This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description As a Cybersecurity & Compliance Analyst, you will play a critical role in safeguarding our company's information systems and ensuring compliance with regulatory standards. You will be responsible for: - Monitoring, analyzing, and responding to security incidents - Conducting risk assessments - Establishing and implementing cybersecurity, information risk management, and compliance best practices - Implementing controls to protect sensitive data This role is fully remote. Specific location details and expectations will be discussed during the interview process. Qualifications - Bachelor’s degree in Information Technology, Information Security, Cybersecurity or related field and/or equivalent experience - 3+ years of progressively more responsibility in directly related work - Two or more years of experience in utilizing enterprise security or compliance solutions including but not limited to SIEM, Risk Management tools, GRC (Governance, Risk, and Compliance) tools, security detection and response tools, and endpoint security products - Excellent knowledge of Microsoft Purview including Data Loss Protection and other compliance policies - Proven experience in cybersecurity compliance, risk management, and audit processes - Familiarity with common network, system and web application attacks and mitigations - Strong knowledge of regulatory requirements and industry standards related to cybersecurity and Risk Management (e.g., NIST, ISO27701, SOX) - Ability to work effectively in a team environment and in cross-functional teams - Ability to effectively document - Excellent verbal and written communication skills - Energetic, enthusiastic, charismatic Requirements - Develop, implement, and maintain security policies, procedures, and controls to ensure compliance with industry standards and regulations (e.g., NERC CIP, SOX, ISO 27001, etc.) - Evaluate, document, and respond to recommendations or alerts from internal security tools and Managed Security Services Provider - Conduct regular risk assessments and vulnerability scans to ensure the security of the organization's information systems - Assist in the investigation and response to security incidents, ensuring that all actions comply with regulatory requirements - Coordinate with legal and regulatory bodies to ensure the organization remains compliant with evolving cybersecurity laws and regulations - Prepare and present reports on compliance activities, findings, and recommendations to leadership - Assist with the education and training of process/control owners to better understand technology control frameworks and their responsibilities when it comes to data handling - Lead Data Loss Protection (DLP) initiatives, strategies, and controls within the company with the use of Microsoft Purview - Perform security audits and assessments to identify areas of improvement and ensure compliance with regulatory requirements - Assist in responding to external audits by preparing necessary documentation, coordinating with auditors and ensuring that all compliance requirements are met - Maintain up-to-date knowledge of industry standards, regulations, and best practices related to cybersecurity compliance - Recommend and assist with implementation and management of Cybersecurity, Risk Management and Compliance tooling - Support the development and maintenance of a robust cybersecurity governance framework Benefits - Employees (and their families) are eligible for medical, dental, vision, basic life and disability insurance - Employees can enroll in our company’s 401(k) plan - Provided vacation, sick and holiday pay Company Description SOLV Energy is a leading provider of infrastructure services to the power industry, designing, building and maintaining utility scale solar, battery storage and high voltage substation projects nationwide.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description Candidate will serve as a Principal Security Specialist assigned to the Global Security Services (GSS) Industrial Security Center of Excellence (COE) within the Compliance Team supporting the DoD Self-Inspection Program and other GSS initiatives. Domestic business travel to performance work locations by air periodically to perform peer inspections, attend meetings, or other (estimated up to 25%) is required. Candidate is eligible to perform this role remotely from any location within the United States. - Identify and communicate industrial security processes/best practice standards. - Develop and brief on security awareness, training, and education (SATE) materials. - Understand GSS security processes in all areas related to industrial security. - Compile and conduct data integrity reviews, including preparing performance metrics. - Understand privacy information, company proprietary, third-party information, and controlled unclassified information (CUI) and authorized safeguarding methods to prevent unauthorized access or disclosure. Qualifications - A University Degree or equivalent experience and minimum 5 years prior relevant experience, or an Advanced Degree in a related field and minimum 3 years experience. - Must have at least 5 years of related DoD or Industrial Security experience. - Experience in directly supporting the DoD Self-Inspection program to validate compliance at cleared facilities. - Experience working with the National Industrial Security Program Operating Manual (NISPOM) and other relevant DoD and NSA security guidance. - Experience with interpreting and administering security doctrine, providing clear guidance to company employees, and recommending modifications to operations policies or procedures for compliance. Requirements - DCSA FSO Certification. - DCSA Industrial Security Course Completions. - Working knowledge on the use of Raytheon Security databases (eSecurity, Access Commander, Industrial Security Dashboard, and Resolver). - Working knowledge of the U.S. Government’s Defense Information System for Security (DISS) and the National Industrial Security System (NISS). Benefits - Medical, dental, vision, life insurance. - Short-term disability, long-term disability. - 401(k) match. - Flexible spending accounts. - Flexible work schedules. - Employee assistance program. - Employee Scholar Program. - Parental leave. - Paid time off and holidays.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description In this role you will provide leadership in protecting the confidentiality, integrity, and availability of web and/or mobile applications by establishing and enforcing system access controls. You will define system security requirements, recommend improvements to system security frameworks, ensure authorized access to systems through monitoring, performing testing, or scanning for security vulnerabilities, and raising security awareness. - Identify security related issues and define security requirements during all phases of the application development lifecycle. - Review program/development documents to ensure adherence to secure coding standards, guidelines and security requirements. - Coordinate with developers to ensure secure and resilient design, prototyping, development, testing, support, and documentation of moderately complex application software. - Monitor for atypical usage of information system accounts and other abnormalities to identify possible breaches. - Assist with FISMA initiatives, e.g., updating security plans, to support ISSO responsibilities. - Coordinate the identification of security-related issues and definition of security requirements during all phases of the software development lifecycle (SDLC). - Perform penetration testing activities to ensure web vulnerabilities are not present within Treasury Services applications. - Conduct analysis and interpreting of cybersecurity trends and emerging risks, quantifies potential impact, and develops conclusions and recommended application security responses. - Perform other duties as assigned or requested. - Adhere to the Bank's attendance policies through regular and prompt attendance. Qualifications - Application Security Analyst: Bachelor’s degree with 3+ years of related work experience or Associate's degree with 5+ years of related work experience - Strong preference of at least one security certification (CISSP, CSSLP, CCSP, CEH, AWS Security, etc.) - Application Security Analyst Senior: Bachelor’s degree with 5+ years of related work experience or Associate's degree with 7+ years of related work experience - Strong preference of at least one security certification (CISSP, CSSLP, CCSP, CEH, AWS Security, etc.) Requirements - Ability to analyze highly complex business requirements. - Thorough understanding of industry-based security controls relating to applications, services, and systems. - Knowledge of cloud-based platforms and technologies and how to ensure these environments are secure. - Thorough understanding of security controls relating to access control, authentication, and auditing. - Demonstrated knowledge and understanding of information security industry trends and emerging technologies, especially relating to application security vulnerabilities. - Proficient at testing web applications for security vulnerabilities, such as those listed in the OWASP Top 10 and familiar with the tools used for testing. - Demonstrated ability to learn new systems and technologies. - Excellent time management skills, and the ability to prioritize and multi-task. Benefits - Support overall health and financial security. - Learn more about our benefits here: Cleveland Fed Benefits

• Help manage the design, development, and implementation of systems to protect CCHMC data • Support communication between internal and external parties on project related issues and developments • Analyze, design, implement, and maintain moderately complex systems that greatly improve clinical care • Provide technical support and third-level problem resolution assistance for production and process issues • Ensure outstanding end-user support is provided, including ongoing monitoring of Service Level Agreements