Company Summary Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. Position Overview The Department of Defense’s (DoD) Chief Digital and Artificial Intelligence Office (CDAO) is at the forefront of supporting the DoD with the adoption of innovative technologies such as data, analytics, and artificial intelligence to help accelerate predictions, forecasts, and interpretations for both strategic and tactical decisions across the enterprise. These ground-breaking endeavors bring new challenges to the assessment of DoD IT systems that previously did not exist. The Security Control Assessor (SCA) plays a pivotal role in comprehensively understanding the cybersecurity posture of a given capability within CDAO. SCAs must go beyond a mere compliance focus on controls to articulate the inherent risks of systems. Success in this position requires expertise in statutory guidance such as the NIST 800 series, DoDI 8500.01, DoD 8140.03, ISO 27001, COBIT, DoD RMF, and Operation Vulcan Logic (OVL), along with current cybersecurity best practices The SCA provides authoritative risk determinations and recommendations critical for the Authorizing Official (AO) to grant an Authority to Operate (ATO). Their assessments integrate technical rigor with regulatory compliance, ensuring a robust security posture and informing strategic decision-making. Work Location Full time remote. Candidates in the Washington DC Metropolitan preferred. Travel requirements will vary with location, however, expect approximately 10% to 25%. Job Responsibilities - Provide the AO with an independent risk assessment of assigned systems and an authorization. - Advise Program Managers on AO determination utilizing OVL documentation. - Provide senior advisory support to CDAO AO regarding authorizations of CDAO capabilities. - Utilize expert knowledge and experience regarding risk management strategies in support of a major DoD program. - Providing support regarding the agile authorization and OVL processes. - Provide independent risk analysis and recommendation. - Collaborate between the AO and the program as well as Program leadership. - Identify the security baseline based on the mission and security impacts to the system. - Determine assessment criteria, develop, review, and create a plan to assess the security requirements. - Assess the security requirements in accordance with the assessment procedures defined in the Security Assessment Plan (SAP). - Prepare the Security Assessment Report (SAR). - Monitor POAM actions based on findings and reassess remediated risk(s) as appropriate. - Develop the Risk Recommendation and AO Determination Brief. - Develop a system-level continuous monitoring strategy. - Author and present briefs regarding status of authorizations to AO and other senior Government officials. - Provides security architecture and DoD compliance advisory support. Success Factors - Have a strong background in risk management, and governance, risk and compliance (GRC). - Strong clients focus and commitment to continuous improvement, ability to proactively network and establish relationships. - Manage multiple priorities in a high-paced and fast-changing environment. - Perform other duties as assigned or required. Education and Minimum Qualifications - Must have at least a Public Trust – Secret level clearance preferred. - Bachelor’s degree in computer science/information technology, or other related degree fields (master’s degree is preferred or at least 5 years of related experience) - At least 5+ years of cybersecurity experience including a senior technical or management role, Project or Program Management experience a plus. - At least one IAT/IAM or equivalent security certifications ex. Sec+, CISSP, CCSP, CISM, CISA, or CASP - Experience working with OSD leadership or Military component or branch. - Understanding of NIST 800 series guidelines, DoDI 8500.01, DoD 8140.03, rISO 27001, COBIT, DoD RMF, OVL, and current cybersecurity best practices. - Excellent communication/presentation skills briefing senior military and government civilian leadership. - Experienced with writing standard operating procedures. - Experience in hands on with eMASS, Xacta and/or other GRC tools. - Experience with Federal and FedRamp A&A Processes. AAP Statement We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.

You desire impactful work. You’re RGA ready RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all. Senior Counsel, Data Privacy & Security This experienced data privacy and cybersecurity attorney provides practical, day-to-day legal support on data protection and information security matters. This role supports the company’s global operations by advising on compliance with data privacy and data security laws and regulations; reviewing and negotiating data-related contractual provisions; and assisting the business identifying and addressing legal risks related to the collection, use, storage, and transfer of personal and sensitive information. PRINCIPAL DUTIES Data Privacy - Provide legal advice on US and global: (i) data privacy laws including GLBA, HIPAA, CAN-SPAM ACT, CCPA, PIPEDA, GDPR, PDPA; (ii) AI [governance requirements?]; and (iii) other existing and emerging regulations related to data privacy, cybersecurity and AI - Advise on regulatory privacy requirements for financial services and insurance sectors - Review and negotiate contracts including data processing agreements and clauses and cybersecurity exhibits - Advise on privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) - Assist with data subject rights requests and incident response procedures within the legal team - Advise on legal risk identification and mitigation efforts and privacy compliance efforts including privacy-by-design in business operations, product development, data analytics and technology solutions Cybersecurity Legal Support - Provide legal guidance on cybersecurity risk management and incident response - Advise on cybersecurity laws and regulations, including CCPA, SEC cybersecurity rules, US and non-US breach notification requirements - Support global breach notification obligations - Collaborate with IT security teams on legal aspects of security controls and frameworks - Advising on reasonable security safeguards from legal perspective - Advise on regulatory cybersecurity requirements for financial services and insurance sectors - Review and negotiate cybersecurity exhibits in vendor contracts and reinsurance agreements. Regulatory Compliance & Risk Management - Monitor and interpret evolving data protection, cybersecurity and AI regulations globally - Conduct legal risk assessments for data-related business activities - Develop training programs and awareness initiatives for workforce members and business stakeholders - Support internal audits and regulatory examinations related to data practices Cross-Functional Collaboration - Partner with IT, risk management, compliance, and business teams on data-related initiatives - Support M&A due diligence on data privacy and cybersecurity matters - Collaborate with external counsel and privacy consultants as needed - Participate in industry associations and regulatory working groups - Contribute to enterprise risk management and business continuity planning QUALIFICATIONS - Juris Doctor (JD), Law Degree from a United States accredited law school or equivalent accredited institution. - Advanced degree (LLM), Privacy law, cybersecurity, or technology law are preferred - 6+ Years of Legal experience with significant focus on data privacy and cybersecurity law, risk management. - Licensed to practice law in the US - CISSP, CIPP, CIPM, CIPT, CISA or equivalent are preferred - Demonstrated experience working with US and global cybersecurity and privacy laws, regulations and frameworks (GLBA, HIPAA, CCPA, GDPR, NIST CSF, NIST PF, CIS, ISO, SOC2) - Proven ability to assess privacy and cybersecurity risks, translate regulatory requirements into practical controls and support remediation efforts. - Hands on experience with incident response, US breach notification processes and regulatory reporting obligations. - Strong documentation skills – drafting policies, agreements, standards, procedures and reports. - In-house counsel and leadership experience at a financial services, insurance, or technology company is preferred. - Experience supporting public company, or SEC regulated environments - Big law firm experience with privacy and cybersecurity practice groups Skills and Abilities: - Deep understanding of US and global data protection laws and regulations - Extensive knowledge of incident response and personal data breach notification requirements, as well as of cybersecurity legal frameworks and industry standards (CCPA, SEC requirements, NIST CSF, NIST PF, SOC 2, ISO) - Strong understanding of cloud computing, data analytics, and emerging technologies - Knowledge of U.S. financial, insurance or reinsurance business operations - Advanced experience with reviewing, drafting, amending and negotiating contracts including data processing addendums and cybersecurity addendums - Experience with cross-border data transfers and international privacy frameworks - Highly advanced interpersonal skills, with demonstrated ability to positively influence change among clients and working groups. - Expert skills in managing multiple projects and/or sub-teams simultaneously - Highly advanced ability to make timely and effective decisions and produce results through strategic planning and the implementation and evaluation of programs and policies This role is remote, with a preference for candidates who can work in a hybrid capacity from our Chesterfield location. #LI-MJ1 #LI-Remote What you can expect from RGA: - Gain valuable knowledge from and experience with diverse, caring colleagues around the world. - Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought. - Join the bright and creative minds of RGA, and experience vast, endless career potential. We’re excited to get to know you and connect your unique skills with our global opportunities. To create a modern and seamless experience, we use artificial intelligence (AI) in parts of our preliminary screening process. This technology helps us personalize job recommendations, automate interview scheduling, evaluate candidates based solely on experience—without considering name, gender, or other personal details—and provide real-time answers through our chatbot. AI is used only during early screening and never makes hiring decisions. Your RGA recruiter will work closely with you every step of the way to ensure the process feels personal, thoughtful, and focused on you. Compensation Range: $150,770.00 - $224,640.00 Annual Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits. RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.

• Own and deliver key technical components of a new data-driven product, with a focus on backend platforms, APIs, and data processing pipelines • Partner with product and domain stakeholders to understand customer needs and incorporate feedback into solutions • Design, build, and evolve scalable systems that ingest, process, and route high-volume streaming data • Collaborate with peers and technical leaders to contribute to architecture and design decisions across the team • Turn loosely defined ideas into concrete technical designs and working implementations • Lead development of complex features end-to-end, from early exploration and prototyping through production rollout • Stay hands-on in the codebase, contributing high-quality code, reviewing pull requests, and improving core abstractions • Mentor and support other engineers, raising the overall technical bar of the team

• Onboard applications and APIs to the WAAP platform, partnering directly with Engineering teams to ensure secure and smooth rollout. • Implement and tune WAF protections across supported platforms, reducing false positives while maintaining strong protection coverage. • Respond to edge protection and WAF-related engineering requests, troubleshooting configuration issues and advising on secure implementation patterns. • Contribute to Terraform modules and automation pipelines that standardize edge protections and reduce configuration drift. • Review infrastructure changes with a security lens and collaborate with engineers to land secure solutions. • Participate in incident response and post-incident hardening related to edge-layer detections. • Document onboarding processes and configuration standards to improve repeatability and reduce manual effort.