CTG is seeking to fill a Cybersecurity Risk Analyst (GRC / IT Risk & Compliance) position for our client. Location: RemoteDuration: 12 months Responsibilities: - Conduct IT risk assessments using FAIR, NIST, MITRE, and other frameworks - Identify, analyze, and prioritize cybersecurity risks; recommend mitigation strategies - Support GRC initiatives, compliance audits, and policy enforcement - Collaborate with IT, security, and business teams to align risk management with organizational goals - Communicate complex risk concepts clearly to technical and non-technical audiences Required Skills & Experience: - 5+ years in IT risk, GRC, or cybersecurity - Strong knowledge of cybersecurity frameworks, IT policies, and compliance requirements - Decision-making, critical thinking, and analytical skills - Excellent written and verbal communication skills - Project management and risk reporting experience Preferred Certifications: OpenFAIR, CCSK, CISSP, CISM, or equivalent Education: Bachelor’s degree in Information Security, CS, IS, or related field (or equivalent experience) Excellent verbal and written English communication skills and the ability to interact professionally with a diverse group are required. CTG does not accept unsolicited resumes from headhunters, recruitment agencies, or fee based recruitment services for this role. To Apply:To be considered, please apply directly to this requisition using the link provided. For additional information, please contact Rebecca Olan at Rebecca.Olan@ctg.com. Kindly forward this to any other interested parties. Thank you! The expected base salary for this position ranges from $105,000 to $115,000. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, market factors, and where applicable, licensure or certifications obtained. In addition to salary, a competitive benefit package is also offered. About CTG CTG, a Cegeka company, is at the forefront of digital transformation, providing IT and business solutions that accelerate project momentum and deliver desired value. Over nearly 60 years, we have earned a reputation as a faster and more reliable, results-driven partner. Our vision is to be an indispensable partner to our clients and the preferred career destination for digital and technology experts. CTG leverages the expertise of over 9,000 team members in 19 countries to provide innovative solutions. Together, we operate across the Americas, Europe, and India, working in close cooperation with over 3,000 clients in many of today's highest-growth industries. For more information, visit www.ctg.com. Our culture is a direct result of the people who work at CTG, the values we hold, and the actions we take. In other words, our people define our culture. It's a living, breathing thing that is renewed every day through the ways we engage with each other, our clients, and our communities. Part of our mission is to cultivate a workplace that attracts and develops the best people. CTG will consider for employment all qualified applicants including those with criminal histories in a manner consistent with the requirements of all applicable local, state, and federal laws. CTG is an Equal Opportunity Employer. CTG will assure equal opportunity and consideration to all applicants and employees in recruitment, selection, placement, training, benefits, compensation, promotion, transfer, and release of individuals without regard to race, creed, religion, color, national origin, sex, sexual orientation, gender identity and gender expression, age, disability, marital or veteran status, citizenship status, or any other discriminatory factors as required by law. CTG is fully committed to promoting employment opportunities for members of protected classes.

Role Description In this role, you will help protect customers and U.S. Bank by detecting, investigating, and preventing fraudulent activity across several products. You will research transactions and digital interactions with U.S. Bank. Types of activity include, but are not limited to: - Money movement through Wire, ACH, RTP, P2P, Zelle, and FedNow channels - Website and mobile application usage anywhere our customers are in the world To be successful in this role, you need to have excellent investigative techniques, knowledge of the banking industry, and be digitally engaged with mobile and online applications. A top-notch fraud analyst should be able to: - Work quickly, sometimes under pressure - Have meticulous attention to detail This position will work cases using various investigation methods and tools. Customer contact via email/phone is frequently needed for the investigations. If fraud is suspected or confirmed, the analyst will stop or return the transaction in question if possible. Key accountabilities: - Monitors account activity to identify fraudulent financial transactions and violations - Secures accounts to prevent losses - Coordinates with internal departments to validate that charges are authorized - Works with merchants to resolve customer service issues or fraudulent activity - Maintains merchant processing statistics and records - Representing US Bank professionally via inbound/outbound calls related to fraud mitigation operations Qualifications - Ability to interpret technical and administrative instructions independently and use them as a guide in solving similar problems or situations - Experience with loss mitigation - Proven experience in constantly meeting performance metrics - SLA adherence and Quality Assurance (QA) accuracy - Effective verbal and written communication skills - Proficient computer navigation skills using a variety of software packages, including Microsoft Office applications - Excellent English (written and spoken - C1). Fluency in Spanish is a plus but not required. - Three to five years of relevant work experience (preferably in fraud prevention, risk, or a related field) - Willingness to contact customers via phone or in writing when necessary to verify suspicious activity - Ability to make risk-mitigating decisions with excellent accuracy levels - Strong time management skills in a fast-paced, SLA-driven environment - High school diploma or equivalent Requirements - Working hours from 21:30-5:00 - Tuesday-Saturday - Afternoon/night shifts (throughout the week/weekends) with flexible scheduling - This role is remote - This position is not eligible for visa sponsorship Benefits - Market-competitive compensation package that includes clearly defined salary ranges aligned with industry benchmarks and internal equity standards - Performance-based incentives for eligible employees, awarded through transparent, objective criteria that recognize both individual and company performance - Inclusive equitable benefits that are accessible to all employees and focused around our 3 main pillars of financial wellbeing, health & wellness - Continuous development opportunities including training, education support, and career progression pathways based on inclusive and transparent criteria - Employee recognition programs that celebrate achievements and milestones for all

• Completes risk control assessments for prospective, new and renewal accounts for the purpose of making risk determinations for underwriting. • Develops corresponding recommendations for risk reduction on identified exposures. • Performs a combination of duties in accordance with departmental guidelines. • Performs risk assessments for low to moderate risk assignments for prospective, new and renewal business to support underwriting process. Includes recommending solutions to customers to minimize risk. • Assists senior risk control staff on more complex assignments. • Develops risk assessment reports and utilizing risk control and other CNA systems. • Develops customer correspondence to confirm onsite risk assessments and corresponding recommendations or business solutions to minimize identified risk exposures. • Partners with underwriting to review accounts for branch operational issues, profitability, claims, agency management, etc. • May be required to perform jurisdictional inspections. • Makes field visits with underwriters or senior Risk Control staff to agents/brokers to build relationships and market Risk Control products and services. • Interacts with Claims as necessary to obtain more information on specific claims on assigned accounts as well as the overall claims process. • Develops skills to identify root cause of loss trends and emerging issues.

Job Description At Boeing, we innovate and collaborate to make the world a better place. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us. We are seeking a highly experienced Senior Cybersecurity Third-Party Risk Analyst to perform advanced, technical assessments of third-party cyber risk and to design automation and process improvements using configuration, integration, and agentic AI capabilities. This senior individual contributor will focus on developing hands-on assessment processes to evaluate vendor controls, validate technical evidence, and drive remediation recommendations - while also building robust automation and configuration assets (scripts, connectors, playbooks, and AI agents) to scale assessment throughput, improve data quality, and accelerate risk decisions. A strong emphasis on lean process enhancement will ensure the program delivers higher velocity, lower waste, and measurable improvements in assessment quality and cycle time. Though the position is primarily remote, there will be times to go into a Boeing facility. Candidates must live near a Boeing Facility or be willing to relocate at their own expense. This position requires candidates to be a US Person (Green Card holder or US Citizen) Key Responsibilities - Design & Execute end-to-end cybersecurity third-party assessments for strategic and high-risk vendors, including questionnaire reviews, technical evidence validation, architecture reviews, cloud configuration analysis, IAM assessments, encryption and key management reviews, logging/monitoring validation, and vulnerability/penetration test interpretation. - Produce repeatable processes that create clear, prioritized risk findings and remediation guidance tailored to vendor risk and business impact - Design, build, and maintain automated assessment capabilities: evidence collection scripts, API connectors, ETL pipelines, data validation routines, and integration points with TPRM/GRC platforms (Aravo, ServiceNow GRC, RSA Archer, OneTrust, etc.). - Develop and deploy agentic AI components (e.g., automated evidence triage, document ingestion and extraction, risk-scoring assistants, remediation suggestion agents) while ensuring safe, auditable, and privacy-preserving behavior. - Lead lean process improvement initiatives across the assessment lifecycle: map value streams, eliminate waste, reduce handoffs, optimize SLAs, and implement continuous improvement cycles to increase throughput and quality. - Create and maintain technical assessment artifacts: standardized templates, evidence matrices, technical checklists, assessment playbooks, and scoring rubrics that support repeatability and auditability. - Validate and tune automated scoring models and AI outputs; perform periodic calibration and manual reviews to ensure accuracy and reduce false positives/negatives. - Collaborate closely with Procurement, Legal, Security Operations/CIRT, Privacy, and other business stakeholders to ensure technical assessment findings map to contractual requirements and incident response expectations. - Support remediation verification and re-assessment - use automation to track evidence submission, validate fixes, and update risk status. - Maintain strong documentation & processes to support change management of automation logic, AI agent behaviors, data mappings, integration schemas - Stay current on emerging attack techniques, supply chain threats, automation best practices, responsible AI controls, and lean methods; propose and implement improvements. Basic/Required Qualifications - 5+ years of cybersecurity experience with at least 3 years focused on third-party/vendor security assessments or equivalent technical assessment roles. - Deep hands-on expertise reviewing technical artifacts: cloud console evidence (AWS/Azure/GCP), architecture diagrams, IAM configurations, network security, encryption, logging/monitoring, vulnerability scans, and penetration test reports. - Proven ability to translate technical findings into concise executive-level summaries and remediation plans; excellent written and verbal communication skills. - Demonstrated experience applying lean principles or continuous improvement methods to operational processes - ability to run value stream mapping, define and measure waste, and implement sustainable improvements. - Comfortable working independently as a senior individual contributor and coordinating across technical and non-technical stakeholders; experience in agile environments and using agile tooling (ADO, JIRA). Preferred Qualifications - Bachelor's degree in Computer Science, Information Security, Engineering, or related technical field; advanced degree (MS or equivalent) preferred. - Industry recognized security certifications (CISSP, CISM, CRISC) and/or cloud security certifications (AWS/Azure/GCP Security) preferred. - Strong configuration skills for security/TPRM tooling (Aravo, ServiceNow GRC, RSA Archer, OneTrust, or similar) including forms, workflows, scoring, and data model configuration. - Formal training or certification in Lean/Six Sigma, Kaizen, or similar continuous improvement methodologies. - Practical experience designing, training, or integrating agentic AI components (LLM orchestration, retrieval-augmented generation, agent frameworks) into security processes - able to implement guardrails, audit logging, and privacy controls. - Prior experience implementing AI governance for security use cases - Familiarity with software supply chain risk concepts (SBOMs) - Experience with SIEM/SOAR integrations, vulnerability management platforms, and continuous monitoring - Experience working in regulated industries (finance, aviation, healthcare, defense) or with global privacy/regulatory requirements (GDPR, CMMC, etc...). Typical Education/Experience: - Education/experience typically acquired through advanced education (e.g. Associate) and typically 2 or more years' related work experience or an equivalent combination of education and experience (e.g. Bachelor+1 years' related work experience, 5 years' related work experience, etc.). Relocation: Relocation assistance is not a negotiable benefit for this position. Candidates must live in the immediate area of a Boeing facility or relocate at their own expense. Drug Free Workplace: Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria are met as outlined in our policies. Pay & Benefits: At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities. The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and several programs that provide for both paid and unpaid time away from work. The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements. Pay is based upon candidate experience and qualifications, as well as market and business considerations. Pay Range is dependent on geographical location and experience: Senior - $128,700 - $181,500 Applications for this position will be accepted until Apr. 04, 2026 Export Control Requirements: This position must meet U.S. export control compliance requirements. To meet U.S. export control compliance requirements, a "U.S. Person" as defined by 22 C.F.R. §120.62 is required. "U.S. Person" includes U.S. Citizen, U.S. National, lawful permanent resident, refugee, or asylee. Export Control Details: US based job, US Person required Relocation Relocation assistance is not a negotiable benefit for this position. Visa Sponsorship Employer will not sponsor applicants for employment visa status. Shift This position is for 1st shift Equal Opportunity Employer: Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.