Now Brewing – Cybersecurity Analyst, Sr. – Governance Risk & Compliance! #tobeapartner From the beginning, Starbucks set out to be a different kind of company. One that not only celebrated coffee and the rich tradition, but that also brought a feeling of connection. We are known for developing extraordinary leaders who share this passion and are guided by their service to others. Are you passionate about leading complex technical initiatives that strengthen our security posture and protect our partners, customers and brand? As a Cybersecurity Analyst, Sr. on the Cybersecurity Project Management team, you will drive high-impact, cross-functional programs and initiatives that deliver governance, risk and compliance and risk-mitigation capabilities across the enterprise. You bring clarity to ambiguity, create structure in fast-moving environments and execute with precision. This role requires a strategic thinker who is deeply hands-on, capable of guiding programs from initial concept through planning, execution, deployment and successful closeout. You will partner closely with engineering, security and business teams to translate cybersecurity compliance requirements into actionable plans that deliver measurable outcomes and reduce organizational risk. As a Cybersecurity Analyst, Sr, you will… - Lead large-scale, highly complex cybersecurity, infrastructure and governance, risk and compliance (GRC) initiatives from concept to delivery, coordinating across multiple teams and regions. - Translate complex technical and security and compliance challenges into structured, actionable project plans, ensuring alignment and coordination across cross-functional delivery teams. - Drive execution with rigor and attention to detail, while maintaining strong governance and risk management practices. - Communicate with executive presence, delivering crisp updates and influencing decision-making across all levels of the organization. - Develop and execute organizational change management plans – including communication strategies, readiness assessments, stakeholder engagement and training coordination across multiple concurrent projects. We’d love to hear from people with: - 10+ years of analyst or program/project management experience, including 3+ years leading and supporting governance, risk and compliance programs within large or highly regulated organizations. - Proven success managing large, cross-functional programs with multiple workstreams and global stakeholders. - Familiarity with GRC processes and frameworks including PCI DSS, SWIFT, SOC 2, ISO 27001/27002, NIST CSF, and broader enterprise risk management practices. - Experience managing deployment and integration of technical or security solutions across global environments, ensuring alignment with enterprise controls, standards and audit/compliance requirements. - Hands-on experience supporting compliance initiatives (e.g. evidence collection, control validation, remediation planning, reporting), with the ability to translate requirements to actionable delivery plans. - Strong organizational skills and a proactive, execution-focused mindset, with a track record of driving clarity, managing risk, and delivering results in fast-paced or ambiguous environments. - Ability to anticipate compliance risks, identify control gaps, and partner with engineering, security and audit teams to ensure effective remediation and sustainable control posture. - Experience applying organizational change management (OCM) frameworks (e.g. ADKAR, Prosci) across technical, security or compliance-driven initiatives As a Starbucks partner, you (and your family) will have access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits. Partners have access to short-term and long-term disability, paid parental leave, family expansion reimbursement, paid vacation from date of hire*, sick time (accrued at 1 hour for every 25 hours worked), eight paid holidays, and two personal days per year. Starbucks also offers eligible partners participation in a 401(k) retirement plan with employer match, a discounted company stock program (S.I.P.), Starbucks equity program (Bean Stock), incentivized emergency savings, and financial well-being tools. Additionally, Starbucks offers 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan, student loan management resources, and access to other educational opportunities. You will also have access to backup care and DACA reimbursement. Starbucks will comply with any applicable state and local laws regarding employee leave benefits, including, but not limited to providing time off pursuant to the Colorado Healthy Families and Workplaces Act, and in accordance with its plans and policies. This list is subject to change depending on collective bargaining in locations where partners have a certified bargaining representative. For additional information regarding partner perks and more detailed information about benefits, go to starbucksbenefits.com. *If you are working in CA, CO, IL, LA, ME, MA, NE, ND or RI, you will accrue vacation up to a maximum of 120 hours (190 in CA) for roles below director and 200 hours (316 in CA) for roles at director or above. For roles in other states, you will be granted vacation time starting at 120 hours annually for roles below director and 200 hours annually for roles director and above. The actual base pay offered to the successful candidate will be based on multiple factors, including but not limited to job-related knowledge/skills, experience, geographical location, and internal equity.  At Starbucks, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. Join us and inspire with every cup. Apply today! Starbucks Coffee Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or protected veteran status, or any other characteristic protected by law. Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.   Starbucks Coffee Company is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at applicantaccommodation@starbucks.com or 1(888) 611-2258.

Company Summary Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. Position Overview The Mid Information System Security Officer (ISSO) (IAM 2) will support the Defense Security Cooperation Agency (DSCA) Cybersecurity (CYBR) team by providing expertise in Risk Management Framework (RMF) activities, security control assessments, controls validation, and continuous monitoring. The role involves ensuring compliance with RMF, IT, and Federal Information System Controls Audit Manual (FISCAM) guidelines, and supporting the cybersecurity responsibilities detailed in the DSCA CYBR Service Catalog. Work Location: Fully Remote Clearance: Active Secret Clearance Job Responsibilities and/or Success Factors - Produce all required DOD compliance documentation for RMF, Audit Response and Remediation, Cyber Task Orders, Required Scorecards, Privacy documentation, and other compliance requirements as detailed in the DSCA CYBR Service Catalog. - Draft and coordinate cybersecurity-related documentation to meet required standards, controls, and metrics. - Support all steps of the RMF process (Steps 0-6) required to gain and maintain DOD Information Network (DODIN) and agency commercial network authority to operate. - Assist in categorization, control selection, implementation, and tailoring support, as well as support of assessments from the ISSO role. - Prepare and validate controls in eMASS packages for assessment and review. - Ensure that control requirements are well-defined and that necessary documentation and evidence are gathered for validation and assessment. - Work in the DOD GRC tool Enterprise Mission Assurance Support Service (eMASS) to support control validation. - Conduct continuous monitoring of information systems to detect vulnerabilities, threats, and security incidents. - Utilize security tools and technologies to perform regular scans, assessments, and analysis of system vulnerabilities. - Maintain and update continuous monitoring processes and procedures to ensure they are effective and aligned with organizational requirements. - Assist in the configuration and maintenance of security tools and technologies provided by the CSSP. - Assist in the detection, analysis, and response to cybersecurity incidents. - Participate in incident response activities, including triage, containment, eradication, and recovery. - Document and report on incident response activities, providing detailed analysis and recommendations for improvement. - Provide support to the Watch Officer in monitoring and managing cybersecurity events and incidents. - Maintain situational awareness of the organization's security posture and emerging threats. - Assist with the performance of daily and ad hoc/on-demand vulnerability scans, monthly audit scans, and monthly discovery scans. - Provide weekly vulnerability compliance reporting to ISSMs. - Review and adjust assets, subnets, credentials, and policies to properly manage C5ISR provided Assured Compliance Assessment Solution (ACAS) solutions. - Track and ensure configuration compliance of Enterprise Security Services (ESS) Suite with RMF, ATO, and Inspection requirements. - Assist with the maintenance of completed security waiver forms in coordination with EADSD and ISSM (PMO). - Work with TSD to implement effective scanning, COAMS System Registration, and Continuous Monitoring Scoring (CMRS) Tagging. - Maintain and update Ports, Protocols, and Services Management (PPSM) records, including emergency and exception requests. - Support the maintenance and accuracy of DoD Allow List entries. - Maintain accurate and up-to-date documentation of all RMF, IT, and FISCAM controls validation activities. - Prepare and submit regular reports on the status of security controls, RMF activities, and DevSecOps pipeline security. - Provide detailed documentation and evidence to support security assessments and audits. - Support the maintenance and configuration needed to maintain accurate ingestion of logs from all assets. - Provide summaries of events/incidents, including time of event/incident, anomalous activity identified, asset names and IPs, affected users, and POC for outreach/additional actions. - Complete Cybersecurity Incident Reporting Forms and assist with the detection and analysis of cybersecurity events and incidents. - Support accurate IR POC list, accurate hardware/software and IP inventory, and accurate summary of event/incident. - Document efforts involved in mitigating cybersecurity-related events/incidents that occur within the enterprise. - Support the generation of performance monitoring reports to monitor asset availability. - Support the generation of system health and security posture reports for system owners and ISSMs. - Support accurate hardware and software inventory, accurate ingestion of logs from all assets, and accurate system performance and security posture baselines. - Conduct specified areas of focus/detail for trend analysis. - Support migration information provided by affected system ISSM and report vulnerabilities to appropriate system ISSMs/POCs. - Assist with the reporting to outside agencies, including JFHQ, battle stations, external leadership, and other DOD Agencies. - Support the correlated agency-level POA&Ms with the coordination of POA&Ms from DSCA to outside entities. - Help complete the Cybersecurity Incident Reporting Form, including additional inputs such as personnel logs, system logs, event logs, and accurate software and hardware inventory list. Education and Minimum Qualifications - Must be a US Citizen - Active Secret Clearance - Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field is required OR additional four (4) years of experience - Strong understanding of Risk Management Framework (RMF) processes and security control assessments, including experience with categorization, control selection, implementation, and assessment. - Minimum of two (2) years of relevant experience in cybersecurity, information assurance, or a related field. - Experience in IT controls validation and familiarity with Federal Information System Controls Audit Manual (FISCAM) guidelines. - Experience in incident response, continuous monitoring, and vulnerability management. - Proficiency in using security assessment tools and platforms such as eMASS (Enterprise Mission Assurance Support Service). - Familiarity with continuous monitoring processes and tools. - Experience with incident response processes and tools. - Knowledge of cybersecurity frameworks and standards, such as NIST, ISO 27001, and CIS Controls. Desired Qualifications: - Certifications such as CSSP, CISM, CISA, CAP, Security+, or equivalent is highly desirable. - Experience with OKTA - Experience as an ISSO or otherwise prior experience with IT Risk Management Framework Support. AAP Statement We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.

• Lead large-scale, highly complex cybersecurity, infrastructure and governance, risk and compliance (GRC) initiatives • Translate complex technical and security and compliance challenges into structured, actionable project plans • Drive execution with rigor and attention to detail • Communicate with executive presence • Develop and execute organizational change management plans

Role Description - Red team conversational AI models and agents by conducting jailbreaks, prompt injections, misuse cases, and bias exploitation. - Generate high-quality human data by annotating failures, classifying vulnerabilities, and flagging systemic risks. - Apply structure by following taxonomies, benchmarks, and playbooks to maintain consistent testing. - Document reproducibly by producing reports, datasets, and attack cases that customers can act on. - Work independently and asynchronously to meet deadlines while improving AI model performance. Qualifications - Must-Have: - Native-level fluency in English & Arabic. - Prior red teaming experience in AI adversarial work, cybersecurity, or socio-technical probing. - Strong communication skills to explain risks clearly to technical and non-technical stakeholders. - Preferred: - Experience in Adversarial ML, Cybersecurity, or Socio-technical risk. - Skills in Creative probing such as psychology, acting, or writing for unconventional adversarial thinking. Requirements - Hourly contractor, Paid weekly. Application Process - Upload resume - AI interview based on your resume - Submit form Resources & Support - For details about the interview process and platform information, please check: https://talent.docs.mercor.com/welcome/welcome - For any help or support, reach out to: support@mercor.com - PS: Our team reviews applications daily. Please complete your AI interview and application steps to be considered for this opportunity.