Security architect jobs in Norwalk, CT

Job DescriptionBenefits: 401(k) 401(k) matching Competitive salary Title: Cyber security Architect Work authorization: US Citizen Key Responsibilities Design and develop enterprise-class architecture across assigned technologies. Manage project tasks, timelines, deliverables, and technical resources. Review firewall policies to identify, analyze, and report cybersecurity gaps. Assess firewall interface configurations and provide detailed findings on security risks. Review and validate firewall zones for proper segmentation and compliance. Create comprehensive documentation, diagrams, and technical artifacts to support system architecture. Collaborate with cross-functional teams to ensure secure, scalable, and reliable system implementations. Required Qualifications Minimum Experience: 8+ years of enterprise-level experience in technical architecture or related fields. Certifications: Multiple industry and/or vendor certifications (e.g., CISSP, CCNP/CCIE, AWS/Azure Architect, Security+). Education: Bachelors Degree in Computer Science or related field. Equivalent education or experience may be substituted. Preferred Skills Strong knowledge of cybersecurity frameworks and industry best practices. Expertise in firewall technologies, configurations, and policy management. Excellent analytical, documentation, and diagramming skills (e.g., Visio, Lucidchart). Ability to communicate complex technical concepts to both technical and non-technical stakeholders. Experience leading technical teams or acting as a project technical lead.

E*Pro Consulting service offerings include contingent Staff Augmentation of IT professionals, Permanent Recruiting and Temp-to-Hire. In addition, our industry expertise and knowledge within financial services, Insurance, Telecom, Manufacturing, Technology, Media and Entertainment, Pharmaceutical, Health Care and service industries ensures our services are customized to meet specific needs. For more details please visit our website ***************** We have been retained for providing recruiting assistance, for direct hires, by one of the world-leading information technology consulting, services, and business process outsourcing organization that envisioned and pioneered the adoption of the flexible global business practices that today enable companies to operate more efficiently and produce more value. Job Description Required Skills: • knowledge of SAP Identity Management 7.2 version • knowledge of SAP IDM integration points with SAP and non-SAP products/tools • LDAP/Active Directory, PD-Org, NWBC, Solution Manager 7.1. • Experience in SAP security, SAP GRC is a plus. • Basis experience is a plus • 6+ years of SAP Identity Management Implementation and support experience. • Experience as the SAP IDM SME in at least 2 implementations • Experience with gap analysis and strategic roadmap/blueprint development • Experience in configuring SAP IDM for user provisioning in a complex SAP landscape comprising of ABAP, JAVA and duel stack systems as well as non-SAP systems • Involve in Onsite-Offshore coordination activities (handover-takeover, off business hour activity tracking, offshore reporting) • Provide SAP IDM support to SAP implementation as well as support teams and internal customers/clients Additional Information All your information will be kept confidential according to EEO guidelines.

EY is seeking a Chief Information Security officer (CISO) for the US Government & Public Sector (GPS). The CISO is the senior executive responsible for enterprise cybersecurity strategy, governance, and execution across both classified and unclassified environments. This includes compliance with DFARS/CMMC, NIST SP 800-37, NIST SP 800-171, NISPOM, and FedRAMP; secure software development; cloud security in Azure Government and Microsoft 365 GCC High; and enterprise incident response. The CISO partners closely with the COO, CIO, Legal/Contracts, Risk Management, and the Facility Security Officer (FSO). US GPS encompasses EY's US Federal, state, and local government client portfolio. This senior leadership role will have significant team leadership responsibilities with visibility to internal and client stakeholders. **Responsibilities** + The successful candidate will work with GPS engagement teams, supporting functions, and EY's Client Technology and Global Information Security organizations to develop and maintain a security and compliance program across all environments, platforms and applications used or desired for use by GPS. Responsibilities include: + Strategy, Governance and Risk Management + Development and execution of a multi‑year cybersecurity strategy and investment roadmap aligned to business objectives and federal contract requirements. + Development, management and maintenance of the GPS IT security risk management policy and/or procedural documentation mapped to NIST SP 800-37 (RMF), NIST SP 800‑53, NIST SP 800‑171, NIST SP 800‑161 (C‑SCRM), and NIST SP 800‑218 (SSDF) + Ownership of the enterprise risk assessment (ERA), business impact analysis (BIA), and security metrics; present posture and material risk to the COO on a recurring cadence. **Defense Industrial Base Compliance (Classified & Unclassified)** + Manage GPS compliance with DFARS ************, ************, and ************. This includes: + Leading DFARS/CMMC readiness and ongoing compliance. + Serving as the Affirming Official (AO) and maintaining an accurate SPRS self‑assessment score with defensible Plans of Action and Milestones (POAMs). + Achieving and maintaining CMMC certification at level 2. + Overseeing management and maintenance of POAMs. + Ensure systems operated for the government are designed properly and assessed against the appropriate requirements such as FedRAMP, Cloud Computing Security Requirements Guide, IRS 1075, and MARS-E. + Ensure safeguarding and incident reporting obligations for CUI (e.g., DFARS ************ 72‑hour reporting) are met; coordinate with DC3/DIBNet and affected customers when necessary. + Oversee NISPOM compliance for classified systems; partner with FSO to achieve and maintain Authorizations to Operate (ATOs). + Ensure proper handling of export‑controlled data (ITAR/EAR). + Prepare for and lead Program through contractually required assessments and customer audits; keep evidence, policies, configurations, and logs audit‑ready. + Respond to government inspections or audits in coordination with EY Information Security and Risk Management. **Secure Cloud, Identity & Enterprise Platforms** + Own security architecture and controls for Azure Government (Azure Gov) and Microsoft 365 GCC High tenants, including Conditional Access, PIM/PAM, encryption, logging/retention, and data governance for CUI. + Implement Zero Trust principles across identity, endpoints, networks, and workloads; drive continuous verification and least‑privilege. + Deploy and operate EDR/XDR, SIEM/SOAR, DLP, CASB/SSE/SASE, MDM, key management/HSM, and vulnerability/configuration management at scale. + Oversee user authorization process and ongoing attestation of user authorization and access. + Assist to resolve GPS practitioners' access or other issues with Enclave environments. + Ongoing development, coordination and sustainment of Information Security Continuous Monitoring (ISCM) Program across all applications within the environment. **DevSecOps & Secure SDLC** + Establish a software security program aligned to NIST SSDF (SP 800‑218) and EO 14028 expectations; integrate security into SDLC across GitHub and Azure DevOps. + Govern AppSec tooling and policy: SAST (e.g., Checkmarx), DAST (e.g., Qualys/AppScan), SCA/OSS (e.g., Mend), IaC/container/K8s scanning, and Wiz/Wiz Code; enforce build‑time gates and remediation SLAs. + Require SBOM generation, artifact signing/provenance (e.g., SLSA targets), and secrets management across all repositories and pipelines. **Detection, Response & Resilience** + Develop, manage and maintain GPS incident response program. + Lead SOC and CSIRT functions: 24×7 monitoring, threat intelligence, purple/red‑team exercises, and executive tabletop drills. + Maintain and test the Incident Response Plan and Cyber Crisis Playbook, including regulatory/customer communications and forensics preservation. **Effective Business Integration** + Ensure development of fit-for-purpose solutions that support the business activities. + Manage integration of Firm applications into the GPS Enclave environment. + Understand and facilitate communication of EY's IT disaster recovery and business continuity plans to GPS clients, potential clients and engagement teams (including engagement team responsibilities). + Augment existing Client Security Assurance reviews of data protection requirements contained in RFPs/RFQs to adequately respond, and assist in development of GPS client security and data protection (confidentiality) plans. + Monitor regulatory or other developments in INFOSEC principles, regulatory requirements and leading practices. **Leadership, Team and Budget** + Role model a leadership style that brings infrastructure, application and cybersecurity professionals together to collaborate constructively on the design, implementation and operation of controls. + Build and mentor a high‑performing organization spanning Policy/GRC, AppSec/DevSecOps, Security Engineering/Architecture, SOC/IR, and Third‑Party & Supply‑Chain Risk. + Own the cybersecurity budget and vendor portfolio; rationalize tools and services for value, performance, and compliance. + Participate in purchasing and enhancement of third-party tools for GPS. + Augment and potentially streamline existing Vendor Supplier Risk Assurance Program during evaluation of subcontractor compliance with applicable cybersecurity and data protection clauses. + Drive a security‑first culture: ongoing training, phishing simulations, secure coding education, and leadership engagement including data protection and awareness and role-based training programs. + Coordinate and respond to annual (or more frequent) independent risk assessments and cyber security reviews. **Qualifications:** + 12+ years of progressive cybersecurity leadership, including 5+ years at the enterprise or business‑unit executive level. + 5+ years FISMA related experience + Bachelor's degree in IT-related field or bachelor's degree in non-IT related field with a total of 10 years of information security experience + Master's degree preferred + Ability to obtain and maintain Top Secret clearance + US citizenship required + Must have government sector experience + Thorough knowledge and understanding of: + FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems + DFARS ************, Safeguarding Covered Defense Information and Cyber Incident Reporting + NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations + NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations + GSAM 552.239-70, Information Technology Security Plan and Security Authorization, 552.239-71, Security Requirements for Unclassified Information Technology Resources and similar clauses in agency FAR supplements + FISMA + Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework + Proven experience in the Defense Industrial Base with DFARS/CMMC and NIST SP 800‑171 implementation and audits (including POA&M and SPRS management). + Experience with FEDRAMP compliance authorization and monitoring + Deep expertise securing Azure Government and Microsoft 365 GCC High environments + Experience working with other Government cloud communities, including AWS + Experience working with classified environments, achieving/maintaining ATOs, overseeing classified systems under NISPOM and DoD RMF, and working understanding of SCIF operations + Knowledge and experience with vulnerability scanning execution, assessment, and analysis + Knowledge and experience of networks, including LAN and WAN + Knowledge and experience with application security, database security, and network security + Experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines + Hands‑on leadership of DevSecOps and software security programs covering GitHub/Azure DevOps/Jenkins with SAST/DAST/SCA, IaC/container security, SBOMs, and supply‑chain controls. + Demonstrated analytical, problem-solving, organizational, interpersonal and communication skills required. + The ability to collaborate effectively with diverse stakeholders, including client-facing, legal, finance and contracting teams, executives, engineers, customers and assessors on a wide variety of tasks, as needed. + Ability to foster professionalism and demonstrate integrity and confidentiality in all actions. + Ability to demonstrate flexibility when required, sense urgency, organize and prioritize work, and achieve against tight deadlines. + The ability to interpret and communicate regulatory requirements related to cybersecurity and data protection. + Possession of excellent written/verbal communications skills. + Possession of excellent analytical skills, including strict attention to detail. + Ability to assess and weigh current and evolving security threats in an operational environment + Possession of Information Systems Security Professional certification (CISSP) + Certifications such as CISSP, CISM, CCISO, CCSP, CRISC, CISA, PMP, and relevant GIAC credentials preferred **What we offer you** At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more . + We offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $235,700 to $466,700. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $282,900 to $530,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. + Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. + Under our flexible vacation policy, you'll decide how much vacation time you need based on your own personal circumstances. You'll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. **Are you ready to shape your future with confidence? Apply today.** EY accepts applications for this position on an on-going basis. For those living in California, please click here for additional information. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. **EY | Building a better working world** EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY's Talent Shared Services Team (TSS) or email the TSS at ************************** .

This role is Hybrid, 3 days a week to any local, US based UL Solutions Office. We are seeking a highly skilled Cloud Security Engineer with strong Application Security expertise to join our security architecture team. This role will be responsible for designing, implementing, and maintaining secure cloud environments and applications across multi-cloud platforms, with a focus on Azure. The ideal candidate will have hands-on experience with cloud-native security tools, DevSecOps practices, and compliance frameworks such as NIST 800-53, SOC 2, and CIS Controls. Cloud Security Engineering + Design and implement security controls for cloud infrastructure (Azure, AWS, GCP). + Develop and maintain security architecture patterns (e.g., hub-and-spoke, Zero Trust). + Integrate security tools such as Wiz, Microsoft Defender for Cloud, Silverfort, and Terraform. + Conduct threat modeling and risk assessments for cloud-native services. + Collaborate with IAM, SOC, and GRC teams to align cloud security with enterprise policies. Application Security + Perform secure code reviews, static/dynamic analysis, and vulnerability assessments. + Integrate security into CI/CD pipelines using tools like Snyk, Checkmarx, or Veracode. + Guide development teams on secure coding practices and OWASP Top 10. + Design and implement API security strategies including OAuth2, OpenID Connect, and mTLS. + Support remediation of application vulnerabilities and provide technical guidance. Compliance & Governance + Map cloud and application security controls to compliance frameworks (NIST 800-53, SOC 2, CIS). + Assist in audits and evidence collection for regulatory compliance. + Maintain documentation of security architecture, policies, and procedures. + Bachelor's degree in Computer Science, Cybersecurity, or related field. + 3-4 years of experience in cloud security engineering and application security. + Strong understanding of Azure security services and architecture. + Experience with infrastructure-as-code (Terraform, Bicep). + Familiarity with Snowflake security features and data protection strategies. + Knowledge of identity and access management (Azure AD, Conditional Access, MFA). + Hands-on experience with DevSecOps tools and practices. Preferred Qualifications + Certifications: Azure Security Engineer Associate, CISSP, CCSP, OSCP, or GIAC. + Experience with multi-subscription Azure environments. + Familiarity with Zero Trust architecture and implementation. + Experience with security automation and orchestration. Soft Skills + Strong analytical and problem-solving skills. + Excellent communication and collaboration abilities. + Ability to work independently and in cross-functional teams. + Passion for continuous learning and staying current with security trends. What you'll experience working for ULS UL Solutions has been pioneering change since 1894 and we're still leading the way. From day one, we've blazed a trail protecting the planet and everyone on it. Our teams have influenced billions of products, plus services, software offerings and more. We break things, burn things and blow things up. All in the name of safety science. That's where you come in - because none of it could happen without you. It takes passion to protect people, problem-solving to safeguard personal data and conviction to make the world a more sustainable place. It takes bold ideas and brilliant minds to build a better world for future generations across the globe. This is more than a job. It's a calling. A passion to use our expertise and play our part in creating a more secure, sustainable world today - and tomorrow. As a member of our safety science community, you'll use your ideas, your energy and your ambition to innovate, challenge and ultimately, help create a safer world. Everyone here is unique. But we're also a global community, working together to help create a safer world. Join UL Solutions and you can connect with the brightest minds in the business, all bringing their distinct perspectives and diverse backgrounds together to deliver real change. Empowering our customers to keep the world safe means thinking ahead. It means investing in training and empowering our people to learn and innovate. At UL Solutions, we help build a better future - one where everyone benefits. Join UL Solutions to be at the center of safety. To learn more about us and the work we do, visit UL.com Total Rewards: We understand compensation is an important factor as you consider the next step in your career. The estimated salary range for this position is $95,000 to $120,000 and is based on multiple factors, including job-related knowledge/skills, experience, geographical location, as well as other factors. This position is eligible for annual bonus compensation with a target payout of 10% of the base salary. This position also provides health benefits such as medical, dental and vision; wellness benefits such as mental and financial health; and retirement savings (401K) commensurate with the standard rewards offered in each individual location or country. We also provide full-time employees with paid time off including vacation (15 days), holiday including floating holidays (12 days) and sick time off (72 hours). #LI-SG2 #LI-Hybrid UL LLC has been and will continue to be an equal opportunity employer. To assure full implementation of this equal employment policy, we will take steps to assure that: Persons are recruited, hired, assigned and promoted without regard to race, color, age, sex or gender, sexual orientation, gender identity, gender expression, transgender status, religion, creed, national origin, ethnicity, citizenship, ancestry, disability, genetic information, military or veteran status, pregnancy, marital or familial status, or any other protected category under applicable law.

**Introduction** The CISO Cybersecurity Operations Platform (CSOP) team is looking to add an engineer to the Analytics and Data Exploitation team. The Platform provides the technology, services and expertise required by IBM's Cyber Threat Detection and Response teams. We support the Advanced Threat Detection (threat hunting, intelligence, incident response), Vulnerability Detection and Response, Innovation and Remediation, Security Operations Centers and Command Centers teams to deliver enterprise-wide security to one of the world's most established technology companies. We process tens of billions of events per day, meaning effective analysis and data exploitation practices are critical to our success. This is a technical position within the Analytics and Data Exploitation team who employ commercial, open source and in-house developed tools to deliver critical cybersecurity services such as event processing, automation, complex analytics and support to digital investigations. This role operates across our development, test, pre-production and production networks to create, maintain and improve our services -an important component of which is fault-finding and the ability to work within complex, dynamic environments. The right candidate thrives in high-pressure situations and has practical experience working with Big Data technologies -such as Spark, Hadoop and Elasticsearch. The role requires a proven, practical knowledge of container orchestration technologies -specifically Kubernetes and RedHat OpenShift. The work will include the design and optimization of container-deployed systems, as well as the day-to-day engineering and administration of the orchestration environment. This includes cluster management, Pod assignment / configuration, application virtual routing, security, container image registry management and optimization of the runtime engines. Wider knowledge of data ingestion, extraction, transformation and loading technologies is important - including Streamsets and Flink. The role is rounded-out by some software development tasks - all related to cyber security. These will involve Java, SQL, Python and automation scripting so experience with DevSecOps methods is highly advantageous. The Platform team employs hybrid cloud hosting and this includes provisioning, administration and management of services within environments spanning IBM Cloud, Amazon Web Services and Microsoft Azure. About the Team The CISO Cybersecurity Operations Platform (CSOP) team is looking to add an Email Security Engineer to the team. The CSOP provides the technology, services and expertise required by IBM's Cyber Threat Detection and Response teams. We support the Advanced Threat Detection (threat hunting, intelligence, incident response), Vulnerability Detection and Response, Remediation, Security Operations Center and Command Center teams to deliver enterprise-wide security to one of the world's most established technology companies. **Your role and responsibilities** Job Duties: · Contribute to the day-to-day work that supports our critical cybersecurity analysis and data processing workflows · Protect organization against phishing, spoofing, malware, and advanced threats while maintaining user experience and compliance · Familiarity with Exchange, ProofPoint Email Solutions, Powershell, Azure, and M365 suite · Design, implement and maintain secure email solutions within the Microsoft 365 tenant and related servces · Moniotr and respond to email-related security incidents, phishing attempts, and compromise events · Support the team leadership to improve overall exploitation of technologies that best serve our requirements · Partner with CIO and CISO teams to develop email security policies, rules, and playbooks - Work as part of a deeply technical, passionate team of engineers to tackle significant IT challenges **Required technical and professional expertise** · 3 or more years' experience in an email security engineer or similar role · Experience with Microsoft 365 Exchange or Proofpoint email solutions · Hands on experience with SPF, DKIM, and DMARC configuration and rollout at an enterprise level · Experience with (or a proven aptitude for) working within a fast-paced environment where the success criteria are defined by external factors. This includes having to change course quickly, based on the evolving needs of a complex and dynamic environment · Strong experience with incident response processes for phishing and email-based threats · Experience with IBM Cloud, AWS, Azure or similar cloud environments · Strong understanding of email protocols ISMPT, IMAP, POP3) and security controls · Familiarity with SIEM tools for monitoring and automation on email threats · Excellent problem-solving, communication, and documentation skills **Preferred technical and professional experience** · Experience with secure email gateways (Proofpoint, M365, etc) · Microsoft certification · Knowledge of zero trust frameworks and modern authentication methods (MFA, conditional access) · Familiarity with cloud-native security tools (Sentinel, Defender, XDR) · Understanding of email encryption solutions (TLS, S/MIME, PGP) · Experience in large enterprise environments with hybrid Microsoft Exchange deployments · Ansible experience is a strong advantage IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Our Deloitte Cyber team understands the unique challenges and opportunities businesses face in cybersecurity. Join our team to deliver powerful solutions to help our clients navigate the ever-changing threat landscape. Through powerful solutions and managed services that simplify complexity, we enable our clients to operate with resilience, grow with confidence, and proactively manage to secure success. Recruiting for this role ends on 12/31/25 The team Our Cyber Defense & Resilience offering assists clients in defending against advanced threats by transforming security operations, monitoring technology, data analytics, and threat intelligence. Helps manage and protect dynamic attack surfaces and provides rapid crisis and cyber incident response, ensuring clients can be ready for, respond to, and recover from business disruptions. Work You'll Do + Lead the design and deployment of Next-Generation SOC platforms, like Cortex XSIAM, including advanced detection rules and SOAR playbooks, and SIEM ingestion. + Integrate diverse log and telemetry sources, ensuring data quality and normalization. + Develop and optimize automated response workflows for incident containment and remediation. + Advise clients on advanced use cases, threat detection, and automation strategies. + Collaborate with cross-functional teams for solution enhancements and threat intelligence integration. + Present technical findings and recommendations to stakeholders. Required Qualifications + BA/BS degree in a technical field (e.g., Computer Science, Cyber Security) + 4-6 years of progressively responsible experience in cloud, network, or identity security domains, demonstrating increasing levels of responsibility, technical depth, and leadership over time + 3-4 years of experience with Security Operations tools and platforms including Cortex XSIAM, Cortex XDR, Splunk, or similar SIEM technologies + 3-4 years of Security Operations Center experience demonstrating expertise in detection engineering, automation and playbook development, or SOC maturity methodologies + 3-4 years of experience with one or more cloud service providers (AWS, GCP, Azure) and native security tools + 3-4 years of experience with management of log sources, data normalization, ingestion and manipulation of data + 3-4 years of experience working with detection and response platforms (EDR) like Microsoft Defender, Cortex XDR, CrowdStrike + 3-4 years of experience with governance, risk, or compliance initiatives involving common frameworks + Certifications including Palo Alto Networks' PCNSE or Certified Cybersecurity Associate or equivalent and/or similar cybersecurity certifications + Ability to travel up to 50%, on average, based on the work you perform and the clients and industries/sectors you serve. + Limited immigration sponsorship may be available Preferred Qualifications + Experience with Palo Alto Networks' platform of solutions including, but not limited to, next-generation firewalls, Cortex & Prisma Cloud, and Prisma Access, XDR, etc. + Strong understanding of vendor competitive analysis within Security Operations (e.g., competitive differences between competing SIEM solutions) + Proficiency with advanced scripting, playbook development within a SIEM, SOAR or Security platform + Basic proficiency with network routing protocols (e.g., BGP, ECMP) and network architecture concepts (e.g., network segmentation), in support of on-premise and secure cloud infrastructure use cases + Ability to communicate and advise on solution design based on client use-cases, requirements, or other success criteria + Previous consulting or "Big 4" experience + Relevant advanced cybersecurity or related network engineering certifications (e.g., CISSP, CEH, CCSP) Information for applicants with a need for accommodation: ************************************************************************************************************ The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. At Deloitte, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $102,500 - $188,900. You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.

We are seeking a Senior Security DevOps Engineer who will be responsible for a variety of objectives resulting in risk mitigation and remediation of internal & external security threats. This role performs advanced threat analysis, threat intelligence gathering & reporting, incident response activities, improves accuracy of security systems, improves existing processes, and works on Cybersecurity focused projects. Contract to hire Onsite 2 days a week located in New York Cybersecurity - Cyber Intelligence & Incident Response Responds to and remediates email, endpoint, threat intelligence, and network-based threats; provides forensic investigation and support. Provides after-hours support as needed for response activities. Integration experience. Collaborates with cross divisional and Cybersecurity teams to continuously improve security capabilities and response to threats in the most efficient and effective manner. Assists with projects to implement advanced technologies to prevent & identify malicious behavior within cloud environments, networks, endpoints, and email technologies. Operates products such as SIEM, SOAR, threat intelligence platforms, advanced email protection, EDR, cloud security products, IDS/IPS, Zero Trust tooling, and other security technologies. Scripting experience. Implements and performs threat analysis utilizing industry standard frameworks (kill chain/diamond model) and techniques. Proposes and helps review security plans and policies to improve environmental security. Maintains and produces metrics, operational playbooks, process diagrams and documentation for the Cybersecurity program. AWS and/or Azure knowledge. Produces and distributes operational and tactical threat intelligence reports. Other duties may be assigned as needed to address new security threats facing the enterprise. Ability to: Demonstrate great teamwork and partnership with internal teams for resolution of security-based issues. Python programming tasks and understand of programming in general. Perform security event correlation, triage, and analysis. Apply security Threat Intelligence while responding to and investigating security events or Incidents. Identify when an application, network, system, or user has been compromised by an internal or external threat. Work on multiple projects to improve security capabilities. Exercise strong understanding of defense-in-depth security best practices. Apply security engineering and architecture concepts to best understand how to employ the most effective security monitoring, response, and threat reporting. Demonstrate effective communication of security issues and topics to management and others. Work well under pressure and within a high paced environment. Maintain operational guidelines and standards for Cybersecurity.

What you'll do • Design and implement comprehensive data security architectures, with particular focus on database platforms (primarily SQL Server) • Develop and maintain enterprise-wide encryption strategies for securing structured and unstructured data both in transit and at rest, both and both on-premise and in the cloud • Enhance logging, monitoring and SecOps capabilities of enterprise databases and other data stores • Configure and optimize Identity and Access Management (IAM) solutions across data platforms and repositories to align to least privilege principles • Implement Data Loss Prevention (DLP) strategies and controls • Implement and maintain Information Rights Management (IRM) and Digital Rights Management (DRM) solutions • Design and implement data tokenization strategies where appropriate • Secure data processing pipelines and ensure appropriate controls for data workflows • Create and maintain data security documentation, including policies, procedures, and standards • Collaborate with development teams to ensure security best practices in data handling • Conduct vulnerability assessments of the firm's database architecture and associated data storage and processing systems • Assist in monitoring and managing security patching and upgrade processes for database platforms What's required • Bachelor's degree in computer science, cybersecurity, or related technical field • 6+ years of experience in data/database security engineering and governance • Deep expertise in database security, particularly SQL Server • Comprehensive understanding of data warehouse/data lake architectures and tools, particularly Databricks (required) • Subject matter expertise in Object Storage (eg: S3, Azure Blob, etc) and related security • Understanding of Active Directory Delegation (constrained vs. unconstrained) and associated best practices • Experience with 3rd-party SQL Server security governance and monitoring products (eg: Idera, Solarwinds) • Extensive knowledge of encryption technologies for both structured and unstructured data • Broad knowledge of secure data/file sharing solutions and ETL workflows • Experience designing and implementing data tokenization solutions • Experience with data classification and DLP technologies • Scripting/automation capabilities (eg: SQL, PowerShell, Python) • Commitment to the highest ethical standards Qualifications Ivy league colleges education preferred or huge plus. Additional Information All your information will be kept confidential according to EEO guidelines.

Duration: 6+ Months Experienced Firewall administrator for operational implementation, maintenance and configuration of firewalls. Key Responsibilities: Performs maintenance and changes in firewalls as required. Implementation of new firewalls as required Assists with troubleshooting network connectivity as it relates to firewalls Utilizes change management, request, and ticketing systems, documents status updates and problem resolutions Complete All assignments in a timely manner with an acceptable level of quality Maintains documentation related to work area Completes network change requests Follows documented processes, procedures and policies Performs customer service duties and responds to customer and project requests as defined by management Other related duties assigned as needed. Qualifications/Requirements: Bachelor's degree and with 3 to 4 years of operational experience administering Firewalls 4 or more years networking/firewall background Must have networking TCP/IP routing protocol experience Desired Characteristics: In-depth experience in security aspects of multiple platforms, operating systems, software, communications and network protocols is desired Competency in verbal, written, and presentation communications and interpersonal understanding Ability to understand customer's business needs. Leadership of work teams/groups Ability to work with all levels of employees Highly motivated and able to work effectively under minimal supervision in a fast-paced environment Team-oriented, placing priority on quality and the successful completion of team goals Organization and planning skills that include: time management, project coordination and management, and the ability to handle multiple deadlines and associated pressures. Competency in developing effective solutions to business problems Ability to analyze problems and to make decisions REQUIRED SKILLS YEARS OF EXPERIENCE WHEN THE SKILL WAS LAST USED Expert knowledge of Cisco Security products, ASA and Firepower Expert knowledge of NSX Expert knowledge of Palo Alto systems Security Certifications a Plus Must have networking TCP/IP routing protocol experience Networking/firewall background Operational experience administering Firewalls Additional Information All your information will be kept confidential according to EEO guidelines.

Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, procedures, and approaches to patient care, producing stellar outcomes and raising the bar for academic medical centers in the region and around the world. Our work to improve health outcomes in underserved communities is unparalleled in the United States. Our workforce is among the most diverse in the US: Montefiore associates speak 60+ languages. This is a hybrid position requiring being on-site as needed. ________________________________________ We are seeking a skilled and detail-oriented CMDB Engineer to join our IT team. This role will be responsible for developing, managing, and optimizing our ServiceNow Configuration Management Database (CMDB), supporting Discovery, service graph connectors, third-party data integrations, and IRE configuration. This role is critical to ensuring visibility, accuracy, and reliability of Configuration Items (CIs) throughout their lifecycle using the ServiceNow platform. ________________________________________ Responsibilities include: • Manage and enhance the ServiceNow CMDB, ensuring accuracy, completeness, and alignment with ITIL standards. • Configure and extend ServiceNow Patterns to improve data ingestion and normalization. • Deep knowledge of how to troubleshoot ServiceNow Discovery-related issues. • Maintain and enhance the ServiceNow CMDB following the Common Service Data Model (CSDM) framework. • Collaborate with infrastructure, network, and application teams to ensure proper CI identification and relationships. • Manage integration with other technologies (e.g., SCCM, vCenter, SolarWinds, etc.) feeding the CMDB. • Create and maintain CMDB documentation, architecture diagrams, and training materials. • Manage and maintain the Identification and Reconciliation Engine (IRE) rules. • Monitor and improve the CMDB Health Dashboard, ensuring ongoing health and governance of the “3 C's” - Completeness, Correctness, and Compliance. • Audit and validate CI data regularly to ensure appropriate CI class assignments, relationships, and attributes. • Oversee and optimize MID server health and ensure discovery schedules are accurate and up to date by liaising with the Network team. • Support audits, compliance, and risk initiatives by ensuring the integrity and traceability of CMDB data. Requirements include: • 7+ years of experience in an enterprise IT organization • Minimum of 3-5 years of hands-on experience with ServiceNow CMDB and Discovery • ServiceNow Certified System Administrator (CSA) certification is required to be eligible for this role. • Strong knowledge and practical experience with ServiceNow CSDM framework and the IRE configuration. • Experience with CI data normalization, reconciliation, and health reporting • Experience with third-party integrations like AWS, SCCM and JAMF • Proficiency in CMDB data modeling, CI class categorization, and relationship mapping. • Strong analytical and troubleshooting skills to manage data quality and Discovery issues. • Experience configuring and maintaining MID Servers and Discovery Schedules. • Bachelor's degree or equivalent experience. Preferred: • Other ServiceNow certifications such as Certified Implementation Specialist - CMDB, Discovery Fundamentals, is a plus. Department: Montefiore Information Technology Bargaining Unit: Non Union Campus: YONKERS Employment Status: Regular Full-Time Address: 3 Odell Plaza, Yonkers Shift: Day Scheduled Hours: 8:30 AM-5 PM Req ID: 224883 Salary Range/Pay Rate: $112,500.00 - $150,000.00 For positions that have only a rate listed, the displayed rate is the hiring rate but could be subject to change based on shift differential, experience, education or other relevant factors. To learn more about the “Montefiore Difference” - who we are at Montefiore and all that we have to offer our associates, please click here. Montefiore is an equal employment opportunity employer. Montefiore will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law. SF-DICE-MIT; LI-SC1-REDIRECT

Arcadis is the world's leading company delivering sustainable design, engineering, and consultancy solutions for natural and built assets. We are more than 36,000 people, in over 70 countries, dedicated to improving quality of life. Everyone has an important role to play. With the power of many curious minds, together we can solve the world's most complex challenges and deliver more impact together. Role description: Arcadis is seeking a Senior Security Consultant for our Water Business Line to work on a variety of engagements within our Risk and Resilience Management practice. Examples of the types of projects that the position will lead and support include: security assessment of sites, risk mitigation planning, security design and support for overall resilience planning. We are interested in candidates in the White Plains metro area. Candidates should be experienced with technical delivery of security projects for both private and public sectors. Candidates should have a comprehensive understanding of industry accepted security design and assessment tools and techniques including vulnerability assessments, CCTV, and access control design. Understanding of Crime prevention through environmental design (CPTED) is a plus. Candidates interested in this position should anticipate traveling within the United States, with a majority of travel being in the New York, Metro Area. Role accountabilities: * Work as part of the National Risk and Resilience Management team to plan and deliver security solutions for our clients. This will include directly working with clients to determine needs and deliver solutions. The ideal candidate will assist teams in the preparation of winning proposals through successful presentations. * This individual will be expected to assist in the growth of client relationships with preferred and target clients which will require working on projects across multiple sectors/industries * Deliver risk and resilience projects from inception to completion. * Provide technical support to our team of highly skilled risk and resilience management professionals. You will be expected to support the work of others and mentor entry level engineers & technical staff. Qualifications & Experience: * 15+years of relevant experience. * Bachelor's degree in civil/environmental engineering, and/or related field. * Understanding of security systems and assessments. * Demonstrated project delivery experience including budget and schedule monitoring responsibilities. * Familiarity with formal project management and delivery tools, methodologies, and processes. * Experience with the development of project proposals and work scopes. * This position requires a current valid driver's license and clean driving record. Preferred Qualifications * B.S. in Engineering, Homeland Security, Security Systems, or Information Systems Continue your career journey as an Arcadian. We can only achieve our goals when everyone is empowered to be their best. We believe everyone's contribution matters. It's why we are pioneering a skills based approach, where you can harness your unique experience and expertise to carve your career path and maximize the impact we can make together. You do meaningful work, and no matter where your next role in Arcadis takes you, you'll be helping to deliver sustainable solutions for a more prosperous planet. Make your mark; on your career, your colleagues, your clients, your life and the world around you. Together, we can create a lasting legacy. Our Commitment to Equality, Diversity, Inclusion & Belonging We want you to be able to bring your best self to work every day which is why we take equality and inclusion seriously and hold ourselves to account for our actions. Our ambition is to be an employer of choice and provide a great place to work for all our people. We are an equal opportunity and affirmative action employer. Women, minorities, people with disabilities and veterans are strongly encouraged to apply. We are dedicated to a policy of non-discrimination in employment on any basis including race, creed, color, religion, national origin, sex, age, disability, marital status, sexual orientation, gender identity, citizenship status, disability, veteran status, or any other basis prohibited by law. Arcadis offers benefits for full time and part time positions. These benefits include medical, dental, and vision, EAP, 401K, STD, LTD, AD&D, life insurance, paid parental leave, reward & recognition program and optional benefits including wellbeing benefits, adoption assistance and tuition reimbursement. We offer nine paid holidays and 15 days PTO that accrue per year. The salary range for this position is $110,000 - $150,000. Actual salaries will vary and are based on several factors, such as experience, education, budget, internal equity, project and location. #LI-ET1

Current Saint Francis Employees - Please click HERE to login and apply. Full Time Days PLEASE NOTE: Due to the nature of this role, candidates must be either local to the area or willing to relocate, as this position requires full-time onsite presence. Job Summary: As a member of the Information Security team, responsibilities include manages and mitigates information security risk by identifying, evaluating, assessing, designing, monitoring, administering, reporting and implementing systems, policies and processes. Provides information security risk insight and guides management on information security risk issues and serves as advisor to peers, team members and management. Minimum Education: Bachelor's degree in Computer Science, MIS, Computer Engineering, Cyber Security or related discipline. Licensure, Registration and/or Certification: None. One or more of the following certifications are preferred: Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC) or Certified Information Systems Auditor (CISA). Work Experience: 3 - 4 years related experience inclusive of two years working directly in an Information Services department and previous experience with HIPAA/PHI compliance programs, policies, procedures, risk assessments and audits. Knowledge, Skills and Abilities: In-depth knowledge of cyber security methodology and security practices. Knowledge of HIPAA, PCI, SOX, ISO and NIST cybersecurity frameworks. Knowledge of intrusion detection and intrusion prevention systems, penetration and vulnerability testing. Knowledge of data loss prevention, anti-virus and anti-malware software tools. Knowledge of computer networking, TCP/IP, routing and switching, network protocols and packet analysis tools. Knowledge of Windows, UNIX and Linux operating systems. Excellent problem solving and analytical skills. Excellent written and oral communication skills. Excellent organizational and interpersonal skills. Ability to work independently as well as in a team setting. Essential Functions and Responsibilities: Define, implement, and enforce information security policies, strategies, and procedures that align with healthcare laws and regulations, such as HIPAA. Conduct and/or support targeted risk assessment. Determine significant risk points and exercise process for risk assessment and risk acceptance. Review assessment results for vulnerabilities, gaps, control deficiencies, and work with key stakeholders to establish plans for sustainable resolution. Maintain an effective information security awareness program and educate internal teams on best practices. Ensures that business and clinical software applications include adequate information and security controls. Establish and maintain metrics based on the information security framework used at SFHS. Decision Making: Independent judgment in making decisions from many diversified alternatives that are subject to general review in final stages only. Working Relationships: Works directly with patients and/or customers. Works with internal customers via telephone or face to face interaction. Works with external customers via telephone or face to face interaction. Works with other healthcare professionals and staff. Works frequently with individuals at Director level or above. Special Job Dimensions: None. Supplemental Information: This document generally describes the essential functions of the job and the physical demands required to perform the job. This compilation of essential functions and physical demands is not all inclusive nor does it prohibit the assignment of additional duties. Information Technology - Information Security - Yale Campus Location: Tulsa, Oklahoma 74136 EOE Protected Veterans/Disability

For over 75 years, BIC has been creating ingeniously simple and joyful products that are a part of every heart and home. As a member of our team, you'll be a part of reigniting a beloved brand as we continue to reimagine everyday essentials in new, sustainable and responsible ways. Our "roll up your sleeves and get the job done" approach to work creates an environment where self-starters, problem solvers and innovative thinkers thrive. BIC team members are empowered to take ownership of their careers and bring their unique perspectives to the table to make a meaningful impact on our mission. It's a colorful world - make your mark by joining the BIC team today. As **Senior Cybersecurity Engineer,** you will collaborate and partner with a global, cross-functional team to build cybersecurity capabilities and improve maturity. This role involves designing, implementing, and managing security technology to protect the company from cyber threats. Besides, you will support incident response, investigations, playbook development and efforts to identify and mitigate risk. **In this role you will:** + Analyze, triage, and investigate alerts from various sources to determine the appropriate response or escalation + Document analysis, findings, and actions for case management and metrics + Support security incident response planning, procedure/playbook development and investigations + Participate in on-call rotation for off-hours escalations + Administer, optimize, and maintain the health of security tools, such as endpoint protection and response (EDR), network detection and response (NDR), and logging pipelines (Syslog/Cribl). + Assist with remediation of identified security risks + Minimum 6 years' experience in Information Technology or Cybersecurity + IT or cybersecurity certifications from industry recognized sources preferred **What you bring to BIC:** + Minimum 6 years' experience in Information Technology or Cybersecurity + IT or cybersecurity certifications from industry recognized sources preferred + Prior experience interpreting or analyzing log data and working with log pipelines + Triaging alerts from various sources, following playbooks, and escalating legitimate issues + Knowledge of security tools such as endpoint protection, firewalls, intrusion prevention, SIEM and EDR (CrowdStrike) + Strong understanding of Windows server and desktop operating systems, networking fundamentals, security concepts, Active Directory, Microsoft Azure, Office 365. + In-depth analytical and problem-solving skills to resolve complex issues BIC is an Equal Opportunity Employer. We strongly commit to hiring people with different backgrounds and experiences to help us build better products, make better decisions, and better serve our customers. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, veteran status, disability status, or similar characteristics. All employment is decided based on qualifications, merit, and business need. BIC is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any team member at BIC via email, or directly to a BIC team member in any form without a valid written search agreement in place for that position will be deemed the sole property of BIC, and no fee will be paid in the event the candidate is hired by BIC as a result of the referral or through other means.

Description We are looking for a highly skilled Cyber Security Engineer to join our team in Shelton, Connecticut. This long-term contract position offers an excellent opportunity to contribute to safeguarding critical systems and data. The ideal candidate will bring extensive experience in cybersecurity and IT, along with a proactive approach to identifying and addressing security vulnerabilities. Responsibilities: - Monitor and analyze security alerts from multiple sources to determine appropriate actions or escalation. - Maintain detailed documentation of investigations, findings, and resolutions for effective case management and reporting. - Develop and support security incident response plans, procedures, and playbooks. - Participate in an on-call rotation to handle off-hours security escalations. - Administer, optimize, and ensure the proper functioning of security tools, including endpoint protection, network detection, and logging systems. - Collaborate on remediation efforts for identified security risks and vulnerabilities. - Conduct in-depth investigations into security incidents to identify root causes and mitigate future risks. - Assist in the configuration and management of firewalls, intrusion prevention systems, and other security technologies. - Provide expertise in interpreting and analyzing log data to improve threat detection and response capabilities. Requirements - At least 6 years of experience in information technology or cybersecurity. - Industry-recognized certifications in IT or cybersecurity are preferred. - Proven ability to analyze and interpret log data, including working with log pipelines. - Hands-on experience triaging security alerts and escalating issues based on established protocols. - Familiarity with advanced security tools, including endpoint protection systems and firewalls. - Strong knowledge of Windows server and desktop operating systems, networking principles, and security concepts. - Proficiency in Active Directory, Microsoft Azure, and Office 365 environments. - Exceptional analytical and problem-solving skills to address complex security challenges. Technology Doesn't Change the World, People Do. Robert Half is the world's first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles. Robert Half works to put you in the best position to succeed. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity - whenever you choose - even on the go. Download the Robert Half app (https://www.roberthalf.com/us/en/mobile-app) and get 1-tap apply, notifications of AI-matched jobs, and much more. All applicants applying for U.S. job openings must be legally authorized to work in the United States. Benefits are available including medical, vision, dental, life and disability insurance. Employees hired for our FTEP Program are also eligible to enroll in our company's 401(k) or deferred compensation plan (if eligible). FTEP employees also earn paid time off for vacation, personal needs, and sick time and paid holidays. The amount of Choice Time Off (CTO) received varies based on years of service and is pro-rated based on the hours worked per week. A new FTEP employee earns up to 13 days of CTO and up to 10 paid holidays per calendar year. Learn more at roberthalfbenefits.com/Resources. © 2025 Robert Half. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking "Apply Now," you're agreeing to Robert Half's Terms of Use (https://www.roberthalf.com/us/en/terms) .

at Nuvance Health The Cyber Security Engineer will have responsibility for incident response along with a desire to relentlessly champion best practices. This role will perform all functions required to support day-to-day data security operations, supporting and maintaining a broad suite of cyber security operations infrastructure, serving as a tier 2 escalation point during incident response and investigations and monitoring compliance with IT security policy. Participate in the planning, design, installation, maintenance and tuning of security operations systems in support of security policies and best practice. Work with Information Technology staff and business units to assess risk and address security issues. Responsibilities: • Manage security responsibilities, including firewalls, proxy systems, SIEM, EDR and other security devices. 15% • Strong skills implementing and tuning security components. 15% • Server as an escalation point during incident response and investigations. 15% • Maintain cyber security operations tool to insure detection, response and remediation of latest security threats 15% • Create and review reports on event and incidents. 10% • Stay up to date with latest security threats and assist with developing defense strategy's to combat them. 10 % • Investigate and respond to security violations 10% • Ability to maintain in depth knowledge of security and networking infrastructure utilized by the company including the management and reporting of each. 10% Education Skills Experience • Bachelor's degree in computer science field required • 2 or more years Security Operations with a minimum of 4 years IT experience. • Demonstrated experience in Incident response investigations. • Working knowledge of EDR technologies. • Working knowledge of SIEM technologies. • Working knowledge of common vulnerability management tools. • Working knowledge of enterprise firewall technologies preferred. • Working knowledge of web filtering and proxies preferred. • Working knowledge of MDM solution preferred. • Experience with DLP and IPS/IDS systems preferred. • Working knowledge of email filtering product preferred. • Working knowledge of litigation hold processing and forensic investigations preferred. • Experience participating in Red/Blue/Purple team exercises. • Experience working with information security practices, networks, software, and hardware. Other Information: • CISSP, CEH, or other equivalent certification is a plus. • Disaster recovery and business continuity experience is a plus. • Working knowledge with HIPAA regulations as they pertain to the healthcare industry. Working Conditions: Manual: Some manual skills/motor coord & finger dexterity Occupational: Little or no potential for occupational risk Physical Effort: Sedentary/light effort. May exert up to 10 lbs. force Physical Environment: Generally pleasant working conditions Company: Nuvance Health Org Unit: 1795 Department: Information Security Exempt: Yes Salary Range: $40.43 - $75.10 Hourly

The Information Security Analyst plays a key role in advancing the company's Governance, Risk & Compliance (GRC) program by protecting enterprise information assets and ensuring compliance with regulatory, contractual, and ethical standards. This position offers hands-on experience across multiple security domains including policy governance, risk management, AI governance, and data security, making it an excellent opportunity for early career professionals or recent graduates passionate about cybersecurity and emerging technology risks. In this role, you will collaborate with teams across Information Security, IT, and Legal to drive initiatives that safeguard sensitive data, maintain compliance obligations, and promote responsible use of artificial intelligence and other advanced technologies. Responsibilities Governance & Policy Management Assist in developing, maintaining, and aligning information security policies with frameworks such as NIST CSF, ISO 27001, SOC 2, CIS, and the NIST AI RMF. Contribute to documentation and control mapping for new or updated regulations related to AI, privacy, and data protection (e.g., GDPR, CCPA, NIST 800-53 Rev 5). Support internal policy review cycles, ensuring consistent version control and executive approval. Risk Management Participate in enterprise risk assessments, including third-party, application, and AI model risk reviews. Help identify, document, and track remediation of security and privacy risks within the GRC platform (e.g., Drata, ServiceNow GRC, OneTrust, Vanta, etc.). Support the development of risk metrics and dashboards for leadership reporting. Learn to evaluate AI-related risks such as model bias, data leakage, data lineage, model transparency, and unintended data exposure. Data Governance & Data Security Assist with data classification, retention, and handling standards, ensuring sensitive data is appropriately protected. Support data inventory and mapping efforts to improve visibility where critical data resides. Help review access controls, encryption standards, and secure data transfer processes in coordination with IT teams. Collaborate with the IT team to ensure alignment between data quality, privacy, and security controls. Compliance & Audit Support Gather and organize evidence for internal and external audits (ISO 27001, PCI, HIPAA, etc.). Maintain control documentation and track audit remediation activities. Support continuous monitoring of compliance requirements and updates to regulatory obligations, including emerging AI governance and data-related laws. AI Governance Support Contribute to inventories of AI tools and use cases across the enterprise. Assist in risk assessments for AI systems, ensuring they align with responsible AI principles such as fairness, accountability, and transparency. Collaborate with IT and legal teams to ensure that AI use complies with company policies. Security Awareness & Communication Help design and distribute training materials related to cybersecurity, data protection, and responsible AI practices. Support internal campaigns promoting secure data handling and ethical technology usage. Prepare metrics, dashboards, and presentations for leadership briefings. Continuous Improvement Participate in projects that automate or streamline GRC processes, such as policy lifecycle management or risk scoring. Stay informed about new threats, regulatory trends, and AI governance frameworks. Engage in ongoing professional development and certification opportunities. Qualifications Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Data Science, or a related field is preferred 0-2 years of experience in cybersecurity, risk management, compliance, or data governance (internship or coursework acceptable). Understanding of cybersecurity principles, risk management, and data privacy fundamentals. Basic familiarity with AI systems, data governance concepts, or information security practices. Strong analytical, communication, and documentation skills. Ability to manage multiple priorities in a fast-paced environment. Proficient in Microsoft Excel, PowerPoint, and data analysis or GRC tools. Exposure to frameworks such as NIST CSF, ISO 27001, SOC 2, NIST AI RMF, or COBIT. Must be able to work in the U.S. without sponsorship Per applicable state requirements, the annual pay range for this position ($60,500 - $84,000) which consists of base salary (subject to performance), reflects the hiring range for candidates. Also note, an individual's offer may vary from this range as it may be impacted by additional factors, including but not limited to the candidate's hiring location, qualifications, experience, and market factors.

I have a client located in the East Setauket, NY area that has an opportunity for a Information Security Risk Analyst. If you or any of your colleagues are interested in discussing this opportunity please click Apply Now. In this role you will be an Information Security Risk Analyst for a client that works in the medical industry. This role is responsible for monitoring, determining, and reviewing potential and current information security risks. This is a 3 month and possibly longer contract. This role must be performed on-site. The pay on this role is $30.00 to $40.00 an hour based on experience. Job Requirements: 3+ years of experience with O365 and Purview platforms Experience reviewing daily Risky Users Ability to communicate with internal users to evaluate high risk access Ability to monitor the company's networks and identify security breaches Perform 3rd party security reviews using UpGuard TPRM tool Monitor DoJ DSP attestations and manage vendor communication and certs Help assist in creating IS runbook Document security processes Analyze Business Associate Agreements and provide recommendations on security & Liability Support Audit responses and investigations #VIS

E*Pro Consulting service offerings include contingent Staff Augmentation of IT professionals, Permanent Recruiting and Temp-to-Hire. In addition, our industry expertise and knowledge within financial services, Insurance, Telecom, Manufacturing, Technology, Media and Entertainment, Pharmaceutical, Health Care and service industries ensures our services are customized to meet specific needs. For more details please visit our website ****************** Job Description SAP Security & GRC Additional Information All your information will be kept confidential according to EEO guidelines.

Arcadis is the world's leading company delivering sustainable design, engineering, and consultancy solutions for natural and built assets. We are more than 36,000 people, in over 70 countries, dedicated to improving quality of life. Everyone has an important role to play. With the power of many curious minds, together we can solve the world's most complex challenges and deliver more impact together. Role description: Arcadis is seeking a Senior Security Consultant for our Water Business Line to work on a variety of engagements within our Risk and Resilience Management practice. Examples of the types of projects that the position will lead and support include: security assessment of sites, risk mitigation planning, security design and support for overall resilience planning. We are interested in candidates in the White Plains metro area. Candidates should be experienced with technical delivery of security projects for both private and public sectors. Candidates should have a comprehensive understanding of industry accepted security design and assessment tools and techniques including vulnerability assessments, CCTV, and access control design. Understanding of Crime prevention through environmental design (CPTED) is a plus. Candidates interested in this position should anticipate traveling within the United States, with a majority of travel being in the New York, Metro Area. Role accountabilities: Work as part of the National Risk and Resilience Management team to plan and deliver security solutions for our clients. This will include directly working with clients to determine needs and deliver solutions. The ideal candidate will assist teams in the preparation of winning proposals through successful presentations. This individual will be expected to assist in the growth of client relationships with preferred and target clients which will require working on projects across multiple sectors/industries Deliver risk and resilience projects from inception to completion. Provide technical support to our team of highly skilled risk and resilience management professionals. You will be expected to support the work of others and mentor entry level engineers & technical staff. Qualifications & Experience: 15+years of relevant experience. Bachelor's degree in civil/environmental engineering, and/or related field. Understanding of security systems and assessments. Demonstrated project delivery experience including budget and schedule monitoring responsibilities. Familiarity with formal project management and delivery tools, methodologies, and processes. Experience with the development of project proposals and work scopes. This position requires a current valid driver's license and clean driving record. Preferred Qualifications B.S. in Engineering, Homeland Security, Security Systems, or Information Systems Continue your career journey as an Arcadian. We can only achieve our goals when everyone is empowered to be their best. We believe everyone's contribution matters. It's why we are pioneering a skills based approach, where you can harness your unique experience and expertise to carve your career path and maximize the impact we can make together. You do meaningful work, and no matter where your next role in Arcadis takes you, you'll be helping to deliver sustainable solutions for a more prosperous planet. Make your mark; on your career, your colleagues, your clients, your life and the world around you. Together, we can create a lasting legacy. Our Commitment to Equality, Diversity, Inclusion & Belonging We want you to be able to bring your best self to work every day which is why we take equality and inclusion seriously and hold ourselves to account for our actions. Our ambition is to be an employer of choice and provide a great place to work for all our people. We are an equal opportunity and affirmative action employer. Women, minorities, people with disabilities and veterans are strongly encouraged to apply. We are dedicated to a policy of non-discrimination in employment on any basis including race, creed, color, religion, national origin, sex, age, disability, marital status, sexual orientation, gender identity, citizenship status, disability, veteran status, or any other basis prohibited by law. Arcadis offers benefits for full time and part time positions. These benefits include medical, dental, and vision, EAP, 401K, STD, LTD, AD&D, life insurance, paid parental leave, reward & recognition program and optional benefits including wellbeing benefits, adoption assistance and tuition reimbursement. We offer nine paid holidays and 15 days PTO that accrue per year. The salary range for this position is $110,000 - $150,000. Actual salaries will vary and are based on several factors, such as experience, education, budget, internal equity, project and location. #LI-ET1