Securities Analyst jobs at Unum - 135 jobs

Our Fortune 500 company is driving a digital transformation and looking for forward-thinking innovators to disrupt how our industry thinks about and uses technology. As one of the world's leading employee benefits providers, we help millions of people gain affordable access to benefits that help them protect their families, their finances and their futures. Are you an asker of questions, a solver of problems, and a challenger of the status quo? Our mission is to provide a differentiated customer experience and exceed the expectations people have of technology at any company - not just insurers. We are seeking individuals to join our team of talented IT professionals who share never-ending passion and an unwavering focus on our customer experience. Team members comfortable working in an agile, fast-paced, and delivery-focused environment thrive in our environment where we value an entrepreneurial spirit and those who challenge the status-quo. Unum is changing, and we're excited about what's next. Join us. **General Summary:** The Information Security Metrics and Quality Data Analyst is responsible for simple to moderately complex data profiling, analysis and mapping with little to no oversight and exhibits a mastery of the tools and technical skillset subject matter expertise with data organization and visualization supporting information security (cyber security) risks and operations. This candidate works closely with Security Analysts, Security Engineers, Project Managers, and Global Information Security leadership. They deliver to high quality KRI/KPI and are able to accurately estimate work required to deliver on their responsibilities. They use critical thinking skills applied to data analysis in order to advance the delivery and maintenance of information security KRI and KPI. **Job Specifications** + Bachelors Degree preferred, and/or equivalent experience + 4+ years experience with demonstrated success at the Data Analyst 1 level or equivalent experience + Mastery of data profiling and analysis concepts, including data anomalies, data mapping activities. + Mastery of data modeling concepts + Mastery of PowerBI data modeling and visualization development + Clearly demonstrates data analytical ability and critical thinking skills + Ability to manage multiple tasks by paying close attention to detail + Ability to work as part of a team and interact effectively with others + Ability to embrace change, adapt to the unexpected, and focus energies, people, and solutions on practical and positive results + Takes an innovative approach to problem solving + Strong communications skills + Strong team player; able to work effectively within a team and more broadly with people from a variety of backgrounds and areas across the organization. **Principal Duties and Responsibilities** + Responsible for data profiling and analysis to evaluate data sources to determine the best source for business information. + Responsible for source to target data mapping specifications (e.g. source to target can be from one DBMS table to another DBMS table, from a DBMS table into a canonical message structure, etc.) + Design simple to moderately complex, flexible data models (conceptual and logical) and visualizations through collaborations with analysts, engineers, and leadership. Leads sizing and estimation activities within the agile team. + Create/Capture documentation (metadata) that is up-to-date. + Collaborate with the test engineers to perform data validation and testing activities as appropriate. + Develop and maintain knowledge of information security practices and the insurance industry. + Develop and maintain knowledge of information security-owned and other relevant data sources. + Adhere to approved architectural standards. + Uses critical thinking skills to recommend and implement data management practices that advance business value. + Thinks with the mind of the end customer at all times, ensuring solutions seek to improve the customer experience and delight their customers. \#LI-TO1 \#LI-MULTI IN4 Our company is built on helping individuals and families, and this starts with our employees. We want employees to maintain a positive balance, which is why we provide access to the benefits and resources they need to invest in themselves. From our onsite fitness facilities and generous paid time off to employee professional development programs, we are committed to helping employees live and work their best - both inside and outside the office. Unum is an equal opportunity employer, considering all qualified applicants and employees for hiring, placement, and advancement, without regard to a person's race, color, religion, national origin, age, genetic information, military status, gender, sexual orientation, gender identity or expression, disability, or protected veteran status. The base salary range for applicants for this position is listed below. Unless actual salary is indicated above in the job description, actual pay will be based on skill, geographical location and experience. $73,300.00-$150,500.00 Additionally, Unum offers a portfolio of benefits and rewards that are competitive and comprehensive including healthcare benefits (health, vision, dental), insurance benefits (short & long-term disability), performance-based incentive plans, paid time off, and a 401(k) retirement plan with an employer match up to 5% and an additional 4.5% contribution whether you contribute to the plan or not. All benefits are subject to the terms and conditions of individual Plans. Company: Unum

A major insurance company in Boston seeks a Senior Cybersecurity Engineer to develop security solutions and support risk mitigation. The ideal candidate has strong skills in Python programming, data analysis, and an understanding of cybersecurity concepts. This position offers a hybrid work model with comprehensive benefits, including 401(k) contributions and paid time off. Candidates should reside near Boston or Madison, with travel requirements up to 10%. #J-18808-Ljbffr

A leading software monitoring company is seeking a Senior Security Engineer in San Francisco to enhance its cloud security posture. In this role, you will lead security initiatives, collaborate with engineers, and identify vulnerabilities. Ideal candidates have extensive experience and a degree in Computer Science. The position offers a competitive salary range of $180,000 to $280,000 and a hybrid work model. #J-18808-Ljbffr

At Pave, we're building the industry's leading compensation platform, combining the world's largest real-time compensation dataset with deep expertise in AI and machine learning. Our platform is perfecting the art and science of pay to give 8,500+ companies unparalleled confidence in every compensation decision. Top tier companies like OpenAI, McDonald's, Instacart, Atlassian, Synopsys, Stripe, Databricks, and Waymo use Pave, transforming every pay decision into a competitive advantage. $190+ billion in total compensation spend is managed in our workflows, and 58% of Forbes AI 50 use Pave to benchmark compensation. The future of pay is real-time & predictive, and we're making it happen right now. We've raised $160M in funding from leading investors like Andreessen Horowitz, Index Ventures, Y Combinator, Bessemer Venture Partners, and Craft Ventures. Research & Design Org Pave's R&D pillar includes our data science, engineering, information technology, product design, product management, and security teams. This organization builds, maintains, and secures a platform used by more than 8,500+ client organizations. Our engineering team moves between ideation, scoping, and execution in a matter of days while closely iterating with cross-functional partners on requirements. At Pave, we use TypeScript, Node.js, and React, hosted on GCP. Compensation strategy is broken down into 3 pillars - compensation bands, planning workflows, and total rewards communication. We build products that make these processes seamless for customers. Over the next year, our roadmap is focused on enhancing the entire compensation lifecycle: from philosophy definition to market trend analysis, band adjustments, merit cycles, and employee communication. We're seeking passionate engineers who are excited about building robust, data-rich systems that simplify complex compensation processes at scale. Security Team @ Pave Security is part of everything we do at Pave. With amazing growth comes amazing engineering and security challenges. This is an opportunity to have a huge impact and run programs at a company that doesn't need to be convinced why security is important. Our customers count on us to secure some of their most sensitive data, and that trust is central to Pave. It's the only way we can unlock a labor market built on trust, and change the world of compensation. What You'll Bring 5+ years of application security experience as part of a blue team Expert knowledge of OWASP Top 10 and application security Security design review experience Experience in running bug bounty programs and pentesting Outstanding communication and partnership skills with software engineers Ideally, experience in Google Cloud Security best practices Compensation Salary is just one component of Pave's total compensation package for employees. Your total rewards package at Pave will include equity, top-notch medical, dental, and vision coverage, an unlimited PTO policy, and many other region-specific benefits. Your level is based on our assessment of your interview performance and experience, which you can always ask the hiring manager about to understand in more detail. The targeted cash compensation for this position is (level depends on experience and performance in the interview process): $205,700 - $278,300 Life @ Pave Since being founded in 2019, Pave has established a robust global footprint. Headquartered in San Francisco's Financial District, we operate strategic regional hubs across New York City's Flatiron District, Salt Lake City, and the United Kingdom. We cultivate a vibrant, collaborative workplace culture through our hybrid model, bringing teams together in-person on Mondays, Tuesdays, Thursdays, and Fridays to foster innovation and strengthen professional relationships. Benefits @ Pave At Pave, career advancement drives everything-roles expand, responsibilities deepen, and compensation rises alongside your professional growth. What we provide Complete Health Coverage: Comprehensive Medical, Dental and Vision coverage for you and your family, with plenty of options to suit your needs Time off & Flexibility: Flexible PTO and the ability to work from anywhere in the world for a month Meals & Snacks: Lunch & dinner stipends as well as fully stocked kitchens to fuel you Professional Development: Quarterly education stipend to continuously grow Family Support: Robust parental leave to bond with your new family Commuter Assistance: A commuter stipend to help you collaborate in person Vision Our vision is to unlock a labor market built on trust Mission Our team's mission is to build confidence in every compensation decision Are you ready to help our customers make smarter, more effective compensation decisions? Pave is an Equal Opportunity Employer. We value diversity and are committed to creating an inclusive environment for all employees. Contact If you're interested in future opportunities at Pave, you can inquire about roles or create a Job Alert through our channels. #J-18808-Ljbffr

Job Family Investment Management About Us At Transamerica, hard work, innovative thinking, and personal accountability are qualities we honor and reward. We understand the potential of leveraging the talents of a diverse workforce. We embrace an environment where employees enjoy a balance between their careers, families, communities, and personal interests. Ultimately, we appreciate the uniqueness of a company where talented professionals work collaboratively in a positive environment - one focused on helping people look forward and plan for the best life possible while providing tools and solutions that make it easier to get there. Who We Are We believe everyone deserves to live their best life. More than a century ago, we were among the first financial services companies in America to serve everyday people from all walks of life. Today, we're part of an international holding company, with millions of customers and thousands of employees worldwide. Our insurance, retirement, and investment solutions help people make the most of what's important to them. We're empowered by a vast agent network covering North America, with diversity to match. Together with our nonprofit research institute and foundation, we tune in, step up, and are a force for good - for our customers and the communities where we live, work, and play. United in our purpose, we help people create the financial freedom to live life on their terms. What We Do Transamerica is organized into three distinct businesses. These include 1) World Financial Group, including Transamerica Financial Advisors, 2) Protection Solutions and Savings & Investments, comprised of life insurance, annuities, employee benefits, retirement plans, and Transamerica Investment Solutions, and 3) Financial Assets, which includes legacy blocks of long term care, universal life, and variable and fixed annuities. These are supported by Transamerica Corporate, which includes Finance, People and Places, General Counsel, Risk, Internal Audit, Strategy and Development, and Corporate Affairs, which covers Communications, Brand, and Government and Policy Affairs. Transamerica employs nearly 7,000 people. It's part of Aegon, an integrated, diversified, international financial services group serving approximately 23.9 million customers worldwide.* For more information, visit transamerica.com. Summary Responsible for overseeing daily security valuation processes across multiple fund structures, ensuring accurate pricing, compliance with policies, and collaboration with internal and external stakeholders to maintain valuation integrity and transparency. Applicants must possess legal authorization to work for our company in the U.S. without the need for immigration sponsorship or otherwise serving as an employer of record for immigration employment purposes. At this time, this role is not eligible for immigration-related employment authorization sponsorship. Responsibilities: Lead daily security valuation processes for mutual funds, exchange-traded funds (ETFs), and other investment vehicles. Ensure compliance with valuation policies, regulatory requirements, and industry best practices. Oversee pricing vendor due diligence and evaluate pricing sources for accuracy and reliability. Manage exception reporting and resolve pricing discrepancies in collaboration with portfolio managers and subadvisers. Coordinate with fund accounting, audit, and compliance teams to support net asset value (NAV) calculations and financial reporting. Identify and implement automation solutions to improve efficiency, reduce manual errors, and accelerate reporting. Monitor market events and assess impact on security pricing and valuation methodologies. Support fund launches, mergers, and other corporate actions from a valuation perspective. Participate in valuation committee meetings and contribute to policy updates and governance. Provide input on accounting treatment and financial reporting disclosure requirements for complex financial instruments, including over-the-counter (OTC) derivatives. Qualifications: Bachelor's degree in finance, accounting, economics, or related field Seven years of experience in fund administration, security valuation, or investment operations Strong understanding of financial instruments, valuation techniques, and market data providers Experience with pricing service providers such as Bloomberg, Intercontinental Exchange (ICE), and London Stock Exchange Group (LSEG) Familiarity with regulatory frameworks such as Securities and Exchange Commission (SEC), International Financial Reporting Standards (IFRS), and Generally Accepted Accounting Principles (GAAP) Excellent analytical, problem-solving, and communication skills Leadership and team management capabilities High attention to detail and ability to work under tight deadlines Preferred Qualifications Chartered Financial Analyst (CFA) Working Conditions: Hybrid office environment: Denver, CO Occasional Travel Compensation: The Salary for this position generally ranges between $80,000 - $100,000 annually. Please note that the salary range is a good faith estimate for this position and actual starting pay is determined by several factors including qualifications, experience, geography, work location designation (in-office, hybrid, remote) and operational needs. Salary may vary above and below the stated amounts, as permitted by applicable law. Additionally, this position is typically eligible for an Annual Bonus based on the Company Bonus Plan/Individual Performance and is at the Company's discretion. #LI-BD1 This is not a contract of employment nor for any specific job responsibilities. The Company may change, add to, remove, or revoke the terms of this job description at its discretion. Managers may assign other duties and responsibilities as needed. In the event an employee or applicant requests or requires an accommodation to perform job functions, the applicable HR Business Partner should be contacted to evaluate the accommodation request. Disclaimer: Beware of fake job offers! We've been alerted to scammers impersonating Transamerica recruiters, particularly for remote positions. Please note: We will never request personal information such as ID or payment for equipment upfront. Official offers are sent via DocuSign following a verbal offer-not through text or email. What We Offer For eligible employees, we offer a comprehensive benefits package designed to support both the personal and financial well-being of our employees. Compensation Benefits Competitive Pay Bonus for Eligible Employees Benefits Package Pension Plan 401k Match Employee Stock Purchase Plan Tuition Reimbursement Disability Insurance Medical Insurance Dental Insurance Vision Insurance Employee Discounts Career Training & Development Opportunities Health and Work/Life Balance Benefits Paid Time Off starting at 160 hours annually for employees in their first year of service. Ten (10) paid holidays per year (typically mirroring the New York Stock Exchange (NYSE) holidays). Be Well Company holistic wellness program, which includes Wellness Coaching and Reward Dollars Parental Leave - fifteen (15) days of paid parental leave per calendar year to eligible employees with at least one year of service at the time of birth, placement of an adopted child, or placement of a foster care child. Adoption Assistance Employee Assistance Program Back-Up Care Program PTO for Volunteer Hours Employee Matching Gifts Program Employee Resource Groups Inclusion and Diversity Programs Employee Recognition Program Referral Bonus Programs Inclusion & Diversity We believe our commitment to diversity and inclusion creates a work environment filled with exceptional individuals. We're thrilled to have been recognized for our efforts through the Human Rights Campaign Corporate Equality Index, Dave Thomas Adoption Friendly Advocate, and several Seramount lists, including the Inclusion Index, 100 Best Companies for Working Parents, Best Companies for Dads, and Top 75 Companies for Executive Women. To foster a culture of inclusivity throughout our workforce, workplace, and marketplace, Transamerica offers a wide range of diversity and inclusion programs. This includes our company-sponsored, employee-driven Employee Resource Groups (ERGs), which are formed around a shared interest or a common characteristic of diversity. ERGs are open to all employees. They provide a supportive environment to help us better appreciate our similarities and differences and understand how they benefit us all. Giving Back We believe our responsibilities extend beyond our corporate walls. That's why we created the Aegon Transamerica Foundation in 1994. Through a mix of financial grants and the volunteer efforts of our employees, the foundation supports nonprofit organizations focused on the things that matter most to our people in the communities where we live and work. Transamerica's Parent Company Aegon acquired the Transamerica business in 1999. Since its start in 1844, Aegon has grown into an international company serving more than 23.9 million people across the globe.* It offers investment, protection, and retirement solutions, always with a clear purpose: Helping people live their best lives. As a leading global investor and employer, the company seeks to have a positive impact by addressing critical environmental and societal issues, with a focus on climate change and inclusion and diversity. * As of December 31, 2023

As a Technical Security Analyst here at Chubb, you'll leverage your broad information security expertise to play a crucial role in our Regional Information Security Office (RISO) for North America. Reporting to the Head of Technical Security. You'll collaborate with business, technical, and engineering stakeholders to identify and address security gaps, guide compliance corrections, and manage control exceptions throughout the development and infrastructure deployment lifecycle. You'll drive business process improvements using tools like Power Automate, contributing to strategic project deployments. You'll engage with stakeholders at all levels, playing a critical role in ensuring the security and stability of our applications and infrastructure. At Chubb, you won't be silo'd; you'll have broad exposure across all areas of information security, in a complex technical environment that powers Chubb's North American business operations. To do so, you'll leverage your knowledge of, and gain additional exposure to,: Application Security: Leverage your understanding of application security, including mastery of security principles, familiarity with the OWASP Top 10, and the ability to secure CI/CD pipelines Vulnerability Management: You'll regularly interpret SAST/DAST/SCA/IAST/Infra vulnerability management tool results and provide advice to development, infrastructure, and business stakeholders Network Security: Employ your knowledge of network security principles and best practices, analyze network connectivity for security, and understand the importance of DMZs and firewall technologies Identity and Access Management: Use your knowledge of authentication methods and Privileged Access Management to ensure adherence to authentication standards Data Security: Incorporate your knowledge of data classification and encryption to apply best practices to database technologies Reporting and Automation: Utilize tools like Power Automate to automate business processes while gathering and presenting security metrics to business and technical stakeholders through the use of BI tools such as Qlik, PowerBI, Tableau, etc. Bachelor's Degree from an accredited college or university in Information Security, Information Technology, Computer Science, or a related technical degree At least 6 years' of experience working in an information security focused role spanning Application Security, Vulnerability Management, Identity and Access Management Network Security, Data Security and/or a related discipline Proven ability to apply knowledge to proactively identify and resolve security concerns if/as they arise Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) Demonstrated knowledge of securing cloud platforms and applications Proven ability to explain technical issues to mixed audience ranging from technical to business, project management to leadership Experience managing project lifecycles, with working experience of Agile, Waterfall and CI/CD project methodologies Proven knowledge across varied technologies such as networking, servers, IOT etc. Demonstrated ability to understand and analyze complex business processes and technologies to make sound recommendations to constituents The pay range for the role is $118,100 to $200,000. The specific offer will depend on an applicant's skills and other factors. This role may also be eligible to participate in a discretionary annual incentive program. Chubb offers a comprehensive benefits package, more details on which can be found on our careers website. The disclosed pay range estimate may be adjusted for the applicable geographic differential for the location in which the position is filled.

The Opportunity The Lead Security Analyst is responsible for safeguarding the organization's digital assets and ensuring the confidentiality, integrity, and availability of information systems. This role serves as the central point of leadership within the cybersecurity program-overseeing daily security operations, coordinating incident response efforts, managing risk assessments, and developing security policies, standards, and best practices. The Lead Security Analyst partners closely with IT, compliance, and leadership teams to identify vulnerabilities, implement mitigation strategies, and ensure regulatory compliance. This position is essential for strengthening organizational resilience, reducing security risk, and ensuring ongoing compliance with industry standards such as SOC, NIST, HIPAA, and other regulatory requirements. What you'll do Risk & Vulnerability Management Conduct ongoing risk assessments, vulnerability scanning, and security posture evaluations across cloud, on-premises, and hybrid environments. Prioritize findings based on criticality and develop mitigation plans in collaboration with technical teams. Oversee third-party and vendor risk assessments and track remediation. Security Operations & Monitoring Monitor security tools, SIEM alerts, endpoint protection, and network activity for suspicious behavior. Lead the triage, investigation, and remediation of security incidents. Maintain threat intelligence awareness and apply security updates, patches, and optimizations accordingly. Incident Response Develop, maintain, and execute the organization's incident response plan. Serve as the primary escalation point for security events and coordinate internal and external response teams. Conduct post-incident root cause analysis and produce detailed reporting. Policy, Governance & Compliance Create, update, and enforce security policies, procedures, and standards. Support audits (SOC 1/2, HIPAA, PCI, etc.) and maintain documentation of controls and evidence. Ensure adherence to regulatory and contractual security requirements. Security Architecture & Strategy Provide guidance on secure design principles for new applications, integrations, and infrastructure changes. Partner with IT and engineering teams to implement zero-trust principles, identity controls, and data protection strategies. Evaluate emerging security technologies and recommend improvements. Qualifications What we expect from you Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; equivalent experience will be considered. 5+ years of professional experience in cybersecurity, security operations, incident response, or information security analysis. Hands-on experience with endpoint detection and response (EDR) platforms, including CrowdStrike Falcon (required). Strong operational experience with Microsoft 365 security and compliance tools, including: Microsoft Defender for Endpoint Microsoft Defender for Identity Microsoft Defender for Cloud / Cloud Apps Microsoft Purview (DLP, Compliance, Data Governance) Microsoft Entra ID (formerly Azure AD) for identity and access management Exchange Online protection/security Proficiency with Microsoft Sentinel (SIEM/SOAR) for log ingestion, alerting, playbooks, and incident analysis. Experience managing security controls, policies, and monitoring in Microsoft Azure and hybrid cloud environments. Demonstrated ability to lead end-to-end security incident investigations-including detection, triage, containment, remediation, and post-incident reporting. Strong understanding of security frameworks and control standards such as NIST CSF, ISO 27001, CIS Controls, SOC 2, SOC 1, and HIPAA. Experience performing risk assessments, vulnerability management, access governance reviews, and related compliance activities. Excellent communication skills with the ability to create clear documentation, explain technical concepts to non-technical stakeholders, and present findings to leadership. Desired Skills Relevant certifications such as CISSP, CISM, CEH, Security+, or Azure security certifications. Strong analytical and problem-solving skills with the ability to interpret technical data. Experience with secure software development practices and DevSecOps methodologies. Ability to lead cross-functional teams and influence decision-makers. Familiarity with Azure cloud environments and modern identity frameworks (SAML, OAuth, MFA). Strong organizational skills and attention to detail. Work Environment Hybrid work environment with a combination of remote and on-site collaboration, depending on organizational needs. Fast-paced, highly collaborative setting that involves cross-functional coordination. May require occasional off-hours work during critical security incidents or system updates. Standard office hours with flexibility as needed to support security operations. We make healthcare EZ! Additional Opportunity Details: Target Base Compensation Range for this role is $120,000-$155,000* * Factors that may be used to determine your actual salary include your job specific skills, education, training, job location, number of years of experience related to this role and comparison to other employees already in this role. Employee benefits are part of the competitive total rewards package that HealthEZ provides to you. Our comprehensive benefits program includes health benefits, retirement plan (401k), paid time away, paid leaves (including paid parental leave) and more. HealthEZ recognizes its responsibilities under federal, state, and local laws requiring non-discriminatory employment practices. All employment decisions, practices and procedures will be carried out without regard to race, color, creed, religion, sex (including pregnancy), sexual orientation, national origin or ancestry, age, marital status, disability, family status, status with regard to public assistance, or any other characteristic protected under applicable local, state, and federal laws. HealthEZ is proud to be an equal opportunity employer.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. Reporting to the Senior Manager, in this role, we are seeking a highly experienced and strategic individual contributor to lead the development, implementation, and governance of our enterprise-wide Business Continuity and Disaster Recovery (BC/DR) program. This role will be responsible for ensuring organizational resilience through effective planning, risk assessment, and coordination across business units and technology teams. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning. Your Knowledge and Experience Requires a bachelor's degree or equivalent experience Requires at least 10 years of prior relevant experience Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience is a plus Experience partnering with all levels of management required Driven, energetic, team player with superior oral and written communication skills Proven track record of leading enterprise BC/DR programs in complex environments Requires deep understanding of BC/DR frameworks, methodologies, and technologies. Strong analytical, organizational, and project management skills. Ability to work independently and influence cross-functional teams. Desire one or more of the following: CBCP (Certified Business Continuity Planning Professional)- highly desired, CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional) Your Work In this role, you will: Program Development & Governance Design and implement a comprehensive Business Continuity (BC)/Disaster Recovery (DR) framework aligned with industry standards (e.g., ISO 22301, NIST SP 800-34), including an incident command center. Establish governance structures, policies, and procedures to support BC/DR initiatives. Develop and maintain BC/DR program documentation, including charters, plans, and metrics Establish and implement critical technology to support management of plans and alerts for enterprise Risk Assessment & Impact Analysis Conduct Business Impact Analyses (BIAs) and risk assessments to identify critical business functions and dependencies. Collaborate with stakeholders to define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Plan Development & Maintenance Lead the creation and maintenance of Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs) across departments. Ensure plans are updated regularly to reflect changes in business operations, technology, and risk landscape across departments. Develop and implement an incident command center, includes but not limited to, defining playbooks, critical roles and responsibilities, plan and roadmap. Testing & Exercises Design and execute BC/DR testing strategies, including tabletop exercises, failover tests, and full-scale simulations. Analyze test results and drive continuous improvement initiatives. Identify and assign high risk findings to be addressed by owners Audit & Compliance Ensure compliance with regulatory requirements, association mandates, and internal audit standards. Prepare and present reports to senior leadership and auditors. Vendor & Third-Party Coordination Assess and coordinate with third-party BC/DR capabilities and ensure alignment with organizational standards.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actional insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a highly experienced and proactive professional to lead regulatory compliance initiatives across the organization, with a focus on healthcare and technology-related standards. This senior individual contributor will be responsible for overseeing assessments and audits related to HIPAA, PCI-DSS, SOC 2, and other applicable frameworks, ensuring the organization maintains a strong security posture and meets all regulatory obligations. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning. Your Knowledge and Experience Requires a bachelor's degree or equivalent experience Requires at least 10 years of prior relevant experience Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience a plus Experience partnering with all levels of management required Driven, energetic, team player with superior oral and written communication skills Strong analytical, organizational, and project management skills. Requires deep understanding of IT control frameworks; Artificial Intelligence Risk Management Framework is strongly preferred Desire one or more of the following: CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional) Your Work In this role, you will: Regulatory Program Leadership Serve as the primary point of contact for external audits, assessments, and regulatory inquiries. Develop and maintain compliance documentation, including policies, procedures, control matrices, and evidence repositories. Build plan and lead required assessments to comply with mandates and certifications (HIPAA, PCI DSS, SOC II, Type 2, etc.). Assessment & Audit Management Conduct internal gap analyses and risk assessments to identify areas of non-compliance or control weaknesses. Track and report on audit findings, remediation efforts, and compliance status to senior leadership. Cross-Functional Collaboration Partner with teams across the enterprise to ensure alignment with regulatory requirements and enterprise risk objectives. Provide subject matter expertise during product development, vendor onboarding, and system implementations to ensure compliance is embedded in processes. Policy & Control Frameworks Partner to maintain and enhance internal control frameworks aligned with regulatory standards and industry best practices (e.g., NIST, HITRUST, ISO 27001). Partner to ensure policies and procedures are up-to-date and reflect current regulatory expectations and organizational practices. Monitoring & Reporting Implement continuous monitoring processes for key compliance controls, findings and mitigation plans. Prepare and present compliance metrics, dashboards, and executive summaries to leadership and governance committees.

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a seasoned and strategic professional who will lead the development, implementation, and oversight of our Third-Party Risk Management (TPRM) program. This senior-level individual contributor will be responsible for identifying, assessing, and mitigating risks associated with third-party relationships across the enterprise, ensuring compliance with regulatory requirements and alignment with organizational risk tolerance. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning. Your Knowledge and Experience Requires a bachelor's degree or equivalent experience Requires at least 10 years of prior relevant experience Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience a plus Experience partnering with all levels of management required Driven, energetic, team player with superior oral and written communication skills Strong analytical, organizational, and project management skills. Requires deep understanding of IT control frameworks; Artificial Intelligence experience is a plus Desire one or more of the following: CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional) Your Work In this role, you will: Program Leadership & Governance Design and implement a robust Third-Party Risk Management (TPRM) Program using tailored to healthcare regulatory and health technology requirements. Develop and maintain policies, procedures, and standards for third-party risk oversight. Establish governance structures and reporting mechanisms to ensure transparency and accountability. Risk Assessment & Due Diligence Implement and conduct comprehensive risk assessments for new and existing third-party vendors, focusing on cybersecurity, data privacy, financial stability, and operational resilience. Collaborate with procurement, legal, compliance, and business units to ensure thorough due diligence and contract risk mitigation. Define and maintain risk tiers and criticality ratings for vendors. Develop and support contract reviews for security exhibits. Implement and lead process for responding to IT and security questionnaires (sales, etc.) Ongoing Monitoring & Issue Management Implement continuous monitoring processes for high-risk and critical vendors. Track and manage remediation activities for identified risks and control gaps. Maintain a centralized inventory and reporting of third-party relationships and associated risk profiles. Conduct third-party outreaches for incidents Regulatory Compliance & Audit Support Prepare documentation and evidence for internal audits, regulatory exams, and board-level reporting. Monitor changes in regulatory requirements and adjust program components accordingly. Stakeholder Engagement & Training Serve as a subject matter expert and advisor to internal teams on third-party risk topics. Develop and deliver training programs to increase awareness and accountability across the organization. Facilitate cross-functional collaboration to enhance risk visibility and response. Technology & Automation Evaluate and implement third-party risk management platforms and tools. Drive automation and process improvements to enhance program efficiency and scalability.

This is a temporary position and the length of assignment is estimated to go from Jan 1, 2026 to December 31, 2026. The length of the assignment is always dependent on business need and dates may change. While the assignment would be at the Alliance, if selected, you would be an employee of a temporary employment agency that we would connect you with. WHAT YOU'LL BE RESPONSIBLE FOR Reporting to the Information Security Manager, this position: Performs analysis of Alliance information security practices to ensure alignment with industry standards and guidelines Identifies, investigates, and resolves security breaches detected by Alliance security solutions Participates in the creation and maintenance of policies, standards, guidelines, and procedures related to information security Leads and performs staff training on information security and security breach prevention THE IDEAL CANDIDATE Brings a broad foundation across multiple areas of information security, including network security, endpoint protection, identity and access management, and cloud security, in a healthcare environment Demonstrates strong knowledge of security frameworks (e.g., NIST, ISO 27001, CIS Controls) and regulatory requirements (e.g., HIPAA, PCI-DSS, GDPR) Skilled in monitoring, analyzing, and responding to security incidents using SIEM tools and other detection technologies Able to perform vulnerability assessments, interpret findings, and recommend practical remediation steps Comfortable with both proactive (risk assessments, audits, security awareness training) and reactive (incident response, forensic analysis) security functions Effective communicator who can explain technical risks and solutions to both technical teams and non-technical stakeholders Strong problem-solving mindset and attention to detail; able to anticipate threats and implement preventive measures Demonstrated ability to collaborate across IT, compliance, and business units to align security with organizational goals Keeps current with emerging cyber threats, trends, and best practices CISSP or CISM a plus WHAT YOU'LL NEED TO BE SUCCESSFUL To read the full position description and list of requirements, click here. Knowledge of: HIPAA and FISCAM security guidelines Computer network penetration testing Security frameworks, such as NIST, ISO 27001, and COBIT Firewalls, proxies, SIEM, antivirus, and IDPS concepts Security systems, operating systems, and virtualization Ability to: Identify, mitigate and educate staff regarding the avoidance of network vulnerabilities Write clearly, concisely and precisely and convey information to the intended audience in a manner that is easily understood Interpret and synthesize a wide range of information from a variety of sources and translate complex information and concepts into clear, succinct documentation Develop training materials and conduct staff training Demonstrate strong analytical and problem-solving skills, define issues, conduct research, and analyze and interpret data Education and Experience: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field A minimum of eight years of professional-level information technology experience, which included a minimum of three years of experience performing information security functions in a health care environment (a Master's degree may substitute for two years of the required experience); or an equivalent combination of education and experience may be qualifying. OTHER INFORMATION We are in a hybrid work environment, and we anticipate that the interview process will take place remotely via Microsoft Teams. While some staff may work full telecommuting schedules, attendance at quarterly company-wide events or department meetings will be expected. In-office or in-community presence may be required for some positions and is dependent on business need. Details about this can be reviewed during the interview process. This is a temporary position and does not provide the benefits that are listed below (this is standard language from our regular job posts and cannot be altered or removed). Temporary employees on assignment at the Alliance will be connected to a staffing agency with separate benefit options. The full compensation range for this position is listed by location below. The actual compensation for this role will be determined by our compensation philosophy, analysis of the selected candidate's qualifications (direct or transferable experience related to the position, education or training), as well as other factors (internal equity, market factors, and geographic location). Zone 1 (Monterey, San Benito and Santa Cruz)$71-$78 USDZone 2 (Mariposa and Merced)$65-$72 USDZone 3 (National)$60-$66 USDOUR BENEFITS Medical, Dental and Vision Plans Ample Paid Time Off 12 Paid Holidays per year 401(a) Retirement Plan 457 Deferred Compensation Plan Robust Health and Wellness Program Onsite EV Charging Stations And many more ABOUT US We are a group of over 500 dedicated employees, committed to our mission of providing accessible, quality health care that is guided by local innovation. We feel that our work is bigger than ourselves. We leave work each day knowing that we made a difference in the community around us. The Alliance is an equal employment opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. We are an E-Verify participating employer Join us at Central California Alliance for Health (the Alliance) is an award-winning regional Medi-Cal managed care plan that provides health insurance for children, adults, seniors and people with disabilities in Mariposa, Merced, San Benito and Santa Cruz counties. We currently serve more than 418,000 members. To learn more about us, take a look at our Fact Sheet. At this time the Alliance does not provide any type of sponsorship. Applicants must be currently authorized to work in the United States on a full-time, ongoing basis without current or future needs for any type of employer supported or provided sponsorship.

This is a temporary position and the length of assignment is estimated to go from Jan 1, 2026 to December 31, 2026. The length of the assignment is always dependent on business need and dates may change. While the assignment would be at the Alliance, if selected, you would be an employee of a temporary employment agency that we would connect you with. WHAT YOU'LL BE RESPONSIBLE FOR Reporting to the Information Security Manager, this position: Performs analysis of Alliance information security practices to ensure alignment with industry standards and guidelines Identifies, investigates, and resolves security breaches detected by Alliance security solutions Participates in the creation and maintenance of policies, standards, guidelines, and procedures related to information security Leads and performs staff training on information security and security breach prevention THE IDEAL CANDIDATE Brings a broad foundation across multiple areas of information security, including network security, endpoint protection, identity and access management, and cloud security, in a healthcare environment Demonstrates strong knowledge of security frameworks (e.g., NIST, ISO 27001, CIS Controls) and regulatory requirements (e.g., HIPAA, PCI-DSS, GDPR) Skilled in monitoring, analyzing, and responding to security incidents using SIEM tools and other detection technologies Able to perform vulnerability assessments, interpret findings, and recommend practical remediation steps Comfortable with both proactive (risk assessments, audits, security awareness training) and reactive (incident response, forensic analysis) security functions Effective communicator who can explain technical risks and solutions to both technical teams and non-technical stakeholders Strong problem-solving mindset and attention to detail; able to anticipate threats and implement preventive measures Demonstrated ability to collaborate across IT, compliance, and business units to align security with organizational goals Keeps current with emerging cyber threats, trends, and best practices CISSP or CISM a plus WHAT YOU'LL NEED TO BE SUCCESSFUL To read the full position description and list of requirements, click here. Knowledge of: HIPAA and FISCAM security guidelines Computer network penetration testing Security frameworks, such as NIST, ISO 27001, and COBIT Firewalls, proxies, SIEM, antivirus, and IDPS concepts Security systems, operating systems, and virtualization Ability to: Identify, mitigate and educate staff regarding the avoidance of network vulnerabilities Write clearly, concisely and precisely and convey information to the intended audience in a manner that is easily understood Interpret and synthesize a wide range of information from a variety of sources and translate complex information and concepts into clear, succinct documentation Develop training materials and conduct staff training Demonstrate strong analytical and problem-solving skills, define issues, conduct research, and analyze and interpret data Education and Experience: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field A minimum of eight years of professional-level information technology experience, which included a minimum of three years of experience performing information security functions in a health care environment (a Master's degree may substitute for two years of the required experience); or an equivalent combination of education and experience may be qualifying. OTHER INFORMATION We are in a hybrid work environment, and we anticipate that the interview process will take place remotely via Microsoft Teams. While some staff may work full telecommuting schedules, attendance at quarterly company-wide events or department meetings will be expected. In-office or in-community presence may be required for some positions and is dependent on business need. Details about this can be reviewed during the interview process. This is a temporary position and does not provide the benefits that are listed below (this is standard language from our regular job posts and cannot be altered or removed). Temporary employees on assignment at the Alliance will be connected to a staffing agency with separate benefit options. The full compensation range for this position is listed by location below. The actual compensation for this role will be determined by our compensation philosophy, analysis of the selected candidate's qualifications (direct or transferable experience related to the position, education or training), as well as other factors (internal equity, market factors, and geographic location). Zone 1 (Monterey, San Benito and Santa Cruz)$71-$78 USDZone 2 (Mariposa and Merced)$65-$72 USDZone 3 (National)$60-$66 USDOUR BENEFITS Medical, Dental and Vision Plans Ample Paid Time Off 12 Paid Holidays per year 401(a) Retirement Plan 457 Deferred Compensation Plan Robust Health and Wellness Program Onsite EV Charging Stations And many more ABOUT US We are a group of over 500 dedicated employees, committed to our mission of providing accessible, quality health care that is guided by local innovation. We feel that our work is bigger than ourselves. We leave work each day knowing that we made a difference in the community around us. The Alliance is an equal employment opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. We are an E-Verify participating employer Join us at Central California Alliance for Health (the Alliance) is an award-winning regional Medi-Cal managed care plan that provides health insurance for children, adults, seniors and people with disabilities in Mariposa, Merced, San Benito and Santa Cruz counties. We currently serve more than 418,000 members. To learn more about us, take a look at our Fact Sheet. At this time the Alliance does not provide any type of sponsorship. Applicants must be currently authorized to work in the United States on a full-time, ongoing basis without current or future needs for any type of employer supported or provided sponsorship.

This is a temporary position and the length of assignment is estimated to go from Jan 1, 2026 to December 31, 2026. The length of the assignment is always dependent on business need and dates may change. While the assignment would be at the Alliance, if selected, you would be an employee of a temporary employment agency that we would connect you with. WHAT YOU'LL BE RESPONSIBLE FOR Reporting to the Information Security Manager, this position: Performs analysis of Alliance information security practices to ensure alignment with industry standards and guidelines Identifies, investigates, and resolves security breaches detected by Alliance security solutions Participates in the creation and maintenance of policies, standards, guidelines, and procedures related to information security Leads and performs staff training on information security and security breach prevention THE IDEAL CANDIDATE Brings a broad foundation across multiple areas of information security, including network security, endpoint protection, identity and access management, and cloud security, in a healthcare environment Demonstrates strong knowledge of security frameworks (e.g., NIST, ISO 27001, CIS Controls) and regulatory requirements (e.g., HIPAA, PCI-DSS, GDPR) Skilled in monitoring, analyzing, and responding to security incidents using SIEM tools and other detection technologies Able to perform vulnerability assessments, interpret findings, and recommend practical remediation steps Comfortable with both proactive (risk assessments, audits, security awareness training) and reactive (incident response, forensic analysis) security functions Effective communicator who can explain technical risks and solutions to both technical teams and non-technical stakeholders Strong problem-solving mindset and attention to detail; able to anticipate threats and implement preventive measures Demonstrated ability to collaborate across IT, compliance, and business units to align security with organizational goals Keeps current with emerging cyber threats, trends, and best practices CISSP or CISM a plus WHAT YOU'LL NEED TO BE SUCCESSFUL To read the full position description and list of requirements, click here. Knowledge of: HIPAA and FISCAM security guidelines Computer network penetration testing Security frameworks, such as NIST, ISO 27001, and COBIT Firewalls, proxies, SIEM, antivirus, and IDPS concepts Security systems, operating systems, and virtualization Ability to: Identify, mitigate and educate staff regarding the avoidance of network vulnerabilities Write clearly, concisely and precisely and convey information to the intended audience in a manner that is easily understood Interpret and synthesize a wide range of information from a variety of sources and translate complex information and concepts into clear, succinct documentation Develop training materials and conduct staff training Demonstrate strong analytical and problem-solving skills, define issues, conduct research, and analyze and interpret data Education and Experience: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field A minimum of eight years of professional-level information technology experience, which included a minimum of three years of experience performing information security functions in a health care environment (a Master's degree may substitute for two years of the required experience); or an equivalent combination of education and experience may be qualifying. OTHER INFORMATION We are in a hybrid work environment, and we anticipate that the interview process will take place remotely via Microsoft Teams. While some staff may work full telecommuting schedules, attendance at quarterly company-wide events or department meetings will be expected. In-office or in-community presence may be required for some positions and is dependent on business need. Details about this can be reviewed during the interview process. This is a temporary position and does not provide the benefits that are listed below (this is standard language from our regular job posts and cannot be altered or removed). Temporary employees on assignment at the Alliance will be connected to a staffing agency with separate benefit options. The full compensation range for this position is listed by location below. The actual compensation for this role will be determined by our compensation philosophy, analysis of the selected candidate's qualifications (direct or transferable experience related to the position, education or training), as well as other factors (internal equity, market factors, and geographic location). Zone 1 (Monterey, San Benito and Santa Cruz) $71 - $78 USD Zone 2 (Mariposa and Merced) $65 - $72 USD Zone 3 (National) $60 - $66 USD OUR BENEFITS Medical, Dental and Vision Plans Ample Paid Time Off 12 Paid Holidays per year 401(a) Retirement Plan 457 Deferred Compensation Plan Robust Health and Wellness Program Onsite EV Charging Stations And many more ABOUT US We are a group of over 500 dedicated employees, committed to our mission of providing accessible, quality health care that is guided by local innovation. We feel that our work is bigger than ourselves. We leave work each day knowing that we made a difference in the community around us. The Alliance is an equal employment opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. We are an E-Verify participating employer Join us at Central California Alliance for Health (the Alliance) is an award-winning regional Medi-Cal managed care plan that provides health insurance for children, adults, seniors and people with disabilities in Mariposa, Merced, San Benito and Santa Cruz counties. We currently serve more than 418,000 members. To learn more about us, take a look at our Fact Sheet. At this time the Alliance does not provide any type of sponsorship. Applicants must be currently authorized to work in the United States on a full-time, ongoing basis without current or future needs for any type of employer supported or provided sponsorship.

This is a temporary position and the length of assignment is estimated to go from Jan 1, 2026 to December 31, 2026. The length of the assignment is always dependent on business need and dates may change. While the assignment would be at the Alliance, if selected, you would be an employee of a temporary employment agency that we would connect you with. WHAT YOU'LL BE RESPONSIBLE FOR Reporting to the Information Security Manager, this position: Performs analysis of Alliance information security practices to ensure alignment with industry standards and guidelines Identifies, investigates, and resolves security breaches detected by Alliance security solutions Participates in the creation and maintenance of policies, standards, guidelines, and procedures related to information security Leads and performs staff training on information security and security breach prevention THE IDEAL CANDIDATE Brings a broad foundation across multiple areas of information security, including network security, endpoint protection, identity and access management, and cloud security, in a healthcare environment Demonstrates strong knowledge of security frameworks (e.g., NIST, ISO 27001, CIS Controls) and regulatory requirements (e.g., HIPAA, PCI-DSS, GDPR) Skilled in monitoring, analyzing, and responding to security incidents using SIEM tools and other detection technologies Able to perform vulnerability assessments, interpret findings, and recommend practical remediation steps Comfortable with both proactive (risk assessments, audits, security awareness training) and reactive (incident response, forensic analysis) security functions Effective communicator who can explain technical risks and solutions to both technical teams and non-technical stakeholders Strong problem-solving mindset and attention to detail; able to anticipate threats and implement preventive measures Demonstrated ability to collaborate across IT, compliance, and business units to align security with organizational goals Keeps current with emerging cyber threats, trends, and best practices CISSP or CISM a plus WHAT YOU'LL NEED TO BE SUCCESSFUL To read the full position description and list of requirements, click here. Knowledge of: HIPAA and FISCAM security guidelines Computer network penetration testing Security frameworks, such as NIST, ISO 27001, and COBIT Firewalls, proxies, SIEM, antivirus, and IDPS concepts Security systems, operating systems, and virtualization Ability to: Identify, mitigate and educate staff regarding the avoidance of network vulnerabilities Write clearly, concisely and precisely and convey information to the intended audience in a manner that is easily understood Interpret and synthesize a wide range of information from a variety of sources and translate complex information and concepts into clear, succinct documentation Develop training materials and conduct staff training Demonstrate strong analytical and problem-solving skills, define issues, conduct research, and analyze and interpret data Education and Experience: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field A minimum of eight years of professional-level information technology experience, which included a minimum of three years of experience performing information security functions in a health care environment (a Master's degree may substitute for two years of the required experience); or an equivalent combination of education and experience may be qualifying. OTHER INFORMATION We are in a hybrid work environment, and we anticipate that the interview process will take place remotely via Microsoft Teams. While some staff may work full telecommuting schedules, attendance at quarterly company-wide events or department meetings will be expected. In-office or in-community presence may be required for some positions and is dependent on business need. Details about this can be reviewed during the interview process. This is a temporary position and does not provide the benefits that are listed below (this is standard language from our regular job posts and cannot be altered or removed). Temporary employees on assignment at the Alliance will be connected to a staffing agency with separate benefit options. The full compensation range for this position is listed by location below. The actual compensation for this role will be determined by our compensation philosophy, analysis of the selected candidate's qualifications (direct or transferable experience related to the position, education or training), as well as other factors (internal equity, market factors, and geographic location). Zone 1 (Monterey, San Benito and Santa Cruz) $71 - $78 USD Zone 2 (Mariposa and Merced) $65 - $72 USD Zone 3 (National) $60 - $66 USD OUR BENEFITS Available for all regular Alliance employees working more than 30 hours per week. Some benefits are available on a pro-rated basis for part-time employees. These benefits are unavailable to temporary employees while on an assignment with the Alliance. Medical, Dental and Vision Plans Ample Paid Time Off 12 Paid Holidays per year 401(a) Retirement Plan 457 Deferred Compensation Plan Robust Health and Wellness Program Onsite EV Charging Stations ABOUT US We are a group of over 500 dedicated employees, committed to our mission of providing accessible, quality health care that is guided by local innovation. We feel that our work is bigger than ourselves. We leave work each day knowing that we made a difference in the community around us. Join us at Central California Alliance for Health (the Alliance), where you will be part of a culture that is respectful, diverse, professional and fun, and where you are empowered to do your best work. As a regional non-profit health plan, we serve members in Mariposa, Merced, Monterey, San Benito and Santa Cruz counties. To learn more about us, take a look at our Fact Sheet. The Alliance is an equal employment opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. We are an E-Verify participating employer At this time the Alliance does not provide any type of sponsorship. Applicants must be currently authorized to work in the United States on a full-time, ongoing basis without current or future needs for any type of employer supported or provided sponsorship.

Job Description This is a hybrid position requiring 3 days in office at our Middleton, WI office location. #LI-Hybrid At CapSpecialty, we are a specialty underwriting company being driven by well-informed, entrepreneurial and proactive employees. Come join our exciting company where you can really make an impact, and each individual's unique skills and talents are recognized and valued. You will find an accessible leadership team that welcomes opinions and ideas. We owe much of our success to our collaborative environment and set of three guiding principles rooted in customer-centricity, employee excellence and corporate culture. We offer competitive compensation and benefits packages - including an innovative open vacation plan, generous paid sick and parental leave, fully vested matching 401k, company-paid group term life insurance and short- & long-term disability plans, professional and educational growth opportunities, flexible and casual work environment, and recognition for exceptional performance. Please see our full list of Total Rewards here. CapSpecialty is seeking an Information Security Analyst who will support our organization's cybersecurity operations. The analyst will assist in monitoring systems, investigating alerts, managing access controls, and supporting compliance efforts. This role includes exposure to Identity & Access Management (“IAM”) and other key areas of information security. Duties/Responsibilities: Conduct investigations into and properly document security incidents, including evaluating incident impact and recommending corrective actions to management. Collate security metrics and generate reports from the security systems as needed. Support managing accounts and permissions in IAM systems, including recommending improvements to identity governance where appropriate. Perform tasks as assigned to meet any audit requests. Help maintain IAM documentation and workflows. Help maintain and promote security policies, procedures, and training materials. Oversee assigned components of the security awareness programs, and track employee participation including following up on training completion. This may include reporting compliance metrics to leadership. Manage the physical security program, providing recommendations for updates as needed. Keep up to date and current on security trends. Other related duties and initiatives, as assigned. Supervisory Responsibilities: None. Core Competencies: Proven ability to deal well with ambiguity, prioritize tasks, resolve issues and deliver measurable results in an agile, fast-paced environment. Excellent oral and written communication skills. Ability to manage difficult customer situations, elicit customer feedback, analyze and resolve customer issues. Excellent analytical, problem solving, collaboration and time-management skills. A high level of integrity and commitment to confidentiality. Must be highly self-motivated requiring minimal direction. Have a passion for Information Security and a desire to advance personal growth through continuing professional education, self-study, and pursuit of technical certifications. Education and Experience: Associate's degree in computer science or equivalent. 1+ years of relevant experience in IT with exposure to cybersecurity practices, technologies, and methodologies is preferred. Basic understanding of security principles, threats, and controls is desirable. Familiarity with IAM concepts and tools (i.e. Active Directory, Okta, Azure AD) is a plus but not required. Familiarity with security controls and technologies desired (i.e. firewall, SIEM, DLP, WAF, and IPS.). Physical Demands Prolonged periods of sitting at a desk and working on a computer. May be required to lift up to 15 pounds at times. CapSpecialty is a leading provider of specialty insurance and bonds for small- to mid-sized businesses in the U.S., offering casualty, professional liability, surety and fidelity products in all 50 states and the District of Columbia. By working with select partners through a limited distribution model, CapSpecialty's creative, hard-working team provides personalized service and cultivates mutually successful partnerships to deliver positive results. CapSpecialty is an operating subsidiary of Berkshire Hathaway, and its carriers have an A ("Excellent") rating from A.M. Best, writing both admitted and non-admitted policies. For more information, please visit CapSpecialty.com. Apply today! Equal Employment Opportunity Employer Powered by ExactHire:184950

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a seasoned and strategic professional who will lead the development, implementation, and oversight of our Third-Party Risk Management (TPRM) program. This senior-level individual contributor will be responsible for identifying, assessing, and mitigating risks associated with third-party relationships across the enterprise, ensuring compliance with regulatory requirements and alignment with organizational risk tolerance. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning. Responsibilities Your Work In this role, you will: Program Leadership & Governance Design and implement a robust Third-Party Risk Management (TPRM) Program using tailored to healthcare regulatory and health technology requirements. Develop and maintain policies, procedures, and standards for third-party risk oversight. Establish governance structures and reporting mechanisms to ensure transparency and accountability. Risk Assessment & Due Diligence Implement and conduct comprehensive risk assessments for new and existing third-party vendors, focusing on cybersecurity, data privacy, financial stability, and operational resilience. Collaborate with procurement, legal, compliance, and business units to ensure thorough due diligence and contract risk mitigation. Define and maintain risk tiers and criticality ratings for vendors. Develop and support contract reviews for security exhibits. Implement and lead process for responding to IT and security questionnaires (sales, etc.) Ongoing Monitoring & Issue Management Implement continuous monitoring processes for high-risk and critical vendors. Track and manage remediation activities for identified risks and control gaps. Maintain a centralized inventory and reporting of third-party relationships and associated risk profiles. Conduct third-party outreaches for incidents Regulatory Compliance & Audit Support Prepare documentation and evidence for internal audits, regulatory exams, and board-level reporting. Monitor changes in regulatory requirements and adjust program components accordingly. Stakeholder Engagement & Training Serve as a subject matter expert and advisor to internal teams on third-party risk topics. Develop and deliver training programs to increase awareness and accountability across the organization. Facilitate cross-functional collaboration to enhance risk visibility and response. Technology & Automation Evaluate and implement third-party risk management platforms and tools. Drive automation and process improvements to enhance program efficiency and scalability. Qualifications Your Knowledge and Experience Requires a bachelor's degree or equivalent experience Requires at least 10 years of prior relevant experience Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience a plus Experience partnering with all levels of management required Driven, energetic, team player with superior oral and written communication skills Strong analytical, organizational, and project management skills. Requires deep understanding of IT control frameworks; Artificial Intelligence experience is a plus Desire one or more of the following: CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional)

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actional insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a highly experienced and proactive professional to lead regulatory compliance initiatives across the organization, with a focus on healthcare and technology-related standards. This senior individual contributor will be responsible for overseeing assessments and audits related to HIPAA, PCI-DSS, SOC 2, and other applicable frameworks, ensuring the organization maintains a strong security posture and meets all regulatory obligations. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning. Responsibilities Your Work In this role, you will: Regulatory Program Leadership Serve as the primary point of contact for external audits, assessments, and regulatory inquiries. Develop and maintain compliance documentation, including policies, procedures, control matrices, and evidence repositories. Build plan and lead required assessments to comply with mandates and certifications (HIPAA, PCI DSS, SOC II, Type 2, etc.). Assessment & Audit Management Conduct internal gap analyses and risk assessments to identify areas of non-compliance or control weaknesses. Track and report on audit findings, remediation efforts, and compliance status to senior leadership. Cross-Functional Collaboration Partner with teams across the enterprise to ensure alignment with regulatory requirements and enterprise risk objectives. Provide subject matter expertise during product development, vendor onboarding, and system implementations to ensure compliance is embedded in processes. Policy & Control Frameworks Partner to maintain and enhance internal control frameworks aligned with regulatory standards and industry best practices (e.g., NIST, HITRUST, ISO 27001). Partner to ensure policies and procedures are up-to-date and reflect current regulatory expectations and organizational practices. Monitoring & Reporting Implement continuous monitoring processes for key compliance controls, findings and mitigation plans. Prepare and present compliance metrics, dashboards, and executive summaries to leadership and governance committees. Qualifications Your Knowledge and Experience Requires a bachelor's degree or equivalent experience Requires at least 10 years of prior relevant experience Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience a plus Experience partnering with all levels of management required Driven, energetic, team player with superior oral and written communication skills Strong analytical, organizational, and project management skills. Requires deep understanding of IT control frameworks; Artificial Intelligence Risk Management Framework is strongly preferred Desire one or more of the following: CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional)

Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actionable insights by quantifying IT and business risk to increase resilience while driving a security culture. Reporting to the Senior Manager, in this role, we are seeking a highly experienced and strategic individual contributor to lead the development, implementation, and governance of our enterprise-wide Business Continuity and Disaster Recovery (BC/DR) program. This role will be responsible for ensuring organizational resilience through effective planning, risk assessment, and coordination across business units and technology teams. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow - personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning. Responsibilities Your Work In this role, you will: Program Development & Governance Design and implement a comprehensive Business Continuity (BC)/Disaster Recovery (DR) framework aligned with industry standards (e.g., ISO 22301, NIST SP 800-34), including an incident command center. Establish governance structures, policies, and procedures to support BC/DR initiatives. Develop and maintain BC/DR program documentation, including charters, plans, and metrics Establish and implement critical technology to support management of plans and alerts for enterprise Risk Assessment & Impact Analysis Conduct Business Impact Analyses (BIAs) and risk assessments to identify critical business functions and dependencies. Collaborate with stakeholders to define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Plan Development & Maintenance Lead the creation and maintenance of Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs) across departments. Ensure plans are updated regularly to reflect changes in business operations, technology, and risk landscape across departments. Develop and implement an incident command center, includes but not limited to, defining playbooks, critical roles and responsibilities, plan and roadmap. Testing & Exercises Design and execute BC/DR testing strategies, including tabletop exercises, failover tests, and full-scale simulations. Analyze test results and drive continuous improvement initiatives. Identify and assign high risk findings to be addressed by owners Audit & Compliance Ensure compliance with regulatory requirements, association mandates, and internal audit standards. Prepare and present reports to senior leadership and auditors. Vendor & Third-Party Coordination Assess and coordinate with third-party BC/DR capabilities and ensure alignment with organizational standards. Qualifications Your Knowledge and Experience Requires a bachelor's degree or equivalent experience Requires at least 10 years of prior relevant experience Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience is a plus Experience partnering with all levels of management required Driven, energetic, team player with superior oral and written communication skills Proven track record of leading enterprise BC/DR programs in complex environments Requires deep understanding of BC/DR frameworks, methodologies, and technologies. Strong analytical, organizational, and project management skills. Ability to work independently and influence cross-functional teams. Desire one or more of the following: CBCP (Certified Business Continuity Planning Professional)- highly desired, CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional)

Join Our Team as Security and Systems Administrator! We are seeking an experienced Security and Systems Administrator to provide system support and security administration, focusing on the protection, efficiency, and usability of all company technology assets. This includes maintaining and improving current security products, implementing new security initiatives, providing system-level support, participating in requirements gathering and providing escalated user support. The role also involves general system administration, maintenance and troubleshooting across all corporate technology. What You'll Do Manage Security Tools: Implement and maintain solutions to protect company data and ensure compliance. Monitor and Respond to Threats: Track firewalls, antivirus, and intrusion systems to quickly address security issues. Lead Incident Response: Coordinate efforts to contain and resolve security breaches effectively. Perform Security Audits: Identify risks and recommend improvements to strengthen defenses. Administer Systems and Networks: Maintain Windows servers, Cisco/FortiGate devices, and troubleshoot network problems. Support Cloud and Applications: Manage Microsoft 365, Azure, and Vertafore systems for smooth operations. Control Access: Oversee Active Directory and Microsoft Entra to keep user access secure. Apply Updates and Patches: Keep systems current for stability and security. Collaborate on Projects: Work with teams to define requirements and deliver new technology solutions. Provide Advanced Support: Resolve complex technical issues and train staff on best practices. Other Key Tasks: Document system configurations, procedures, and troubleshooting steps. What You Bring Education and Work Experience: Bachelor's degree from four-year college or university and four to six years related experience and/or training; or equivalent combination of education and experience. Experience in Microsoft 365 Security and Compliance Suite and Azure is preferred. License or Certification Requirements: IT Service Management certified or equivalent experience; ITIL preferred Microsoft certifications preferred Current Colorado driver's license and acceptable MVR IT Security Knowledge: Experience with firewalls, antivirus, intrusion detection, and compliance standards like HIPAA, NYDFS, etc. System Administration: Ability to manage Windows servers, Active Directory, Microsoft 365, and Azure environments. Network Management: Skilled in configuring Cisco and FortiGate devices and troubleshooting network issues. Problem-Solving & Teamwork: Strong ability to resolve complex issues and collaborate effectively with technical and non-technical teams. Why Join Us? Growth Opportunities: Access to professional development and certifications Supportive Culture: Be part of a team that values collaboration, integrity, and continuous learning. Flexible Work Options: Upon completion of training enjoy a customizable schedule that can include up to two days remote, alternating 5-day & 4.5-day work weeks, and flexibility in start and end times. Comprehensive Benefits: Enjoy a competitive salary, healthcare options, retirement plans, and more. Salary Range - Starting pay for this exempt position is $85,000 - $95,000 annually. Pay may exceed this range for well-qualified candidates, commensurate with experience. In addition to regular pay, this position is eligible to participate in our annual performance incentive program. Benefits - At Flood and Peterson all full-time employees are eligible for benefits, including Medical, Dental, Vision, and Life insurance, paid time off, paid holidays, and paid Volunteer Time Off. Full-time employees are also eligible to participate in our 401k plan, which includes both safe harbor and discretionary matching. Flood and Peterson Values: At Flood and Peterson, we are dedicated to our Employees, Clients, Communities, and Strategic Partners. Our values guide everything we do: Integrity - We uphold the highest standards, acting with honesty, trust, and the courage to do what's right. Gratitude - We show kindness and respect, appreciating each other, our clients, and our community. Knowledge - We lead through learning, sharing insights, and embracing diverse experiences to educate and grow together. Commitment - We take responsibility, prioritize teamwork, and dedicate ourselves to fulfilling the Flood & Peterson promise. Impact - We strive for meaningful results, aiming to build a lasting legacy through positive influence and service.