What You'll Do: The Ohio Attorney General's Office is currently seeking 2 experienced individuals for a BCI Special Agent vacancy in the Bureau of Criminal Investigation (BCI) Section, Force Investigations Unit (South). This position will primarily be designated for remote working. There may be in person requirements for training and operational needs. The headquarter location is London, OH. The Bureau of Criminal Investigation, known as BCI, is the state’s official crime lab serving the criminal justice community and protecting Ohio families. BCI also provides expert criminal investigative services to local, state, and federal law enforcement agencies upon request. With offices throughout the state, BCI stands ready to respond 24/7 to local law enforcement agencies’ needs at no cost to the requesting agency. Staff at BCI work every day to provide the highest level of service. This includes special agents who are on call 24/7 to offer investigative assistance at crime scenes, knowledgeable scientists and forensic specialists using cutting-edge technology to process evidence to bring criminals to justice, and criminal intelligence analysts and identification specialists who help local law enforcement solve cases. Experienced special agents, forensic scientists, and other law enforcement experts’ staff BCI’s three main divisions: 1) Identifications 2) Investigations and 3) Laboratory. The successful candidate must reside in or be willing to relocate within 90 days to one of the following counties: Adams, Athens, Belmont, Brown, Butler, Champaign, Clark, Clermont, Clinton, Darke, Fayette, Gallia, Greene, Guernsey, Hamilton, Highland, Hocking, Jackson, Lawrence, Logan, Meigs, Miami, Monroe, Montgomery, Morgan, Muskingum, Noble, Perry, Pike, Preble, Ross, Scioto, Shelby, Vinton, Warren, Washington. The duties for this position include, but are not limited to, the following: - Serves as case agent assuming responsibility for conducting overt and/or covert criminal investigations related to use of force to include, but not limited to officer involved critical incidents. - Performs various tasks in the field such as crime scene processing, subject, victim and witness interviewing - Develops informants and confidential sources. - Conducts raids, searches and surveillance. - Performs background investigations. - Makes arrests. - Gathers, evaluates and forwards criminal intelligence information. - Completes and submits investigative reports for criminal and/or administrative actions. - Serves as liaison to and works in cooperation with local, state, federal and other law enforcement/investigatory agencies. - Provides courtroom evidence and testifies in court. - Confers with prosecuting attorneys. - Delivers speeches or presentations to specialized audiences and/or general public. - Other duties as assigned. Completion of undergraduate core program in criminal justice, social sciences (e.g., criminology, sociology, psychology) or related field; OPOTC Peace Officer certification; 2 yrs. experience in investigations with a law enforcement agency; valid driver’s license. -Or 2 yrs. Exp. as a BCI Investigator, Class No. 26130AG; OPOTC Peace Officer certification or equivalent Peace Officer certification (e.g., another state, another government agency, military); valid driver’s license. -Or equivalent of Minimum Class Qualifications for Employment noted above. Job Skills: Investigation, Critical Thinking, Collaboration, Attention to Detail, Decision Making, Confidentiality

• Promote, raise awareness of, and manage the organization’s information security culture; • Propose improvements and controls for policies, standards and environments (on-premises and cloud); • Assist in remediation and management of vulnerabilities; • Implement and enhance hardening baselines; • Configure and administer security tools and platforms (firewalls, WAF, IDS/IPS, SIEM, antivirus); • Maintain processes to support compliance with certifications; • Analyze risks and propose remediation actions for identified vulnerabilities; • Plan and execute security projects focused on infrastructure and cloud.

Description What is VBG: Veteran Benefits Guide has been proud to serve our nation’s service members for more than 10 years. Founded by a U.S. Marine Corps Veteran, VBG assists Veterans through the challenging VA claims process to efficiently secure their hard-earned benefits. Now operating with more than 225 team members nationwide, VBG has helped over 55,000 Veterans through the VA claims process. The company is dedicated to honoring service and supporting the Veteran community through ongoing advocacy, community partnerships, and meaningful opportunities within its workforce. What we are looking for: The Senior Cyber Risk Analyst is responsible for leading enterprise cyber risk management activities, maintaining security and IT policy governance, and providing clear, actionable risk insights to senior leadership. This role partners closely with technology, legal, product, and business teams to identify, assess, and remediate cyber risks across the organization. This position is open to candidates located in the following states: Arizona (AZ), Washington (WA), Nevada (NV), Utah (UT), Illinois (IL), Ohio (OH), New Jersey (NJ), Virginia (VA), North Carolina (NC), and Florida (FL). Essential Functions: Reasonable accommodation may be provided to enable individuals with disabilities to perform essential functions. - Own and maintain the organization’s information security and IT policies, ensuring align with industry standards and are functionally enforceable in the organization. - Develop risk posture reporting for senior leadership, including risk assessments, control effectiveness, and risk register updates, tailoring depth and messaging to technical and executive audiences - Manage the control framework and library by identifying control gaps across technology domains and leading annual control testing and enterprise security assessments - Lead enterprise cyber risk management activities including identifying and quantifying cybersecurity risks using standardized risk rating methodologies - Maintain the enterprise risk register and oversee cybersecurity remediation efforts while advising on compensating controls and interim risk treatment strategies - Partner cross-functionally with legal, technology, product, and business teams to understand regulatory obligations, risk tolerance, and remediation priorities - Coordinate and facilitate cross-functional remediation discussions while tracking progress and driving accountability for risk reduction - Own the third-party risk management process, including vendor security questionnaires, risk assessments of new and existing vendors, and development of remediation plans to address identified security gaps - Ability to work independently and drive end-to-end initiatives with minimal supervision - Understanding of DevOps, security architecture, and security configurations, enabling effective collaboration with engineering, product, and infrastructure teams to identify and mitigate risks - Adaptability and resilience in an evolving environment - Stay current with emerging threats, regulatory changes, and industry best practices in risk management, compensating controls, and enterprise technologies. - Proven ability to translate complex technical risks into clear business impacts and actionable, risk-based recommendations for stakeholders. - Excellent analytical, written, and verbal communication skills with the ability to influence decision-making across technical and non-technical audiences Qualifications or competencies: - One or more industry-recognized certifications such as CompTIA Security+, CISA, CISM, CISSP, or equivalent - Hands-on experience with GRC tools (Archer, ServiceNow GRC, Vanta, etc.) and formal risk assessment methodologies - Strong working knowledge of risk management frameworks (NIST, ISO, and CIS) and regulatory requirements for HIPAA compliance - Broad security domain expertise, including cloud environments, SDLC, application security, data protection and enterprise architecture. Education and previous work experience: - 5+ years of experience in cyber risk management, control assurance, or information security governance - Bachelor's degree or equivalent work experience in Information Technology, Cybersecurity, or a related discipline Position type: This is a full-time position. Days and hours of work are Monday through Friday, 8 a.m. to 5 p.m. EEO: Veteran Benefits Guide provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, national origin, ancestry, physical disability, mental disability, medical condition, marital status, sex (including pregnancy, childbirth, breastfeeding or related medical conditions), gender (including gender identity and gender expression) genetic characteristic, sexual orientation, registered domestic partner status, age, military or veteran status, hairstyle or hair texture, reproductive health decision making, or any other characteristic protected by federal, state, or local laws.

• Prepare technical diagrams, architecture documentation, and threat models; • Analyze system, application, and integration architectures from a security perspective; • Perform technical risk assessments and recommend security controls; • Design secure solutions for cloud, applications, and infrastructure; • Support development, infrastructure, and DevOps teams in implementing controls; • Assess security configurations (hardening, baselines, CIS Benchmarks); • Support audit, compliance, and vulnerability management processes; • Conduct threat modeling, risk analysis, and provide recommendations for internal systems and third-party vendors; • Advanced knowledge of OWASP Top 10, CWE, NIST, and security standards; • Experience performing security-focused code reviews to assist development teams in remediating vulnerabilities; • Develop scripts and automations for vulnerability analysis and mitigation;