• Implement and maintain cloud security frameworks, ensuring compliance with NIST 800-53 Rev. 5, FedRAMP, and DoD IL-4/IL-5 security mandates. • Configure and manage Identity and Access Management (IAM) solutions, role-based access controls (RBAC), and Zero Trust Architecture (ZTA) principles. • Conduct vulnerability assessments, security monitoring, and incident response within cloud environments. • Develop and maintain System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action & Milestones (POA&M). • Provide the Cloud Security Compliance & Risk Report, ensuring all cloud-based operations remain in accordance with DoD security requirements.

Thank you for your interest in a career at Regions. At Regions, we believe associates deserve more than just a job. We believe in offering performance-driven individuals a place where they can build a career --- a place to expect more opportunities. If you are focused on results, dedicated to quality, strength and integrity, and possess the drive to succeed, then we are your employer of choice. Regions is dedicated to taking appropriate steps to safeguard and protect private and personally identifiable information you submit. The information that you submit will be collected and reviewed by associates, consultants, and vendors of Regions in order to evaluate your qualifications and experience for job opportunities and will not be used for marketing purposes, sold, or shared outside of Regions unless required by law. Such information will be stored in accordance with regulatory requirements and in conjunction with Regions’ Retention Schedule for a minimum of three years. You may review, modify, or update your information by visiting and logging into the careers section of the system. Job Description: At Regions, the Cyber Security Engineer supports applicable services for cloud applications, infrastructure, platform security, and related technologies within the Cyber Security organization. The engineer at this level is considered a subject-matter expert (SME) utilizing extensive experience and technical knowledge and may lead complex projects as necessary. Primary Responsibilities - Utilizes extensive knowledge in the design, implementation, and support of relevant cyber security technology solutions - Provides technical administration to include troubleshooting support, break-fix operations, patching, and other day-to-day activities for relevant applications - Stays abreast of industry trends and investigates organizational objectives and needs, ensuring team mutual knowledge and awareness - Reviews and maintains operational documentation and reports to support monthly trend analysis as well as project components - Leads research, proof-of-concept, selection, and implementation of technology solution - Conducts an advanced level of analysis of pros and cons and build vs buy options, offering opinion to management regarding disputes and contrasts - Explores implementation of new technologies, solutions, and methods to improve business processes, efficiency, effectiveness, and value delivered to customers - Leads the examination of technology vision, opportunities and challenges regarding security standards and the impact of the technology within the Cyber Security organization - Develops and maintains relevant metrics, controls, and other governance administration related to cyber security technology - Participates in on-call rotation for the support of any relevant cyber security technologies - Assists management collaborating with other teams on projects, ensuring alignment with the goals and objectives of the Cyber Security organization - Works jointly with management to assist in the development of technical skills and knowledge among team, ensuring the organization has adequate resources to ensure the safety and protection of Regions’ technology and assets - Serves as a mentor to team members - Acts as a role model in adhering to operational processes, standards, and procedures - May serve as a leader in security incident response activities and post-event reviews of security incidents - May serve as the subject-matter expert regarding design, implementation, and maintenance of relevant cyber security solutions to business areas, project teams, and vendors - May lead complex projects as assigned by management This position is exempt from timekeeping requirements under the Fair Labor Standards Act and is not eligible for overtime pay. Requirements - High School Diploma or GED and ten (10) years of related post-secondary education and/or experience in Information Security and/or Information Technology Preferences - Bachelor’s degree in Information Technology, Information Security, Information Systems Management, Computer Science, Engineering, or related field - Experience within a Cyber and/or Information Security organization within the financial services industry - Applicable technology and/or security certifications (e.g. Certified Information Systems Security Professional (CISSP), CompTIA Security+, Cisco Certified Network Associate (CCNA), Microsoft Certified Solutions Associate (MCSA), etc.) Skills and Competencies - Ability to prioritize conflicting demands - Ability to work independently - Advanced analytical and evaluative thinking capability - Advanced knowledge of modern security tools and controls - Advanced problem-solving skills to offer sound solutions to complex issues - Strong knowledge of common web technologies, cloud technologies, and enterprise and network architecture - Strong knowledge of defense in depth, trust levels, privileges, and permissions - Strong verbal, written communication, and organizational skills The Cloud Security Operations Engineer is responsible for continuous operation, implementation, and maintenance of Cloud security tools and Regions environments. Preferred Qualifications: - Demonstrated expertise in Cloud Security Posture Management (CSPM), including hands‑on ownership of day‑to‑day operations and proven experience leading or building a team responsible for CSPM activities - 4+ years' experience supporting implementation and maintenance of Cloud security tools in a regulated environment This position is currently offsite (within Birmingham, AL, Atlanta, GA, Charlotte, NC, or Nashville, TN) and associates will work from their home primarily. The associate may be expected to go on site for meetings or other events as needed. Regions will not sponsor applicants for work visas for this position at this time. Applicants for this position must currently be authorized to work in the United States on a full-time basis. Position Type Full time Compensation Details Pay ranges are job specific and are provided as a point-of-market reference for compensation decisions. Other factors which directly impact pay for individual associates include: experience, skills, knowledge, contribution, job location and, most importantly, performance in the job role. As these factors vary by individuals, pay will also vary among individual associates within the same job. The target information listed below is based on the Metropolitan Statistical Area Market Range for where the position is located and level of the position. Job Range Target: Minimum: $134,275.35 USDMedian: $176,000.00 USD Incentive Pay Plans: Opportunity to participate in the Long Term Incentive Plan. Benefits Information Regions offers a benefits package that is flexible, comprehensive and recognizes that "one size does not fit all" for benefits-eligible associates. Listed below is a synopsis of the benefits offered by Regions for informational purposes, which is not intended to be a complete summary of plan terms and conditions. - Paid Vacation/Sick Time - 401K with Company Match - Medical, Dental and Vision Benefits - Disability Benefits - Health Savings Account - Flexible Spending Account - Life Insurance - Parental Leave - Employee Assistance Program - Associate Volunteer Program Please note, benefits and plans may be changed, amended, or terminated with respect to all or any class of associate at any time. To learn more about Regions’ benefits, please click or copy the link below to your browser. https://www.regions.com/about-regions/welcome-portal/benefits Location Details Riverchase Operations Center Location: Hoover, Alabama Equal Opportunity Employer/including Disabled/Veterans Job applications at Regions are accepted electronically through our career site for a minimum of five business days from the date of posting. Job postings for higher-volume positions may remain active for longer than the minimum period due to business need and may be closed at any time thereafter at the discretion of the company.

Everyone who works with Mercy Health is united under one purpose: to help our patients be well in mind, body and spirit. This drive, along with our history of faith, is a powerful combination. It gives us a shared calling to work toward every day. Join our exceptional team and help us continue to provide the highest quality of health care possible to our communities.PRIVACY DIRECTOR | Work From Home/Remote WFH/Remote anywhere in the US (Eastern/Central Time Zone Preferred) *We operate in the Eastern Time Zone* Reports to: System Director, Compliance - Privacy # of Direct Reports: 2-3 Primary Function/General Purpose of Position As directed by the System Director, Compliance, oversees all ongoing activities across defined service areas within the group related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, disclosure of and access to, patient Protected Health Information (PHI) in compliance with federal and state laws and the healthcare organization's information privacy practices. Essential Job Functions - Assists in building a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and procedures that enable consistent, effective privacy practices. Such practices shall minimize risk and ensure the confidentiality of PHI as well as ensure privacy forms, notices, policies, standards and procedures are current. - Collaborates with IT Security Directors and Information Services Directors, or their designee, to ensure alignment between security and privacy programs including policies, practices and investigations. - Collaborates with IT, Security, Legal, and Business partners for privacy impact assessments and incident response. - Guide business in assessing and mitigating privacy risks by providing recommendations and controls for AI, machine learning, and digital health technologies. - Develop and enhance formal processes for privacy risk assessments with vendors, contractors, and business associates, including data management and data destruction. - Public-facing responsibilities such as supporting responses to consumer, government, and media inquiries about privacy incidents or policies. - Regularly benchmark privacy program maturity against industry standards - Conducts ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions. - Reviews role-based access controls; conducts and oversees audits of access to PHI; recommends appropriate action necessary as a result of audit activities. - Takes a lead role to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements. - Conducts Risk Assessments to identify, evaluate, and mitigate potential threats to PHI. - Oversees, develops and delivers advanced privacy training modules, including scenario-based learning and regular refreshers. Participates in the development, implementation and ongoing compliance monitoring of business associates and business associate agreements to ensure all privacy concerns, requirements and responsibilities are addressed. - Establishes, with management and operations, a mechanism to track access to PHI, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity. - Contributes to the establishment and administration of a process for receiving, documenting, tracking, investigating, and taking action on all types of complaints concerning the organization's privacy policies and procedures in coordination and collaboration with other Directors, managers of other functional areas, and when appropriate, risk managers and legal counsel. - Provides leadership, support and supervision to Privacy program staff in performing day to day privacy-related functions. Licensing/Certification Certified in Healthcare Privacy Compliance – Health Care Compliance Association (required); or Certified in Healthcare Compliance - Health Care Compliance Association (required); or Certified Information Privacy Manager – International Association of Privacy Professionals (required) Education Bachelors, Healthcare, regulatory, business administration, business ethics (required) Masters (preferred) Work Experience 6 to 10 years Healthcare Regulatory experience including HIPAA (required) Skills: Hard/Tech/Clinical Skills: Deep knowledge of Privacy, Security, and Breach Notification Laws Incident and Breach Response Research of Regulations Risk Assessment Skills Auditing, Monitoring Investigation Processes & Techniques Policy Development and Implementation Education Development and Training Data Analytics and Reporting Microsoft Office & CoPilot Proficiency Familiarity with privacy & compliance applications (e.g., Symplr, Protenus, EPIC) Soft/Interpersonal Skills: Strategic Leadership Communication Collaboration & Stakeholder Management Problem-Solving Adaptability Change Management Conflict Resolution Analytical Thinking Team Development Integrity in Everything As a Mercy Health associate, you're part of a Mission that matters. We support your well-being—personally and professionally. Our benefits are built to grow with you and meet your unique needs, every step of the way. What we offer - Competitive pay, incentives, referral bonuses and 403(b) with employer contributions (when eligible) - Medical, dental, vision, prescription coverage, HSA/FSA options, life insurance, mental health resources and discounts - Paid time off, parental and FMLA leave, short- and long-term disability, backup care for children and elders - Tuition assistance, professional development and continuing education support Benefits may vary based on the market and employment status. All applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, age, genetic information, or protected veteran status, and will not be discriminated against on the basis of disability. If you'd like to view a copy of the affirmative action plan or policy statement for Mercy Health – Youngstown, Ohio or Bon Secours – Franklin, Virginia; Petersburg, Virginia; and Emporia, Virginia, which are Affirmative Action and Equal Opportunity Employers, please email recruitment@mercy.com. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact The Talent Acquisition Team at recruitment@mercy.com

At GEICO, we offer a rewarding career where your ambitions are met with endless possibilities. Every day we honor our iconic brand by offering quality coverage to millions of customers and being there when they need us most. We thrive through relentless innovation to exceed our customers’ expectations while making a real impact for our company through our shared purpose. When you join our company, we want you to feel valued, supported and proud to work here. That’s why we offer The GEICO Pledge: Great Company, Great Culture, Great Rewards and Great Careers. GEICO is seeking an experienced Staff Engineer to provide enterprise support for product security in our hybrid, multi-cloud environments. You will proactively and holistically lead and support Product Security activities that guide the design, development, security of code, and code repositories for cloud, hybrid, and open-source applications. Position Description: Our Product Security Staff Engineer is a senior level position that reports to the Manager of Secure Product Design and works closely with development teams, product teams, and others across the organization to integrate security into the product lifecycle. The Product Security Staff Engineer is a subject matter expert in defining security requirements, defining secure application design, performing application security assessments, threat modeling, and providing developers with remediation guidance and solutions. On any given day, the Product Security Staff Engineer can be pulled in to evaluate a new system, review a proposed application design, or provide solutions for application security/coding best practices. Position Responsibilities As a Staff Engineer, you will: - Work independently with developers, system/network engineers, product owners, and other engineers to ensure secure design, development, and implementation of cloud-based applications - Define and document secure architecture patterns and anti-patterns - Perform security architecture design reviews of our products including web applications, services, and mobile applications. - Define security best practices and standards and partner with Product Development teams to implement them. - Provide remediation guidance and recommendations to developers and engineers. - Serve as a technical advisor and consultant to colleagues and/or GEICO leadership on the implementation of the Cybersecurity application security policy and standards. - Provide technical thought leadership for integration decisions, analyzing design constraints and trade-offs in system and security design, and ensuring integrity of GEICO mission objectives, while protecting GEICO assets from cyber threats and vulnerabilities. - Work with Product Development teams to help prioritize and validate urgency of mitigation of identified product vulnerabilities and security feature enhancement requests - Interface with the Product and Cyber Security teams to track security feature enhancement requests - Help develop actionable insights, prioritizing the work, based on risk, and impact, and allocate resources effectively, using Geico specific large data sets. Qualifications: - Hands-on product development experience, with strict SLA and SLR, using a mature S-SDLC. - Direct experience working with development teams to define, develop and document secure solutions - Experience breaking down complex systems and applications to find flaws with analysis and threat modeling - Strong familiarity with common vulnerabilities and attack vectors - Knowledge of web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs - Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.) - Solid understanding of secure network, system, and service design in cloud (Azure, AWS etc.) and conventional environments - Understanding and applied use of OWASP Top 10, NIST SP800 Series, NIST CSF, FIPS 140-2, ISO 27001, PCI-DSS, etc. - Knowledge of various aspects of a technology architecture like integration, network, and security - Advanced understanding and knowledge of application development life cycle methodologies (such as waterfall, spiral, agile software development, rapid prototyping, incremental, synchronize and stabilize, and DevOps/ SecDevOps) - Exposure to multiple, diverse security technologies, platforms, and processing environments - Strong command of strategic and emerging security/ cloud technology trends, and the practical application of existing and emerging technologies to new and evolving business and operating models. - Good understanding of product management, agile principles and development methodologies and capability of supporting agile teams by providing advice and guidance on opportunities, impact, and risks, taking account of technical and architectural debt - Experience collaborating closely with senior executives on strategic initiatives - A background integrating security testing into the SDLC - Experience providing security training to developers - Ability to find security defects within programming languages such as Go, Rust, Java, Python, Object C, and mobile device languages - Demonstrated experience using DAST and SAST tools and services - One or more of the following Cybersecurity certifications are highly desired: Security+, Certified Information System Security Professional (CISSP) or Certified Information Security Manager (CISM) Experience: - 6+ years planning and designing application security, cloud security, systems security, or platform security - 5+ of experience in at least two security solution design and development disciplines, including technical or security infrastructure architecture, cloud security, network security management, secure application development or secure cloud development. - 4+ years of experience in application and open-source security - 3+ years of experience with AWS, GCP, Azure, or another cloud service  - 2+ years of experience in open-source frameworks Education - Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent education or work experience Annual Salary $100,000.00 - $230,000.00The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate’s work experience, education and training, the work location as well as market and business considerations. GEICO will consider sponsoring a new qualified applicant for employment authorization for this position. The GEICO Pledge: Great Company: At GEICO, we help our customers through life’s twists and turns. Our mission is to protect people when they need it most and we’re constantly evolving to stay ahead of their needs. We’re an iconic brand that thrives on innovation, exceeding our customers’ expectations and enabling our collective success. From day one, you’ll take on exciting challenges that help you grow and collaborate with dynamic teams who want to make a positive impact on people’s lives. Great Careers: We offer a career where you can learn, grow, and thrive through personalized development programs, created with your career – and your potential – in mind. You’ll have access to industry leading training, certification assistance, career mentorship and coaching with supportive leaders at all levels. Great Culture: We foster an inclusive culture of shared success, rooted in integrity, a bias for action and a winning mindset. Grounded by our core values, we have an an established culture of caring, inclusion, and belonging, that values different perspectives. Our teams are led by dynamic, multi-faceted teams led by supportive leaders, driven by performance excellence and unified under a shared purpose. As part of our culture, we also offer employee engagement and recognition programs that reward the positive impact our work makes on the lives of our customers. Great Rewards: We offer compensation and benefits built to enhance your physical well-being, mental and emotional health and financial future. - Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being. - Financial benefits including market-competitive compensation; a 401K savings plan vested from day one that offers a 6% match; performance and recognition-based incentives; and tuition assistance. - Access to additional benefits like mental healthcare as well as fertility and adoption assistance. - Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year. The equal employment opportunity policy of the GEICO Companies provides for a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religious creed, national origin, ancestry, age, gender, pregnancy, sexual orientation, gender identity, marital status, familial status, disability or genetic information, in compliance with applicable federal, state and local law. GEICO hires and promotes individuals solely on the basis of their qualifications for the job to be filled. GEICO reasonably accommodates qualified individuals with disabilities to enable them to receive equal employment opportunity and/or perform the essential functions of the job, unless the accommodation would impose an undue hardship to the Company. This applies to all applicants and associates. GEICO also provides a work environment in which each associate is able to be productive and work to the best of their ability. We do not condone or tolerate an atmosphere of intimidation or harassment. We expect and require the cooperation of all associates in maintaining an atmosphere free from discrimination and harassment with mutual respect by and for all associates and applicants.