Security architect jobs in Palisades Park, NJ

A financial firm is looking for a Chief Information Security Officer (CISO) to join their team in New York, NY. Compensation: $150-200K Responsibilities: Define and maintain the enterprise information security strategy, roadmap, and governance framework, aligned with business objectives and regulatory requirements Draft, maintain, and periodically review security-related policies and procedures Establish and chair/co-chair an Information Security / Cyber Risk Committee and contribute to Board-level reporting on cyber risk Develop and maintain the firm's information security governance framework Lead the firm's SOC 1 (Type 1/Type 2) and SOC 2 (Type 1/Type 2) readiness and ongoing attestation efforts Own the control catalog, control testing coordination, evidence collection, and remediation tracking across technology, operations, and third parties Act as primary security point of contact for external auditors, assessment firms, and key institutional partners Ensure security program alignment with SEC Regulation S-P, Reg S-ID, Reg SCI, SEC / Client cybersecurity expectations, and NYDFS 23 NYCRR 500 Partner with Compliance and Legal to interpret new regulations, assess impact, and implement necessary control and policy changes Maintain and periodically test the Incident Response Plan, Business Continuity and Disaster Recovery (BC/DR) from a security perspective Provide security oversight for cloud (AWS) and on-prem infrastructure, including network security, endpoint security, identity and access management (IAM), and data protection Work with Infrastructure/DevOps and application teams to embed secure SDLC practices, including code review, security testing, and secure deployment pipelines Oversee vulnerability management, including patch management processes, penetration testing, and remediation programs Define and oversee Security Operations Center (SOC) / XDR usage, log management, SIEM, threat detection, and incident handling Design and enforce data classification, data loss prevention (DLP), encryption, and key management controls Partner with business and product teams to ensure client data privacy and secure data flows, including with third-party vendors and partners Own the vendor security risk management program, including security due diligence, contract security clauses, and ongoing monitoring Evaluate and manage key security vendors Build and lead a small but high-impact security team, scaling capabilities over time Promote a security-first culture through training, awareness programs, and regular communication with staff at all levels Qualifications: Required Bachelor's degree in Computer Science, Information Security, Engineering, or related field; or equivalent experience 7+ years of progressive experience in information security, including at least 3 years in a leadership role (Head of Security, Deputy CISO, CISO, or equivalent) Hands-on experience leading SOC 1 and/or SOC 2 attestation projects at a financial institution, fintech, or SaaS provider Strong background in financial services or capital markets (broker-dealer, clearing firm, trading platform, or similar) Understanding of Information security frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001) Understanding of Regulatory landscape for U.S. financial firms (e.g., SEC, Client, possibly NYDFS 500) Experience with Identity & access management, network security, endpoint security, and cloud security (preferably AWS) Experience building and maintaining incident response, BC/DR, and vulnerability/patch management programs Strong track record of cross-functional leadership, communicating complex security and risk topics to non-technical executives and boards Preferred Experience as CISO, Deputy CISO, or security leader at a broker-dealer, clearing firm, exchange/ATS, or large fintech Professional certifications such as CISSP, CISM, CISA, CRISC, CCSP or similar Experience with AWS security services Familiarity with DevSecOps practices and secure CI/CD pipelines Experience managing data localization and cross-border data separation initiatives

You will provide guidance and technical support to clients deploying security integrations. You'll act as the technical partner, providing strategic guidance around complex systems to secure a digital environment. Interacting directly with the client, you'll partner closely with client personnel to guide and suggest integrations to better serve their success. Your thorough understanding of our product integrations contributes to the development of new principles and concepts - providing detailed analysis around what's working, what's not, and what could be better. You enjoy implementation work, are proactive about resolving potential concerns, and operate well around strict best practices that enable our clients on their road to a more secure digital world. You're creative, innovative, and you love a challenge - learning how integrations might work better around new products and technologies. Responsibilities Communicate with the customer(s), sales teams, peers, engineering and support teams as appropriate Understand the customer environment, requirements, and security roadmap to implement the appropriate security solution Configure, implement, and maintain Security Operating Platform Optimize and migrate policies and objects from the existing environment to our Next-Gen Firewall Test and validate the migration environment Coordinate and execute cutover to production Provide guidance on code upgrades Facilitate the development of new application and threat signatures Interact with our Technical Assistance Center (TAC) to understand and diagnose support cases Some travel may be required, dependent on customer request You work with the customer's security & network teams to build confidence across the business units impacted by the change Experience High level of experience with Panorama and log collectors NGFW Global Protect BS in Computer Science, MIS, business, or equivalent education/training/experience Minimum of 5 years' experience with network/security solutions and technologies (BGP, SD-WAN concepts, VXLAN and general routing and switching) Minimum of 3 years' experience leading security solutions in large environments) Detailed technical experience in the installation, configuration, and operation of high-end firewall appliances, ideally Palo Alto Networks products You're experienced in internetworking, LAN, and WAN technologies You have a good understanding of Internet protocols and applications Any of the following industry certifications or equivalent experience is a plus: CISSP, CCNA, PCNSE, JNCIE-SEC You effectively handle multiple projects and work calmly in high pressure You're an excellent writer, with strong verbal communication skills, with demonstrable ability to communicate to senior leaders and technical peers

This young and agile company, providing identity risk solutions is currently seeking a Senior Cloud Security Engineer with a focus on Infrastructure and Security to join their growing team. You will assist with the continuous maturation of their Cloud Security services within the Security division. This is an excellent opportunity for an experienced Cloud Security Engineer with experience in both Infrastructure and Security to take the next step into a challenging position with a company offering significant growth potential. About the Company: Founded in the last 10 years, they are one the fastest growing companies in their space. They are a fast-growing company that have built a platform that allows finance organisations and fintechs to strengthen their security defences. Their mission is to allow companies to manage their identity and fraud risk. Everything they do is entrenched in achieving engineering excellence. Their culture is not corporate, and they like to trust their employees to take on a lot of responsibility and have input into the shape of growth of the organisation. About the Senior Cloud Security Engineer (Infrastructure and Security) Vacancy: What you will be doing: • Serve as a cloud security subject matter expert, advise on and implementing best practices • Respond to security incidents and provide timely and appropriate solutions • Conduct cloud security risk assessments and audits • Conduct investigations into security incidents and potential threats • Take part in on call rotations for incident response and remediation • Assist with policy management, security audits, and due diligence for cloud security concerns • Advise on, configuring, and managing a variety of security tools • Keep informed about and respond to emerging security threats and vulnerabilities • Assist with cloud security reviews of potential vendors Ideal Requirements for the Senior Cloud Security Engineer (Infrastructure and Security) Vacancy: • Several years of experience working in a similar role with a focus on Cloud Security in AWS • Experience provisioning infrastructure in AWS using Terraform, CloudFormation, CDK, or similar tools • Experience configuring VPCs, route tables, NACLs, Security Groups, iptables, Web Application Firewall, Config, GuardDuty, Inspector, KMS, IAM, etc. • In depth knowledge of AWS security best practices around systems hardening, monitoring, and incident response • Experience taking part in an on-call rotation • You are passionate about securing infrastructure, reducing risk, and protecting data! • You are a subject matter expert on cloud security in AWS • You have a solid understanding of network architecture and protocols • You can advise on cloud security policies and procedures Apply to the Role: Roles like these are snapped up very quickly, so act now if you do not want to miss out! Reply to this advert or email your CV to **********************

This role is for a mid-to-senior Security Engineer who thrives in a lean, high-performance environment and takes a hands-on, engineering-first approach to security. You will operate as a generalist within a small security team, owning the design, build, and evolution of security systems that protect a highly technical organization with many proprietary platforms. This is not an analyst role; the focus is on building, integrating, and improving security capabilities end to end, with a strong emphasis on problem solving, automation, and how systems work together. You will design and implement enterprise-grade security monitoring, detection, and response solutions, integrating commercial tools and developing custom capabilities tailored to the environment. While the role includes reviewing and triaging alerts from detection and response platforms, the core responsibility is continuously improving detection quality, response workflows, and overall security posture. You will engineer and tune detections using structured data and JSON-based queries, develop automated response and orchestration workflows, and drive improvements across the full incident lifecycle. The position requires close collaboration with teams across the organization, translating security risks and technical concepts into clear, practical language for non-security stakeholders. You will partner with engineering, infrastructure, and product teams to embed security into systems and workflows, applying strong security principles that are portable across technologies rather than tied to a single toolset. The environment is fast-moving and production-heavy, with ongoing adoption of AI-driven technologies and modern development practices. The ideal candidate has several years of experience in security engineering, preferably in a fintech, startup, or similarly high-tech environment, and is accustomed to operating outside of large, siloed security teams. You bring strong hands-on experience with cloud and endpoint security platforms such as Azure, Microsoft Defender, and Elastic, with exposure to tools like Zscaler and Purview considered a plus. You are comfortable coding and scripting, particularly in Python, working with Git-based workflows, and applying infrastructure-as-code concepts. Experience building and operating detection and response systems, security orchestration and automation platforms, and threat-informed defenses is essential. They'll need someone who's fully authorized to work in the US without any sponsorship / visa (cannot support H1B).

Lead Security Engineer - Hands-On Role with Leadership Opportunity We're looking to hire a senior-level Security Engineer who's ready to step up and take the lead. Someone who's still very hands-on technically but also enjoys mentoring others, setting direction, and building scalable solutions that make a real difference. Title: Lead Security Engineer Salary: $160,000 to 190,000 +Bonus Location: Queens, NY (Hybrid) This role sits at the center of engineering, operations, and security-you'll be working directly with software and infrastructure teams to make sure security is embedded into everything we do. You won't just be managing tools; you'll help shape how security is done across the company. If you're based in the NYC area and looking for the next serious step in your career-where your ideas are heard and your work actually drives change-this is worth a conversation. What the Role Looks Like: You'll lead and mentor a small but growing team of security engineers, helping them grow while staying deep in the tech yourself. Work with internal teams to design and implement security solutions-cloud security, PAM, app and system hardening, etc. You'll be the one connecting the dots between development, infrastructure, and security-building relationships across teams and making sure security is part of the process from the start. Help optimize and improve the tools we already have, and figure out what's missing. What We're Hoping You Bring: A few years of experience leading or mentoring other security engineers-you don't need to have managed huge teams, but you've helped others level up. Solid technical background (5+ years in security engineering) and experience with on-prem and cloud security solutions (AWS or Azure). Hands-on knowledge of privileged access, identity management, system hardening, and network security. Strong instincts for risk, practical problem-solving, and keeping systems both secure and usable. Someone who communicates clearly, doesn't get lost in buzzwords, and works well with people across teams. Nice to Have, But Not Dealbreakers: Certifications like CISSP, CEH, CISM Experience with Linux security or scripting Familiarity with CI/CD pipelines and how security fits into DevOps Why This Role Might Be Right for You: You're ready for more responsibility and leadership, but don't want to give up the technical side of the work. You want to be part of a stable company with real backing and complex challenges to work on.

Type : Contract f2f Interview is must We are seeking an experienced AWS Security Engineer to design, implement, and manage security controls across Snowflake and Databricks environments. The ideal candidate will have strong expertise in AWS security, data platform governance, and Python-based automation to ensure secure, compliant, and efficient operations within our cloud ecosystem. Key Responsibilities: Implement, monitor, and enhance security controls across network, application, and data layers for Snowflake and Databricks environments. Manage user access, roles, and permissions in Snowflake or Databricks to ensure compliance with least privilege and governance policies. Configure and manage AWS security components, including IAM roles/policies, S3 bucket policies, EC2, Lambda, and CloudWatch for monitoring and event response. Collaborate with data engineering and platform teams to ensure secure data ingestion, storage, and access controls. Automate security monitoring and configuration management using Python scripting and AWS SDKs. Identify and remediate security vulnerabilities, ensuring continuous compliance with internal and external standards. Contribute to security documentation, audits, and process improvements for data platform security posture.

The Team: The Security Engineering Lead will be responsible for designing, building, and maintaining the organization's security infrastructure. This role requires a highly skilled professional who can lead a team of engineers, implement innovative security solutions, and ensure the resilience of the organization's systems and networks. The ideal candidate will have extensive experience in security engineering, a strong technical background, and the ability to manage and deliver complex security projects. **This Role does NOT provide sponsorship** Salary: $150k-$190k base w/ 20% bonus Responsibilities: Leadership and Management: Lead and mentor a team of security engineers, fostering a culture of continuous learning and innovation. Build and scale a global team to meet organizational needs. Architecting Security Solutions: Assist teams in designing and implementing advanced security solutions, including cloud security, privilege access management and application/system security. Collaboration: Partner with software development, infrastructure, and operations teams to embed security into the development lifecycle and operational processes. Performance Optimization: Regularly evaluate and optimize existing security tools and technologies to ensure maximum efficacy and efficiency. Training and Knowledge Sharing: Develop and deliver technical security training to engineers and other staff, ensuring a strong organizational security posture. Documentation and Reporting: Create detailed documentation for security systems and processes, and provide regular project reports senior management. Required Skills and Experience: Experience (3+ year) in people leadership roles, nurturing security engineers into high-performing teams. Experience (5+ years) in a security engineering role, focusing on designing and implementing security solutions and managing security infrastructure, both on-premise and cloud. Experience working with privilege and identity management solutions. Experience with operating system security and system hardening. Knowledge of network security principles, protocols, and technologies. Strong analytical and problem-solving skills, with the ability to assess risks and develop appropriate security controls. Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders. Ability to work independently, prioritize tasks, and manage multiple projects simultaneously. Strong leadership skills, with the ability to mentor and guide junior team members. Skills and Experience That Would Help You Stand Out: A bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is a plus. Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) are highly desirable. Linux security experience Familiarity with DevSecOps and integrating security into CI/CD pipelines. Scripting experience.

One of our clients is looking for a Data Security Analyst in New York, NY - 10172. This is a hybrid position and 6 month of contract with possible extension, offering $43/hour ona W2. About the Role Supports Data Loss Prevention and Data Security initiatives in the mission to protect sensitive data. Responsibilities Monitor alerts coming from data loss prevention technologies. Perform initial triage and escalation in accordance with internal processes. Draft playbooks/job aids for responsibilities. Partner with senior data loss prevention leaders to support incident validations. Provide feedback to technologists responsible for DLP policy tuning on the efficacy of rules. Prepare DLP program metrics for routine reporting. Support ad hoc data requests from DLP leadership. Qualifications Knowledge of Proofpoint, Microsoft Purview, and Island.io. Proficiency in Microsoft Excel, including pivot tables. Required Skills Strong attention to detail, inquisitive, analytical, and can pull together multiple data sources to formulate holistic pictures. Effective verbal and written communication skills and ability to work with cross-functional teams. Pay range and compensation package $43/hour on W2.

Job Title: Sr. Cybersecurity Risk Analyst Duration: 24+Months Responsibilities: Build new risk processes and implement risk frameworks to enable better monitoring and evaluation of risks across the City; Manage complex, cross-functional projects, pushing through ambiguity and challenges which may arise; Work with stakeholders across various divisions, soliciting input and working through feedback; Evaluate risk of third parties used by New York City agencies; Document and track remediation of risks in the Risk Register; Review and analyze various cybersecurity risk cases, justification, and exceptions documents submitted by agencies; Assist in the development of cybersecurity risk assessment procedures and testing methodologies based on established frameworks and guidelines; Initiating corrective actions to remediate vulnerabilities or weaknesses where necessary; Engage in communications with NYC Agencies; Handle special projects and initiatives as assigned. Required Sklls: A minimum of 4 years of experience in risk management or cybersecurity risk assessment or 4 years of experience evaluating and managing third parties in a cybersecurity team. DESIRABLE SKILLS/EXPERIENCE: BS/BA degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field. One or more of the following certifications are a plus: Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) CompTIA Security+ CompTIA Network+ CompTIA A+ CompTIA CySA+ Cisco Certified Network Associate - CCNA CEH: Certified Ethical Hacker GIAC Information Security Fundamentals (GISF) GIAC Security Essentials (GSEC) (ISC)2 Systems Security Certified Practitioner (SSCP) Ability to work effectively in a team environment. Being highly organized, motivated and a self-directed professional. Knowledge of hardware, software, data, and network principles and systems related to Private and/or Public Sectors services. Understanding of commonly used computer operating systems, databases, network structures. Familiarity with cybersecurity framework(s) (NIST, SANS, PCI, ISO 27001/27002, or CIS) Investigative and analytical skills. Excellent oral and written communication skills; Knowledge of the current and evolving cyber threat landscape; Knowledge of laws, regulations, policies, and ethics related to cybersecurity and information privacy;

We are seeking a highly experienced Network Security Manager to lead the design, implementation, and oversight of network security controls across a complex, multi-cloud, and multi-client environment. This role sits within the Information Security organization and partners closely with Infrastructure, Cloud, DevOps, and Client-Facing Technology teams. The ideal candidate brings deep technical expertise in enterprise network security combined with the leadership and communication skills required to support diverse client environments, regulatory requirements, and evolving threat landscapes. This position plays a critical role in shaping network security strategy while remaining hands-on with architecture, tooling, and incident response. Key Responsibilities Network Security Strategy & Architecture Lead the design and evolution of enterprise network security architecture across on-prem, cloud, and hybrid environments. Define and enforce network security standards for firewalls, segmentation, VPNs, zero-trust networking, and secure connectivity. Support multi-cloud environments (AWS, Azure, GCP) with varying client architectures and risk profiles. Evaluate and implement next-generation network security technologies aligned with industry best practices. Cloud & Hybrid Security Partner with Cloud and Infrastructure teams to ensure secure network design for cloud-native and hybrid deployments. Oversee security controls for: Cloud networking (VPC/VNET design, routing, peering) Secure connectivity (site-to-site VPN, client VPN, private links) Internet ingress/egress and cloud firewalling Ensure consistency of network security posture across diverse client environments. Operations, Monitoring & Incident Response Oversee network security monitoring, detection, and response capabilities. Lead response efforts for network-related security incidents, coordinating with SOC, IR, and infrastructure teams. Conduct root-cause analysis and drive long-term remediation and control improvements. Guide vulnerability management and remediation efforts related to network and perimeter security. Leadership & Cross-Functional Collaboration Act as a senior technical leader and subject-matter expert within the InfoSec organization. Collaborate with: Security Engineering Infrastructure & Network Engineering Cloud & DevOps teams Application Security and GRC Mentor senior engineers and contribute to security roadmaps and long-term strategy. Communicate complex technical risks clearly to leadership and non-technical stakeholders. Governance, Risk & Compliance Ensure network security controls align with regulatory, compliance, and client security requirements. Support audits, assessments, and client security reviews. Develop documentation, standards, and procedures related to network security operations. Required Qualifications 10+ years of experience in network security, infrastructure security, or security engineering roles. Proven experience managing and securing enterprise-scale, multi-cloud environments. Deep hands-on expertise with: Next-generation firewalls (e.g., Palo Alto, Fortinet, Check Point) Network segmentation and zero-trust architectures VPNs, secure remote access, and private connectivity Network security monitoring and detection tools Strong understanding of cloud networking and security in AWS, Azure, and/or GCP. Experience supporting multiple client environments with varying architectures and risk tolerances. Demonstrated ability to lead technically while influencing cross-functional teams. Excellent communication skills with both technical and executive audiences. Preferred Qualifications Prior experience in professional services, law firm, financial services, or regulated enterprise environments. Experience leading or contributing to large-scale network security transformations. Familiarity with SASE, ZTNA, and modern zero-trust security models. Security certifications such as CISSP, CCSP, or equivalent cloud/security credentials. Why This Role High-impact leadership role within a sophisticated InfoSec organization. Exposure to diverse, complex client network environments across industries. Influence long-term security strategy while remaining hands-on technically. Competitive compensation up to $270K base plus strong benefits and growth opportunities.

Job Title: Cyber Security Risk Analyst. Job Type: Contract. IS NOT OPEN TO AGENCIES. The Cyber Security Risk Analyst supports enterprise governance, risk, and compliance (GRC) initiatives by strengthening cyber risk management practices, enhancing third-party risk oversight, and contributing to cybersecurity governance across a complex organizational environment. This role works closely with cybersecurity leadership, internal stakeholders, and partner teams to mature risk assessment processes and ensure consistent, well-documented risk management activities. Key Responsibilities Design, develop, and enhance cybersecurity risk management processes and supporting frameworks Support enterprise cyber risk governance, including risk identification, evaluation, and remediation tracking Perform cybersecurity risk assessments in collaboration with business and IT stakeholders Evaluate and manage third-party and vendor cybersecurity risk throughout the vendor lifecycle Contribute to the development and maintenance of a third-party risk register Review and analyze cybersecurity risk cases, exceptions, and justifications Document risks, mitigations, and remediation actions within a centralized risk register Assist in developing risk assessment procedures, methodologies, and testing approaches aligned with industry frameworks Collaborate with cross-functional teams and subject matter experts to gather risk intelligence Support remediation efforts by helping initiate corrective actions where vulnerabilities or weaknesses are identified Participate in special cybersecurity initiatives and projects as assigned Required Qualifications Minimum of 4 years of experience in one or more of the following areas: Cybersecurity risk management Cybersecurity risk assessment Third-party or vendor risk management within a cybersecurity function Strong understanding of GRC concepts and the cyber risk lifecycle Experience working in large, complex, multi-stakeholder environments Strong analytical, investigative, and documentation skills Excellent written and verbal communication skills Preferred Qualifications Bachelor's degree in Cybersecurity, Risk Management, Information Systems, Computer Science, or a related field Familiarity with one or more cybersecurity frameworks or standards, including: NIST ISO/IEC 27001 / 27002 CIS SANS PCI Relevant certifications are a plus, including but not limited to: CISSP, CISM, CRISC, CISA CompTIA Security+, CySA+, Network+ GIAC certifications Knowledge of cybersecurity laws, regulations, and data privacy principles Ability to work independently in a self-directed and organized manner About Buchanan Technologies Since Buchanan's inception over 30 years ago, we have operated on 5 core values - People Matter, Customers Matter, Principles Matter, Community Matters, and Every Interaction Matters. These values are represented across each facet of the company, from employee relations to client service delivery to corporate social responsibility initiatives and beyond. Why Work at Buchanan? At Buchanan Technologies, we offer a great employment experience with a fun but professional work environment, competitive salary, and various employee career advancement programs that add value to your skills and daily life. If you are excited about being part of an energetic team where your contributions are appreciated and hard work is recognized, Buchanan is the place for you. Things We Are Passionate About We are passionate about providing top-tier technology services to our customers and clients and fostering a culture of continuous learning for our employees. We are a people- centric company, focused on growth and diversity for our workforce. Come join us and let's build something amazing together. Follow Us: LinkedIn: ******************************************************* Website: **************** Buchanan Technologies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, protected veteran status, or genetics. In addition to federal law requirements, Buchanan Technologies complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

We are seeking a highly skilled and motivated CyberArk PAM Administrator to support the deployment, configuration, and ongoing management of privileged access management (PAM) and cybersecurity technologies. This role is ideal for a cybersecurity professional who enjoys working in collaborative environments, driving secure system design, and supporting enterprise-scale security initiatives. The successful candidate will play a key role in implementing new cybersecurity solutions, supporting infrastructure upgrades, and ensuring systems are secure, reliable, and well-documented. This position offers the opportunity to work with modern security platforms while contributing to the organization's overall cyber maturity and growth. Key Responsibilities Implement and support new deployments of cybersecurity technologies, including CyberArk PAM and related security products. Assist with infrastructure upgrades to support application growth and evolving cybersecurity requirements. Configure, deploy, and maintain systems in accordance with security best practices and architectural standards. Troubleshoot and support all aspects of CyberArk Privileged Access Management, including onboarding, vault management, and access controls. Develop and maintain technical documentation, procedures, and runbooks for daily operations and major initiatives. Propose and document system architectures for secure and scalable deployments. Collaborate with internal teams, vendors, and stakeholders to ensure successful technology implementations. Patch, maintain, and monitor security platforms to ensure system stability and compliance. Train team members and end users on new systems and security processes as needed. Follow up promptly with stakeholders to address issues, changes, and enhancements. Required Skills / Education Proven experience as a CyberArk Administrator or in a similar Privileged Access Management role. Hands-on experience troubleshooting and supporting CyberArk PAM components. Strong understanding of cybersecurity principles, access control, and secure system administration. Ability to create clear, detailed technical documentation and operational procedures. Excellent written and verbal communication skills, with the ability to work effectively across technical and non-technical teams. Preferred Qualifications Experience with scripting or programming languages. Hands-on experience with PowerShell. Familiarity with enterprise infrastructure environments and security integrations. Strong interpersonal skills and the ability to collaborate with stakeholders at all organizational levels. About Seneca Resources At Seneca Resources, we are more than just a staffing and consulting firm-we are a trusted career partner. With offices across the U.S. and clients ranging from Fortune 500 companies to government organizations, we provide opportunities that help professionals grow their careers while making an impact. When you work with Seneca, you're choosing a company that invests in your success, celebrates your achievements, and connects you to meaningful work with leading organizations nationwide. We take the time to understand your goals and match you with roles that align with your skills and career path. Our consultants and contractors enjoy competitive pay, comprehensive health, dental, and vision coverage, 401(k) retirement plans, and the support of a dedicated team who will advocate for you every step of the way. Seneca Resources is proud to be an Equal Opportunity Employer and is committed to fostering a diverse and inclusive workplace where all qualified individuals are encouraged to apply.

Outcomes. Delivered. Voyatek, formerly GCOM Software and OnCore Consulting, delivers outcome-driven technology solutions to public sector agencies and higher education institutions nationwide. For example, our technology: Facilitates access to nutritious food for children of mothers participating in the WIC program Supports first responders in reducing opioid overdoses within their communities Empowers colleges and universities to identify and thwart financial aid fraud Equips teachers with valuable insights to identify students requiring additional support Enhances efficiency for state tax agencies, leading to 99% faster return processing and quicker refunds for taxpayers With a focus on Tax & Revenue, Health & Human Services, and Justice & Public Safety, Voyatek combines the scale to support large complex projects with the agility and accessibility of a boutique solutions provider. Together, Voyatek and its customers work to improve population wellbeing, create safer communities, and foster a thriving economy. We're more than a technology company -- we're an outcomes company. We encourage our employees to think differently, ask tough questions, and relentlessly pursue what's best for our customers and the residents they serve. We believe that the value of technology is defined by its human impact. If you agree, you've come to the right place. Voyatek is seeking applicants to occupy the position of SAP Security Analyst within our team. Client Details: The New York Power Authority (NYPA) is the largest state public power organization in the United States, renowned for its role in providing clean, affordable, and reliable energy. NYPA's mission is to power New York with clean energy while driving economic growth and sustainability. It focuses on reducing greenhouse gas emissions, modernizing the state's energy infrastructure, and promoting energy efficiency and innovation across sectors. New York Power Authority's (“NYPA”) current on-premise Enterprise Resource Planning (“ERP”) system, SAP ECC 6.0, is almost 20 years old and is approaching technological obsolescence. Systems Application and Products (“SAP”) has already released its statement of intent to end new development on that platform and is planning on removing it from standard support on December 31, 2027. Project Luminate is a program to replace NYPA's current on-premise ERP system with a cloud-based system to ensure an adaptable environment able to meet NYPA's needs. In 2023, NYPA awarded a contract to Gartner Inc. to perform a detailed readiness assessment to define key requirements that the new system has to meet and to identify current business process improvements that are critical to be addressed as a precursor to the transition to a cloud-based platform. Key Responsibilities: Participate in SAP GRC project, enhancement and support and other relevant assignments (as needed) and provisioning across various ERP application environments following the organizational guideline and procedure and perform the below activities. Configure and maintain SAP GRC tools, including Access Control, Risk Management, and Process Control and IAG. Provision and manage user accounts and access to SAP systems, ensuring that all access is granted in accordance with established policies. Design, configure, and maintain roles, authorizations, and user access within S/4HANA, ensuring appropriate access levels for users. Generate reports and conduct audits to monitor SAP security & ITGC controls and ensure compliance including SOD management and configuration. Investigate and resolve GRC-related issues, providing timely support to users and other IT teams. Maintain comprehensive documentation of security policies, procedures, and role designs. Work with cross-functional teams, including IT, business users, and auditors, to ensure alignment of security requirements and best practices. Qualifications: SAP ERP (S/4 Hana is added plus), Workday, Active Directory group, GRC AC 10.1 and above, Microsoft Azure, success factor, applicable functional knowledge for SAP security in the area like Finance, MM, ISU billing etc., SAP audit & compliance. Bachelor's degree in engineering, IT, or related field. 7-10 years of hands-on industry experience in SAP GRC AC and PC implementation and administration. Familiarity with SAP S/4HANA system landscapes, including Fiori authorizations in cloud-based environment (SAP RISE). Proficiency in using SAP security tools and configurations. Ability to identify, analyze, and resolve complex security and compliance issues. Strong interpersonal and communication skills, with the ability to effectively collaborate with diverse teams. The wage range for this role reflects the wide array of factors considered in compensation decisions. These factors include, but are not limited to, skill sets, experience, training, licensure and certifications, and geographic location. Compensation decisions are based on the unique facts and circumstances of each case. A reasonable estimate of the hourly range is $74.00 - $84.00. At Voyatek, we believe in supporting our employees with a comprehensive benefits package designed to enhance their well-being and professional growth. Please note that eligibility for certain benefits may vary based on your role and employment status. Health, Dental, and Vision Insurance Medical, Limited, & Dependent Flexible Spending Accounts (FSA) Health Savings Account (HSA) with Employer Contributions Company-Paid and Voluntary Life Insurance Long and Short-Term Disability Insurance Accident, Critical Illness, & Hospital Indemnity Insurance 401(k) Retirement Plan with Company Match and Immediate Vesting Wellhub Fitness and Wellness Platform Pet Insurance Training Opportunities Employee Referral Bonus Program We are committed to fostering a workplace that supports both your personal and professional aspirations. As part of our commitment to maintaining a compliant workplace, all final candidates will undergo and must pass a comprehensive background screening prior to starting work. This screening may include, but is not limited to, verification of employment history, education, criminal records, and other relevant checks. For certain positions, additional client-specific background screenings may be required in the future, in accordance with client requirements. Voyatek does significant work with Federal and State tax and revenue authorities. If applicable to this role, all hires will be required to obtain a Federal Public Trust Clearance (Moderate Background Investigation). This clearance process may start upon offer acceptance; and must be cleared prior to working on these projects. If you think you are a good fit for us, we encourage you to apply. Check out our career website for all open positions! Voyatek provides equal employment opportunities to all employees and applicants for employment. Voyatek will make employment decisions without regard to race, color, creed, ancestry, national origin, citizenship, sex or gender (including pregnancy, childbirth, and pregnancy-related conditions), gender identity or expression (including transgender status), sexual orientation, marital status or domestic violence victim status, religion, age, disability, genetic information, service in the military, or any other characteristic protected by applicable federal, state, or local laws and ordinances. Employment decisions include all terms and conditions of employment, including recruitment and hiring, job assignment/placement, promotion, upgrading, demotion, termination, layoff, recall, transfer, leave of absence, rates of pay or other compensation, internship, and training.

ABOUT THE JOB The ACLU seeks applicants for the full-time position of Application Security Architect in the Information Security Department of the ACLU's National office in New York, NY . This is a hybrid role that has in-office requirements of two (2) days per week or eight (8) days per month. This role will define how secure applications are designed, integrated, and maintained across the ACLU's cloud, SaaS, and hybrid environments. You'll lead efforts to embed security throughout our software development lifecycle (SDLC), own our internal Security Architecture Review (SAR) process, and guide secure integration practices for highly customized platforms and other third-party applications critical to our civil liberties mission. The AppSec Architect will partner closely with product and platform teams, Tech Engineering, Devops, IT, and affiliates to assess and mitigate risks associated with application design, data flows, integrations, and third-party software usage. You'll help set and enforce security standards, perform hands-on threat modeling, define secure development and deployment patterns, and directly support high-impact systems involving donor data, legal case workflows, and internal operational apps. This hands-on technical leadership role will own and drive the ACLU's application security efforts across both internally developed and externally adopted applications. This position is part of a collective bargaining unit. It is represented by ACLU Staff United (ASU). WHAT YOU'LL DO Reporting to the Director, Security Architecture & Engineering, the Application Security Architect will define and drive the ACLU's application security roadmap-from code to cloud, and everything in between. YOUR DAY TO DAY Lead the ACLU's Application Security Program, owning the InfoSec SDLC strategy and continuous improvement of application-layer security across cross-functional teams. Own the Security Architecture Review (SAR) process, including intake, risk evaluation, documentation, and partner engagement. Perform and guide threat modeling for new applications, integrations, and high-risk workflows-including financial systems, legal platforms, and supporter/donor tools. Define secure design patterns for authentication (OAuth/OIDC), secrets management, API authorization, session handling, and data flow protections across internal and third-party systems. Evaluate, deploy, and maintain AppSec tooling such as SAST, DAST, SCA, API security tools, and secrets detection platforms, based on risk and developer stack alignment. Partner with stakeholders to assess internal cloud apps, low-code tools, and internal workflow automations for security risks. Oversee application-layer vulnerability triage, analysis, and escalation-including issues from internal testing, coordinated disclosure, and external penetration testing. Collaborate with platform owners of high-risk SaaS platforms to validate that application-level security controls-authZ, audit logging, IP allowlists, token lifetimes, etc.-are in place and enforced. Ensure application-layer security extends across data ecosystems, including ETL and reverse ETL pipelines, data warehouse platforms (e.g., Redshift, Snowflake), and high-risk integrations that move or transform sensitive donor, legal, or supporter data between internal systems and external SaaS tools. Identify and reduce emerging application-layer risks related to AI adoption, including prompt injection, model abuse, insecure integrations with LLM APIs, and exposure of sensitive data through AI-powered features or automations. FUTURE ACLU'ERS WILL Be committed to advancing the mission of the ACLU Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts WHAT YOU'LL BRING Extensive experience in application or product security, secure software development, or DevSecOps architecture. Practical experience designing and implementing secure SDLC, AppSec testing workflows, or automated CI/CD security gates. Deep understanding of common software vulnerabilities (e.g., OWASP Top 10), secure coding practices, and threat modeling methodologies. Familiarity with GitHub Actions, modern SaaS stacks, and secure API design principles. Familiarity with CMS tooling (e.g., Drupal, WordPress), cloud computing platforms (e.g., GCP, Azure, AWS), and containerization environments (e.g., Kubernetes, Docker, ECS). Experience securing data pipelines and warehouse environments, with a focus on protecting structured data. Experience partnering directly with developers and product teams to influence secure outcomes. Excellent communication skills, especially when translating technical issues into business risk language. COMPENSATION The ACLU is committed to equity, transparency, and clarity in pay. Consistent with our compensation philosophy, there is a set salary for each role based on geographic work location. The annual salary for this position is $161,123 (Level - E), reflecting the salary of a position based in New York, NY. Salaries are subject to a regional pay adjustment if authorization is granted to work outside of the location listed in this posting. For details on our pay structure, please visit: ************************************************************************ WHY THE ACLU For over 100 years, the ACLU has worked to defend and preserve the individual rights and liberties guaranteed by the Constitution and laws of the United States. Whether it's ending mass incarceration, achieving full equality for the LGBTQ+ community, establishing new privacy protections for our digital age, or preserving the right to vote or the right to have an abortion, the ACLU takes up the toughest civil liberties cases and issues to defend all people. We know that great people make a great organization. We value our people and know that what we offer is essential not just their work, but to their overall well-being. At the ACLU, we offer a broad range of benefits, which include: Time away to focus on the things that matter with a generous paid time-off policy Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment) Plan for your retirement with 401k plan and employer match We support employee growth and development through annual professional development funds, internal professional development programs and workshops OUR COMMITMENT TO ACCESSIBILITY, EQUITY, DIVERSITY & INCLUSION Accessibility, equity, diversity and inclusion are core values of the ACLU and central to our work to advance liberty, equality, and justice for all. For us diversity, equity, accessibility, and inclusion are not just check-the-box activities, but a chance for us to make long-term meaningful change. We are a community committed to learning and growth, humility and grace, transparency and accountability. We believe in a collective responsibility to create a culture of belonging for all people within our organization - one that respects and embraces difference; treats everyone equitably; and empowers our colleagues to do the best work possible. We are as committed to anti-oppression, anti-ableism, and anti-racism internally as we are externally. Because whether we're in the courts or in the office, we believe ‘We the People' means all of us. With this commitment in mind, we strongly encourage applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, veteran status and record of arrest or conviction, or any other characteristic protected by applicable law. The ACLU is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and need assistance applying online, please email ************************ . If you are selected for an interview, you will receive additional information regarding how to request an accommodation for the interview process.

Department Description At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: * Secure the Magic by protecting information systems and platforms. * Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. * Strengthen the business through optimizing execution, application, and technology used to protect the Company. * Innovate by investing in core capabilities to enhance operational efficiency. Team Description: Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. What You'll Do: * Independent audit support for: * SOX 404 ITGCs * PII * PCI * ISPS * Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. * Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. * Develop and lead the Control Assurance Programs (ISPS and SOX). * Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. * Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. * This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. * Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. * Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) * Ensure for timely management response of audit findings into our corporate SOCD/SAD. * Oversee ISPS Management Audit coordination and open action plans. * Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. * Management of GRC workflows around coordination of certifications and attestations. * Partner with leadership to support the PCI-DSS compliance program. * Develop training materials, coordinate training sessions, and monitor compliance with training requirements. * Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. * Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. * Provide executive level updates on Compliance programs Must Haves (Years of Experience, languages, programs, tools, etc.): * Minimum of 8 years of related work experience, with 3 in management roles * IT SOX experience and proven experience in supporting IT audit/compliance functions * Experience in managing people * Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives * Interpersonal skills with the ability to work with teams cross-functionally * Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators * Detail-oriented but able to understand the big picture. Highly organized and efficient * Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments * Experience with cloud-based services, specifically AWS Nice To Haves (see above): * Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR * Experience working with companies that have a heavy microservice architecture Education: Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. About The Walt Disney Company (Corporate): At Disney Corporate you can see how the businesses behind the Company's powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you'll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe. About The Walt Disney Company: The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney's stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished. This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate). Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, religion, color, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information or disability, or any other basis prohibited by federal, state or local law. Disney champions a business environment where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a constantly evolving world. Apply Now Apply Later Current Employees Apply via My Disney Career Explore Location

SAP Security administrator who should have at least 5 years of experience with the below skillset. Strong communication skills to facilitate working in a dynamic project environment Role design, configuration, testing, and deployment methodology within SAP application architecture Detailed knowledge of ABAP and Java based authorizations within SAP applications SAP ECC Profile Generator (single roles, master / derived roles, composite roles) SAP BI analysis authorization concepts SAP BPC security and administration Qualifications SAP Central User Administration configuration and administration SAP GRC configuration and administration SAP Enterprise Portal UME administration SAP BOBJ Security and administration Additional Information Share the Profiles to mahesh(@)techtammina(dot)com Contact: ************ Job Type: W2 Contract Eligibility: EAD Green Card/Green Card/US Citizens Keep the subject line with Job Title and Location

The Bronx Defenders (BxD) is an innovative, progressive public defense office in the South Bronx. We are seeking a passionate technology professional with a commitment to public defense to join the Information Technology (IT) Team as an Information Governance & Security Manager. Founded in 1997, BxD is a public defender nonprofit that has developed a nationally recognized model of representation called holistic defense, which provides people with teams of lawyers, social workers, and advocates to defend them zealously in court and address the underlying drivers and enmeshed penalties of legal system involvement. Our office now has more than 400 staff members who defend nearly 20,000 New Yorkers facing incarceration, family separation, eviction, and deportation (among other devastating consequences) in criminal, family, civil, and immigration proceedings each year. We continue reimagining the role of public defense even further, using community organizing and engagement, legislative advocacy, and impact litigation to partner with the communities we represent to bring about long-lasting systemic change. We also share our model and lessons learned on how to move to a holistic model of representation with current and future public defenders throughout the country. Information Technology Our Information Technology (IT) department is our first line of support in assisting our dedicated staff of attorneys, advocates, social workers, and administrative professionals. Ultimately, the work of our department helps to advance the needs of our clients and facilitate the process by which their legal teams support and advocate for them to reach their goals. As the leading office in providing holistic representation, we stay abreast of innovative technological tools and resources that are used to support our staff and clients as they navigate the criminal, family, immigration, and civil court systems. From onboarding new employees to strengthening cybersecurity and modernizing our digital tools, the IT department is dedicated to creating an environment where technology empowers people, minimizes friction, and keeps our organization at the forefront of innovation in public defense. Responsibilities The Information Governance & Security Manager ensures that organizational information (case files, HR data, client records, financial systems) is managed securely, compliantly, and in alignment with regulatory requirements (CJIS, HIPAA, SHIELD). This role develops and enforces information governance policies, manages risk assessments and audits, and coordinates with the MSP and IT leadership to safeguard the integrity, availability, and confidentiality of organizational data. Responsibilities Own and update organizational information governance policies (data retention, access control, encryption, privacy) Coordinate audits and access reviews across systems (M365, LegalServer, HRIS, Finance) Review and respond to SOC/security alerts escalated from the MSP Lead development and testing of Business Continuity (BCP), Disaster Recovery (DRP), and Incident Response (IRP) plans Conduct quarterly data protection and compliance audits Partner with HR, Legal, and IT to enforce retention and preservation schedules Oversee data backup strategy (3-2-1 rule: cloud, onsite, offline) Provide reports on compliance posture and risk exposure to the IT Director and COO Stay current on changes to CJIS, HIPAA, SHIELD, and ABA confidentiality standards Stay current with emerging technologies, security practices, and industry standards relevant to the role, and provide recommendations for improvements Maintain awareness of ongoing IT initiatives, organizational priorities, and cross-departmental projects to ensure alignment with broader business goals Perform other related duties as assigned in response to organizational needs, new compliance requirements, or changes in technology Qualifications 6+ years in IT governance, compliance, or security roles Strong knowledge of NIST CSF, ISO 27001, ITIL Security Mgmt Hands-on experience with M365 Security & Compliance Center, Purview, Intune Familiarity with audits, penetration testing, and risk assessments Ability to develop, test, and maintain BCP/DRP/IRP Excellent communication and report-writing skills for technical and non-technical audiences Experience collaborating with MSPs, auditors, and cross-functional teams Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or related field Professional Certifications (strongly preferred): CISSP,CISM,CISA, ISO 27001, Microsoft certified The following qualifications are preferred, but not : Experience in nonprofit, academic or healthcare environment Experience with unionized employees To cultivate the deep subject matter knowledge, strong interpersonal relationships and collaborative approach that are critical to the position's success, it is essential that the candidate be able to participate in-person and onsite in both internal and external meetings and events. This position has an onsite requirement of in-office, 5 days per week. Approximately 70% of The Bronx Defenders' staff, including attorneys and non-attorneys, are represented by UAW Local 2325 - Association of Legal Aid Attorneys (AFL-CIO). This position is not within the bargaining unit. Salary is commensurate with experience. The salary range for this position is $130,000 to $150,000 annually. Full-time employees are also eligible for a comprehensive benefits package including but not limited to medical, dental, and vision coverage; a 403(b) plan with employer contribution; and a generous vacation, sick leave, and parental leave policy To apply, please click APPLY TO THIS JOB ONLINE and upload your resume and cover letter in one document. Your resume will be used to determine your salary based on the number of years of directly relevant professional experience and should include all relevant professional experience. Applications without a written cover letter will not be considered. The Bronx Defenders is an equal opportunity employer and is cultivating a workplace that embraces staff with a diversity of backgrounds, identities, and experiences. We acknowledge the ways in which systemic oppression and injustice can undermine access to professional opportunities and are committed to conducting hiring and promotion processes that are equitable and accessible to those commonly excluded from the workforce. We do not discriminate against and encourage applicants from marginalized communities to apply, including those who identify as Black, Indigenous, people of color, queer, transgender, gender non-conforming, disabled, neurodivergent, and those directly impacted by criminal, civil, family, and immigration legal systems. We value lived as well as professional experience and particularly welcome applications from the Bronx community that we work with.

This role is located in New York City and will require a hybrid work schedule of at least 2 days in office per week. This role is for Vice President level candidates. About the Bank: Sumitomo Mitsui Trust Bank, Limited was established through the merger of The Sumitomo Trust and Banking Co., Ltd with Chuo Mitsui Trust and Banking, Ltd. on April 1, 2012. We are one of the largest asset managers in Asia and number one among Japanese financial institutions by AUM, with approximately $850 Billion USD in AUM. The Bank provides an assortment of financial solutions and manages a broad spectrum of financial products across its global branches. Department Overview: The Americas Division (“AD”) was established in the Sumitomo Mitsui Trust Bank, Limited, New York Branch) (“SMTBNY”) to perform corporate functions and supervise U.S. entities. Established under the AD are the “Global Banking Unit (“GBU”), Americas Division” and “Global Markets Unit (“GMU”), Americas Division” which performs business functions. Information Risk Governance (“IRG”) provides oversight to information and cyber security risk by maintaining and improving branch wide framework that is in-line with the Head Office and regulatory requirements and addresses Confidentiality, Integrity, and Availability for information assets. IRG establishes appropriate policies, procedures, measurement, and monitoring processes to proactively assess and evaluate cyber security and information security risks inherent in the Branch Operations. IRG is directly involved in all information and cyber security related projects, matters, and issues. Your Role Overview: To assist the Head of the Department with the day-to-day management and operation of the department. To assume the role of Information Security Officer and take the lead on overseeing the timely completion of the department's critical risk management projects. To provide direct assistance to the Head of the Department with regards to accomplishing the department's goals and objectives. To manage, guide and mentor other staff members with the preparation and completion of their assigned tasks. To contribute significantly to the overall success of the department in all key risk management and cyber security areas. Directly oversee completion of all critical projects, assist the HOD with implementing desired operational strategies and procedures. Recommend ways to improve efficiency, effectiveness, and productivity. Focus on proactive day-to-day operations. As ISO, assist with overseeing all information and cyber security matters. Your Duties and Responsibilities: Maintain and improve the information risk framework with guidance from HOD, address regulatory requirements, residual information risks specific to NY Branch Operations. Provide Information Security subject-matter-expertise to senior management. Work with IRT and coordinate incident responses to cyber security events. Keep abreast of industry wide information risk issues that could potentially have an impact on Branch Operations. Establish processes for communicating data classification guidelines and its governance. Oversee employee information security awareness training. Assesses and evaluates critical risk management projects: Annual Risk Assessment. Semi-annual Vulnerability Assessments. Special Risk Assessments done for a Particular Purpose Trend analysis of key risk management concepts and principles Attend the ISSRM and Branch Risk Management related meetings. Performs key information risk governance related tasks as described below: Provides User Access Control Governance. Monitors, analyzes and follows-up on Information Risk events/issues. Reviews information risk and proactively advises as necessary on: IT Projects/Issues Management process, Change Management Process, significant changes to IT procedures, IT Asset Management Report, key IT Vendor Contracts, IT Disaster Recovery Plan/Process, Record Retention Process, any related audit findings, etc. Establish and maintain Information Risk Key Risk Indicators (KRI). Periodically updates IT resources on Information risk related practices. Manages all information and cyber security policy and procedures manuals. Assist with the management of all matters related to Information Security and Information Risk Management, including directing appropriate Information/Applications Risk Assessments. Your Qualifications: Certification in Information Security (CISSP) required. 8+ years of Information Security related experience, IT Audit experience, preferred. Knowledge of Information Security principles, terminologies, and technologies required. Knowledge of Information Risk Management framework and principles required. Ability to analyze and design information security monitoring procedures and activities preferred. Detailed Knowledge and expertise in Technology Risk Assessments and Risk Analysis required. Excellent written and verbal communication skills, required. Good computer skills in Microsoft Office Excel and Word required. Strong project management and people management skills. preferred Why you should join SuMi Trust: SuMi Trust embraces flexible ways of working when the business and role permits. We provide employees with a hybrid working model, allowing for in-office work and work from home. Our diverse and inclusive environment along with our global presence enables us to collaborate and communicate to meet our business needs. We believe that efficient teams need truth, loyalty, and a strong sense of purpose to balance risk and their targets. We make sustainable business decisions to improve our society and the world. We believe that each person brings a unique value that drives the business though their creativity and passion. The Employee Benefits package includes: Paid Time Off, medical, HSA, vision, dental, FSA, 401(k), profit sharing, legal plan, cancer indemnity plan, disability insurance, life insurance, employee assistance program, commuter benefits, business travel accident, paid volunteer day, paid memberships, paid seminars, and tuition assistance. We offer many socialization opportunities for wellness, financial wellbeing, runs/walks, team building, happy hours, and activities to support the Sustainable Developmental Goals. Check out our LinkedIn for our employee experience: *************************************** We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SuMi Trust provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application

We are seeking an experienced Information Security Manager to spearhead our efforts in safeguarding client data and maintaining a robust organizational threat posture. In this role, you will lead strategic initiatives to protect sensitive information, manage threat intelligence programs, and ensure compliance with relevant regulations. You will also collaborate closely with various internal teams-technical and non\-technical alike-to develop, implement, and continuously improve security best practices. Key Responsibilities Client Data Protection & Compliance Design and enforce policies, procedures, and technical safeguards that secure client information from unauthorized access, disclosure, or misuse. Stay current on data privacy regulations (e.g., GDPR, CCPA) and industry standards (e.g., ISO 27001, SOC 2), incorporating them into organizational processes. Oversee and maintain data classification protocols, ensuring appropriate access controls and encryption methods are applied. Threat Intelligence & Vulnerability Management Establish a comprehensive threat intelligence program, monitoring emerging risks and industry trends that could impact clients' or the organization's security posture. Conduct routine vulnerability assessments, penetration tests, and security audits, prioritizing remediation efforts based on criticality. Collaborate with cross\-functional teams (e.g., DevOps, Network Engineering) to implement and validate fixes or security upgrades. Incident Response & Crisis Management Develop and continuously refine the Incident Response Plan (IRP), outlining clear processes for detecting, containing, and remediating security breaches. Coordinate tabletop exercises and real\-world simulations to test the IRP, training staff to respond effectively in high\-stress scenarios. Serve as the primary point of contact during security incidents, liaising with external agencies (law enforcement, regulatory bodies) as necessary. Security Architecture & Best Practices Work with solution architects and system administrators to integrate robust security controls into infrastructure, software, and cloud environments. Evaluate and recommend new security products, tools, and services that enhance the organization's threat detection and prevention capabilities. Enforce secure coding practices, hardening standards, and network segmentation protocols that align with evolving threats. Governance, Risk & Compliance (GRC) Lead security risk assessments, identifying and documenting vulnerabilities, threats, and overall risk exposure to client data. Define and track security metrics (KPIs), reporting progress, gaps, and action plans to executive leadership. Oversee internal and external security audits, ensuring timely completion of any required corrective measures. Team Leadership & Collaboration Manage a team of security analysts, engineers, and incident responders, providing coaching, mentorship, and clear performance objectives. Foster a culture of security awareness and accountability throughout the organization, conducting regular training sessions for all staff. Coordinate with third\-party vendors, managed security service providers, and consultants to strengthen the organization's security ecosystem. Requirements Education & Experience Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience). 5+ years of hands\-on experience in information security, including roles in threat intelligence, GRC, and\/or incident response. Experience working within heavily regulated industries (e.g., finance, healthcare, government) is highly desirable. Technical Skills Proficiency with SIEM platforms (e.g., Splunk, QRadar), endpoint protection suites, and vulnerability management tools (e.g., Nessus, Qualys). In\-depth knowledge of security frameworks (NIST CSF, ISO 27001, COBIT) and compliance standards (PCI\-DSS, HIPAA, SOC 2). Hands\-on expertise in cloud security (AWS, Azure, GCP) and containerization platforms (Kubernetes, Docker) is a plus. Certifications Relevant certifications such as CISSP, CISM, CRISC, or GIAC (GSEC, GCIA, GCIH) strongly preferred. Soft Skills Exceptional problem\-solving and analytical abilities, with a keen eye for detail. Excellent communication and presentation skills for both technical and executive audiences. Proven track record of managing diverse teams and collaborating effectively across departments. Personal Attributes Integrity: Upholds the highest ethical standards in protecting sensitive client data. Leadership: Inspires trust and confidence, fostering a culture of teamwork, accountability, and continual learning. Adaptability: Stays agile in a dynamic threat landscape, quickly pivoting security strategies as new risks emerge. Strategic Mindset: Balances day\-to\-day operational demands with long\-term security vision and innovation. BenefitsWhat We Offer Competitive Compensation: Commensurate with experience, plus potential bonus structures. Comprehensive Benefits: Medical, dental, vision, and retirement plan options. Professional Growth: Training allowances, continuing education support, and clear career advancement paths. Impactful Work: Play a pivotal role in safeguarding clients' data and reputations, contributing to the organization's broader mission of secure service delivery. "}}],"is Mobile":false,"iframe":"true","job Type":"Full time","apply Name":"Apply Now","zsoid":"668264937","FontFamily":"Verdana, Geneva, sans\-serif","job OtherDetails":[{"field Label":"Industry","uitype":2,"value":"Security and Surveillance"},{"field Label":"City","uitype":1,"value":"Newark"},{"field Label":"State\/Province","uitype":1,"value":"New Jersey"},{"field Label":"Zip\/Postal Code","uitype":1,"value":"07101"}],"header Name":"Information Security Manager","widget Id":"**********00072311","is JobBoard":"false","user Id":"**********00209003","attach Arr":[],"custom Template":"3","is CandidateLoginEnabled":true,"job Id":"**********04744106","FontSize":"12","location":"Newark","embedsource":"CareerSite","indeed CallBackUrl":"https:\/\/recruit.zoho.com\/recruit\/JBApplyAuth.do"}