Security architect jobs in Stroud, PA

The Cloud Security Engineer will play a pivotal role in the cloud security service delivery model. The role combines deep technical expertise, collaboration across internal and external teams to design, implement, and optimize cloud security controls and service lines. The candidate will support both project-based and continuous security initiatives, focusing on securing HOSPITAL's cloud migration, supporting cloud security tool optimization, cloud security processes for the Information Security team, cloud/hybrid controls, automation, and risk-driven security outcomes. Proven experience in securing a multi-cloud environment. Proven experience with Identity and access management in the cloud Proven experience with all security service lines in a cloud environment and the supporting security tools and processes to be successful. Demonstrate collaboration with internal stakeholders, vendors, and supporting teams to design, implement, and maintain security technologies across network, endpoint, identity, and cloud infrastructure. Drive continuous improvement and coverage of cloud security controls by validating alerts, triaging escalations, and working with the MSP to fine-tune detection and prevention capabilities. Lead or support the development of incident response plans, engineering runbooks, tabletop exercises, and system hardening guides. Ensure alignment of security architectures with HOSPITAL's policies, standards, and external frameworks such as NIST SP 800-53, HIPAA, PCI-DSS, CISA ZTMM, CIS Benchmarks, and Microsoft CAF Secure Methodology, AWS CAF, AWS Well Architected framework, Google CAF Participate in design and governance forums to provide security input into infrastructure, DevSecOps, and cloud-native application strategies. Assist with audits, compliance assessments, risk remediation plans, and evidence collection with internal compliance and external third-party stakeholders. Mentor and support junior InfoSec engineers through documentation, training, and peer reviews. Hands-on experience in security engineering, systems integration, and cloud architecture (Azure preferred). Proficiency in tools and domains such as: EDR (Microsoft Defender), SIEM (Sentinel or Splunk), CSPM (e.g., Wiz), IAM (Entra ID), VPNs/NGFWs, NAC, and encryption protocols. Demonstrated understanding of secure configuration management, automation pipelines (e.g., Terraform, PowerShell), and vulnerability management platforms. What you will do A Principal Information Security Specialist has similar responsibilities to Information Security Specialist III personnel. However, a Principal Information Security Specialist is deemed to be the subject matter expert and in-house advisor on complex problems and issues. A Principal Information Security Specialist also: Works independently to initiate assignments and draws upon extensive professional knowledge and experience to make independent judgments regarding analysis, evaluation, development, and implementation of enterprise long-term solutions and operating initiatives to ensure that enterprise architectural objectives are aligned with organizational needs and strategic goals. Skills: Duties (cont'd): Optimizes information management approaches through an understanding of evolving business needs and technology capabilities and ensures that projects do not duplicate functionality or diverge from each other and business and DTS strategies. Shapes, designs, and plans specific service lines in product area and manages the risks associated with information and DTS assets through appropriate standards and security policies. Functions as the Subject Matter Expert (SME) to maintain an understanding of HOSPITAL DTS business and clinical applications and the relationship to InfoSec and compliance solutions; assist Hospital stakeholders in understanding information protection needs that support the Hospital's business. Works with other architects to provide a consensus based enterprise solution that is scalable, adaptable and in synchronization with ever changing business needs and takes ownership of a particular solution offering. Works with highly matrixed team of DTS personnel to support enterprise architecture and information security operations including, but not limited to, architecture and InfoSec principles around identity & access management models, cloud identify management providers, security information and event monitoring, and data loss prevention, perimeter (e.g. firewalls, IPS, web filtering), cloud and virtualization environments and network security (host-based firewalls, anti-virus, disk encryption). Support and/or lead activities around InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates DTS Hospital management on security issues (e.g., Identity and Access Management (IAM), Role Based Access Control (RBAC) models. Skills: Demonstrates comprehensive knowledge and understanding of Information security principles, general and IT controls (e.g., access controls, risk management, change management, cloud security) and related information security policies and procedures. Exhibits knowledge of industry regulatory standards and accreditation requirements or control frameworks (HIPAA, PCI, Joint Commission, NIST, Red Flags, ISO 27000 series). Comprehensive knowledge of information security regulations, standards and leading practices, including understanding of EHR, cloud frameworks, identity access controls. Good knowledge of basic database query techniques & data mining to analyze data or other related database functionality. Knowledge of Microsoft Active Directory, UNIX, and Clinical Applications a plus. Experience implementing application level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus. General understanding of networking and communication techniques including WANs, LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security. Microsoft, UNIX, Lawson, and Clinical Applications, Experience with industry standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project). Experience with risk management frameworks. Information Security Requirements Understand and comply with all enterprise and IS departmental information security policies, procedures and standards. Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store HOSPITAL information. Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information.

Our client is one of the largest Hospitals in the US. Based out of Philadelphia, they are looking to hire a Cloud Security Engineer on a Contract basis. Contract Duration: 6 Month Contract (Potential for extension or conversion) Required Skills & Experience At least twelve (12) years industry related experience, including experience in one to two IT disciplines (such as technical architecture, network management, application development, middleware, information analysis, database management or operations) in a multitier environment. CISSP Certification At least six (6) years experience with information security, regulatory compliance and risk management concepts. At least three (3) years experience with Identity and Access Management, user provisioning, Role Based Access Control, or control self-assessment methodologies and security awareness training. Experience with Cloud and/or Virtualization technologies. Demonstrates comprehensive knowledge and understanding of Information security principles, general and IT controls (e.g., access controls, risk management, change management, cloud security) and related information security policies and procedures. Exhibits knowledge of industry regulatory standards and accreditation requirements or control frameworks (HIPAA, PCI, Joint Commission, NIST, Red Flags, ISO 27000 series). Comprehensive knowledge of information security regulations, standards and leading practices, including understanding of EHR, cloud frameworks, identity access controls. Good knowledge of basic database query techniques & data mining to analyze data or other related database functionality. Knowledge of Microsoft Active Directory, UNIX, and Clinical Applications a plus. Experience implementing application level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus. General understanding of networking and communication techniques including WANs, LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security. Microsoft, UNIX, Lawson, and Clinical Applications, Experience with industry standard SDLC methodologies; hands-on experience in Project Server methodologies, PMO project management skills, including use of MS productivity tools (Access, Word, PowerPoint, Visio, Project). Experience with risk management frameworks. Information Security Requirements Understand and comply with all enterprise and IS departmental information security policies, procedures and standards. Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store information. Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information. Daily Responsibilities Optimizes information management approaches through an understanding of evolving business needs and technology capabilities and ensures that projects do not duplicate functionality or diverge from each other and business and DTS strategies. Shapes, designs, and plans specific service lines in product area and manages the risks associated with information and DTS assets through appropriate standards and security policies. Functions as the Subject Matter Expert (SME) to maintain an understanding of DTS business and clinical applications and the relationship to InfoSec and compliance solutions; assist Hospital stakeholders in understanding information protection needs that support the Hospital's business. Works with other architects to provide a consensus based enterprise solution that is scalable, adaptable and in synchronization with ever changing business needs and takes ownership of a particular solution offering. Works with highly matrixed team of DTS personnel to support enterprise architecture and information security operations including, but not limited to, architecture and InfoSec principles around identity & access management models, cloud identify management providers, security information and event monitoring, and data loss prevention, perimeter (e.g. firewalls, IPS, web filtering), cloud and virtualization environments and network security (host-based firewalls, anti-virus, disk encryption). Support and/or lead activities around InfoSec standards for business continuity and change management activities (e.g., table tops and change review board) and educates DTS Hospital management on security issues (e.g., Identity and Access Management (IAM), Role Based Access Control (RBAC) models. You will receive the following benefits: Medical Insurance - Four medical plans to choose from for you and your family Dental & Orthodontia Benefits Vision Benefits Health Savings Account (HSA) Health and Dependent Care Flexible Spending Accounts Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance Hospital Indemnity Insurance 401(k) including match with pre and post-tax options Paid Sick Time Leave Legal and Identity Protection Plans Pre-tax Commuter Benefit 529 College Saver Plan Motion Recruitment Partners (MRP) is an Equal Opportunity Employer. All applicants must be currently authorized to work on a full-time basis in the country for which they are applying, and no sponsorship is currently available. Employment is subject to the successful completion of a pre-employment screening. Accommodation will be provided in all parts of the hiring process as required under MRP's Employment Accommodation policy. Applicants need to make their needs known in advance.

Role GenAI/ML Architect Business Vertical: Life Sciences, Health Care, Energy, Resources and Utilities Responsibility: • Design and architect end-to-end AI/ML solutions, ensuring scalability, security, and efficiency. • Guide data scientists and engineers in developing, training, and deploying machine learning models. • Define best practices for MLOps, including model versioning, monitoring, and retraining strategies. • Develop AI frameworks and reusable components to accelerate AI adoption across the organization. • Collaborate with stakeholders to understand business requirements and align AI solutions accordingly. • Optimize data pipelines and AI infrastructure to support high-performance model training and inference. • Evaluate emerging AI technologies and recommend suitable tools, frameworks, and methodologies. • Ensure compliance with AI ethics, governance, and data privacy regulations. • Implement microservices architecture to build scalable and resilient software solutions. • Use Cloud platforms like AWS, Azure to deploy and run software applications. Key Skills: • 12+ years of experience in AI/ML engineering, including at least 3 years in an architectural role • Extensive experience in AI/ML model development, deployment, and lifecycle management. • Expertise in machine learning frameworks (TensorFlow, PyTorch, Scikit-learn) and cloud platforms (AWS, GCP, Azure). • Strong programming skills in Python, Java, or C++ • Proficiency in MLOps tools (Kubeflow, MLflow, Airflow, Docker, Kubernetes). • Deep understanding of distributed computing, big data technologies (Spark, Hadoop), and scalable data pipelines. • Experience with NLP, deep learning, reinforcement learning, generative AI • Experience in AI-driven business transformation and enterprise AI strategies. • Familiarity with edge AI, IoT, or real-time AI processing. • Knowledge of ethical AI frameworks and responsible AI principles. • Strong problem-solving skills and ability to mentor AI/ML teams. • Experience in agile development methodologies to deliver solutions and product features.

Vignesh KRG Technologies Inc. 25000 | Avenue Stanford | Suite 120 | Valencia, CA 91355 Direct Phone: ************** Ext.405 | Email: *********************** Job Description • 17 or more years of experience with Bachelor's degree required. • Master's degree in related field or business administration preferred but not required. • Ten or more years of consulting experience with management and/or operations strategy. • One to four years of additional relevant experience in one or more business or industry specialty areas • Experience working with Industry assessment methodologies • Experience working with business principles, practices and economics • Experience working with common best practices, innovations, trends and challenges in the industry. • Ability to travel, as required. • Knowledge of two or more cybersecurity technologies such as privileged access management, identity governance, PKI, or HSPD-12. • Knowledge of privileged access management systems. • Knowledge of database and operating system security. • Knowledge of latest security principles, techniques, and protocols. • Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met. • Ability to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities. • Proven problem management skills with the ability to think critically. Must be able to leverage technology and apply critical thinking to gather, aggregate, and analyze data, and present results to senior clients. • Must possess network security architecture expertise. • Network security services experience should include a working knowledge of at least three of the following networking and network security devices/software: routers, firewalls, encryption, network and/or host based intrusion detection, intrusion prevention, security information management, anti-virus, vulnerability management, and patch management. • Functional expertise in two or more information assurance technologies or capabilities such as Vulnerability/Threat Assessments, Network Intrusion Detection, Secure Operations, Firewall Design & Deployment, Public Key Encryption, Virtual Private Networks, etc. Program Specified Qualifications: • Eight or more years of consulting experience with technical architecture analysis and design as well as executive level business strategy • CISSP with either ISSAP or ISSEP is required and a CSSLP is desired. • Experience with ISO27000 • Experience delivering Strategic Security assessments • Experience working with the client's enterprise products, services, and strategies • Experience working with at least two technical platforms and associated integration techniques Additional Information All your information will be kept confidential according to EEO guidelines.

Complete Description: · The Enterprise Architect will also be tasked with preparing security standards, policies and procedures - as well as mentoring team members and executive staff on security matters. CISSP REQUIRED. · The department is seeking an Enterprise Architect to work in conjunction with the Modernization Team, as well as the DHS Information Security and Privacy Office, to analyze and document the existing information security environment. · Conducting system security and vulnerability analyses and risk assessments · Evaluating the systems architecture and identifying integration issues · Serve as Information Security Subject Matter Expert (SME), while working with a Systems Integrator and software vendors, to develop the approach for implementing an enterprise security infrastructure that ensures compliance to standards, policies and procedures · Monitor delivery efforts to ensure compliance to standards, policies, and procedures · Deliver evidence, demonstrating project deliverables meet federal certification requirements · Improves DHS Incident Response efforts by analyzing existing systems\/processes and recommending future technologies and associated processes · Participate in the RFI\/RFP process for systems module selection · Participate in the procurement process to select a Systems Integrator to execute the DDI phase · CISSP certification REQUIRED · Extensive experience designing and implementing enterprise security architectures based on NIST Risk Management Framework (NIST 800\-53), state and federal security standards, and security industry best practices · An extensive understanding of security tools and software products, including Identity Access Management (IAM), Security Incident and Event Management (SIEM), and Cloud Access Security Brokers (CASB) · In\-depth experience in creating, documenting, and implementing enterprise security policies and standards - including enterprise\-wide communication and training "}}],"is Mobile":false,"iframe":"true","job Type":"Contract","apply Name":"Apply Now","zsoid":"659070196","FontFamily":"PuviRegular","job OtherDetails":[{"field Label":"Contract Duration","uitype":1,"value":"6 months"},{"field Label":"On\-Site vs Remote","uitype":2,"value":"On\-Site"},{"field Label":"Visa Requirement","uitype":1,"value":"Any"},{"field Label":"Industry","uitype":2,"value":"IT Services"},{"field Label":"City","uitype":1,"value":"Middletown"},{"field Label":"State\/Province","uitype":1,"value":"Iowa"},{"field Label":"Zip\/Postal Code","uitype":1,"value":"52638"}],"header Name":"Security Architect","widget Id":"**********00072311","is JobBoard":"false","user Id":"**********00187003","attach Arr":[],"custom Template":"4","is CandidateLoginEnabled":false,"job Id":"**********04811011","FontSize":"15","google IndexUrl":"https:\/\/palettetechnologies.zohorecruit.com\/recruit\/ViewJob.na?digest=Lh304XeNwlnJptzUT2shAdEFCp5SP0AbABceCROpQO8\-&embedsource=Google","location":"Middletown","embedsource":"CareerSite","indeed CallBackUrl":"https:\/\/recruit.zoho.com\/recruit\/JBApplyAuth.do"}

ABOUT THE JOB The ACLU seeks applicants for the full-time position of Application Security Architect in the Information Security Department of the ACLU's National office in New York, NY . This is a hybrid role that has in-office requirements of two (2) days per week or eight (8) days per month. This role will define how secure applications are designed, integrated, and maintained across the ACLU's cloud, SaaS, and hybrid environments. You'll lead efforts to embed security throughout our software development lifecycle (SDLC), own our internal Security Architecture Review (SAR) process, and guide secure integration practices for highly customized platforms and other third-party applications critical to our civil liberties mission. The AppSec Architect will partner closely with product and platform teams, Tech Engineering, Devops, IT, and affiliates to assess and mitigate risks associated with application design, data flows, integrations, and third-party software usage. You'll help set and enforce security standards, perform hands-on threat modeling, define secure development and deployment patterns, and directly support high-impact systems involving donor data, legal case workflows, and internal operational apps. This hands-on technical leadership role will own and drive the ACLU's application security efforts across both internally developed and externally adopted applications. This position is part of a collective bargaining unit. It is represented by ACLU Staff United (ASU). WHAT YOU'LL DO Reporting to the Director, Security Architecture & Engineering, the Application Security Architect will define and drive the ACLU's application security roadmap-from code to cloud, and everything in between. YOUR DAY TO DAY Lead the ACLU's Application Security Program, owning the InfoSec SDLC strategy and continuous improvement of application-layer security across cross-functional teams. Own the Security Architecture Review (SAR) process, including intake, risk evaluation, documentation, and partner engagement. Perform and guide threat modeling for new applications, integrations, and high-risk workflows-including financial systems, legal platforms, and supporter/donor tools. Define secure design patterns for authentication (OAuth/OIDC), secrets management, API authorization, session handling, and data flow protections across internal and third-party systems. Evaluate, deploy, and maintain AppSec tooling such as SAST, DAST, SCA, API security tools, and secrets detection platforms, based on risk and developer stack alignment. Partner with stakeholders to assess internal cloud apps, low-code tools, and internal workflow automations for security risks. Oversee application-layer vulnerability triage, analysis, and escalation-including issues from internal testing, coordinated disclosure, and external penetration testing. Collaborate with platform owners of high-risk SaaS platforms to validate that application-level security controls-authZ, audit logging, IP allowlists, token lifetimes, etc.-are in place and enforced. Ensure application-layer security extends across data ecosystems, including ETL and reverse ETL pipelines, data warehouse platforms (e.g., Redshift, Snowflake), and high-risk integrations that move or transform sensitive donor, legal, or supporter data between internal systems and external SaaS tools. Identify and reduce emerging application-layer risks related to AI adoption, including prompt injection, model abuse, insecure integrations with LLM APIs, and exposure of sensitive data through AI-powered features or automations. FUTURE ACLU'ERS WILL Be committed to advancing the mission of the ACLU Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts WHAT YOU'LL BRING Extensive experience in application or product security, secure software development, or DevSecOps architecture. Practical experience designing and implementing secure SDLC, AppSec testing workflows, or automated CI/CD security gates. Deep understanding of common software vulnerabilities (e.g., OWASP Top 10), secure coding practices, and threat modeling methodologies. Familiarity with GitHub Actions, modern SaaS stacks, and secure API design principles. Familiarity with CMS tooling (e.g., Drupal, WordPress), cloud computing platforms (e.g., GCP, Azure, AWS), and containerization environments (e.g., Kubernetes, Docker, ECS). Experience securing data pipelines and warehouse environments, with a focus on protecting structured data. Experience partnering directly with developers and product teams to influence secure outcomes. Excellent communication skills, especially when translating technical issues into business risk language. COMPENSATION The ACLU is committed to equity, transparency, and clarity in pay. Consistent with our compensation philosophy, there is a set salary for each role based on geographic work location. The annual salary for this position is $161,123 (Level - E), reflecting the salary of a position based in New York, NY. Salaries are subject to a regional pay adjustment if authorization is granted to work outside of the location listed in this posting. For details on our pay structure, please visit: ************************************************************************ WHY THE ACLU For over 100 years, the ACLU has worked to defend and preserve the individual rights and liberties guaranteed by the Constitution and laws of the United States. Whether it's ending mass incarceration, achieving full equality for the LGBTQ+ community, establishing new privacy protections for our digital age, or preserving the right to vote or the right to have an abortion, the ACLU takes up the toughest civil liberties cases and issues to defend all people. We know that great people make a great organization. We value our people and know that what we offer is essential not just their work, but to their overall well-being. At the ACLU, we offer a broad range of benefits, which include: Time away to focus on the things that matter with a generous paid time-off policy Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment) Plan for your retirement with 401k plan and employer match We support employee growth and development through annual professional development funds, internal professional development programs and workshops OUR COMMITMENT TO ACCESSIBILITY, EQUITY, DIVERSITY & INCLUSION Accessibility, equity, diversity and inclusion are core values of the ACLU and central to our work to advance liberty, equality, and justice for all. For us diversity, equity, accessibility, and inclusion are not just check-the-box activities, but a chance for us to make long-term meaningful change. We are a community committed to learning and growth, humility and grace, transparency and accountability. We believe in a collective responsibility to create a culture of belonging for all people within our organization - one that respects and embraces difference; treats everyone equitably; and empowers our colleagues to do the best work possible. We are as committed to anti-oppression, anti-ableism, and anti-racism internally as we are externally. Because whether we're in the courts or in the office, we believe ‘We the People' means all of us. With this commitment in mind, we strongly encourage applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, veteran status and record of arrest or conviction, or any other characteristic protected by applicable law. The ACLU is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and need assistance applying online, please email ************************ . If you are selected for an interview, you will receive additional information regarding how to request an accommodation for the interview process.

Provide proven expertise and knowledge in Governance, Risk and Compliance (GRC), internal and external audit and assessment support and Information Security assurance initiatives. A firm knowledge of security compliance controls i.e NIST 800-53r4, HIPAA, HITECH, ISO27001 and other security standard frameworks is an absolute requirement. Gather and analyze metrics, key risk indicators and maintain scorecards defined within the area of information security to ensure the information security program is meeting governance expectations and maturity. This candidate must be familiar with general security risk management principals, healthcare and government-designed security control standards and best practices for security and privacy. Candidate should be familiar with documented security plans, procedures, supporting evidence and risk rating standards based on NIST and other risk management frameworks. Assist with evaluation and testing as well as work with the applicable teams to track, address, and remediate audit and assessment findings to closure. Candidate must be familiar with threats and vulnerabilities, latest trends and risks and be able to understand the technical remediation action steps or plans and communicate them effectively to teams within the organization. Manage policy exceptions with requestors and coordinate the annual exception review process. Requires working directly with various teams to document exceptions, identify compensating controls, and remediation action plans accordingly. Provide process improvement suggestions for more effective management and review of exceptions. Support and help mature the overall security management program. Should be familiar with general governance, risk and compliance (GRC) programs with specific knowledge of government practices, and security risk and policy management. Provide support for ongoing BAA, third party risk reviews, including initial inherent risk, ongoing residual risk, and attestation campaigns. Support and help maintain risk appetite frameworks focused on security and business continuity risks. Additionally, support and maintain other general regulatory risk assurance program functions. Support and address regular IT general controls (ITGC) activity reviews and be able to rate and score maturity and compliance to standard control objectives. A knowledge of security architectures including SDLC, cloud or multi-tenant infrastructure and environments and network/boundary architectures. Should be familiar with SIEM, DLP, and other reporting and protection capabilities. Qualifications This position requires: BS or BA degree in a related field or equivalent work experience. Minimum 5 years in information security, Risk Management, IT compliance, or security/IT risk related field. Strong oral and written communication, as well as good interpersonal skills. Knowledge and experience in standard security and regulatory frameworks including HIPAA, HITECH, NIST 800-53, other NIST standards, ISO 27001/31000, FFIEC and PCI. Possess the ability to solve a wide range of complex problems, requiring ingenuity and innovation. Preferred/Nice-to-haves: Experience using GRC platforms or rating scorecards to show compliance levels and maturity. Experience with SharePoint administration, including workflow and process design. Current Certified Information Systems Security Professional CISSP certification (or similar security profession certificate). Current Certified Information Systems Auditor CISA certification (or similar). Additional Information PlanIT Group, LLC is an Equal Opportunity/Affirmative Action (M/F/D/V) Employer. All your information will be kept confidential according to EEO guidelines.

Department Description At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world-a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences. The Enterprise Technology mission is to deliver technological solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: * Secure the Magic by protecting information systems and platforms. * Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. * Strengthen the business through optimizing execution, application, and technology used to protect the Company. * Innovate by investing in core capabilities to enhance operational efficiency. Team Description: Global Information Security (GIS) supports all of Disney's business segments, including Disney Entertainment & ESPN (DE&E). DE&E encompasses the operations of Disney's streaming services-Disney+, Hulu, ESPN+, Disney+ Hotstar, Star, and the upcoming Venu Sports streaming service-as well as Disney's broadcast and cable networks, including ABC, ESPN, FX, Disney Channels, and National Geographic. DE&E sits at the intersection of entertainment, sports, and technology, striving to connect viewers with beloved stories while advancing the streaming industry with consumer-first innovations. Security professionals supporting DE&E work with industry-leading technologies to deliver world-class, highly secure services to customers. What You'll Do: * Independent audit support for: * SOX 404 ITGCs * PII * PCI * ISPS * Collaborate with Enterprise Controls and Compliance (ECC) to scope systems and respective ITGCs. * Perform control health checks and remediation testing procedures to address issues identified via audit assessments, access control reviews, internal or external audits and/or other assessments. * Develop and lead the Control Assurance Programs (ISPS and SOX). * Lead Audit Readiness efforts to ensure proper system scoping and respective ITGCs, control validations and timely program onboarding. * Participate in audit walkthrough meetings to help establish internal testing procedures to gain operational comfort in the design of the Company's automated controls. * This includes control self-evaluations of new controls or processes that impact the effectiveness of an existing control. * Perform impact analysis and risk assessment on deficiency findings and documentation associated with the assessment. * Work with management and internal audit on maintaining the master Risk and Control Matrix over the systems material to Disney Entertainment and ESPN (Broadcast TV and Streaming - Hulu, Disney+, ESPN+, STAR+ products) * Ensure for timely management response of audit findings into our corporate SOCD/SAD. * Oversee ISPS Management Audit coordination and open action plans. * Provide consultancy to Development leads to identify and implement automation and efficiency opportunities to meet governance and compliance demands. * Management of GRC workflows around coordination of certifications and attestations. * Partner with leadership to support the PCI-DSS compliance program. * Develop training materials, coordinate training sessions, and monitor compliance with training requirements. * Oversee and manage a team of compliance analysts, ensuring day-to-day operations run smoothly and efficiently. * Assign tasks and projects to team members based on priorities, deadlines, and individual strengths. * Provide executive level updates on Compliance programs Must Haves (Years of Experience, languages, programs, tools, etc.): * Minimum of 8 years of related work experience, with 3 in management roles * IT SOX experience and proven experience in supporting IT audit/compliance functions * Experience in managing people * Thorough understanding of SOX ITGC and ICFR 404 standards and audit objectives * Interpersonal skills with the ability to work with teams cross-functionally * Strong verbal and written communication skills and ability to effectively communicate to technical and non-technical audiences, including developers and tech operators * Detail-oriented but able to understand the big picture. Highly organized and efficient * Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a fast-paced, deadline-driven environment, accepting ownership and accountability of the process and deliver on commitments * Experience with cloud-based services, specifically AWS Nice To Haves (see above): * Experience and knowledge of NIST framework, ISO 27001, K-ISMS, GDPR * Experience working with companies that have a heavy microservice architecture Education: Bachelor's degree in Computer Science, CPA license, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience The hiring range for this position in Glendale, CA and Santa Monica, CA is $141,900 to $190,300 per year and in New York, NY is $148,700 to $199,400 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate's geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered. About The Walt Disney Company (Corporate): At Disney Corporate you can see how the businesses behind the Company's powerful brands come together to create the most innovative, far-reaching and admired entertainment company in the world. As a member of a corporate team, you'll work with world-class leaders driving the strategies that keep The Walt Disney Company at the leading edge of entertainment. See and be seen by other innovative thinkers as you enable the greatest storytellers in the world to create memories for millions of families around the globe. About The Walt Disney Company: The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney's stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished. This position is with Disney Worldwide Services, Inc., which is part of a business we call The Walt Disney Company (Corporate). Disney Worldwide Services, Inc. is an equal opportunity employer. Applicants will receive consideration for employment without regard to race, religion, color, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, age, marital status, military or veteran status, medical condition, genetic information or disability, or any other basis prohibited by federal, state or local law. Disney champions a business environment where ideas and decisions from all people help us grow, innovate, create the best stories and be relevant in a constantly evolving world. Apply Now Apply Later Current Employees Apply via My Disney Career Explore Location

Hours: 40 Pay Details: $87,000 - $151,000 USD TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs. As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role. Line of Business: Technology Solutions : The Manager Information Security manages / leads a team of Technology Controls / Information Security experts in the development and/ or management of relevant strategies, programs, tools, frameworks and policies and provides specialized oversight / control / governance activities for a key business line/segment or transformational (change the bank) strategic initiative / program, liaising across the organization and primarily interfacing with executive and/or functional stakeholders to minimize overall technology risks to the Bank for own area. Job Description: This position manages junior level penetration testers, vendor coordination for multiple testing services, processes, procedures and scheduling for penetration, dynamic scanning, and manual code review testing services. Responsibilities: Vendor Management: Manage and coordinate penetration testing engagements with vendors. People Management: Manage a team of Junior level penetration testers and their development. DAST: Manage the DAST program and tooling. Familiarity with current industry tooling and technologies and those being introduced. Facilitate Penetration Tests: Perform thorough and methodical penetration testing. Evaluate and Assign: penetration tests to appropriate resources. Vulnerability Assessment: Assess and analyze security weaknesses, and provide actionable recommendations to mitigate risks and improve overall security posture. Report Findings: Document and communicate findings clearly and effectively to both technical and non-technical stakeholders. Prepare comprehensive reports with recommendations for remediation. Develop Test Procedures: Design and execute detailed test requirements. Stay Current: Keep up-to-date with the latest security trends, vulnerabilities, and tools to ensure testing methodologies are current and effective. Collaborate with Teams: Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements; work closely with advisory and SDLC pipeline teams to ensure compliance; work closely with PCS team to manage PCI testing requirements. This position will collaborate with many application security teams. Perform Risk Assessments: Evaluate and assess potential security risks related to new and existing systems and technologies. Compliance: Ensure that penetration testing practices comply with relevant regulations, standards, and organizational policies. Incidents: Act as a testing SME on incident calls; support testers on the calls. Depth & Scope: Advanced knowledge of Bank, technology standards and managing people / projects Leads a small team of IT professionals; coaches/ educates, monitors and manages team members Strong communication, negotiation and organizational skills specifically including the ability to present options in business terms to both IT and business staff including executives Education & Experience: Bachelor's degree preferred Information security certification / accreditation an asset 7+ years of relevant experience Preferred Qualifications : Technical Skills: Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nmap, and Kali. Knowledge of common web application vulnerabilities (e.g., OWASP Top Ten) and network security principles. Penetration testing, DAST, Manual Code Review knowledge. Analytical Skills: Strong analytical and problem-solving abilities with attention to detail. Organizational Skills: Manage documents and procedures for testing team. Multi-tasking: This job requires exceptional ability to multi-task with multiple workstreams to manage daily. Communication: Excellent verbal and written communication skills, with the ability to convey complex technical concepts to non-technical stakeholders. Ethical Standards: Demonstrated understanding of ethical hacking principles and a commitment to maintaining high ethical standards. Experience with penetration testing in AI, cloud environments (e.g., AWS, Azure) and PCI testing. Familiarity with security standards and frameworks. Previous experience managing and developing teams. Certifications: Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are highly desirable. Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities Participate in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team #TDCyberSecurity #Hybrid Physical Requirements: Never: 0%; Occasional: 1-33%; Frequent: 34-66%; Continuous: 67-100% Domestic Travel - Occasional International Travel - Never Performing sedentary work - Continuous Performing multiple tasks - Continuous Operating standard office equipment - Continuous Responding quickly to sounds - Occasional Sitting - Continuous Standing - Occasional Walking - Occasional Moving safely in confined spaces - Occasional Lifting/Carrying (under 25 lbs.) - Occasional Lifting/Carrying (over 25 lbs.) - Never Squatting - Occasional Bending - Occasional Kneeling - Never Crawling - Never Climbing - Never Reaching overhead - Never Reaching forward - Occasional Pushing - Never Pulling - Never Twisting - Never Concentrating for long periods of time - Continuous Applying common sense to deal with problems involving standardized situations - Continuous Reading, writing and comprehending instructions - Continuous Adding, subtracting, multiplying and dividing - Continuous The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties and skills required. The listed or specified responsibilities & duties are considered essential functions for ADA purposes. Who We Are: TD is one of the world's leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we deliver legendary customer experiences to over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to the Bank, those we serve, and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers, communities and colleagues. TD is deeply committed to being a leader in customer experience, that is why we believe that all colleagues, no matter where they work, are customer facing. As we build our business and deliver on our strategy, we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether you've got years of banking experience or are just starting your career in financial services, we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs, we're here to support you towards your goals. As an organization, we keep growing - and so will you. Our Total Rewards Package Our Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial, physical and mental well-being goals. Total Rewards at TD includes base salary and variable compensation/incentive awards (e.g., eligibility for cash and/or equity incentive awards, generally through participation in an incentive plan) and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off (including Vacation PTO, Flex PTO, and Holiday PTO), banking benefits and discounts, career development, and reward and recognition. Learn more Additional Information: We're delighted that you're considering building a career with TD. Through regular development conversations, training programs, and a competitive benefits plan, we're committed to providing the support our colleagues need to thrive both at work and at home. Colleague Development If you're interested in a specific career path or are looking to build certain skills, we want to help you succeed. You'll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities. Whether you have a passion for helping customers and want to expand your experience, or you want to coach and inspire your colleagues, there are many different career paths within our organization at TD - and we're committed to helping you identify opportunities that support your goals. Training & Onboarding We will provide training and onboarding sessions to ensure that you've got everything you need to succeed in your new role. Interview Process We'll reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call. Accommodation TD Bank is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or any other characteristic protected under applicable federal, state, or local law. If you are an applicant with a disability and need accommodations to complete the application process, please email TD Bank US Workplace Accommodations Program at ***************. Include your full name, best way to reach you and the accommodation needed to assist you with the applicant process.

This role is located in New York City and will require a hybrid work schedule of at least 2 days in office per week. This role is for Vice President level candidates. About the Bank: Sumitomo Mitsui Trust Bank, Limited was established through the merger of The Sumitomo Trust and Banking Co., Ltd with Chuo Mitsui Trust and Banking, Ltd. on April 1, 2012. We are one of the largest asset managers in Asia and number one among Japanese financial institutions by AUM, with approximately $850 Billion USD in AUM. The Bank provides an assortment of financial solutions and manages a broad spectrum of financial products across its global branches. Department Overview: The Americas Division (“AD”) was established in the Sumitomo Mitsui Trust Bank, Limited, New York Branch) (“SMTBNY”) to perform corporate functions and supervise U.S. entities. Established under the AD are the “Global Banking Unit (“GBU”), Americas Division” and “Global Markets Unit (“GMU”), Americas Division” which performs business functions. Information Risk Governance (“IRG”) provides oversight to information and cyber security risk by maintaining and improving branch wide framework that is in-line with the Head Office and regulatory requirements and addresses Confidentiality, Integrity, and Availability for information assets. IRG establishes appropriate policies, procedures, measurement, and monitoring processes to proactively assess and evaluate cyber security and information security risks inherent in the Branch Operations. IRG is directly involved in all information and cyber security related projects, matters, and issues. Your Role Overview: To assist the Head of the Department with the day-to-day management and operation of the department. To assume the role of Information Security Officer and take the lead on overseeing the timely completion of the department's critical risk management projects. To provide direct assistance to the Head of the Department with regards to accomplishing the department's goals and objectives. To manage, guide and mentor other staff members with the preparation and completion of their assigned tasks. To contribute significantly to the overall success of the department in all key risk management and cyber security areas. Directly oversee completion of all critical projects, assist the HOD with implementing desired operational strategies and procedures. Recommend ways to improve efficiency, effectiveness, and productivity. Focus on proactive day-to-day operations. As ISO, assist with overseeing all information and cyber security matters. Your Duties and Responsibilities: Maintain and improve the information risk framework with guidance from HOD, address regulatory requirements, residual information risks specific to NY Branch Operations. Provide Information Security subject-matter-expertise to senior management. Work with IRT and coordinate incident responses to cyber security events. Keep abreast of industry wide information risk issues that could potentially have an impact on Branch Operations. Establish processes for communicating data classification guidelines and its governance. Oversee employee information security awareness training. Assesses and evaluates critical risk management projects: Annual Risk Assessment. Semi-annual Vulnerability Assessments. Special Risk Assessments done for a Particular Purpose Trend analysis of key risk management concepts and principles Attend the ISSRM and Branch Risk Management related meetings. Performs key information risk governance related tasks as described below: Provides User Access Control Governance. Monitors, analyzes and follows-up on Information Risk events/issues. Reviews information risk and proactively advises as necessary on: IT Projects/Issues Management process, Change Management Process, significant changes to IT procedures, IT Asset Management Report, key IT Vendor Contracts, IT Disaster Recovery Plan/Process, Record Retention Process, any related audit findings, etc. Establish and maintain Information Risk Key Risk Indicators (KRI). Periodically updates IT resources on Information risk related practices. Manages all information and cyber security policy and procedures manuals. Assist with the management of all matters related to Information Security and Information Risk Management, including directing appropriate Information/Applications Risk Assessments. Your Qualifications: Certification in Information Security (CISSP) required. 8+ years of Information Security related experience, IT Audit experience, preferred. Knowledge of Information Security principles, terminologies, and technologies required. Knowledge of Information Risk Management framework and principles required. Ability to analyze and design information security monitoring procedures and activities preferred. Detailed Knowledge and expertise in Technology Risk Assessments and Risk Analysis required. Excellent written and verbal communication skills, required. Good computer skills in Microsoft Office Excel and Word required. Strong project management and people management skills. preferred Why you should join SuMi Trust:SuMi Trust embraces flexible ways of working when the business and role permits. We provide employees with a hybrid working model, allowing for in-office work and work from home. Our diverse and inclusive environment along with our global presence enables us to collaborate and communicate to meet our business needs. We believe that efficient teams need truth, loyalty, and a strong sense of purpose to balance risk and their targets. We make sustainable business decisions to improve our society and the world. We believe that each person brings a unique value that drives the business though their creativity and passion. The Employee Benefits package includes: Paid Time Off, medical, HSA, vision, dental, FSA, 401(k), profit sharing, legal plan, cancer indemnity plan, disability insurance, life insurance, employee assistance program, commuter benefits, business travel accident, paid volunteer day, paid memberships, paid seminars, and tuition assistance. We offer many socialization opportunities for wellness, financial wellbeing, runs/walks, team building, happy hours, and activities to support the Sustainable Developmental Goals. Check out our LinkedIn for our employee experience: *************************************** We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SuMi Trust provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application

Sonsoft , Inc. is a USA based corporation duly organized under the laws of the Commonwealth of Georgia. Sonsoft Inc. is growing at a steady pace specializing in the fields of Software Development, Software Consultancy and Information Technology Enabled Services. Job Description Preferred • At least 1 year of experience in software development life cycle. • At least 1 year of experience in creating customized and complex reports using Crystal and Business Objects. • At least 1 year of experience in writing Nested and Complex queries. • At least 1 year of experience in creating reports using drill down, prompts and variables. • At least 1year of experience 0n Query Tuning mechanisms. • Good understanding of Data Warehouse concepts. • Must be able to provide Solutions or Enhancements to fix the data issues quickly when reported by the clients or users. • Flexibility to Self-learn and understand the system, further assist with query tuning and application performance • Good Analytical Skills • High impact communication • Ability to ramp up in new technologies • Ability to work in team environment with diverse/multiple stakeholders. • Experience and desire to work in a Global delivery environment. Qualifications Qualifications Basic • Bachelor's degree or foreign equivalent required from an accredited institution. Will also consider three years of progressive experience in the specialty in lieu of every year of education. • At least 1 year experience with SAP BO Administration Additional Information ** U.S. citizens and those authorized to work in the U.S. are encouraged to apply . We are unable to sponsor at this time. Note:- This is a Full-Time Permanent job opportunity for you. Only US Citizen, Green Card Holder, TN Visa, GC-EAD , H4-EAD & L2-EAD can apply. No OPT-EAD & H1B Consultants please. Please mention your Visa Status in your email or resume .

SAP Security administrator who should have at least 5 years of experience with the below skillset. Strong communication skills to facilitate working in a dynamic project environment Role design, configuration, testing, and deployment methodology within SAP application architecture Detailed knowledge of ABAP and Java based authorizations within SAP applications SAP ECC Profile Generator (single roles, master / derived roles, composite roles) SAP BI analysis authorization concepts SAP BPC security and administration Qualifications SAP Central User Administration configuration and administration SAP GRC configuration and administration SAP Enterprise Portal UME administration SAP BOBJ Security and administration Additional Information Share the Profiles to mahesh(@)techtammina(dot)com Contact: ************ Job Type: W2 Contract Eligibility: EAD Green Card/Green Card/US Citizens Keep the subject line with Job Title and Location

Title: SAP BO BI 4.x Admin Full time position Skills BI/BA,Business Objects Salary: Market Rate The JD for this role will be: Expertise in SAP BO BI 4.x Administration that includes - Upgrade/ Patch installs - Server maintenance and overall BO environment performance monitoring - Windows AD authentication/ SSO, BO Security set up - LCM migration process for dev-test-uat-prod migraton - BO environment backup/ recovery procedures · Experience in BO Universe Development - Create/ maintain IDT Universes for adhoc webi reporting - Interact with business users and ETL team for build/ supporting the universe · Good knowledge of Datawarehousing Concepts and BI best practices Strong SQL knowledge, Analytical and troubleshooting skills Understanding of P&C Insurance business will be added advantage Contact: [email protected] ************ Additional Information PMI Certification is a MUST.

A highly skilled and experienced SAP Security Specialist is needed to join the team. The specialist will focus on the secure and compliant operation of the SAP landscape, specifically across SAP BusinessObjects Data Services BODS, SAP Landscape Transformation Replication Server SLT, SAP Ariba, and SAP Signavio. The specialist will be responsible for designing, implementing, and maintaining robust security solutions that meet business needs and compliance requirements. This role requires a strong understanding of SAP authorization concepts, risk management, and the ability to work collaboratively across various teams. Responsibilities: Design, develop, and maintain SAP security roles and authorizations within BODS, SLT, Ariba, and Signavio environments, aligning with security policies, standards, and SoD requirements. Administer user access, troubleshoot issues, and oversee GRC implementation and user access reviews for the specified SAP applications. Conduct security assessments, monitor and report on security events, and support audits. Collaborate with IT and functional teams to define and implement security policies and provide user support. Lead SAP security tasks in projects, supporting implementations and managing change control processes. Develop and maintain the SAP Signavio Process Intelligence security model and ensure secure data access control. Manage SSO, user provisioning, and integrations with IdMGRC if applicable. Analyze and troubleshoot access issues, ensuring least privilege and SoD compliance. Maintain audit trails and ensure system compliance with internal and external controls e.g., SOX. Work closely with SAP Basis and Cloud Identity Services for user lifecycle and identity federation. Participate in system upgrades, patching, and cutovers by validating security impacts. Provide documentation and knowledge transfer to support and audit teams. Qualifications: Bachelor's degree in a relevant field. Minimum of 10+ years of SAP Security experience with proven project delivery. Strong knowledge in: SAP BODS repository and runtime user security. SLT rolebased access control and connection configurations. SAP Ariba user provisioning via Ariba Administration, CIG or BTP, integration with SSO and Active Directory. Signavio cloud user management and role assignments through SAP BTP cockpit or SCIMbased provisioning. Expert knowledge of SAP authorization security, implementation methodologies, and SoD concepts. Experience with SAP GRC Access Control. Demonstrated ability to design SAP security solutions and experience in endtoend SAP security project lifecycles. Excellent communication and collaboration skills. Preferred Qualifications: SAP Ariba certification. Experience with EIMSailPoint, SAP Solution ManagerChaRM, and SAP Business Technology Platform BTP. Bachelor's degree in Computer Science, Information Technology, or related discipline. SAP Security or GRC certification is a plus. Experience in multitenant SAP Ariba or Signavio deployment models. Knowledge of compliance frameworks e.g., ISO, NIST, SOX. This job description provides an overview of the responsibilities and qualifications required for an SAP Security Specialist role with a focus on BODS, SLT, Ariba, and Signavio. It can be further customized based on specific organizational needs and the seniority level of the position.

Mount Laurel, New Jersey, United States of America **Hours:** 40 **Pay Details:** $87,000 - $151,000 USD TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs. As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role. **Line of Business:** Technology Solutions **:** The Manager Information Security manages / leads a team of Technology Controls / Information Security experts in the development and/ or management of relevant strategies, programs, tools, frameworks and policies and provides specialized oversight / control / governance activities for a key business line/segment or transformational (change the bank) strategic initiative / program, liaising across the organization and primarily interfacing with executive and/or functional stakeholders to minimize overall technology risks to the Bank for own area. **Job Description:** This position manages junior level penetration testers, vendor coordination for multiple testing services, processes, procedures and scheduling for penetration, dynamic scanning, and manual code review testing services. **Responsibilities:** + **Vendor Management:** Manage and coordinate penetration testing engagements with vendors. + **People Management:** Manage a team of Junior level penetration testers and their development. + **DAST:** Manage the DAST program and tooling. Familiarity with current industry tooling and technologies and those being introduced. + **Facilitate Penetration Tests:** Perform thorough and methodical penetration testing. + **Evaluate and Assign:** penetration tests to appropriate resources. + **Vulnerability Assessment:** Assess and analyze security weaknesses, and provide actionable recommendations to mitigate risks and improve overall security posture. + **Report Findings:** Document and communicate findings clearly and effectively to both technical and non-technical stakeholders. Prepare comprehensive reports with recommendations for remediation. + **Develop Test Procedures:** Design and execute detailed test requirements. + **Stay Current:** Keep up-to-date with the latest security trends, vulnerabilities, and tools to ensure testing methodologies are current and effective. + **Collaborate with Teams:** Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements; work closely with advisory and SDLC pipeline teams to ensure compliance; work closely with PCS team to manage PCI testing requirements. This position will collaborate with many application security teams. + **Perform Risk Assessments:** Evaluate and assess potential security risks related to new and existing systems and technologies. + **Compliance:** Ensure that penetration testing practices comply with relevant regulations, standards, and organizational policies. + **Incidents:** Act as a testing SME on incident calls; support testers on the calls. **Depth & Scope:** + Advanced knowledge of Bank, technology standards and managing people / projects + Leads a small team of IT professionals; coaches/ educates, monitors and manages team members + Strong communication, negotiation and organizational skills specifically including the ability to present options in business terms to both IT and business staff including executives **Education & Experience:** + Bachelor's degree preferred + Information security certification / accreditation an asset + 7+ years of relevant experience **Preferred Qualifications :** + **Technical Skills:** + Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nmap, and Kali. + Knowledge of common web application vulnerabilities (e.g., OWASP Top Ten) and network security principles. + Penetration testing, DAST, Manual Code Review knowledge. + **Analytical Skills:** Strong analytical and problem-solving abilities with attention to detail. + **Organizational Skills:** Manage documents and procedures for testing team. + **Multi-tasking** : This job requires exceptional ability to multi-task with multiple workstreams to manage daily. + **Communication:** Excellent verbal and written communication skills, with the ability to convey complex technical concepts to non-technical stakeholders. + **Ethical Standards:** Demonstrated understanding of ethical hacking principles and a commitment to maintaining high ethical standards. + Experience with penetration testing in AI, cloud environments (e.g., AWS, Azure) and PCI testing. + Familiarity with security standards and frameworks. + Previous experience managing and developing teams. + **Certifications:** Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are highly desirable. + Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities + Participate in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team \#TDCyberSecurity #Hybrid **Physical Requirements:** Never: 0%; Occasional: 1-33%; Frequent: 34-66%; Continuous: 67-100% + Domestic Travel - Occasional + International Travel - Never + Performing sedentary work - Continuous + Performing multiple tasks - Continuous + Operating standard office equipment - Continuous + Responding quickly to sounds - Occasional + Sitting - Continuous + Standing - Occasional + Walking - Occasional + Moving safely in confined spaces - Occasional + Lifting/Carrying (under 25 lbs.) - Occasional + Lifting/Carrying (over 25 lbs.) - Never + Squatting - Occasional + Bending - Occasional + Kneeling - Never + Crawling - Never + Climbing - Never + Reaching overhead - Never + Reaching forward - Occasional + Pushing - Never + Pulling - Never + Twisting - Never + Concentrating for long periods of time - Continuous + Applying common sense to deal with problems involving standardized situations - Continuous + Reading, writing and comprehending instructions - Continuous + Adding, subtracting, multiplying and dividing - Continuous The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties and skills required. The listed or specified responsibilities & duties are considered essential functions for ADA purposes. **Who We Are:** TD is one of the world's leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we deliver legendary customer experiences to over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to the Bank, those we serve, and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers, communities and colleagues. TD is deeply committed to being a leader in customer experience, that is why we believe that all colleagues, no matter where they work, are customer facing. As we build our business and deliver on our strategy, we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether you've got years of banking experience or are just starting your career in financial services, we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs, we're here to support you towards your goals. As an organization, we keep growing - and so will you. **Our Total Rewards Package** Our Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial, physical and mental well-being goals. Total Rewards at TD includes base salary and variable compensation/incentive awards (e.g., eligibility for cash and/or equity incentive awards, generally through participation in an incentive plan) and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off (including Vacation PTO, Flex PTO, and Holiday PTO), banking benefits and discounts, career development, and reward and recognition. Learn more (*************************************** **Additional Information:** We're delighted that you're considering building a career with TD. Through regular development conversations, training programs, and a competitive benefits plan, we're committed to providing the support our colleagues need to thrive both at work and at home. **Colleague Development** If you're interested in a specific career path or are looking to build certain skills, we want to help you succeed. You'll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities. Whether you have a passion for helping customers and want to expand your experience, or you want to coach and inspire your colleagues, there are many different career paths within our organization at TD - and we're committed to helping you identify opportunities that support your goals. **Training & Onboarding** We will provide training and onboarding sessions to ensure that you've got everything you need to succeed in your new role. **Interview Process** We'll reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call. **Accommodation** TD Bank is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or any other characteristic protected under applicable federal, state, or local law. If you are an applicant with a disability and need accommodations to complete the application process, please email TD Bank US Workplace Accommodations Program at *************** . Include your full name, best way to reach you and the accommodation needed to assist you with the applicant process. Federal law prohibits job discrimination based on race, color, sex, sexual orientation, gender identity, national origin, religion, age, equal pay, disability and genetic information.

Location: Atlanta, Chicago, New York, Hoboken, Pittsburgh, Philadelphia, Cleveland, Akron, Dallas, Los Angeles At EY, we're all in to shape your future with confidence. We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Every challenge and every opportunity an organization faces today demands change. And with change comes risk. As a Risk Technology professional, you will be addressing client issues such as business performance variability, business and process controls transformation, application security integrity, governance, risk, and control (GRC) technology enablement, continuous controls monitoring, and IT risk management. You will belong to an international network of specialists helping our clients transform risk functions and implement technology solutions that support risk management and governance. With rapid growth across the SAP and Governance, Risk and Compliance (GRC) space, we're looking for people who understand the challenges of risk management and can focus on improving business performance using GRC technologies. As a member of our Risk Technology national practice, you will belong to a network of professionals helping our clients implement technology solutions to enrich and improve decision making, provide visibility and transparency of risk and compliance to stakeholders, and automate manual processes. The opportunity As our Risk Technology practice continues to expand, we are seeking a highly motivated Senior Associate, focused on SAP application risk and controls and technology enablement, to manage client engagement teams, work with a wide variety of clients to deliver professional services, and manage business development activities on strategic and global priority accounts. We will support you with career-long training and coaching to develop your skills in risk strategy, risk function design, risk management and performance enhancement. Since EY is a global leading service provider in this space, you will be working with the best people in a collaborative environment so that whenever you join and for however long you stay, the exceptional EY experience lasts a lifetime. Your key responsibilities Leveraging your knowledge of IT environments and industry trends, you will work across competencies, service lines and sectors to develop innovation solutions to build and sustain risk management and governance programs for our clients. You will support EY teams responsible for transforming risk functions and implementing leading practice technology solutions. Skills and attributes for success You will leverage your SAP experience and project management skills, to effectively support client engagement teams and provide technical expertise in the assessment, design, and implementation of controls, security, and IT risk solutions. Deliver facts, analyses, and recommendations in an accurate, clear, and concise manner. Foster relationships with client personnel at appropriate levels Drive high-quality work products on your team within expected timeframes and budget. To qualify for the role, you must have A bachelor's or master's degree and approximately 2-3 years of related work experience Demonstrate an understanding of SAP business processes (e.g., purchase-to-pay, record-to-report, order-to-cash) Experience testing controls, sensitive access, and segregation of duties. Basic project management and client service skills Strong written and verbal communication skills Strong analytical and problem-solving skills Excellent teaming skills A valid driver's license in the US and a valid passport required; willingness and ability to travel both domestically and internationally to meet client needs. Ideally, you'll also have Prior experience as a consultant or client-serving professional. Industry related certification (e.g., CPA/CA, CISA, RICS) Strong understanding of IT industry trends Foundational understanding of SAP auditing What we look for We're interested in passionate leaders with strong vision and a desire to stay on top of SAP and GRC industry trends. If you have a genuine passion for helping businesses achieve leading practice risk functions, this role is for you. What we offer you At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more. We offer a comprehensive compensation and benefits package where you'll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $102,500 to $187,900. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $122,900 to $213,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year. Under our flexible vacation policy, you'll decide how much vacation time you need based on your own personal circumstances. You'll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. Are you ready to shape your future with confidence? Apply today. EY accepts applications for this position on an on-going basis. For those living in California, please click here for additional information. EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY's Talent Shared Services Team (TSS) or email the TSS at **************************.

Qualifications Bachelor's degree required. Minimum five years of full-time professional experience in information technology, including evidence of successful and progressively responsible roles in information security or related area (including growth in levels of responsibility, complexity of work, numbers, and sophistication of employees) related to the essential responsibilities listed. Demonstrated fluency in written and spoken English with the sophistication necessary to effectively communicate technical details to both technical and non-technical individuals. Demonstrated willingness and ability to carry out the essential responsibilities listed with humility, grace, and optimism. Demonstrated understanding of, sensitivity to, and respect for the academic, cultural, and social diversity in the Hofstra University community. Preferred Qualifications Advanced degree in computer science, computer engineering, information security, or related field strongly preferred. One or more relevant professional certifications (e.g., CISSP , CISM /A, etc.) strongly preferred. Experience with state and federal information security regulatory requirements ( GLBA , FERPA , HIPAA , etc.) and other compliance requirements ( PCI , etc.). Knowledge of and experience applying industry-standard IT security frameworks ( NIST , IHECF , etc.). Significant experience in computing and information security, network security issues, and security incident response and recovery in a higher education environment. Significant experience in communicating information security principles and concepts to non-technical stakeholders, and success in improving cybersecurity awareness in a higher education environment. Working knowledge of the information security policy and regulatory environment of information security, particularly in higher education. Demonstrated experience and success in advising and collaborating with key stakeholders relevant to the essential responsibilities listed, including senior leadership, Internal Audit, outside auditors, and consultants. Professional experience in a leadership role in a higher education institution.

The Systems Engineer position is responsible for providing full cycle implementation and support of customer systems, while working across multiple company departments to ensure full client satisfaction. Under the direction of a manager or dispatcher, coordinates the design and maintenance of all access control, intrusion, and video surveillance systems. Incumbent receives and evaluates work orders and requests, investigates requests and troubleshoots problems where appropriate, establishes priorities and coordinates with contractors, when required. Requirements Essential functions and responsibilities: Assists with security systems integration, mapping and software updates and helps train personnel in the use of these systems. Assists on new projects in both existing areas and new construction helping with security assessments, vendor selection, technology upgrades, product selections, testing, field verification of systems and inspection of work in progress for compliance with standards Assess work sites, conditions, and logistics for each project; Develop Method of Procedure based on pre-project assessment. Design, develop and provide documentation of systems, configurations, and other pertinent information for the customer. Communicate with clients to resolve issues in a professional and confidential manner; Develop and execute client specific solutions. Manage the allocation of project resources, including software, hardware, tools, and related items specific to each customer and/or project. Direct the work responsibilities of union labor personnel based on specific project needs. Design and oversee training programs for new and existing customers; Determine which customers receive training. Collaborate with Customer Relationship Managers on demonstrations for new and potential clients. Perform installation, configuration, programming, and final commissioning of customer systems. Work collaboratively with installation, project management and engineering teams. Perform infrastructure services, including pulling cables, installing wall, and ceiling cabling, and installing surface mounted devices, as required. Perform system wiring and terminations services, as required. Deliver on-going remote and on-site technical support for existing customers and systems. Additional responsibilities may be required as necessary, including but not limited to: Provide internal support for basic trouble shooting. Organizes and manage parts stock and tools. Perform other duties as needed. Success factors/job competencies: Effectively communicate both in writing and verbally Work independently and prioritize multiple tasks and adapt to needed change Analysis Mechanical aptitude Comprehend technical language and read and interpret blueprints, wiring diagrams, and schematics Safety orientation Customer Focus Attention to Detail Teamwork/Collaboration Stay abreast of changes in security technology Physical demands and work environment: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Individual will be required to travel to customer sites as needed. While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts. The employee is occasionally exposed to outside weather conditions and risk of electrical shock. Individual will regularly be required to lift, push, pull, and carry up to 50 pounds, and occasionally up to 75 pounds. Incumbent will be required to use a computer with keyboard, telephone, or handheld mobile device for extended periods of time, and office machinery as needed. Incumbent must be able to read, see, hear, and speak. Workdays and Shifts: Position works Monday-Friday, daylight hours, and additional time as needed to complete work. Education/Certification(s)/License(s) required: Bachelor's Degree in Electronics, Information Technology or related field, or equivalent experience. May be required to participate in safety trainings and/or certifications provided by the Company or customers. Valid driver's license, as employee will be required to travel to local and overnight client sites as needed. Manufacturer specific certifications, as required. Responsible to maintain active certifications and obtain new and updated certifications as required by the Company. Experience/Other required: Position requires two (2) to three (3) years of relevant experience in the electronic services. Strong knowledge of Microsoft Office. Strong computer skills with advanced software aptitude. Security systems to include, service and maintenance across a broad spectrum of access control, intrusion and video surveillance systems such as, Genetec, Milestone, Bosch, and DMP. Applicants must be currently authorized to work in the United States on a full-time basis. Visa sponsorship is not available for this position. This is a full-time, in-person position, and candidates must be able to work from our office located in Pittsburgh, Pennsylvania.

McLaughlin Research has several openings (pending award) for Information Systems Security Engineers at the Naval Surface Warfare Center, Philadelphia Division. The Information System Security Engineer (ISSE) designs, develops, implements, and integrates advanced cybersecurity solutions to protect the organization's information systems and data assets. The ISSE III functions as a technical subject matter expert, applying security engineering principles across the system development lifecycle to identify vulnerabilities, mitigate risks, and maintain compliance with information assurance standards. This position often works with classified systems and complex networking environments. Requirements Key Responsibilities Security Architecture and Design: Designing and implementing security architectures for various environments and ensuring trusted relationships between systems. Risk Management and Compliance: Assessing and mitigating threats, leading the creation of security artifacts like SSPs and RARs, supporting system accreditation under frameworks like RMF, and ensuring compliance with policies such as DoD and NIST SP 800-series. Vulnerability Management and Incident Response: Conducting vulnerability assessments and ethical hacking, performing risk assessments, leading incident response, and managing automated scanning tools like ACAS and SCAP. Mentorship and Team Leadership: Guiding junior engineers and analysts and leading teams to achieve security goals. Cross-Functional Collaboration: Representing security engineering on technical teams and interfacing with stakeholders to translate requirements. Required Qualifications Education: BS in Computer Science or relevant field. Experience: 3-10 years in information security engineering, with specific experience potentially needed for DoD or SAP environments. Certifications: Must meet DoD 8570/8140 compliance (IASAE Level III, IAT Level III, or IAM Level III) and hold certifications such as CISSP, CASP+, CISM, CSSLP, or CISSP-ISSEP. Technical Skills: Expertise in RMF, NIST SP 800-53, DISA STIGs/SRGs, experience with security tools (e.g., eMASS, ACAS, Splunk), and knowledge of operating systems and networks (Windows, Linux, Cisco). Scripting proficiency is beneficial. Security Clearance: U.S. citizenship and eligibility to obtain an active security clearance. Equal Employment Opportunity Statement: McLaughlin Research Corporation is an Equal Opportunity and Affirmative Action Employer. It is our policy to recruit, hire, promote, and train for all positions without regard to age, race, creed, religion, national origin, gender identity, marital status, sexual orientation, family responsibilities, pregnancy, minorities, genetic information, status as a person with a disability, amnesty or status as a protected veteran, and to base all such decisions upon the individual's qualifications and ability to perform the work assigned, consistent with contractual requirements and all federal, state and, local laws. EEO is the Law: Applicants and employees are protected under Federal law from discrimination.