Security architect jobs in Clarksville, TN - 360 jobs

**Location:** This role requires associates to be in-office 1 - 2 days per week, fostering collaboration and connectivity, while providing flexibility to support productivity and work-life balance. This approach combines structured office engagement with the autonomy of virtual work, promoting a dynamic and adaptable workplace. Alternate locations may be considered if candidates reside within a commuting distance from an office. Please note that per our policy on hybrid/virtual work, candidates not within a reasonable commuting distance from the posting location(s) will not be considered for employment, unless an accommodation is granted as required by law. The **Cloud Security Architect** is responsible for enabling, maturing, and operationalizing cyber defense capabilities across Elevance Health's enterprise and subsidiary cloud environments. This role partners closely with Cloud Infrastructure, Application Engineering, Detection Engineering, and Security Operations to ensure cloud-native security telemetry, detection, and response capabilities are deployed, monitored, and continuously improved. **How You Will Make an Impact:** + Lead efforts to integrate cyber defense and security operations capabilities into enterprise and subsidiary cloud environments (AWS, Azure, GCP, and OCI), ensuring consistent visibility and detection coverage across platforms. + Partner with cloud infrastructure and application teams to ensure security controls, logging, and telemetry are properly enabled, validated, and operational for cloud services and workloads. + Work with app, platform and engineering teams to ensure the appropriate level of logging is enabled within their respective environments. + Define roadmap and strategy for the future of cloud cyber defense, including CSPM, threat detection, logging pipelines, and incident response integration. Develop an approach that is tailored to the organization and keeps us out in front of developing threats. + Propose and develop cloud threat monitoring use cases. Train SOC analysts on how to properly triage, investigate and remediate alerts based on those use cases. + Collaborate with security operations and incident response teams to investigate complex cloud security events (e.g. threat detection events, misconfigurations, exposed resources) and support remediation efforts. + Infuse automation and AI-driven capabilities into cloud threat management operations. + Work with vendors to evaluate, select, and onboard technologies. Partner with vendor contacts to ensure product roadmaps address evolving business and technical requirements. + Support pursuit of new business by designing new cloud architectures that are compliant with FedRAMP or other regulatory requirements. + Participate in and contribute to governance review for new cloud services, AI-enabled platforms, and SaaS offerings, ensuring security requirements, logging, and guardrails are defined before approval. + Act as Subject Matter Expert in all aspects of cloud cyber defense. Advise executive leadership on matters relating to cloud security. Train and mentor junior team members. + Draft business-level presentations that garner executive and stakeholder support for cloud cyber defense initiatives. + Develop policies, technical standards and other foundational documentation. + Support regulatory and audit initiatives by validating cloud security controls, evidence collection, and alignment with frameworks such as SOC2, PCI, HITRUST, and FedRAMP. **Minimum Requirements:** Requires BS/BA in Information Technology or related field of study and a minimum of 10 years experience in systems administration and security aspects of information systems, access management and network security technologies, network communications, computer networking, telecommunications, systems development and management, hardware, software, data, and people; experience with multiple technical and business disciplines required; or any combination of education and experience, which would provide an equivalent background. **Preferred Skills, Capabilities & Experiences:** + Fluency with all 3 major cloud service providers: AWS, Azure & Google Cloud Platform. + Experience designing, implementing or operating cloud security programs in an enterprise environment. + Cloud security certifications such as CCSP or CSP-specific security certifications . + Experience with Oracle Cloud Infrastructure. Please be advised that Elevance Health only accepts resumes for compensation from agencies that have a signed agreement with Elevance Health. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of Elevance Health. Who We Are Elevance Health is a health company dedicated to improving lives and communities - and making healthcare simpler. We are a Fortune 25 company with a longstanding history in the healthcare industry, looking for leaders at all levels of the organization who are passionate about making an impact on our members and the communities we serve. How We Work At Elevance Health, we are creating a culture that is designed to advance our strategy but will also lead to personal and professional growth for our associates. Our values and behaviors are the root of our culture. They are how we achieve our strategy, power our business outcomes and drive our shared success - for our consumers, our associates, our communities and our business. We offer a range of market-competitive total rewards that include merit increases, paid holidays, Paid Time Off, and incentive bonus programs (unless covered by a collective bargaining agreement), medical, dental, vision, short and long term disability benefits, 401(k) +match, stock purchase plan, life insurance, wellness programs and financial education resources, to name a few. Elevance Health operates in a Hybrid Workforce Strategy. Unless specified as primarily virtual by the hiring manager, associates are required to work at an Elevance Health location at least once per week, and potentially several times per week. Specific requirements and expectations for time onsite will be discussed as part of the hiring process. The health of our associates and communities is a top priority for Elevance Health. We require all new candidates in certain patient/member-facing roles to become vaccinated against COVID-19 and Influenza. If you are not vaccinated, your offer will be rescinded unless you provide an acceptable explanation. Elevance Health will also follow all relevant federal, state and local laws. Elevance Health is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to age, citizenship status, color, creed, disability, ethnicity, genetic information, gender (including gender identity and gender expression), marital status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or condition protected by applicable federal, state, or local laws. Applicants who require accommodation to participate in the job application process may contact ******************************************** for assistance. Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws, including, but not limited to, the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act.

Role OverviewThe Principal Cloud Security Architect evaluates cloud architectures, identity models, permissions, and security controls across large-scale environments. This role focuses on identifying architectural risks, misconfigurations, and long-term security design gaps. What You'll Do- Assess cloud architectures (AWS, Azure, GCP) for security gaps - Review IAM configurations, network segmentation, and resource policies - Identify misconfigurations, privilege risks, and insecure patterns - Summarize architectural flaws and provide structured mitigation guidance - Validate alignment with security frameworks and best practices - Support recurring assessments of cloud environments and deployment patterns What You BringMust-Have:- Deep experience in cloud security architecture - Strong understanding of IAM, network design, and cloud service models - Ability to document complex architectures in clear, structured form Nice-to-Have:- Experience with multi-cloud, zero-trust, or high-compliance environments

Candidates can live within commutable distance to any Slalom office in the US. We have a hybrid and flexible environment. Who You'll Work With As a modern technology company, we've never met a technical challenge we didn't like. We enable our clients to learn from their data, create incredible digital experiences, and make the most of new technologies. We blend design, engineering, and analytics expertise to build the future. We surround our technologists with interesting challenges, innovative minds, and emerging technologies. We are seeking an experienced AWS Security Architect with deep expertise in AWS cloud architecture, native & external security services, and regulatory compliance to provide advisory and delivery services aligned with the standards of a top-tier consulting firm. This role will partner with enterprise clients to design, assess, and implement secure AWS environments that meet business, compliance, and regulatory requirements. This role requires a strong blend of hands-on technical capabilities, architectural leadership, and client-facing advisory skills. As a trusted advisor, you will lead security strategy sessions, assess current cloud security postures, and deliver AWS-native and third-party solutions that align with best practices. You will work across multiple industry verticals, collaborating with engineering, security, risk, and compliance teams, and guiding clients through security transformation journeys and ensuring AWS adoption is secure, compliant, and resilient. This is a strategic technical consulting role suited for individuals who are passionate about cloud security, compliance, and helping clients adopt secure architectures in regulated environments. Key Responsibilities * Serve as a client-facing advisor, providing strategic guidance on cloud security transformation, governance, and operating models. * Lead cloud security assessments, maturity evaluations, and gap analyses, producing recommendations aligned with regulatory frameworks (e.g., NIST, ISO 27001, CIS, PCI DSS, HIPAA). * Design and implement AWS-native security architectures leveraging IAM, KMS, CloudTrail, Security Hub, GuardDuty, Macie, Detective, and Control Tower. * Establish governance, risk, and compliance (GRC) frameworks for AWS adoption, including policy-as-code and automated compliance monitoring. * Define and implement identity and access management (IAM) strategies, including federation, least privilege, and Zero Trust principles. * Guide clients in adopting secure application and data architectures, including encryption, data loss prevention, and secure API integrations. * Support incident response and forensics readiness through AWS-native logging, monitoring, and detection services. * Collaborate with DevOps and platform teams to integrate security into DevOps pipelines (DevSecOps) with automation for vulnerability management, code scanning, and compliance validation. * Collaborate with client executives to articulate cloud security roadmaps, business cases, and investment priorities. * Partner with internal teams to develop accelerators, templates, and reusable security patterns that improve time-to-value for clients. * Author client deliverables such as risk assessments, security architecture design documents, gap analyses, and roadmap plans. * Provide thought leadership via security workshops, executive briefings, and architecture reviews. * Stay current with AWS service releases, regulatory changes, and emerging cyber risks to inform recommendations. Core Qualifications * 8+ years of IT security experience with at least 4+ years focused on AWS security. * Proven consulting experience delivering security assessments, compliance programs, and cloud security roadmaps for enterprise clients. * Strong expertise in AWS security services (i.e. IAM, KMS, CloudTrail, GuardDuty, Macie, Security Hub, Detective, WAF, Shield). * Deep knowledge of cloud governance, risk management, and regulatory compliance frameworks (NIST, ISO, CIS Benchmarks, SOC 2, HIPAA, PCI DSS) and experience designing or assessing AWS environments aligned with these frameworks. * Hands-on experience embedding security into DevOps/DevSecOps pipelines and Infrastructure-as-Code (Terraform, CloudFormation, AWS CDK). * Experience designing ransomware detection, response, and business resilience strategies in AWS including backup, recovery, and isolation patterns. About Us Slalom is a fiercely human business and technology consulting company that leads with outcomes to bring more value, in all ways, always. From strategy through delivery, our agile teams across 52 offices in 12 countries collaborate with clients to bring powerful customer experiences, innovative ways of working, and new products and services to life. We are trusted by leaders across the Global 1000, many successful enterprise and mid-market companies, and 500+ public sector organizations to improve operations, drive growth, and create value. At Slalom, we believe that together, we can move faster, dream bigger, and build better tomorrows for all. Compensation and Benefits Slalom prides itself on helping team members thrive in their work and life. As a result, Slalom is proud to invest in benefits that include meaningful time off and paid holidays, parental leave, 401(k) with a match, a range of choices for highly subsidized health, dental, & vision coverage, adoption and fertility assistance, and short/long-term disability. We also offer yearly $350 reimbursement account for any well-being-related expenses, as well as discounted home, auto, and pet insurance. Slalom is committed to fair and equitable compensation practices. For this position, the target base salary pay range in the following locations: Boston, Houston, Los Angeles, Orange County, Seattle, San Diego, Washington DC, New York, New Jersey, for Consultant level is $119,000-$147,500 and for Senior Consultant level it is $136,500-$169,500 and for Principal level it is $151,000-$187,500. In all other markets, the target base salary pay range for Senior Consultant level it is $125,000-$155,500 and for Principal level it is $138,500-$172,000. In addition, individuals may be eligible for an annual discretionary bonus. Actual compensation will depend upon an individual's skills, experience, qualifications, location, and other relevant factors. The salary pay range is subject to change and may be modified at any time. We will accept applications until 3/31/2026 or until the positions are filled. We are committed to pay transparency and compliance with applicable laws. If you have questions or concerns about the pay range or other compensation information in this posting, please contact us at: ********************. EEO and Accommodations Slalom is an equal opportunity employer and is committed to attracting, developing and retaining highly qualified talent who empower our innovative teams through unique perspectives and experiences. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veterans' status, or any other characteristic protected by federal, state, or local laws. Slalom will also consider qualified applications with criminal histories, consistent with legal requirements. Slalom welcomes and encourages applications from individuals with disabilities. Reasonable accommodations are available for candidates during all aspects of the selection process. Please advise the talent acquisition team or contact ****************************** if you require accommodations during the interview process.

**Weekly Schedule:** Monday- Friday: 9am-5pm **Primary Responsibilities** + Manages solution design from conception, through ARB, to delivery + Primarily responsible for producingarchitecture documentation forsecurityapplications as assigned and as projects and programs of work dictate + Maintains First Horizon'sSecurityArchitecture Pattern Inventory (across identity, data, application, network, and cloud) as a member of the Core EnterpriseArchitecture Team + Leadssecuritydesign workshops and POC efforts for new (security) capabilities + Validates 3rd Party/Vendor Solutions forsecurityconcerns + Aligns InformationSecurityTechnology strategy and planning with First Horizon's business goals and objectives + Promotes the use of a shared infrastructure and application roadmap to reduce costs and improve how assets are secured + Builds and maintains technical trusted advisor relationships with influential technical decision makers within Technology + Works with engineers to ensure that technical solutions as delivered align with InformationSecurityStandards and Policies + Works with Portfolio technology leaders to include IT Risk and SecurityException initiatives in portfolio roadmap + Manage Encryption Standards: key management, tokenization for payments, DLP/classification/handling;architect PCI DSS segmentation boundaries and compensating controls. + Manage Network/Zero Trust Standards: microsegmentation across Azure and colocation; secure branch/office connectivity; define workload identity and continuous verification patterns; enforce least privilege. + Detection/telemetry: Publish Splunk logging schema, retention, and correlation strategies; onboard logs from Azure, Colo, API Gateways, IAM, CyberArk, MFaaS, and core platforms; drive ATT&CK‑aligned detections and forensic readiness. + Secure SDLC and supply chain: Operationalize threat modeling; collaboratively define CI/CD control overlays with DevOps; establish artifact signing/SBOM standards; ensure secrets handling and container/Kubernetes baselines where applicable. + Governance and risk: Maintain control overlays mapped to FFIEC/GLBA/PCI/NIST; lead design reviews; manage exceptions with remediation timelines; produce audit-ready decision records in partnership with the CISO team. + Payments and third-party/SaaS: Define intake andsecurityrequirements for MFaaS, Salesforce, ServiceNow, FIS/Fiserv/Bottomline integrations-identity, logging, data handling, and PCI scoping. + Physicalsecurityintegration: Align building access, video, and visitor systems with identity and logging patterns; coordinate incident playbooks with Corporate/PhysicalSecurity. + Enablement and influence: Mentor seniorarchitects and engineering associates; lead communities of practice; communicate strategy, benefits, and trade-offs to executives and delivery teams. **Requirements** + Bachelor's degree in Computer Science, Management Information Systems, or related field + (12+) years of InformationSecurityexperience + (7+) years of SecurityArchitecture + Experience in regulated financial services + Experience with Azuresecurityarchitecture across multi-tenant/region and hybrid environments; strong Zero Trust and network segmentation expertise + Regulatory fluency: FFIEC, GLBA, PCI DSS; practical NIST CSF/800-53 mapping; MITRE ATT&CK‑aligned detection design. + Experience with technical documentation like interaction diagrams, process diagrams, network topologies and otherarchitectural content + Experience with Agile/SAFe methodologies + Experience with EnterpriseArchitecture Governance: ARB/design councils, exception handling, and audit narratives; ability to set and harmonize enterprise standards. **Certifications/Licensures** + Strongly preferred: CISSP or CompTIASecurity+ Microsoft AzureSecurityEngineer or Azure SolutionsArchitectExpert + Preferred: CCSP; CISM or CRISC; SANS GCSA or GCLD; PCI Professional (PCIP) or equivalent GIAC enterprise defense/IR certifications **Skills And Competencies** + Ability to adapt to new technologies and learn quickly + Enterprisearchitectural leadership across identity, cloud, application, data, and networksecurity. + IAM for associates (Entra ID, Active Directory) and clients (TransmitSecurity, ForgeRock/Ping, or Okta); OAuth/OIDC; phishing-resistant MFA/passkeys; PAM integration and privileged pathway design. + IntegrationSecurity: FAPI, OAuth2.0, FDX, mTLS, rate limiting, schema validation, abuse/bot mitigation, CIAM integration, OWASP, and high-quality telemetry to Splunk. + Secure SDLC and supply chain: threat modeling, pipelinesecurity, artifact signing/SBOM, dependency hygiene, and secrets management. + Communication, influence, and enablement: ability to translate risk to business impact, drive adoption, and coach peers and engineers. + Ownership and execution: measurable risk reduction, pattern adoption, and cross‑team collaboration. **About Us** First Horizon Corporation is a leading regional financial services company, dedicated to helping our clients, communities and associates unlock their full potential with capital and counsel. Headquartered in Memphis, TN, the banking subsidiary First Horizon Bank operates in 12 states across the southern U.S. The Company and its subsidiaries offer commercial, private banking, consumer, small business, wealth and trust management, retail brokerage, capital markets, fixed income, and mortgage banking services. First Horizon has been recognized as one of the nation's best employers by Fortune and Forbes magazines and a Top 10 Most Reputable U.S. Bank. More information is available at ******************** (https://urldefense.com/v3/\_\_https:/********************/\_\_;!!Cz2fjcuE!hpq9hPnrucZCPIAVPojVESItIq-FPzhurNdCrQ3JE8Rkx3gMd70nIk6\_kmPxl66\_oJCEsXs0gNunPowMAMHCmBYPOtUxUGI$) . **Benefit Highlights** - Medical with wellness incentives, dental, and vision - HSA with company match - Maternity and parental leave - Tuition reimbursement - Mentor program - 401(k) with 6% match - More -- FirstHorizon.com/First-Horizon-National-Corporation/Careers/Our-Benefits Follow Us Facebook (****************************************** X formerly Twitter LinkedIn (*************************************************** Instagram YouTube (********************************************************** Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights (**************************** notice from the Department of Labor.

Job Description: with a base location in Louisville, KY. What the Role Is The Information Security Engineer is responsible for strengthening and supporting Heaven Hill's cybersecurity program. This hands-on technical role focuses on implementation, monitoring, and continuous improvement of security controls across cloud and on-premise environments. The Engineer supports governance and risk management efforts and plays a key role in incident response and in deploying and maintaining secure technology solutions. This position will collaborate with IT and business units to ensure Heaven Hill's data and systems remain resilient against evolving threats, while helping enable secure and efficient access through identity and access management solutions. This role is instrumental in advancing Heaven Hill's overall security maturity and ensuring that cybersecurity enables, rather than limits, innovation and operational excellence. How You Will Spend Your Time? Security Engineering & OperationsDesign, implement, monitor, and maintain security controls across cloud, identity, endpoint, and network environments. Implement and manage Privileged Access Management (PAM) and Role-Based Access Control (RBAC) programs that align with business needs and support POLP (Principle of Least Privilege). Support and enhance Identity Management solutions, including user provisioning, Single Sign-On (SSO) integrations, and secure application configurations. Support secure configuration and hardening of Windows and Linux servers, as well as Windows and mac OS workstations. Manage and maintain DNS and domain registrar configurations to ensure secure and reliable name resolution and domain integrity. Implement, integrate, and manage authentication, including Kerberos, FIDO2, Smart Cards, passkeys, certificate-based authentication, and TLS or key management solutions. Administer and support Public Key Infrastructure (PKI), including certificate issuance, renewal, and lifecycle management. Perform vulnerability scanning and coordinate remediation activities. Administer and optimize core security platforms such as endpoint detection and response (EDR) and security information and event management (SIEM) systems, including alert tuning, integration, and incident response support. Develop and maintain automation or scripting (e. g. , PowerShell, Python) to improve efficiency in security monitoring, configuration management, and response processes. Monitor security events, investigate incidents, perform root cause analysis, and drive post-incident improvements. Collaborate with IT and business teams to ensure security considerations are integrated into infrastructure and project planning from the outset. Risk & GovernanceConduct and document formal risk assessments, identify, evaluate, and communicate risk mitigation strategies. Develop, update, and maintain cybersecurity policies, standards, and procedures aligned with the NIST framework. Partner across the business to build awareness, ensure accountability, and foster a risk-informed culture. Support security aspects of vendor assessments and technology evaluations. Collaboration & Continuous ImprovementProvide security guidance for new initiatives, integrations, and system changes. Contribute to incident response planning, tabletop exercises, and lessons-learned reviews. Develop, maintain, and refine security operations and incident response playbooks to support consistent and effective response activities. Stay informed on emerging threats, technologies, and best practices relevant to manufacturing and spirits production environments. Who You Are… Required Skills and Experience:Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience along with Information Technology related associate's degree. Minimum 5 years of experience in cybersecurity engineering and/or IT engineering. Strong cloud security experience, including the design input, configuration, and operation of controls in cloud and hybrid environments. Hands-on experience with Microsoft Entra ID (Azure AD), including Conditional Access, identity lifecycle management, and integration within hybrid Active Directory environments. Experience with enterprise email security, endpoint protection, network security, data protection. Experience implementing and managing Microsoft Purview for data protection, governance, and compliance. Experience supporting third-party risk management or vendor assessments. Strong understanding of identity, endpoint, and network security architectures and their integration across enterprise environments. Experience performing root cause analysis during and after security incidents. Experience developing or contributing to security documentation such as policies, standards, or procedures. Strong communication skills across technical and non-technical audiences. Experience in manufacturing or industrial environments. Familiarity with OT/ICS security principles, including network segmentation, asset visibility, and industrial protocol security. Valued but not Required Skills and Experience:Professional certifications such as CISSP, CISM, CRISC, or equivalent. Understanding secure application deployment or DevSecOps principles. Physical Requirements While performing duties of job, employee is occasionally required to:Stand; walk; use hands and fingers to handle or feel objects; use a computer; and reach with hands and arms. Occasionally lift and/or move up to 20 pounds. BenefitsPaid Vacation11 Paid HolidaysHealth, Dental & Vision eligibility from day one FSA/HSA401K match EAPMaternity/Paternity Leave Heaven Hill and its affiliates are committed to fostering a diverse workforce as an Equal Employment Opportunity company. We invite applications from candidates of all backgrounds, without regard to race, religion, color, sex, sexual orientation, natural origin, gender identity or expression, age, disability, veteran status, or any other legally protected characteristic.

Job Requirements & Qualifications: •Designs, put into practice, administers, and supports multiple information security platforms, systems, and applications. Supports a variety of technologies in a hands-on manner. •Performs internal security risk assessments, security risk assessments of third party business partners, and detailed security risk assessments of various technologies. (Examples include directory services, database platforms, client and server operating systems, programming languages, web services, firewalls, remote access technologies, messaging platforms, encryption solutions, wireless technologies, internally-hosted applications, externally-hosted applications, and cloud services). •Supports defined Company operating principles via effective, pragmatic information security controls. Analyzes, defines, implements, and administers efficient business processes related to information security programs. Represents the information security function through pragmatic consultation and participation in a defined SDLC. •Maintains knowledge of current and up-and-coming security, compliance, and technical developments. Identifies present and prospective future vulnerabilities and collaborates with suitable leaders to identify, recommend, and develop risk remediation plans, ad to track remediation outcomes and timelines. •Works with the information security management team to administer, maintain, and continuously improve HIPAA, PCI DSS, SOX, and internal controls compliance programs, investigate known or suspected security incidents, support internal and external audits, and assist in the development of appropriate audit response Management Action Plans. •Promotes security best practices via awareness, example, and compliance with policies and regulatory requirements. •Uses project management best practices to initiate, manage, and close projects, often simultaneously across a variety of projects. Creates and maintains a variety of documents related to projects and information security. •Guide and cross-train junior department team members lead meetings construct and uphold strong partnerships with multiple departments coordinate vendor support engagements etc. Knowledge, Skills, and Abilities •Knowledgeable with and ability to apply time-proven, generally-accepted security management concepts, techniques, and methodologies. •Strong understanding of pragmatic implementation of information security controls, holistic defense-in-depth strategies, protocols used to interconnect networks, and publish application resources. •Strong, efficient written and verbal communication skills that enables effective communications to multiple audiences. •Ability to occasionally work unscheduled shifts and in an on-call capacity and be available for occasional travel (up to 25%). •Strong internal (security recommendations) and external (vendor support) negotiation skills. •Ability to influence and encourage others. •Strong understanding of PCI, HIPAA, and SOC regulatory requirements. •Development/analysis proficiency in one or more scripting languages. •Development/analysis proficiency in TSQL. •Capability to learn and preserve new skills required to adapt to growing business and technical environments. •Strong perceptive of present and emergent information security technologies and trends. Qualifications Work Experience and/or Education •Bachelor's and/or Master's degree in information security or computer information systems. •6+ years of information security generalist experience (broad and deep in data, application, system, and network security domains) with complex technical initiatives. •Active CISA, CISSP, or CISM certification. •Experience identifying and addressing security risks associated with host and network operating systems (e.g. Windows, Linux, AS400, PAN OS, AIX, Cisco IOS, etc.) enterprise services (e.g. directory services, email, web publishing, database, virtualization, etc.) content management, client-server, and collaboration, thin-client, and web-based applications enterprise applications (e.g. Lawson) cloud services (e.g. SaaS, IaaS, etc.) data storage, etc. •Hands-on SME/lead experience with the design, implementation, and administration of at least 5 of the following technologies: Palo Alto Networks, IBM Tivoli Endpoint Manager (BigFix), IBM QRadar (SIEM), Qualys Vulnerability Scanning Solutions, Tenable Nessus, Juniper SSL VPN GlobalScape EFT Server Symantec Data Loss Prevention (Vontu), RSA SecurID, and CyberArk Password Management. Additional Information

The Senior Security Engineer is responsible for designing and leading advanced security solutions to safeguard Dollar General's digital infrastructure, with a focus on cloud, network, and system security in a dynamic retail environment. This role drives layered security integration, mentors junior team members, and utilizes tools such as Palo Alto Networks, Splunk, and F5 ASM to address complex security risk. The ideal candidate brings a balance of technical depth, critical thinking, and pragmatism to strengthen Dollar General's overall security posture. Job Details Duties & Responsibilities: What major responsibilities does this position have and what percentage of time is spent on completing them? (Typically 5 - 7) * Design and implement security architectures across on-premises and cloud environments (Google GCP, Azure) utilizing tools such as Palo Alto firewalls, F5 ASM, and Akamai App & API Protector. * Promote modern security fundamentals by embedding security into CI/CD pipelines using Terraform and championing secure design practices for applications and APIs. * Perform advanced risk analysis and vulnerability management, leveraging tools such as ExtraHop RevealX, Palo Alto Cortex XDR, and Sysdig Secure to identify and mitigate threats. * Manage and respond to security incidents and perform forensic analysis using Splunk and Proofpoint Email Security while leveraging CyberArk for privileged access control. * Develop and enforce security policies related to network security (Palo Alto, Fortinet), DNS (Akamai), and identity management (Clearpass), with emphasis on PKI and conditional access frameworks. * Mentor junior security engineers, fostering critical thinking and hands-on problem-solving skills while collaborating with IT and business units to embed security into organizational processes. * Research emerging threats and evaluate technologies to inform and enhance Dollar General's security strategy and posture. Knowledge, Skills and Abilities (KSAs): What KSAs are required to perform this job? * Deep expertise in network security (Palo Alto, Fortinet, Meraki MX), application firewalls (F5 ASM, Akamai App & API Protector, Cloud Armor), and data protection (Digital Guardian DLP, Microsoft DLP). * Advanced proficiency in cloud security (GCP, Azure) and container security (Sysdig Secure), including tools such as VPC Service Controls and Cloud Armor. * Strong scripting skills in Python, Bash, or PowerShell, and hands-on experience in Terraform for automating security infrastructure. * In-depth understanding of PKI, VPN/remote access technologies (CyberArk Alero, GlobalProtect), and DNS security (Akamai DNS, Akamai GLB). * Exceptional analytical and critical thinking skills with the ability to solve complex security challenges in a pragmatic and business-aligned manner. * Proven leadership and communication skills, with the ability to mentor team members and influence cross-functional stakeholders. * Excellent written, oral, and inter-personal communications skills with the ability to clearly communicate complex topics across technical and non-technical audiences. * Capability to adapt to rapidly changing technologies and threat landscapes, with occasional availability for non-standard hours or travel (up to 5%). Qualifications Work Experience &/or Education: What are the minimum education and/or experience requirements necessary to perform this job? * Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent combination of education and relevant experience. * Minimum 7 years of experience in information security, including at least 2 years in a senior or leadership capacity. * Advanced hands-on experience with at least five of the following: * Palo Alto Networks firewalls and Panorama * Akamai App/API Protector * F5 Application Security Manager (ASM) * Sysdig Secure (or equivalent) * Google Cloud Platform (GCP) native security tools * Microsoft Azure native security tools * Microsoft Defender * CyberArk Privileged Access * HCL BigFix * Splunk Enterprise and Enterprise Security * Data security methodologies * DLP technologies * Proven track record in risk analysis, mitigation planning, and implementing secure configurations across cloud, network, and application layers. * Preferred certifications: CISSP, CISM, CISSP-ISSAP, Palo Alto PCNSE, Splunk Certified Architect, or GCP Cloud Security Engineer.

Our Fortune 500 company is driving a digital transformation and looking for forward-thinking innovators to disrupt how our industry thinks about and uses technology. As one of the world's leading employee benefits providers, we help millions of people gain affordable access to benefits that help them protect their families, their finances and their futures. Are you an asker of questions, a solver of problems, and a challenger of the status quo? Our mission is to provide a differentiated customer experience and exceed the expectations people have of technology at any company - not just insurers. We are seeking individuals to join our team of talented IT professionals who share never-ending passion and an unwavering focus on our customer experience. Team members comfortable working in an agile, fast-paced, and delivery-focused environment thrive in our environment where we value an entrepreneurial spirit and those who challenge the status-quo. Unum is changing, and we're excited about what's next. Join us. General Summary:The Manager - Information Security Policy and Controls Governance is responsible for strategic enhancement and day-to-day operation of key governance, risk, and compliance capabilities, including policy and standards governance, enterprise and application-level risk assessments, and controls management and attestation programs. This role will oversee the full lifecycle of governing documents, manage policy exceptions, coordinate external and regulatory assessments, and ensure strong alignment between security controls and regulatory requirements. The manager will also drive consistent, timely issues management across all domains. This leader will partner closely with stakeholders across the organization to mature processes, strengthen compliance posture, and ensure effective, repeatable execution of GRC activities. They will manage a small to mid-size team of IT security and risk management professionals. Job Specifications Bachelors degree in computer science, or relevant technical experience Has 5+ years experience in an IT Risk Management field, or equivalent relevant work experience Has a security technology background with strong knowledge of relevant technical security disciplines Exhibits courage by taking smart risks and encouraging others to do so; empowers innovative approaches by motivating others to be proactive and resourceful Able to effectively coach, mentor, identify, and address skills needs and gaps Proficient in methods and techniques for running effective meetings and for understanding and influencing the roles played by participants Displays good interpersonal skills at all levels of contact and in a wide variety of situations, able to listen and influence, and to relate to customers in their own language Demonstrates the ability to champion change and support teams through change. Demonstrates the ability to think critically, challenge conventional thinking and generate and apply unique business insight to create competitive advantage for the organization Has solid knowledge of regulations, including, GLPA, HIPAA, GDPR, CCPA, and other cyber security regulatory compliance requirements and related programs Has in-depth knowledge of security and control frameworks such as the NIST Cyber Security Framework, NIST SP 800-53, ISO 17799/27001, CobIT, and ITIL CRISC, CISSP, CISM, CISA, and other security related certifications are a plus Principal Duties and Responsibilities Oversees and evaluates the delivery and effectiveness of the organizations policy governance, risk assessments, control attestation, and issues management capabilities, taking action to address performance or quality gaps as needed. Ensures the team maintains a well‑defined, risk‑aligned backlog of work that advances program maturity and meets regulatory, audit, and business needs. Guides team members in prioritizing assessments, policy lifecycle activities, and control-related work based on risk, business value, and regulatory timelines. Proactively removes obstacles and operational roadblocks that hinder timely completion of assessments, attestations, and governance processes. Partners with business and technology stakeholders to translate security, compliance, and risk management objectives into actionable work items. Ensures best‑practice execution, including structured assessment methodologies, clear control documentation, consistent issue tracking, adherence to policy standards, and high‑quality evidence collection. Encourages creativity and continuous improvement in maturing governance, assessment, and control processes; fosters a culture of innovation within the team. Uses operational metrics, assessment cycle data, and workflow insights to understand team performance and drive process efficiency. Partners with leadership to ensure strong talent is in place to support the organization's governance, risk and compliance obligations. Mentors, coaches, and motivates team members to elevate their GRC expertise, business partnership skills, and overall performance. Identifies skill gaps related to risk frameworks, regulatory requirements, control design, and assessment techniques, ensuring development plans address these needs. Promotes cross‑training and shared ownership of GRC functions to reduce single‑points‑of‑failure and increase team resilience. While accountable for the team's output, actively cultivates a self‑organizing, autonomous, and collaborative team that consistently demonstrates accountability and continuous improvement. Conducts regular 1:1s and development discussions to monitor progress, reinforce strengths, and close skill gaps. Collaborates with peers to evaluate the effectiveness of resourcing models, proposing enhancements to better support team operations. Maintains a strong understanding of emerging regulatory trends, risk frameworks (e.g., NIST CSF, HIPAA, SOC, ISO), and control expectations to inform program improvements. Reinforces disciplined prioritization by ensuring the team focuses on the highest‑value, highest‑risk activities and commitments. Designs and operates GRC processes with partner teams' knowledge and needs in mind, ensuring risk governance activities are clear, intuitive, and easy to complete. #LI-TO1 #LI-MULTI IN4 Our company is built on helping individuals and families, and this starts with our employees. We want employees to maintain a positive balance, which is why we provide access to the benefits and resources they need to invest in themselves. From our onsite fitness facilities and generous paid time off to employee professional development programs, we are committed to helping employees live and work their best - both inside and outside the office. Unum is an equal opportunity employer, considering all qualified applicants and employees for hiring, placement, and advancement, without regard to a person's race, color, religion, national origin, age, genetic information, military status, gender, sexual orientation, gender identity or expression, disability, or protected veteran status. The base salary range for applicants for this position is listed below. Unless actual salary is indicated above in the job description, actual pay will be based on skill, geographical location and experience. $89,400.00-$183,500.00 Additionally, Unum offers a portfolio of benefits and rewards that are competitive and comprehensive including healthcare benefits (health, vision, dental), insurance benefits (short & long-term disability), performance-based incentive plans, paid time off, and a 401(k) retirement plan with an employer match up to 5% and an additional 4.5% contribution whether you contribute to the plan or not. All benefits are subject to the terms and conditions of individual Plans. Company: Unum

We believe talent deserves a human touch. Your application will be read by an actual person who's excited to discover the real you. The Director of Information Security is the senior leader responsible for developing, implementing, and managing the company's security strategy across corporate operations, client environments, and our datacenter infrastructure. This role oversees endpoint security, datacenter security posture, vulnerability management, cyber insurance compliance, SOC audits, and internal/external Security Risk Assessments (SRAs). As a managed service provider, we must maintain a world-class security posture that protects our clients and internal assets. The Director of Information Security will lead this effort by driving policy, governance, and operational execution while working closely with Infrastructure, Service Delivery, Applications, and Executive Leadership. Key Responsibilities Security Leadership & Governance Develop, maintain, and oversee the company's information security strategy and roadmap. Establish a security governance framework, policies, standards, and procedures. Provide regular security reporting and risk analysis to the executive team. Serve as the primary security authority for the organization and a trusted advisor to leadership. Endpoint, Network & Datacenter Security Oversee security of all corporate and client-managed endpoints (servers, workstations, mobile devices). Ensure robust datacenter security controls over compute, storage, networking, and virtual environments. Collaborate with Infrastructure leadership on hardening standards, segmentation, access control, and change management. Direct vulnerability management efforts-identification, prioritization, remediation tracking. Compliance, Audits & Risk Management Lead SOC 2/SOC 1, cyber insurance assessments, and other compliance-related audits. Own and maintain risk assessment processes, including internal and external SRA's for clients. Ensure evidence collection, documentation accuracy, and policy alignment for all audits and certifications. Maintain incident response plans, disaster recovery planning contributions, and security playbooks. Cyber Insurance & Regulatory Requirements Maintain compliance with cyber insurance requirements; ensure mandated controls are documented and implemented. Act as the primary point of contact for insurance renewals, questionnaires, and security posture validation. Security Operations & Incident Response Oversee security monitoring, alert response, and escalation processes (partnering with SOC providers as needed). Lead and coordinate investigations for security incidents, breaches, and vulnerabilities. Drive root cause analysis and implement corrective actions and preventative controls. Cross-Functional Collaboration Partner with Infrastructure, Service Desk, Applications, and Client Success teams to ensure security integration across operations. Provide security guidance and support for client-facing solutions and managed services. Support pre-sales and client engagement by participating in security discussions, questionnaires, and SRA responses. Team Leadership Lead, mentor, and develop the internal security team (or build one if in early stages). Manage relationships with third-party SOC, SIEM, and security vendors. Cultivate a security-aware culture across the organization through training and communication. Required Qualifications 3-5+ years of progressive experience in information security, IT infrastructure, or related field. 3+ years in a leadership or management role. Strong understanding of endpoint security tools, SIEM/SOC operations, and datacenter/virtualization security. Experience with compliance frameworks such as SOC 2, NIST CSF, CIS, ISO 27001, or similar. Deep knowledge of identity and access management, network security, vulnerability management, and incident response. Experience completing or overseeing cyber insurance assessments. Ability to manage multiple security initiatives in a high-growth MSP environment. Preferred Qualification Experience in a Managed Service Provider (MSP) or consulting firm. Relevant certifications such as CISSP, CISM, CISA, CCSP, or similar. Experience leading SOC audit readiness and evidence management. Strong communication skills with both technical and executive audiences. Success Metrics Reduced vulnerabilities and improved risk scores across endpoints and datacenter. Successful SOC audits and compliance renewals with minimal findings. Timely completion and high-quality delivery of SRA's and security documentation. Increased maturity of internal security controls and improved cyber insurance posture. Strong cross-department adoption of security policies and processes. Compensation and Benefits $115,000 to $125,000 DOE 2 weeks paid PTO Hybrid work option Personal Office at MCA Who We are: At New Charter, we're building a caliber of business the IT industry hasn't yet seen. We are serving small-to-medium sized businesses in 10+ industries across North America, and we deliver best-in-class technology solutions to propel our clients into the digital world. At New Charter Technologies, we're investing in our people - through growth and learning initiatives, employee benefits, company innovation, and more. We are constantly seeking a diverse candidate backgrounds and perspectives to amplify inclusive hiring practices for each job opening. Our partner companies have career paths for many different role types, whether you want to be deeply technical or whiteboarding with clients, and we are committed to developing fulfilling career paths for all contributors at New Charter Technologies. ( Please note: Every application submitted through Workday is reviewed by a real person, not an AI. We value your time and take each submission seriously.) Our teams are dedicated to pioneering breakthrough technologies, disruptive solutions, and transformative strategies. We're the architects of change, fostering an environment where bold ideas take flight, and creativity knows no bounds. At New Charter Technologies, we've embraced the idea that every individual brings something special to the table. Our foundation is based on the belief that each team member plays a crucial role in our collective success. Ready to be part of a dynamic and supportive community where your unique skills and personality shine? We're on a mission to make a difference, and we want you to be part of the story. Let's transform the world together and build a career that's as unique as you are! We are looking for driven and passionate people who are excited to work in an incredibly rewarding environment. So, if you are ready to learn, be inspired, solve problems, and grow professionally, apply today! Learn more here: Why New Charter. New Charter Technologies is committ e d to cr e ating an inclusiv e e nvironm e nt and is proud to b e an e qual opportunity e mploy er. New Charter re cruits, e mploys, trains, comp e nsat e s, and promot e s r e gardl e ss of rac e , color, r e ligion, s e x, s e xual ori e ntation, g e nd e r id e ntity, national origin, v e t eran, or disability status.

Established in 1991, Collabera has been a leader in IT staffing for over 22 years and is one of the largest diversity IT staffing firms in the industry. As a half a billion dollar IT company, with more than 9,000 professionals across 30+ offices, Collabera offers comprehensive, cost-effective IT staffing & IT Services. We provide services to Fortune 500 and mid-size companies to meet their talent needs with high quality IT resources through Staff Augmentation, Global Talent Management, Value Added Services through CLASS (Competency Leveraged Advanced Staffing & Solutions) Permanent Placement Services and Vendor Management Programs. Collabera recognizes true potential of human capital and provides people the right opportunities for growth and professional excellence. Collabera offers a full range of benefits to its employees including paid vacations, holidays, personal days, Medical, Dental and Vision insurance, 401K retirement savings plan, Life Insurance, Disability Insurance. Job Description Title: ArcSight Security Engineer Duration: 6 months (Possibility to Hire) Location: Fort Knox, KY Description: • Assist the customer and required to provide technical leadership on major tasks or technology assignments. • The ideal candidate will have a wide range of technical knowledge in Applicant should posses an in -depth understanding of ArcSight ESM, and be able to perform the functions of a Senior Analyst, Advanced Content Author, and Security Solutions Architect. • Applicant should be able to provide a practical solutions-based approach for design and implementation of a complete enterprise SIEM deployment, and understand methodologies, terms, concepts, and best practices within the context of the HP ArcSight product line. Duties & Responsibilities: • Assist in the Information Assurance Office activities to support with the installation, configuration, troubleshooting, customization and optimization of the ArcSight product suite and its dependencies. • This position requires strong knowledge in network security operations and familiarity with a variety of endpoint security products. • The candidate will develop ArcSight specific content including reports, filters, trends and dashboard content. The candidate must be experienced with ArcSight in order to provide optimization, tuning, and flex agent development. The successful candidate should be very experienced in IT networks, security systems design, and deployment and troubleshooting. • Duties will include the ability to lead the installation, configuration, optimization and customization of ArcSight software and appliances. • Required to translate customer requirements into use cases, design and implement as ArcSight content. The ability to perform system administration for ArcSight components and create customized dashboards for ArcSight ESM and Logger to elevate high threat items to incident responders. DOD 8570 CNDSP Infrastructure certification is desired. Qualifications • Expert level knowledge in defining an organization's ArcSight ESM Network Model • Extensive experience implementing the ArcSight suite of software and appliances in an Enterprise Environment • Experience developing ArcSight FlexConnectors • Proficient in Unix scripting • Ability to develop an ArcSight training program to be used to train our Systems Administrators, Network Administrators, Security Engineers, and Security Analysts in the efficient use of the ArcSight Suite • A Bachelor's degree from an accredited institution or equivalent in Computer Science, Information Systems, Engineering, or related technical discipline is required. • Significant experience may substitute for minimum educational requirements. • Must possess at least 8 years of hands on technical experience with a minimum of 5 year of experience in ArcSight ESM. • Ability to Create Advanced ESM content for Security Use Cases in order to find, track and remediate security incidents, including: Using variables and correlation activities, Customizing report templates to use dynamic content and Customizing notification templates to send the appropriate notification based upon specific attributes of an event Required Qualifications: • ArcSight Certified Analyst (ACSA) and or ArcSight Certified Integrator Administrator (ACIA) • Familiarity with network defense technologies including IDS/IPS, Firewalls, VPN • Determine appropriate Logger/ESM architecture to address specific log management requirements • Integrate Logger/ESM in peering and hierarchical deployments • Optimize ArcSight SmartConnector configurations for a Logger/ESM integrated environment • Identify types of criteria used to define system requirements • Present a thorough compilation of the various architectures and the pros and cons of each • Identify integration capabilities and best practices for each product • Identify data sources and ESM resources required to fulfill the objectives of the use case • Present multiple real-world scenarios that will be the basis of a complete implementation exercise • Must possess a CompTIA Security+ certification (baseline certification - day 1 requirement) • Minimum Certification as a DoD 8570 IAM II, must possess or able to obtain from hire date, within 6 months IAT Level II certification related to Release Management field • Must hold an active Department of Defense Security Clearance (interim Secret minimum - day 1 requirement). • Knowledge of DoD directives 8500.2, 8530.2, CJCSI 6510, and DISA STIGS- specifically requirements pertaining to the access and retention of network device logs. • Strong customer service, organizational skills, knowledge of applicable DoD/Government policies and procedures. • Demonstrated exceptional ability to troubleshoot complex systems required. • Solid understanding of industry standard availability and security practices required. Additional Information To discuss on this, please contact: Himanshu Prajapat Call on: ************ **********************************

Cardinal Health, Inc. (NYSE: CAH) is a global healthcare services and products company. We provide customized solutions for hospitals, healthcare systems, pharmacies, ambulatory surgery centers, clinical laboratories, physician offices and patients in the home. We are a distributor of pharmaceuticals and specialty products; a global manufacturer and distributor of medical and laboratory products; an operator of nuclear pharmacies and manufacturing facilities; and a provider of performance and data solutions. Working to be healthcare's most trusted partner, our customer-centric focus drives continuous improvement and leads to innovative solutions that improve the lives of people every day. With approximately 50,000 employees worldwide, Cardinal Health ranks among the top fifteen in the Fortune 500. **_Department Overview:_** **Information Technology** oversees the effective development, delivery, and operation of computing and information services. This function anticipates, plans, and delivers Information Technology solutions and strategies that enable operations and drive business value. **Information Security and Risk** develops, implements, and enforces security controls to protect the organization's technology assets from intentional or inadvertent modification, disclosure, or destruction. This job family develops system back-up and disaster recovery plans, conducts incident responses, threat management, vulnerability scanning, virus management and intrusion detection as well as completes risk assessments. **Responsibilities:** + **M&A Integration Execution:** Collaborate and engage with IAM Lead and other business partners on planning, design, and execution of IAM integration strategies for M&A activities, ensuring alignment with overall business and security objectives. This includes assessing the IAM landscapes of merging entities to identify challenges and solutions. + **Design and Implement Sailpoint IIQ Solutions:** Configure and customize Sailpoint IIQ components (Lifecycel Manager, Compliance Manager etc). Also develop workflows, rules, and connectors for identity governance. + **Application integration with Sailpoint IIQ:** Integrate Sailpoint IIQ with enterprise applications, directories and cloud platforms in addition to developing and maintaining connectros for provisioning and de-provisioning. + **Sailpoint IIQ Development and Scripting:** Write and maintain BeanShell scripts, Java code and XML configurations, develop customer Sailpoint tasks and workflows. + **Identity System Merging & Consolidation:** Manage the complex process of merging disparate identity providers, user directories (e.g., Active Directory, Azure AD, LDAP), and access management systems from acquired companies into the existing infrastructure. + **User Lifecycle Management:** Streamline and automate user provisioning, de-provisioning, and periodic access reviews for employees, contractors, and partners across all integrated systems, ensuring smooth onboarding and offboarding during M&A transitions. + **Security & Compliance:** Ensure IAM systems and processes comply with regulatory requirements (e.g., GDPR, HIPAA, SOX) and internal security policies, providing auditable records of access activities. Protect against data breaches by ensuring only authorized personnel can access sensitive information. + **Technical Troubleshooting & Support:** Troubleshoot, identify, and resolve technical identity and access management-related issues, providing expert support to internal teams and end-users during and after integration. + **Collaboration & Communication:** Coordinate cross-functional teams, including Information Security, IT Operations, HR, and Application Development, to ensure effective IAM implementation and seamless integration with business processes. Communicate complex security concepts to technical and non-technical stakeholders. + **Documentation & Best Practices:** Develop, review, and maintain comprehensive technical documentation, including architecture diagrams, configuration guides, and operational procedures. Stay up-to-date with IAM best practices, regulatory requirements, and security trends. **Qualifications** + Experience with SailPoint IdentityIQ (IIQ) is a must + Experience with SailPoint IIQ Integrations (Workday, Active Directory/LDAP, Webservices, SCIM, JDBC, SAP) + Experience implementing Life Cycle Manager (LCM) Configuration workflow tasks that model business functions, including Lifecycle Requests (Role or Entitlement), Lifecycle Events (Joiner, Mover, or Leaver), and LCM Workflow Details (Workflows and Subprocesses) + Solid understanding of the SailPoint object model, rules, and policies + Experience with both lifecycle manager (LCM) and compliance manager (CM) modules + Knowledge of Active Directory, LDAP, Workday, and cloud platforms (GCP, MS Entra ID) is required + Proven track record of successful IAM implementations including large scale enterprise deployments. + Experience working within regulatory standards and requirements such as, SOX, HIPAA, GDPR etc. is desired. **Anticipated salary range:** $94,900 - $135,600 **Bonus eligible:** No **Benefits:** Cardinal Health offers a wide variety of benefits and programs to support health and well-being. + Medical, dental and vision coverage + Paid time off plan + Health savings account (HSA) + 401k savings plan + Access to wages before pay day with my FlexPay + Flexible spending accounts (FSAs) + Short- and long-term disability coverage + Work-Life resources + Paid parental leave + Healthy lifestyle programs **Application window anticipated to close:** 12/20/2025 *if interested in opportunity, please submit application as soon as possible. The salary range listed is an estimate. Pay at Cardinal Health is determined by multiple factors including, but not limited to, a candidate's geographical location, relevant education, experience and skills and an evaluation of internal pay equity. _Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply._ _Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal_ _Opportunity/Affirmative_ _Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law._ _To read and review this privacy notice click_ here (***************************************************************************************************************************

Akumin is unable to provide sponsorship now or in the future. Candidates requiring sponsorship, including those currently on CPT/OPT or any other visa requiring sponsorship, will not be considered. The compensation range is $110,000-$125,000 annually, with no room for negotiation above the top of the range. The Security Engineer I plays a vital role in securing Akumin's IT infrastructure, networks, and systems. This role focuses on designing, implementing, and managing advanced security solutions, as well as ensuring that the organization's security posture aligns with best practices and regulatory requirements. This position leads security operations including incident response and vulnerability management to prioritize and minimize cyber risk across the organization. Specific duties include, but are not limited to: * Monitoring and Incident Response: Establish monitoring and detection mechanisms to identify potential threats, and lead or assist in responding to incidents. * Vulnerability Management: Conduct vulnerability assessments, penetration testing, and remediation of security weaknesses. * Security Orchestration and Automation: Automate tasks where possible, using scripting and configuration management tools. * Design and Implementation of Security Systems: Architect and implement security controls, including firewalls, intrusion detection systems, and encryption technologies. * Security Control Improvements: Review of applications and systems to ensure industry best practices and security hardening. Position Requirements: * Bachelor's Degree or equivalent experience in IT Security, Computer Science. * A valid and active certification in Information Security or Cybersecurity. * 5+ years of hands-on experience in cybersecurity or a related field, including areas like network security, cloud security, and threat intelligence. * Innovative Mindset: Always looking for new tools, techniques, and strategies to improve the organization's security posture. * Communication: Strong ability to convey technical security issues to non-technical audiences, including management and other stakeholders. * Problem-Solving: Excellent troubleshooting skills with a proactive approach to solving complex security challenges. * Collaboration: Ability to work well with cross-functional teams, including DevOps, IT, and development teams, to integrate security into all layers of the organization's infrastructure. * Security Tools and Technologies: Proficiency with firewalls, IDS/IPS, endpoint protection, SIEM, encryption, VPNs, and multi-factor authentication (MFA). * Penetration Testing and Vulnerability Management: Strong knowledge of vulnerability scanning tools and penetration testing techniques, with the ability to find and exploit weaknesses in an organization's security infrastructure. * Network Security: In-depth understanding of networking protocols (TCP/IP, DNS, HTTP, SSL/TLS) and how to secure them. * Cloud Security: Expertise in securing cloud infrastructures, particularly AWS, Azure, or Google Cloud, including IAM, encryption, and security monitoring tools. * SIEM and Logging: Experience with configuring and maintaining SIEM platforms and analyzing logs for unusual activities. * 20% Travel may be required. Preferred (one or more): * Certified Information Systems Security Professional (CISSP) * Certified Ethical Hacker (CEH) * Offensive Security Certified Professional (OSCP) * GIAC Security Essentials (GSEC) * Certified Cloud Security Professional (CCSP) * AWS, GCP, or Azure Cloud Security Engineer Certification * Or other relevant cybersecurity certifications * DevSecOps: Experience integrating security into CI/CD pipelines and automating security controls in software development. * Zero Trust Architecture: Understanding of Zero Trust security models and their application in modern IT environments. * Identity and Access Management (IAM): Expertise in managing user identities and permissions, especially in cloud or hybrid environments. * Threat Intelligence: Ability to analyze and apply threat intelligence to enhance the organization's defense mechanisms. Physical Requirements: Standard office environment. More than 50% of the time: * Sit, stand, walk. * Repetitive movement of hands, arms and legs. * See, speak and hear to be able to communicate with patients. Less than 50% of the time: * Stoop, kneel or crawl. * Climb and balance. * Carry and lift 10-20 lbs. Residents living in CA, CO, CT, HI, IL, MD, MA, MN, NV, NJ, NY, RI, VT, WA, and DC click here to view pay range information. #LI-remote Akumin Operating Corp. and its divisions are an equal opportunity employer and we believe in strength through diversity. All qualified applicants will receive consideration for employment without regard to, among other things, age, race, religion, color, national origin, sex, sexual orientation, gender identity & expression, status as a protected veteran, or disability.

Job DescriptionOverview: East Tennessee R&D facility is currently seeking qualified applicants to serve as Junior Information Systems Security Officer (ISSO). The successful candidate should have a basic understanding of all aspects of cybersecurity. The candidate will collaborate with other teams across the lab, to include Information Technology, Physical Security, Classification Office, Cybersecurity, Lab Enterprise Risk, Lab Internal Audit, and others as appropriate. Primary Responsibilities: Provide assistance to the Information Systems Security Manager (ISSM) and Chief Information Security Officer (CISO) in the certification and accreditation (C&A) of systems/networks and implementation of cybersecurity requirements and procedures across the federal facility. Ensure systems are operated, maintained, and disposed of in accordance with DOE security policies and procedures and as outlined in applicable System Security Plans (SSPs). Establish and perform documented procedures for authorizing users to information systems Develop and maintain SSPs for system C&A. Identify, review, and provide analysis and recommendations to meet requirements of applicable laws, regulations, orders, and the contract, translate into policies, procedures, suggested control structures, analysis/white papers, aligning with business objectives Provide guidance on policies and controls to support appropriate levels of risk, facilitate risk tolerance discussions and decisions, and recommend controls based on industry standards and practices Participate in internal/external compliance audits, reviews, self-assessments, assessments, and data calls Identify, promote, and implement process improvements Qualifications Required: Experience in security control assessments, Master Plans, and Cybersecurity program plans Strong analytical and organizational skills as well as problem solving capabilities to understand Cybersecurity risk and exposure (legal, regulatory violations, etc.) Demonstrated experience implementing compliance frameworks (NIST, etc) Facilitation and project management knowledge, skills and abilities; lead program implementations Demonstrated excellent interpersonal, verbal, written and presentation communication skills and demonstrated ability to interact with all levels of internal and external stakeholders Strong customer service, networking, and teamwork skills with all levels of internal and external personnel, demonstrated ability to work with all levels of an organization Ability to work independently and meet deadlines High ethical standards and operates with integrity and professionalism Must be able to obtain and maintain a DOE Q security clearance Preferred Qualifications: Bachelor's degree in IT, Cybersecurity, Information Assurance, or related field and at least 5 years of experience in cybersecurity policy, risk management, governance, and compliance through a combination of education and experience may be considered for exceptional candidates. Minimum five years' experience working in an information security, information technology or information risk management related field Cybersecurity certifications (CISA, CISM, CRISC, CISSP, CCSP, SSCP) Incident Response Certification Privacy management, cybersecurity, evaluating security controls, identifying control gaps, and mitigating measures along with a strong understanding of business practices and technology concepts Thorough understanding of industry standards and regulations including PCI, HIPAA, Privacy Act, NIST 800-53, NIST Risk Management Framework, FAIR Working knowledge of privacy regulations and impacts Highly motivated individual with an enthusiasm for governance, risk and compliance who can communicate benefits and drive success Experience gaining an Authority to Operate (ATO) for a government system Proven track record of prioritizing tasking and meeting established deadlines Active DOE Q or TS clearance Special Requirement:This position requires the ability to obtain and maintain a clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse (WSAP) testing designated position. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program.

Remote | Product and Development | Full-Time WHO WE ARE Headquartered in Nashville, Tenn., Ncontracts leads the industry in integrated risk management and compliance solutions, serving over 5,000 financial institutions nationwide. As a seven-time Inc. 5000 Fastest Growing Companies honoree and consistent year-over-year recipient of "Best Places to Work" awards, we offer a thriving, work environment where career growth and life-work balance go hand in hand. At Ncontracts, you'll join a team of industry experts dedicated to strengthening the financial services sector through innovation and thought leadership. We're seeking creative, collaborative, and self-driven professionals across all areas of our business - from developing cutting-edge solutions to sales, marketing, customer support, and beyond. Join us in our mission to make the financial industry stronger and more resilient, while advancing your career in a supportive, dynamic environment that values your unique skills and perspectives. THE ROLE We're looking for a Product Security Engineer to embed security throughout our software development lifecycle. You'll work closely with engineering teams to secure our financial services platform, with particular focus on emerging AI technologies including Agentic AI systems. This role offers the opportunity to shape security practices in a cutting-edge fintech environment. WHAT YOU DO Participate in security architecture reviews and threat modeling for new features and systems Perform code reviews with focus on security vulnerabilities and best practices Design and implement security controls for cloud infrastructure (AWS, Azure, GCP) Participate in security assessments of AI/ML systems, including Agentic AI implementations Contribute to secure coding guidelines and security testing frameworks Integrate security tools into CI/CD pipelines (SAST, DAST, dependency scanning) Collaborate with DevOps team on infrastructure-as-code security practices Investigate and remediate security vulnerabilities across the technology stack Create security documentation for development teams and architectural decisions Support penetration testing activities and coordinate remediation efforts Research emerging threats and security technologies, particularly in AI/ML space WHAT YOU NEED 2+ years of experience in application security or product security engineering Bachelor's degree in computer science, Cybersecurity, or related technical field Strong programming skills in modern languages (Python, Ruby, Java, C#, JavaScript, PowerShell) Strong database experience with proficiency in SQL and PostgreSQL Deep understanding of web application security (OWASP Top 10, API security) Experience with cloud security architectures and containerization (Docker, Kubernetes) Experience with server administration across Linux and Windows environments Knowledge of security testing tools and methodologies (SAST, DAST, penetration testing) Experience applying risk assessment methodologies (DREAD, CVSS) to analyze security findings and establish data-driven remediation priorities Understanding of secure software development lifecycle (SSDLC) practices Experience with version control systems (Git) and CI/CD pipelines Experience with infrastructure automation using Ansible Demonstrated ability to communicate technical security concepts to diverse stakeholders and influence remediation efforts Self-motivated with ability to work independently and drive security initiatives to completion Experience collaborating with development teams to implement security fixes NICE TO HAVE Professional certifications (SAA-C03, PJPT, CSSLP, CEH, OSCP, AZ-400, AWS DevOps, or equivalent) Experience with AI/ML security, including model security and adversarial attacks Knowledge of financial services security requirements and data protection Experience with infrastructure-as-code tools (Terraform, CloudFormation) Background in threat modeling frameworks (STRIDE, PASTA, OCTAVE) Experience with security orchestration and automation platforms WE OFFER A fun, fast-paced work environment Responsible PTO Plan that meets or exceeds state and local medical and family leave laws 11 paid holidays Community and social events to keep you connected and engaged Mental Health Benefits Medical, Dental and Vision insurance Company-paid Group Life Insurance, Short- and Long-Term Disability Flexible Spending Account & Health Savings Account Aflac Benefits - Critical Illness, Cancer Protection, & Hospital Choice Pet Insurance 401 (k) with company match with eligibility on Day 1 of employment 2 Paid Volunteer Time Off Days And much more! Compensation Information Pursuant to state and local law disclosure requirements, the pay range for this role, with final offer amount dependent on education, skills, experience and location is $80,000 to $100,000 per year. This position may be eligible for an annual discretionary incentive award. The incentive award amount is dependent upon company performance and your personal performance and is not guaranteed. AAP/EEO Statement Ncontracts provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

The Security Engineer is responsible for ensuring that technical and procedural security controls are established and maintained within the organization and complies with a variety of security requirements as well as industry best practices. The position works closely with the Information Security Officer, IS leadership, and team members to implement and maintain security and compliance across LBMC. The Security Engineer will assist in managing Security Systems such as various endpoints, network logging, monitoring, physical access methods, and preventive systems as needed. The Security Engineer must focus on continuous improvement of response capabilities through automation and critical thinking. The professional is responsible for scrutinizing malware, targeted attacks, and intrusion detection. The Security Engineer will identify, investigate, and respond to information security alerts. They play an active role in searching through datasets, alerts, and notifications to detect any threats and anomalies. The security engineer will help resolve any issues related to network perimeter and security infrastructure devices. They must help resolve Windows and other security vulnerabilities. The Security Engineer must be able to dissect network, host, memory, and other artifacts that are originating from multiple operating systems and applications. The engineer will perform enterprise-wide operations to identify any undetected threats. It is the responsibility of the security engineer to develop alerting and detection strategies to investigate any unusual behavior. They must develop new defensive techniques to recognize any changes in adversary techniques and tactics. The Security professional must be involved in incident response and investigations. The Information Security Engineer may suggest tools and techniques to achieve security goals. The Security Engineer may perform well-researched security enhancement suggestions to the ISO which meet security standards that protect the organization from possible security breaches. Essential Responsibilities * Security Alerts: Review, respond, and remediate where applicable; * Vulnerability remediation (may also be tasked with vulnerability administration, enhancements, scans, and automation development opportunities); * Phish campaign monitoring and resolution; * Analyze security systems and seek improvements on a continuous basis; * Report possible threats or software issues; * Research weaknesses and determine ways to counter them; * Understand software, hardware, and internet needs while adjusting them according to our business environment; * Assist fellow employees with cybersecurity, software, hardware, or IT needs; * Carry out and support information security plans and policies; * Respond to, investigate, and assist in recovery efforts related to a security breach; * Assist in Security Awareness training development and support; * Troubleshoot security and network problems; * Ensure the organization's data and infrastructure are protected by enabling and/or recommending appropriate security controls; * Participate and follow the change management process; * Daily administrative tasks, reporting, and communication within Information Security as well as relevant departments within the organization, as needed or directed; * Administer, configure, and troubleshoot security infrastructure devices such as Varonis; * Test new software and firmware, as needed or directed. Operational Management * Work closely with IS Engineering, Security Engineers/Analysts, and other IS departments on corporate technology development to fully secure information, computer, network, and processing systems; * Recommend and implement changes, where appropriate, related to security policies and practices in accordance with changes in local and federal law; * Creatively provide resolution to security issues/problems in a cost-effective manner; * Collaborate with the Information Security Officer to establish and maintain systems for ensuring security and privacy policies are met. * Other security responsibilities as directed by the Information Security Officer Other Qualifications * Minimum of 1 - 3 years progressive experience in Cybersecurity technology development/engineering, with an emphasis on cybersecurity technology installations projects, administration, development, support, and related security tools/technology implementations; * Position requires a 4-year degree in Information Systems, Computer Science, Information Security or similar. An equivalent combination of education and experience will be considered; * For those not meeting the minimum education, additional work-related experience will be deemed equivalent; * CISSP or related certification is an advantage; * Strong knowledge of core IT and Security infrastructures including Active Directory, Azure AD, Microsoft Windows security controls, SIEM, AV/EDR [specifically Microsoft o365/E5], IPS, PIM, PAM, IAM, Certificate Management, vulnerability scanners, etc.; * Working knowledge and experience in the following areas: * Cloud computing security in Azure/Windows environments, security controls, security capabilities identification; * Experience in working on Microsoft products and can learn new systems quickly; * Experience with Nessus, Sentinel, Log Analytics, M365 Security stack, penetration testing, security patching, AppLocker, etc.; * Strong verbal and written communication skills required; * Must be able to handle multiple, simultaneous tasks effectively and efficiently while maintaining a professional, courteous manner; * Must be able to work well with others; * Must be detail oriented and organized; * High integrity, including maintenance of confidential information; * Must be able to exercise good judgement and positively influence others, including handling confrontations/conflict with poise and efficiency; * Focus on continuously improving skillset to meet security changes and challenges; * Based on business need, ability to work a flexible schedule, including some evenings and weekends as approved in advance or as required to support a security issue; * Regular and reliable attendance required.

We believe talent deserves a human touch. Your application will be read by an actual person who's excited to discover the real you. The Director of Information Security is the senior leader responsible for developing, implementing, and managing the company's security strategy across corporate operations, client environments, and our datacenter infrastructure. This role oversees endpoint security, datacenter security posture, vulnerability management, cyber insurance compliance, SOC audits, and internal/external Security Risk Assessments (SRAs). As a managed service provider, we must maintain a world-class security posture that protects our clients and internal assets. The Director of Information Security will lead this effort by driving policy, governance, and operational execution while working closely with Infrastructure, Service Delivery, Applications, and Executive Leadership. Key Responsibilities Security Leadership & Governance Develop, maintain, and oversee the company's information security strategy and roadmap. Establish a security governance framework, policies, standards, and procedures. Provide regular security reporting and risk analysis to the executive team. Serve as the primary security authority for the organization and a trusted advisor to leadership. Endpoint, Network & Datacenter Security Oversee security of all corporate and client-managed endpoints (servers, workstations, mobile devices). Ensure robust datacenter security controls over compute, storage, networking, and virtual environments. Collaborate with Infrastructure leadership on hardening standards, segmentation, access control, and change management. Direct vulnerability management efforts-identification, prioritization, remediation tracking. Compliance, Audits & Risk Management Lead SOC 2/SOC 1, cyber insurance assessments, and other compliance-related audits. Own and maintain risk assessment processes, including internal and external SRA's for clients. Ensure evidence collection, documentation accuracy, and policy alignment for all audits and certifications. Maintain incident response plans, disaster recovery planning contributions, and security playbooks. Cyber Insurance & Regulatory Requirements Maintain compliance with cyber insurance requirements; ensure mandated controls are documented and implemented. Act as the primary point of contact for insurance renewals, questionnaires, and security posture validation. Security Operations & Incident Response Oversee security monitoring, alert response, and escalation processes (partnering with SOC providers as needed). Lead and coordinate investigations for security incidents, breaches, and vulnerabilities. Drive root cause analysis and implement corrective actions and preventative controls. Cross-Functional Collaboration Partner with Infrastructure, Service Desk, Applications, and Client Success teams to ensure security integration across operations. Provide security guidance and support for client-facing solutions and managed services. Support pre-sales and client engagement by participating in security discussions, questionnaires, and SRA responses. Team Leadership Lead, mentor, and develop the internal security team (or build one if in early stages). Manage relationships with third-party SOC, SIEM, and security vendors. Cultivate a security-aware culture across the organization through training and communication. Required Qualifications 3-5+ years of progressive experience in information security, IT infrastructure, or related field. 3+ years in a leadership or management role. Strong understanding of endpoint security tools, SIEM/SOC operations, and datacenter/virtualization security. Experience with compliance frameworks such as SOC 2, NIST CSF, CIS, ISO 27001, or similar. Deep knowledge of identity and access management, network security, vulnerability management, and incident response. Experience completing or overseeing cyber insurance assessments. Ability to manage multiple security initiatives in a high-growth MSP environment. Preferred Qualification Experience in a Managed Service Provider (MSP) or consulting firm. Relevant certifications such as CISSP, CISM, CISA, CCSP, or similar. Experience leading SOC audit readiness and evidence management. Strong communication skills with both technical and executive audiences. Success Metrics Reduced vulnerabilities and improved risk scores across endpoints and datacenter. Successful SOC audits and compliance renewals with minimal findings. Timely completion and high-quality delivery of SRA's and security documentation. Increased maturity of internal security controls and improved cyber insurance posture. Strong cross-department adoption of security policies and processes. Compensation and Benefits $115,000 to $125,000 DOE 2 weeks paid PTO Hybrid work option Personal Office at MCA Who We are: At New Charter, we're building a caliber of business the IT industry hasn't yet seen. We are serving small-to-medium sized businesses in 10+ industries across North America, and we deliver best-in-class technology solutions to propel our clients into the digital world. At New Charter Technologies, we're investing in our people - through growth and learning initiatives, employee benefits, company innovation, and more. We are constantly seeking a diverse candidate backgrounds and perspectives to amplify inclusive hiring practices for each job opening. Our partner companies have career paths for many different role types, whether you want to be deeply technical or whiteboarding with clients, and we are committed to developing fulfilling career paths for all contributors at New Charter Technologies. ( Please note: Every application submitted through Workday is reviewed by a real person, not an AI. We value your time and take each submission seriously.) Our teams are dedicated to pioneering breakthrough technologies, disruptive solutions, and transformative strategies. We're the architects of change, fostering an environment where bold ideas take flight, and creativity knows no bounds. At New Charter Technologies, we've embraced the idea that every individual brings something special to the table. Our foundation is based on the belief that each team member plays a crucial role in our collective success. Ready to be part of a dynamic and supportive community where your unique skills and personality shine? We're on a mission to make a difference, and we want you to be part of the story. Let's transform the world together and build a career that's as unique as you are! We are looking for driven and passionate people who are excited to work in an incredibly rewarding environment. So, if you are ready to learn, be inspired, solve problems, and grow professionally, apply today! Learn more here: Why New Charter. New Charter Technologies is committ e d to cr e ating an inclusiv e e nvironm e nt and is proud to b e an e qual opportunity e mploy er. New Charter re cruits, e mploys, trains, comp e nsat e s, and promot e s r e gardl e ss of rac e , color, r e ligion, s e x, s e xual ori e ntation, g e nd e r id e ntity, national origin, v e t eran, or disability status.

We believe talent deserves a human touch. Your application will be read by an actual person who's excited to discover the real you. The Director of Information Security is the senior leader responsible for developing, implementing, and managing the company's security strategy across corporate operations, client environments, and our datacenter infrastructure. This role oversees endpoint security, datacenter security posture, vulnerability management, cyber insurance compliance, SOC audits, and internal/external Security Risk Assessments (SRAs). As a managed service provider, we must maintain a world-class security posture that protects our clients and internal assets. The Director of Information Security will lead this effort by driving policy, governance, and operational execution while working closely with Infrastructure, Service Delivery, Applications, and Executive Leadership. Key Responsibilities Security Leadership & Governance Develop, maintain, and oversee the company's information security strategy and roadmap. Establish a security governance framework, policies, standards, and procedures. Provide regular security reporting and risk analysis to the executive team. Serve as the primary security authority for the organization and a trusted advisor to leadership. Endpoint, Network & Datacenter Security Oversee security of all corporate and client-managed endpoints (servers, workstations, mobile devices). Ensure robust datacenter security controls over compute, storage, networking, and virtual environments. Collaborate with Infrastructure leadership on hardening standards, segmentation, access control, and change management. Direct vulnerability management efforts-identification, prioritization, remediation tracking. Compliance, Audits & Risk Management Lead SOC 2/SOC 1, cyber insurance assessments, and other compliance-related audits. Own and maintain risk assessment processes, including internal and external SRA's for clients. Ensure evidence collection, documentation accuracy, and policy alignment for all audits and certifications. Maintain incident response plans, disaster recovery planning contributions, and security playbooks. Cyber Insurance & Regulatory Requirements Maintain compliance with cyber insurance requirements; ensure mandated controls are documented and implemented. Act as the primary point of contact for insurance renewals, questionnaires, and security posture validation. Security Operations & Incident Response Oversee security monitoring, alert response, and escalation processes (partnering with SOC providers as needed). Lead and coordinate investigations for security incidents, breaches, and vulnerabilities. Drive root cause analysis and implement corrective actions and preventative controls. Cross-Functional Collaboration Partner with Infrastructure, Service Desk, Applications, and Client Success teams to ensure security integration across operations. Provide security guidance and support for client-facing solutions and managed services. Support pre-sales and client engagement by participating in security discussions, questionnaires, and SRA responses. Team Leadership Lead, mentor, and develop the internal security team (or build one if in early stages). Manage relationships with third-party SOC, SIEM, and security vendors. Cultivate a security-aware culture across the organization through training and communication. Required Qualifications 3-5+ years of progressive experience in information security, IT infrastructure, or related field. 3+ years in a leadership or management role. Strong understanding of endpoint security tools, SIEM/SOC operations, and datacenter/virtualization security. Experience with compliance frameworks such as SOC 2, NIST CSF, CIS, ISO 27001, or similar. Deep knowledge of identity and access management, network security, vulnerability management, and incident response. Experience completing or overseeing cyber insurance assessments. Ability to manage multiple security initiatives in a high-growth MSP environment. Preferred Qualification Experience in a Managed Service Provider (MSP) or consulting firm. Relevant certifications such as CISSP, CISM, CISA, CCSP, or similar. Experience leading SOC audit readiness and evidence management. Strong communication skills with both technical and executive audiences. Success Metrics Reduced vulnerabilities and improved risk scores across endpoints and datacenter. Successful SOC audits and compliance renewals with minimal findings. Timely completion and high-quality delivery of SRA's and security documentation. Increased maturity of internal security controls and improved cyber insurance posture. Strong cross-department adoption of security policies and processes. Compensation and Benefits $115,000 to $125,000 DOE 2 weeks paid PTO Hybrid work option Personal Office at MCA MCA, a New Charter Technologies company, provides a fast, energetic work environment for those seeking technology careers in Chattanooga and Nashville. We're a top technology services provider in the Chattanooga area with a solid national reputation. We believe people are our most valuable assets so we're passionate about retaining and developing the best talent available. But more than that, we're a tight-knit group of professionals who work collaboratively to provide the highest possible levels of customer service and support. We treat team members with respect, providing an environment where diverse individuals have all the resources they need to perform to their full potential. In fact, we like to think working at MCA is more than just a job. We believe business isn't just about profitability. Having fun is also essential on the way to success. So, we celebrate achievements. We laugh a lot. We treat one another like family, always supporting each other. And we try not to take ourselves too seriously. MCA is committed to creating an inclusive environment and is proud to be an equal opportunity employer. MCA recruits, employs, trains, compensates, and promotes regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.

Business Information Systems Careers Provide: Competitive Pay and Benefits Job Security and Stability Global Impact and Purpose Diverse Career Paths Are you interested in learning a skilled trade that blends business operations with information technology? Are you an active‑duty service member, military veteran, or dependent looking to enter a versatile and fast‑growing field? Our partner school provides individuals like YOU with the training needed to enter the world of Business Information Systems - where technology, data, and organizational processes come together to support modern business operations. Even without prior IT or business experience, military veterans excel in this program due to their leadership, analytical thinking, and ability to adapt to complex environments. If you are a motivated learner seeking a career that combines technology with business problem‑solving, this vocational school opportunity is an excellent starting point. Our partner school is committed to helping students enter the business technology field by providing graduates with access and introductions to hiring managers who are actively hiring for Business Information Systems roles. We encourage you to ask about their career placement program and success rates. What's in it for you? A broad, flexible career path across multiple industries Accelerated training that prepares you for entry‑level roles quickly Industry‑recognized certifications (no degree required) Courses offered throughout the year to fit your schedule Training Details (same for all programs): Classes held in Tampa, Florida on a 15‑acre expanded campus 8-10 week training program, 6 days/week, 10 hours/day 50% hands‑on, 50% classroom instruction Students receive paid flight, lodging, and meals, plus retain their BAH Class size averages 15-20 students, with two cohorts per month GI Bill funds proudly accepted Please apply by completing our screening questions and uploading your resume. You will receive a call or email from us shortly to discuss an introduction to this program.

Weekly Schedule: Monday- Friday: 9am-5pm Primary Responsibilities Manages solution design from conception, through ARB, to delivery Primarily responsible for producing architecture documentation for security applications as assigned and as projects and programs of work dictate Maintains First Horizon's Security Architecture Pattern Inventory (across identity, data, application, network, and cloud) as a member of the Core Enterprise Architecture Team Leads security design workshops and POC efforts for new (security) capabilities Validates 3rd Party/Vendor Solutions for security concerns Aligns Information Security Technology strategy and planning with First Horizon's business goals and objectives Promotes the use of a shared infrastructure and application roadmap to reduce costs and improve how assets are secured Builds and maintains technical trusted advisor relationships with influential technical decision makers within Technology Works with engineers to ensure that technical solutions as delivered align with Information Security Standards and Policies Works with Portfolio technology leaders to include IT Risk and Security Exception initiatives in portfolio roadmap Manage Encryption Standards: key management, tokenization for payments, DLP/classification/handling; architect PCI DSS segmentation boundaries and compensating controls. Manage Network/Zero Trust Standards: microsegmentation across Azure and colocation; secure branch/office connectivity; define workload identity and continuous verification patterns; enforce least privilege. Detection/telemetry: Publish Splunk logging schema, retention, and correlation strategies; onboard logs from Azure, Colo, API Gateways, IAM, CyberArk, MFaaS, and core platforms; drive ATT&CK‑aligned detections and forensic readiness. Secure SDLC and supply chain: Operationalize threat modeling; collaboratively define CI/CD control overlays with DevOps; establish artifact signing/SBOM standards; ensure secrets handling and container/Kubernetes baselines where applicable. Governance and risk: Maintain control overlays mapped to FFIEC/GLBA/PCI/NIST; lead design reviews; manage exceptions with remediation timelines; produce audit-ready decision records in partnership with the CISO team. Payments and third-party/SaaS: Define intake and security requirements for MFaaS, Salesforce, ServiceNow, FIS/Fiserv/Bottomline integrations-identity, logging, data handling, and PCI scoping. Physical security integration: Align building access, video, and visitor systems with identity and logging patterns; coordinate incident playbooks with Corporate/Physical Security. Enablement and influence: Mentor senior architects and engineering associates; lead communities of practice; communicate strategy, benefits, and trade-offs to executives and delivery teams. Requirements Bachelor's degree in Computer Science, Management Information Systems, or related field (12+) years of Information Security experience (7+) years of Security Architecture Experience in regulated financial services Experience with Azure security architecture across multi-tenant/region and hybrid environments; strong Zero Trust and network segmentation expertise Regulatory fluency: FFIEC, GLBA, PCI DSS; practical NIST CSF/800-53 mapping; MITRE ATT&CK‑aligned detection design. Experience with technical documentation like interaction diagrams, process diagrams, network topologies and other architectural content Experience with Agile/SAFe methodologies Experience with Enterprise Architecture Governance: ARB/design councils, exception handling, and audit narratives; ability to set and harmonize enterprise standards. Certifications/Licensures Strongly preferred: CISSP or CompTIA Security+ Microsoft Azure Security Engineer or Azure Solutions Architect Expert Preferred: CCSP; CISM or CRISC; SANS GCSA or GCLD; PCI Professional (PCIP) or equivalent GIAC enterprise defense/IR certifications Skills And Competencies Ability to adapt to new technologies and learn quickly Enterprise architectural leadership across identity, cloud, application, data, and network security. IAM for associates (Entra ID, Active Directory) and clients (Transmit Security, ForgeRock/Ping, or Okta); OAuth/OIDC; phishing-resistant MFA/passkeys; PAM integration and privileged pathway design. Integration Security: FAPI, OAuth2.0, FDX, mTLS, rate limiting, schema validation, abuse/bot mitigation, CIAM integration, OWASP, and high-quality telemetry to Splunk. Secure SDLC and supply chain: threat modeling, pipeline security, artifact signing/SBOM, dependency hygiene, and secrets management. Communication, influence, and enablement: ability to translate risk to business impact, drive adoption, and coach peers and engineers. Ownership and execution: measurable risk reduction, pattern adoption, and cross‑team collaboration. About Us First Horizon Corporation is a leading regional financial services company, dedicated to helping our clients, communities and associates unlock their full potential with capital and counsel. Headquartered in Memphis, TN, the banking subsidiary First Horizon Bank operates in 12 states across the southern U.S. The Company and its subsidiaries offer commercial, private banking, consumer, small business, wealth and trust management, retail brokerage, capital markets, fixed income, and mortgage banking services. First Horizon has been recognized as one of the nation's best employers by Fortune and Forbes magazines and a Top 10 Most Reputable U.S. Bank. More information is available at ********************* Benefit Highlights • Medical with wellness incentives, dental, and vision • HSA with company match • Maternity and parental leave • Tuition reimbursement • Mentor program • 401(k) with 6% match • More -- FirstHorizon.com/First-Horizon-National-Corporation/Careers/Our-Benefits Follow Us Facebook X formerly Twitter LinkedIn Instagram YouTube