debt, and expand access to financial opportunities to those who need them the most. Founded in 2019, Kikoff is headquartered in San Francisco and backed by top-tier VC investors and NBA star Stephen Curry. Why Kikoff: This is a consumer fintech startup, and you will be working with serial entrepreneurs who have built strong consumer brands and innovative products. We value extreme ownership, clear communication, a strong sense of craftsmanship, and the desire to create lasting work and work relationships. Yes, you can build an exciting business AND have real-life real-customer impact. 🏥 Medical, dental, and vision coverage - Kikoff covers the full cost of health insurance for the employee! 📈 Meaningful equity in the form of RSU's 🏝 Flexible vacation policy to help you recharge 💰 Competitive pay based on experience consisting of base + equity + benefits Location: Hybrid, 3 days onsite in San Francisco, CA. Visa sponsorship available: Kikoff is willing to provide sponsorship for H1-B visas and U.S. green cards for exceptional talent. Equal Employment Opportunity Statement Kikoff Inc. is an equal opportunity employer. We are committed to complying with all federal, state, and local laws providing equal employment opportunities and considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. Please reference the following for more information. If you need reasonable accommodation for a job opening please connect with us at ***************** and describe the specific accommodation requested for a disability-related limitation. Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. San Francisco Fair Chance Ordinance: Pursuant to the San Francisco Fair Chance Ordinance, Kikoff will consider for employment qualified applicants with arrest and conviction records.

Department Description At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: Secure the Magic by protecting information systems and platforms. Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. Strengthen the business through optimizing execution, application, and technology used to protect the Company. Innovate by investing in core capabilities to enhance operational efficiency. Team Description: Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. What You'll Do: Independent audit support for: SOX 404 ITGCs PII PCI ISPS Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. Develop and lead the Control Assurance Programs (ISPS and SOX). Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) Ensure for timely management response of audit findings into our corporate SOCD/SAD. Oversee ISPS Management Audit coordination and open action plans. Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. Management of GRC workflows around coordination of certifications and attestations. Partner with leadership to support the PCI-DSS compliance program. Develop training materials, coordinate training sessions, and monitor compliance with training requirements. Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. Provide executive level updates on Compliance programs Must Haves (Years of Experience, languages, programs, tools, etc.): Minimum of 8 years of related work experience, with 3 in management roles IT SOX experience and proven experience in supporting IT audit/compliance functions Experience in managing people Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives Interpersonal skills with the ability to work with teams cross-functionally Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators Detail-oriented but able to understand the big picture. Highly organized and efficient Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments Experience with cloud-based services, specifically AWS Nice To Haves (see above): Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR Experience working with companies that have a heavy microservice architecture Education: Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. Job Posting Segment: Enterprise Technology Job Posting Primary Business: Corporate Global Information Security Primary Job Posting Category: Security Governance Employment Type: Full time Primary City, State, Region, Postal Code: Glendale, CA, USA Alternate City, State, Region, Postal Code: USA - CA - 2450 Broadway, USA - NY - 7 Hudson Square Date Posted: 2025-11-21

LinkedIn is the world's largest professional network, built to create economic opportunity for every member of the global workforce. Our products help people make powerful connections, discover exciting opportunities, build necessary skills, and gain valuable insights every day. We're also committed to providing transformational opportunities for our own employees by investing in their growth. We aspire to create a culture that's built on trust, care, inclusion, and fun - where everyone can succeed. Join us to transform the way the world works. Job Description At LinkedIn, our approach to flexible work is centered on trust and optimized for culture, connection, clarity, and the evolving needs of our business. This role may be remote or hybrid. At LinkedIn, hybrid roles are performed both from home and from a LinkedIn office on select days, as determined by the business needs of the team. Remote roles are performed from the designated home work location upon time of hire, and any changes to this home work location requires a review of remote status and approval. LinkedIn's members entrust us with their information every day and we take their security seriously. Our core value of putting our members first powers all the decisions we make, including how we manage and protect the data of our members and customers. We never stop working to ensure LinkedIn is secure. We follow industry standards and have developed our own best practices to stay ahead of the increasing number of threats facing all Internet services and infrastructure. LinkedIn is looking for an experienced Engineering Manager to lead the Detection Engineering team in the US and to be an integral part of our Information Security organization. The Detection Engineering team is responsible for developing and maintaining threat detection capabilities, security monitoring systems, and detection rules to protect our infrastructure, applications, and, most importantly, our members. This is a key role in supporting and growing our security detection and monitoring capabilities. Responsibilities: Leadership and Team Management * Lead and manage the detection engineering team, including hiring, training, and mentoring team members. * Develop and maintain detection engineering policies, procedures, infrastructure, and guidelines. * Coordinate and oversee all activities of the detection engineering team during threat detection development and implementation. Detection Development and Management * Serve as the primary point of contact for all threat detection development and enhancement initiatives. * Ensure timely development, testing, and deployment of detection rules and monitoring capabilities. * Conduct post-deployment analysis and create detailed reports on detection effectiveness with KPIs, including tuning recommendations and optimization strategies. Communication and Coordination * Communicate detection development status, updates, metrics and reporting, and capabilities to senior management, stakeholders, and security teams regularly. * Coordinate with internal and external teams, including security operations, defense infrastructure, incident response, and product engineering teams to develop and maintain effective detection capabilities. * Develop and maintain an effective detection engineering communication plan. Continuous Improvement * Continuously evaluate and improve detection engineering processes, tools, and capabilities. * Conduct and report on regular detection testing and validation exercises to test and refine detection rules and monitoring systems. * Stay current with emerging threats, attack techniques, and detection technologies to enhance the detection engineering program. Reporting and Documentation * Maintain comprehensive documentation of all detection rules, including development rationale, testing results, and performance metrics. * Prepare and present detection engineering reports and metrics to senior leadership and stakeholders. * Ensure compliance with regulatory requirements and industry standards related to threat detection and monitoring. Training and Awareness * Develop and deliver detection engineering training programs for team members and other relevant personnel. * Promote security detection awareness and best practices across the organization. * Ensure the detection engineering team is up-to-date with the latest tools, techniques, and procedures. Budget and Resource Management * Manage the detection engineering budget and allocate resources effectively. * Evaluate and recommend tools, technologies, and services to enhance the detection engineering program. * Ensure the team has the necessary resources and support to perform their duties effectively. Qualifications Basic Qualifications: * Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related technical discipline, or equivalent practical experience. * 1+ year(s) of management experience or 1+ year(s) of staff level engineering experience with management training. * 7+ years of experience in cybersecurity, with a focus on detection engineering, security monitoring, threat intelligence, incident response, or related security roles. * Experience leading or managing a cybersecurity, incident response, or detection engineering team. * Experience in cybersecurity frameworks and standards (e.g., NIST, MITRE ATT&CK, OCSF). * Experience in detection engineering tools and technologies (e.g., Query Languages, CI/CD, YARA, Sigma rules, threat intelligence platforms). * Experience with threat analysis, detection rule development, automation engineering, and security monitoring optimization. * Project management experience with managing budgets and resources. Preferred Qualifications: * Master's degree in Cybersecurity, Information Assurance, or a related field. * 10+ years of experience in cybersecurity, with significant experience in detection engineering, threat intelligence, or incident response. * 3+ years of management experience in building small to medium-sized teams, demonstrating growth and a track record of successful deliveries. * Ability to work under pressure and manage multiple detection development projects simultaneously as well as managing an oncall team. * Relevant certifications (e.g., CISSP, CISM, GCIH, GCFA, SANS). * Experience in developing and delivering detection engineering training and awareness programs. * Strong proficiency in Kusto Query Language (KQL) and SQL. * Proficiency in programming or scripting languages (e.g., Python, Go, etc.) for automating detection development and testing processes. * Experience with cloud security and detection engineering in cloud environments especially Azure. * Knowledge of advanced threat detection techniques, including threat hunting and behavioral analysis as well as applied threat intelligence. * Familiarity with detection engineering frameworks and best practices (e.g., Sigma, YARA, STIX/TAXII, OCSF). * Strong communication skills, both written and verbal, with the ability to convey complex technical information to non-technical stakeholders. Suggested Skills : * Security Information and Event Management (SIEM) * Query languages (KQL, SPL, SQL, Elastic, etc.) * Detection Rule Development (YARA, Sigma) * Scripting and Automation (e.g., Python, PowerShell, SQL) * Threat Intelligence Integration * Cloud Security (e.g., Azure, GCP) You will Benefit from our Culture We strongly believe in the well-being of our employees and their families. That is why we offer generous health and wellness programs and time away for employees of all levels. LinkedIn is committed to fair and equitable compensation practices. The pay range for this role is $152,000 - $248,000. Actual compensation packages are based on a wide array of factors unique to each candidate, including but not limited to skill set, years & depth of experience, certifications and specific office location. This may differ in other locations due to cost of labor considerations. The total compensation package for this position may also include annual performance bonus, stock, benefits and/or other applicable incentive compensation plans. For additional information, visit: ************************************** Additional Information Equal Opportunity Statement We seek candidates with a wide range of perspectives and backgrounds and we are proud to be an equal opportunity employer. LinkedIn considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. LinkedIn is committed to offering an inclusive and accessible experience for all job seekers, including individuals with disabilities. Our goal is to foster an inclusive and accessible workplace where everyone has the opportunity to be successful. If you need a reasonable accommodation to search for a job opening, apply for a position, or participate in the interview process, connect with us at accommodations@linkedin.com and describe the specific accommodation requested for a disability-related limitation. Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. Examples of reasonable accommodations include but are not limited to: * Documents in alternate formats or read aloud to you * Having interviews in an accessible location * Being accompanied by a service dog * Having a sign language interpreter present for the interview A request for an accommodation will be responded to within three business days. However, non-disability related requests, such as following up on an application, will not receive a response. LinkedIn will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by LinkedIn, or (c) consistent with LinkedIn's legal duty to furnish information. San Francisco Fair Chance Ordinance Pursuant to the San Francisco Fair Chance Ordinance, LinkedIn will consider for employment qualified applicants with arrest and conviction records. Pay Transparency Policy Statement As a federal contractor, LinkedIn follows the Pay Transparency and non-discrimination provisions described at this link: ******************************** Global Data Privacy Notice for Job Candidates Please follow this link to access the document that provides transparency around the way in which LinkedIn handles personal data of employees and job applicants: ********************************************

Join us and make YOUR mark on the World! Are you interested in joining some of the brightest talent in the world to strengthen the United States' security? Come join Lawrence Livermore National Laboratory (LLNL) where our employees apply their expertise to create solutions for BIG ideas that make our world a better place. We are dedicated to fostering a culture that values individuals, talents, partnerships, ideas, experiences, and different perspectives, recognizing their importance to the continued success of the Laboratory's mission. Pay Range $168,780 - $256,824 Annually $168,780 - $214,032 Annually for the SES.3 level $202,500 - $256,824 Annually for the SES.4 level This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting; pay will not be below any applicable local minimum wage. An employee's position within the salary range will be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, and business or organizational needs. Job Description We have an opening for a Senior Security Researcher to lead efforts to develop techniques and tools for red teaming in support of the defense of critical infrastructure systems and Federal networks. You will lead and support a range of highly complex security research and red teaming projects, developing and deploying innovative methods to emulate cyber-adversary behavior to help develop tools used to defend critical U.S. infrastructure and networks. Your expertise will drive the evolution of advanced cyber capabilities, threat analysis, and mitigation strategies for operational technology and industrial control systems. This position is programmatically in Global Security's Energy and Homeland Security (E) Program and administratively in the Global Security Computing Applications Division (GS-CAD) within the Computing Directorate. This position will be filled at either level based on knowledge and related experience as assessed by the hiring team. Additional job responsibilities (outlined below) will be assigned if hired at the higher level. You will * Guide and support advanced cyber research projects leveraging creative and automated methods to identify vulnerabilities in software, firmware, and operational technology systems. * Collaborate in the development of technical requirements for red team operations, penetration testing, and adversarial simulation capabilities at LLNL. * Analyze and assess novel software, firmware, and malware to uncover weaknesses, malicious behavior, and potential attack vectors, creating repeatable workflows to support future red team engagements. * Conduct in-depth source code, binary, and firmware analysis to identify exploitable vulnerabilities and develop proof-of-concept exploits and mitigations. * Participate in the design and implementation of new tools and techniques for vulnerability assessment, penetration testing, and adversary emulation to advance the understanding and mitigation of threats to operational technology. * Identify emerging threats and opportunities for enhancing cyber defense and red team capabilities, helping shape the technical direction of LLNL's cybersecurity initiatives. * Engage with sponsors and stakeholders to develop new program growth opportunities, contribute to research proposals, and ensure alignment with mission objectives. * Drive and execute innovative ideas and approaches to meet sponsor and project needs in a rapidly evolving threat landscape. * Mentor and collaborate with team members, utilizing your technical expertise to attract and retain projects, programs, and funding. * Perform other duties as assigned Additional job responsibilities, at the SES.4 level * Direct technical tasks for a portfolio of highly complex technical tasks and projects that consistently require the application of creativity and innovation; set broad research/project vision and strategy and influence technical direction for Laboratory, self and/or others wielding extensive influence with senior management and policy makers. * Provide highly innovative solutions to abstract complex problems/ideas, convert them into useable algorithms/software modules, and provide solutions that require in-depth analysis of multiple factors and the creative use of established methods. * Develop new ideas, modify approaches, and redefine requirements that significantly impact major Laboratory programs, set high-level goals, and contribute to the revolutionary advancement of knowledge. Qualifications * Ability to maintain a U.S. DOE Q-level security clearance which requires U.S. citizenship. * Bachelor's degree with significant focus in cybersecurity, computer science, information technology, computer engineering, or related technical field or the equivalent combination of education and related experience. * Significant experience leading program analysis of source code, binaries, or firmware. * Experience in the use of hardware or software debuggers, static disassemblers and decompilers (such as IDA Pro), common binary file formats, dynamic analysis tools, software bills of materials, and/or network analysis tools. * Significant experience communicating technical information across multi-disciplinary teams and to non-cyber experts, advising senior management, and applying interpersonal skills to collaborate effectively in a team environment. * Advanced knowledge of state-of-the-art technologies in red teaming and penetration testing. * Advanced analytical, problem-solving, and decision-making skills to develop creative solutions to complex problems. * Ability to effectively manage concurrent technical tasks with competing priorities, along with the demonstrated ability to approach difficult problems with enthusiasm and creativity and to effectively change focus when necessary. * Advanced verbal and written communication skills necessary to effectively collaborate in a team environment and present and explain technical information to multi-disciplinary teams and non-cyber experts and advise senior management and/or external sponsors and proficient interpersonal skills. Additional qualifications at the SES.4 level * Expert-level experience and ability to plan the integration and implementation of new programs and/or operational best practices. * Expert-level project leadership experience and ability to apply, lead and develop cutting-edge principles and research, working independently while effectively managing concurrent technical tasks with competing priorities. * Substantial experience creating technical direction and vision, writing research proposals, and securing sponsor funding. * Extensive experience in and knowledge of at least one of the following subject areas: Instruction set architectures, Reverse engineering intermediate languages, Firmware analysis and extraction, and/or Operational technology implementation. Qualifications We Desire * Advanced degree with significant focus in cybersecurity, computer science, information technology, computer engineering, or a related technical field. * Knowledge of one or more of the following computer science disciplines: embedded systems, scientific data analysis, machine learning, systems programming, software engineering, formal verification methods, and high performance computing. * Experience with industrial control systems software and hardware. * Ability to secure sponsor funding through winning proposals and sponsor relationships. * Previous experience working Department of Energy, Department of Homeland Security, Department of Defense, a utility, manufacturing, or hardware/software company, or a cybersecurity firm. Additional Information #LI-Hybrid Position Information This is a Flexible Term appointment, which is for a definite period not to exceed six years. If final candidate is a Career Indefinite employee, Career Indefinite status may be maintained (should funding allow). Why Lawrence Livermore National Laboratory? * Included in 2025 Best Places to Work by Glassdoor! * Flexible Benefits Package * 401(k) * Relocation Assistance * Education Reimbursement Program * Flexible schedules (*depending on project needs) * Our values - visit ***************************************** Security Clearance This position requires a Department of Energy (DOE) Q-level clearance. If you are selected, we will initiate a Federal background investigation to determine if you meet eligibility requirements for access to classified information or matter. Also, all L or Q cleared employees are subject to random drug testing. Q-level clearance requires U.S. citizenship. Pre-Employment Drug Test External applicant(s) selected for this position must pass a post-offer, pre-employment drug test. This includes testing for use of marijuana as Federal Law applies to us as a Federal Contractor. Wireless and Medical Devices Per the Department of Energy (DOE), Lawrence Livermore National Laboratory must meet certain restrictions with the use and/or possession of mobile devices in Limited Areas. Depending on your job duties, you may be required to work in a Limited Area where you are not permitted to have a personal and/or laboratory mobile device in your possession. This includes, but not limited to cell phones, tablets, fitness devices, wireless headphones, and other Bluetooth/wireless enabled devices. If you use a medical device, which pairs with a mobile device, you must still follow the rules concerning the mobile device in individual sections within Limited Areas. Sensitive Compartmented Information Facilities require separate approval. Hearing aids without wireless capabilities or wireless that has been disabled are allowed in Limited Areas, Secure Space and Transit/Buffer Space within buildings. How to identify fake job advertisements Please be aware of recruitment scams where people or entities are misusing the name of Lawrence Livermore National Laboratory (LLNL) to post fake job advertisements. LLNL never extends an offer without a personal interview and will never charge a fee for joining our company. All current job openings are displayed on the Career Page under "Find Your Job" of our website. If you have encountered a job posting or have been approached with a job offer that you suspect may be fraudulent, we strongly recommend you do not respond. To learn more about recruitment scams: ***************************************************************************************** Equal Employment Opportunity We are an equal opportunity employer that is committed to providing all with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, religion, marital status, national origin, ancestry, sex, sexual orientation, gender identity, disability, medical condition, pregnancy, protected veteran status, age, citizenship, or any other characteristic protected by applicable laws. Reasonable Accommodation Our goal is to create an accessible and inclusive experience for all candidates applying and interviewing at the Laboratory. If you need a reasonable accommodation during the application or the recruiting process, please use our online form to submit a request. California Privacy Notice The California Consumer Privacy Act (CCPA) grants privacy rights to all California residents. The law also entitles job applicants, employees, and non-employee workers to be notified of what personal information LLNL collects and for what purpose. The Employee Privacy Notice can be accessed here. Videos To Watch

Loyola Marymount University (LMU) is seeking an experienced leader to serve as Director of Information Security & Compliance within our Information Technology Services (ITS) team. This role offers a strategic opportunity to shape and safeguard the university's digital environment, drive proactive risk management, and embed a culture of security across the organization. Reporting directly to the CIO/VP of IT, the Director will architect and manage a best-in-class information security and compliance program that supports LMU's mission of learning, holistic education, service, and justice. Under the general direction of the CIO/Vice President for Information Technology, the Director of Information Security and Compliance will serve as the University's Cybersecurity leader. The Director will create a modern and effective Information Security and Compliance Program that will drive the university's efforts to protect its information assets and ensure compliance with relevant regulations and standards. This role is pivotal in creating a secure and compliant digital environment that supports LMU's mission, values, and goals. The Director will leverage partnerships and collaboration to lead initiatives that result in measurable improvements in information security and compliance, fostering a culture of security awareness and proactive risk management. The Director will serve as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity and availability, but also to the safety, privacy and recovery of information owned or processed by LMU in compliance with regulatory and university requirements. The Director will oversee the university's compliance with applicable laws, regulations, and policies related to information security and privacy. Position Specific Responsibilities/Accountabilities * Enhance Security Posture: Develop and implement a comprehensive cybersecurity program that significantly reduces risks and vulnerabilities across the university's digital landscape. * Ensure Regulatory Compliance: Achieve and maintain compliance with relevant regulations and standards, ensuring that LMU meets all legal and regulatory requirements. * Collaborative Protection: Work closely with various campus partners, external stakeholders, and community partners to ensure that information assets and associated technologies are protected, resulting in a cohesive, unified, and well understood approach to information security and compliance. * Risk Management: Conduct thorough risk assessments and implement effective mitigation strategies, leading to a demonstrable reduction in potential threats. * Incident Response: Oversee and improve incident response and recovery efforts, ensuring swift and effective investigation and resolution of security incidents. * Policy Development: Create and enforce robust policies and procedures that safeguard information assets, leading to a well-documented and easily accessible framework for cybersecurity. * Training and Awareness: Provide comprehensive training and guidance to staff on cybersecurity best practices, resulting in a well-informed and vigilant workforce. * Monitoring and Reporting: Continuously monitor and report on the effectiveness of the cybersecurity program, providing clear metrics and insights that demonstrate progress and areas for improvement. * Leadership and Strategy: Plan and manage the strategy, people, processes, tools, services, and resources necessary to effectively support the program and meet strategic goals. * Business Continuity and Disaster Recovery: Orchestrate a secure, robust, and highly reliable approach to providing ITS services, during and after a disaster or disruption, to minimize negative impacts to business operations and maintain essential services. * Data Governance: Oversee the university's data governance efforts, ensuring that data is managed securely and in compliance with university policies and legal requirements. * Perform other related duties. Loyola Marymount University Expectations Exhibit behavior that supports the mission, vision, and values of the university. Communicate and employ interpersonal actions that model high standards of professional, responsible, accountable, and ethical conduct. Demonstrate a commitment to outstanding customer service. Requisite Qualifications * Typically a Bachelor's Degree from an accredited four-year institution in Computer Science, Information Technology, or Cybersecurity. * Seven years of experience in information security, with at least three years in a management role. * Experience in developing and implementing technology policy, especially in a University environment is desirable. * Professional certifications such as CISSP, CISM, or CISA are highly desirable. * Experience in developing and implementing technology policy, preferably in a University environment.\ * Strong knowledge of frameworks, standards, and best practices relating to Information Security, Privacy, Data Governance, and Business Continuity and Disaster Recovery Experience with regulatory compliance requirements (e.g., i.e. FERPA, HIPAA, GDPR, CCPA, and PCI-DSS). * Demonstrated excellent verbal and written communication skills, as well as presentation skills. Writing samples may be required. * Excellent analytical, problem-solving, and decision-making skills. * Strong communication and interpersonal skills, with the ability to effectively collaborate with diverse stakeholders. * Demonstrated ability to lead and manage a team of security professionals. The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of this position. #HERC# #HEJ# Staff Regular Salary range $146,800.00 - $205,500.00 Salary commensurate with education and experience. Please note that this position is not eligible for visa sponsorship now or in the future. Loyola Marymount University, a Carnegie classified R2 institution in the mainstream of American Catholic higher education, seeks outstanding applicants who value its mission and share its commitment to inclusive excellence, the education of the whole person, and the building of a just society. LMU is an equal opportunity employer committed to providing an environment free from discrimination and harassment as defined by federal, state and local law. We invite all persons in the full diversity of their being, life experience, and beliefs to apply. (Visit *********** for more information.)

The System Security Engineer Level II is required to be a highly skilled and hands-on security engineer, and will be responsible for helping to maintain and expand the infrastructure of the entire Cambro network, ensuring that they are protected from cyber threats and attacks, ensuring compliance, and responding to incidents. In this role, the responsibility is to manage, monitor, and maintain our Network IT infrastructure from CVEs, cyber threats, manage and implement device firmware and software updates. Also, the role is required to assist in projects and initiatives to support, upgrade, and maintain our technical environment to improve network security. The role requirement is to be proficient with cybersecurity frameworks including NIS, ISO27001/27002, CIS, HIPAA, CCPA/CPRA and GDPR. The role requires to have a multi-disciplined background including experience with Cybersecurity Operations, firewalls, IDS/IPS, switches, VLANs, routing protocols, IPsec, VPN tunnels, multi factor authentication and e-mail security. In addition, they must have a solid understanding of virtualized servers, Windows workstations and services. This role is required to have the network monitoring skills and technologies for detecting unusual activity, investigate security breaches and lead incidence response. ESSENTIAL JOB FUNCTIONS • Monitor network traffic for anomalies, investigate alerts and respond to security incidents. • Conduct regular vulnerability scans, risk assessments, patch management and mitigation across network devices. • Ensure adherence to cybersecurity frameworks including NIS, ISO27001/27002, CIS, HIPAA, CCPA/CPRA and GDPR. • Able to proactively scan servers and network devices for vulnerable ports and protocols and rogue devices. • Manage our firewall environment with the ability to create route policies and apply cybersecurity recommendations • Install and configure Network Equipment (Switches, Firewalls, and other networking hardware) • Perform (Layer 2) switch administration and configuration on Cisco/Ruckus switches. Including configuring LAGs, interfaces, creating trunks, creating, and managing segmented VLANs. • Possess a solid understanding of Windows Server services and roles including installation and configuration • Create certificates for network devices and servers that have a web management capability • A strong understanding of Windows Active Directory and can design, implement, and configure and troubleshoot Active Directory issues • Create, Manage and Deploy Group Policy Objects (GPO's) to deploy applications and implement security including windows firewalls • Effectively use PowerShell to automate and standardize administrative tasks • Capable of installing a Linux VM and execute basic Linux commands and managing Linux appliances • Manage our virtualized server environment managing, creating VM's and patching the VMware environment. • Strong understanding of Virtual Switches, Port Groups (Distributed and Standard) • Manage the Active Backup for Business on Synology and other advanced Synology administration features • Maintain and monitor Backup solutions. • Manage our users email accounts using the cloud service M365 from Microsoft • Responsible for creating and maintaining server and network documentation to include tasks and procedures • Proactively monitor our network using a variety of tools to help identify potential network and server issues • Assist in patching our entire infrastructure when needed using a variety of tools • Maintains strong technical abilities, knowledge of new and changing technologies • Prepare for emergencies by creating and/or updating action plans • Jumping into time-sensitive projects wherever needed • Showing flexibility and a willingness to learn • Maintain healthy communication with IT Staff, IT Customers and Vendors • Actively participate in IT Infrastructure and Operations projects, managing, completing, communicating, and fully documenting assigned tasks and deliverables. • Maintain reliable and consistent attendance, including being punctual, and dependable in order to meet the needs of the department and the organization. • Execute each essential duty satisfactorily to perform job successfully. • Follows all safety procedures required in work area, wears PPE as needed, attends all safety meetings, and reports safety issues regarding equipment or unsafe/hazardous conditions. • Performs effectively as a team member, able to work well with others, open to receiving and give feedback, and treats everyone with respect. • Takes ownership of own work and behavior, accepts accountability for own actions, encourages solutions, and communicates status of work/projects. • Follow all department quality standards/criteria. Raise concerns and issues to immediate manager. • Able to understand and demonstrate Cambro company culture, display company core values (Safety, Quality, Respect, and Service). • Understands department's key performance indicators and contributes to achieve these goals both individually and as a team. • Maintains reliable and consistent attendance, including being punctual, dependable, and flexible to potential schedule changes to meet the needs of the department and the organization. • Executes each essential duty satisfactorily to perform job successfully. • Follows all safety procedures required in work area, wears PPE as needed, attends all safety meetings, and reports safety issues regarding equipment or unsafe/hazardous conditions. • Performs effectively as a team member, able to work well with others, open to receive and give feedback, and treats everyone with respect. • Takes ownership of own work and behavior, accepts accountability for own actions, encourages solutions, and communicates status of work/projects. • Follows all department quality standards/criteria. Raises concerns and issues to management. • Understands department's key performance indicators (KPIs) and contributes to achieve these goals both individually and as a team. • Other duties as needed or required. ADDITIONAL RESPONSIBILITIES • Ability to be on call 24 hours a day, 7 days a week for global operations, by periodically providing off-hours, evening, and weekend support to accommodate maintenance windows and issue resolution • Occasional travel to various Cambro locations domestically and internationally as required (15%) • May occasionally guide less experienced associates to help with technical projects • Some travel may be required. REQUIRED QUALIFICATIONS The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. • Bachelor's degree (B.A.) from a four-year accredited college or university. • 5-10 years of experience in IT security, network, administration, and support roles. • Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form. • Ability to adapt and adjust plans to meet changing needs. • Proficient in Microsoft Office Suite • Experience with Fortinet solutions, EDR, email security solutions • Solid knowledge of cybersecurity frameworks including NIS, ISO27001/27002, CIS, HIPAA, CCPA/CPRA and GDPR. • Solid working knowledge of Layer 2 (VLANs, Inter-VLANs, VTP Domains, bridge groups, MVRP, ACL's) technologies and network segmentation. • Strong knowledge of DNS records including reverse zones and maintaining DNS records • Strong DHCP Knowledge to include DHCP Fail over and able to configure DCHP relay on Switches • Solid understanding of routing protocols, static routes and ARP cache • Proficient in creating and implementing certificates on layer 2 devices (Switches, Firewalls, Linux Appliances) • Strong troubleshooting skills and possess the ability to find security and network issues in a timely manner • Strong Windows administration skills including Active Directory/GPO's and security policies • Solid working knowledge of Virtualization, such as VMware ESXi servers and vCenter 7.x • Solid working knowledge of Veeam/Bacula/Exagrid backup software to manage backup and restore procedures • Must be able to follow instructions and procedures and ask questions if something is unclear • Excellent documentation skills including ability to create network drawings • Self-motivated and energetic with the ability to manage time efficiently without supervision and to work effectively under pressure • Strong customer service and communication skills • Excellent organizational skills and strong sense of urgency • Familiarity with various network types including LANs, WANs, SDWAN, WLANs, SANs, and VoIP networks • Great accuracy and attention to detail PREFERRED QUALIFICATIONS • Experience in Business Continuity and disaster recovery is a plus • Knowledge of Ruckus Access Points and Switches • Knowledge of IBMi PHYSICAL DEMANDS The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Sitting, walking, standing, bending at the neck, bending at the waist, squatting, climbing, kneeling, crawling, twisting at the neck and waist, repetitive use of hands, simple grasping, power grasping, fine manipulation, pushing and pulling, reaching above and below the shoulder, carrying/lifting up to 50 lbs. Driving cars and other IT equipment Working around equipment and machinery Exposure to excessive noise Exposure to dust, gas, fumes or chemicals Working at heights Use of special visual or auditory protective equipment Walking on uneven ground PPE Requirements Safety glasses Steel-toe slip-resistant shoes - When in production area Hearing protection (e.g. ear plugs, ear muffs) - When in production area Face covering (mask) in accordance with company policy. Hardhat/bump camp IT Application COMPENSATION RANGE: $97,000- $120,000 Salary may vary based on experience. CAMBRO is proud to be an equal-opportunity workplace. All qualified applicants will receive consideration for employment without regard to and will not be discriminated against based upon race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic information, military or veteran status, or other characteristics protected by law.