This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This position requires an active Public Trust clearance or the ability to obtain a Public Trust clearance to be considered. The right candidate will be a driven cybersecurity leader with a deep commitment to privacy and public service. Recognized for exceptional communication and interpersonal skills, working with and influencing executive, technical, and mission stakeholders to align priorities and drive outcomes. Lead complex, cross-functional cybersecurity teams and vendor ecosystems with clarity and accountability, delivering measurable results. Able to translate complex toolsets and requirements into actionable roadmaps, ensuring disciplined execution and high integrity program delivery. Responsibilities - Lead NSF’s enterprise cybersecurity and privacy program; set objectives, coach for performance, ensure cross-training and continuity; maintain an adaptive posture with rigorous analysis and implementation. - Govern to NIST RMF (SP 800-37), FISMA, OMB guidance, NIST SP 800-series (including privacy controls), CISA BODs, and FedRAMP; own FISMA IG maturity targets and drive quarterly improvements with metrics-based reporting. - Develop and maintain cybersecurity and privacy policies, plans, procedures, standards, operational guides; establish and manage a documentation and knowledge repository. - Drive risk-based management and security-focused configuration management across infrastructure and applications; maintain risk registers, executive dashboards, and remediation plans. - Privacy Program Management: Partner with SAOP (Senior Agency Official for Privacy) to lead oversight; conduct privacy control assessments (NIST SP 800-53 Rev. 5 privacy, OMB memos); maintain a privacy risk register; embed privacy risk in enterprise reporting; deliver compliance reporting and corrective actions. - Assessment and Authorization/Continuous Monitoring: Lead A&A/Ongoing Authorization; plan and execute assessments aligned to NIST SP 800-53/53A, 800-171/172; manage evidence, weakness analysis, POA&Ms, and durable closure; mature Continuous Monitoring and DHS CDM integrations, dashboards, automated reporting, and alert fidelity. - SIEM (Security Information and Event Management) Monitoring and Audit Logging: Oversee Splunk operations; enforce audit logging standards, log source coverage (infrastructure, applications, cloud), retention/integrity, and compliance mapping; tune detections and dashboards. - Zero Trust and Modernization: Execute NSF’s Zero Trust plan across identity, devices, networks, applications/workloads, and data; implement comprehensive monitoring, risk-based access, automation; conduct red/blue team testing; advance data-centric security, DLP, and protection of sensitive/PII; plan for post-quantum cryptography transitions. - Identity and Account Management: Own enterprise IAM governance—joiner/mover/leaver automation, identity proofing, MFA and conditional access, ABAC (Attribute-Based Access Control)/RBAC (Role-Based Access Control) design, federation, lifecycle monitoring metrics; enforce least privilege, just-in-time/just-enough access. - Privileged Access Management: Lead CyberArk operations for vaulting, credential rotation, session monitoring/recording, access brokering; integrate with IdP, ticketing, and automation to reduce risk and improve efficiency. - Application Security and DevSecOps: Establish secure SDLC standards, threat modeling, secure code reviews, SAST (Static Application Security Testing)/DAST (Dynamic Application Security Testing)/SCA(Software Composition Analysis) in CI/CD, developer training; enforce configuration management; track AppSec KPIs (coverage, defect density, remediation time). - Cloud and External Services Reviews: Conduct security reviews, analysis, and continuous monitoring of cloud/external services; validate FedRAMP inheritance and compensating controls; enforce CSPM policies; perform vendor risk assessments; run quarterly posture reviews and remediation. - Operations, IR, and Forensics: Lead SOC operations and major incident response including after-hours surge; drive root cause analysis, lessons learned, corrective actions; direct IT forensics and eDiscovery with proper chain-of-custody and audit-ready evidence. - Continuity, Contingency, and Service Recovery: Direct BCP (Business Continuity Plans)/DR (Disaster Recovery) strategy with defined RTO (Recovery Time Objective)/RPO (Recovery Point Objective); run tabletop and failover exercises; manage dependency mapping, evidence capture, and corrective actions to meet restoration objectives. - Supply Chain Risk Management: Support ICT (Information and Communications Technology) SCRM (Supply Chain Risk Management) across development, acquisition, maintenance, and disposal; integrate NIST SP 800-161r1 practices, oversee ongoing monitoring and end-of-life disposal controls. - Infrastructure Asset Identification and Classification: Establish authoritative asset inventory and classification standards; integrate with CMDB and DHS CDM for visibility, control coverage, and risk reporting. - Independent Reviews and SCIF Support: Coordinate internal and third-party independent security reviews; support SCIF-related security operations and processes as required. - Tool Refresh and Maturation: Plan refresh cycles and maturity targets for SIEM (Splunk), EDR/XDR, vulnerability scanning, IAM/IdP, PAM (CyberArk), DLP, CSPM/CWPP, configuration management tools, and cloud-native services; measure efficacy and ROI; deprecate low-value tools. - Cybersecurity and Privacy Training: Own awareness and role-based training programs; coordinate content, track completion, measure effectiveness (e.g., phishing resilience), and drive continuous improvement. - Reporting and Deliverables: Deliver monthly/quarterly reports covering FISMA IG maturity, POA&M status/closure, CDM dashboards, SIEM coverage and detection efficacy, incident metrics (MTTD/MTTR), audit response packages, training metrics, continuity/DR test results, and executive risk dashboards. - Performs other job-related duties as assigned. Qualifications - 10+ years of cybersecurity leadership; 5+ years leading federal or large enterprise programs with multi-vendor teams. - Demonstrated privacy program leadership in federal environments; partnership with SAOP; execution of PIAs (Privacy Impact Assessments)/SORNs (Systems of Records Notices) and privacy control assessments. - Deep experience with NIST RMF, FISMA, OMB guidance, NIST SP 800-series (including 53/53A and privacy controls), CISA BODs, FedRAMP, DHS CDM. - Proven A&A/Ongoing Authorization leadership; strong continuous monitoring, assessment planning/execution, evidence management, POA&M remediation. - SIEM/Splunk expertise: detections, dashboards, content tuning, data onboarding, audit/log monitoring, and threat analytics. - IAM governance: IdP/IAM platforms (Azure AD/Entra, Okta, Ping), conditional access/MFA, lifecycle automation, ABAC/RBAC policy design, identity proofing, federation. - PAM/CyberArk: architecture and operations for vaulting, credential rotation, session recording, least privilege, JIT/JEA access, and workflow integrations. - Application Security/DevSecOps: secure SDLC, threat modeling, secure code reviews, CI/CD integrations; tooling such as GitLab/GitHub Actions, SonarQube, Veracode, Snyk; familiarity with NIST SSDF. - SOC leadership, incident response, forensics/eDiscovery; cloud security governance across major CSPs; CSPM/CWPP policy design and enforcement. - SCRM and vendor risk management implementing NIST SP 800-161r1; SBOM practices; lifecycle controls from acquisition through disposal. - BCP/DR planning and execution; defined RTO/RPO; exercise orchestration and evidence management. - Strong automation orientation; ability to write and evaluate code in PowerShell, Python, SQL, Java; familiarity with VBA. - Experience establishing authoritative asset inventories and CMDB/CDM integrations; audit logging standards and compliance mapping. - Bachelor’s in Cybersecurity, Information Assurance, Computer Science, Engineering, or related field; Master’s preferred. - Certifications preferred: CISSP, CISM, CRISC, CAP, CCSP, PMP. - Splunk certifications (e.g., Power User, Admin) and CyberArk certifications (Defender, Sentry, Guardian) preferred. - Privacy certification strongly preferred: CIPP/G or equivalent federal privacy leadership experience. - Must pass pre-employment qualifications of Cherokee Federal. Benefits - Estimated Starting Salary Range: $180,000 - $190,000 (Pay commensurate with experience). - Full-time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided. - Benefits are subject to change with or without notice. Company Description Criterion is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about Criterion, visit cherokee-federal.com.

Where You’ll Work Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system. Job Summary and Responsibilities This position is remote, but requires 50% travel and must be located in the Colorado Springs area. The Clinical Engineering Med Device Security Eng I mitigates medical device vulnerabilities and threats at a system level by developing and testing remediation instructions, and partnering with cross-functional teams to implement mitigation strategies. In the event of a security incident, this position leads remediation efforts and coordinates with cross-functional teams to return medical devices to service and to implement measures that will prevent future attacks. The Clinical Engineering Med Device Security Eng I has system level responsibilities to safeguard CommonSpirit's medical device environment to ensure device integrity and resilience by assessing, monitoring and responding to security vulnerabilities and threats. This role ensures that medical devices comply with relevant cybersecurity regulations, standards and guidelines. - Collaborate with cross-functional teams to implement mitigation strategies that address medical device security vulnerabilities and threats. - Develop and test medical device security patching and remediation instructions to mitigate risks while also maintaining the integrity of the devices to ensure device reliability and patient safety. - In the event of a security incident, lead system wide remediation efforts by coordinating with cross-functional teams to return the devices to service and to implement measures that will prevent future attacks. - Conduct comprehensive assessments of system wide medical devices to identify potential security risks and vulnerabilities by reviewing MDS2 forms, and obtaining information from medical device OEMs. - Ensure that medical devices comply with relevant cybersecurity regulations, standards and guidelines. - Resolve technical challenges and provide support to field technicians. The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned. Job Requirements Required - Bachelors Other HTM, Computer Science, Technology, Business discipline or equivalent professional experience - Minimum of 2-4 years working in healthcare/IT Security, System Administration, Software Development or related field. - 1-2 years experience working in a healthcare/medical environment - Experience working with specialized medical equipment in a healthcare setting. - Experience with Cybersecurity and Infrastructure Security Agency (CISA), HIPAA/HITECH compliance standards. - Experience working with the software development life cycle or project management methodologies. Preferred - Certified Radiology Equipment Specialists (CRES) - Certified Biomedical Equipment Technician (CBET) - CompTIA A+ Certification - Certified Hthcare Tech Mgr (CHTM) - CompTIA Network +

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description itD is seeking a Cloud Security Compliance Engineer (SOC 2 Automation) to lead the design and implementation of automated evidence collection and compliance processes that strengthen security governance and ensure audit readiness across cloud environments. This role will drive scalable compliance automation, streamline SOC 2 reporting efforts, and help maintain a strong security posture through efficient evidence management and cross-team collaboration. The ideal candidate will bring deep experience in cloud security compliance and automation and a track record of delivering reliable, audit-ready evidence pipelines that improve operational efficiency and reduce manual compliance overhead. Location: Remote (United States) Duration: 3 months Responsibilities - Design, develop, and maintain automated processes and tools to collect and manage evidence required for SOC 2 compliance. - Establish and manage evidence retention policies and procedures to ensure alignment with SOC 2 requirements and audit standards. - Develop and execute structured plans for collecting and organizing compliance evidence related to security controls, policies, and operational procedures. - Collaborate with cross-functional teams to integrate automated evidence collection processes into existing systems and workflows. - Maintain clear documentation of automation processes and produce detailed compliance reports to support audit readiness. - Validate the accuracy and completeness of compliance evidence and work with internal stakeholders to resolve discrepancies or gaps. - Identify opportunities to improve automation, reliability, and scalability of evidence collection and compliance reporting processes. Internal Responsibilities - Attend regular internal practice community meetings. - Collaborate with your itD practice team on industry thought leadership. - Complete client case studies and learning material (blogs, media material). - Build out material to contribute to the Digital Transformation practice. - Attend internal itD networking events (in person and virtual). - Work with leadership on career fast-track opportunities. Qualifications - Experience designing and implementing automated processes for SOC 2 compliance evidence collection. - Experience collecting and managing SOC 2 compliance evidence within a cloud security environment. - Strong understanding of SOC 2 frameworks, security controls, and compliance requirements. - Experience with cloud security and operations in Google Cloud Platform (GCP). - Strong knowledge of GCP security best practices, controls, and compliance standards. - Experience with scripting or automation tools such as Python or Go. Preferred Qualifications and Skills - Industry security certifications such as CISSP or CISM. - Experience with security automation and compliance tooling. - Familiarity with cloud workload protection and security monitoring platforms. - Experience supporting security audits and compliance assessments. Education - Bachelor’s degree in Computer Science, Information Technology, or a related field required. - Master’s degree preferred. Benefits - Comprehensive medical benefits. - 401k plan. - Paid holidays. - More benefits available. Company Description About itD: We are part of a new generation of consulting and software development company that blends diversity, innovation, and integrity with real business results. Our structure rejects any strong hierarchy, empowering us to deliver excellent results. We are a woman- and minority-led firm. Every day, we challenge ourselves to be considerate, fair and to re-think what great outcomes mean for our customers. This permeates down to how we approach every interaction, on every project, for every client. You’ll thrive here if you are a dynamic self-starter, a difference-maker or someone who wants to deliver great results, without constraints. The itD Digital Experience: Joining us means you’ll be part of our global community, you have a say about your own career journey, and you’ll get a chance to give back to causes that matter. You will experience working with Fortune 500 companies and high-performance teams across numerous industries. itD offers our employees excellent benefits such as medical, dental, vision, life insurance, paid holidays, 401K + matching, networking & career learning and development programs. We are growing and we want to see you grow!

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Cybersecurity Intern will support our small IT/security team in protecting staff, volunteers, and client data across our nonprofit systems and cloud services. This role is ideal for student or early-career professionals who want hands-on experience with Microsoft Defender, Cloudflare, 1Password, and security awareness platforms in a real production environment with limited budgets and high mission impact. Key Responsibilities - Monitor and triage security alerts from Microsoft Defender (endpoints, identity, and email) and escalate issues to the IT/security lead. - Review Microsoft 365 and Azure AD sign-in logs and conditional access alerts for suspicious activity, such as impossible travel, risky sign-ins, and MFA failures. - Assist with managing Cloudflare security, including reviewing DNS and bot protection events. - Assist with managing 1Password for teams, including onboarding and offboarding users, organizing vaults, reviewing access permissions, and encouraging strong password and passkey practices. - Support phishing and security awareness programs using KnowBe4 to help develop campaigns, track outcomes, and prepare short training sessions and follow-up communications for staff. - Assist with vulnerability and configuration assessments on Windows endpoints and key SaaS services, documenting findings and tracking remediation efforts. - Help respond to basic security incidents, such as suspected phishing, account compromise, or malware alerts, following documented playbooks and runbooks. - Assist in documenting security procedures, checklists, and “how-to” guides designed for non-technical staff and volunteers. - Participate in at least one focused project, such as improving 1Password usage, tightening M365 security baselines, or enhancing phishing simulations, that align with both your interests and the organization’s needs. Learning Outcomes - Explain and apply basic security principles in a nonprofit IT environment, including privilege, MFA, and secure password management. - Use Microsoft Defender and related logs to identify and document common threats like phishing, malware, and suspicious sign-ins. - Support the deployment and adoption of 1Password as an enterprise password manager to decrease password reuse and enhance credential hygiene. - Learn how Cloudflare safeguards web assets and identify typical DNS problems in real-world scenarios. - Assist in planning and executing security awareness and phishing campaigns that promote culture change instead of assigning blame. Qualifications - Currently pursuing an Associate’s, Bachelor's, or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. - Engaging in equivalent self-directed learning such as certificates or bootcamps. - Solid understanding of networking, operating systems (especially Windows), and key security concepts like MFA, phishing, and least privilege. - Knowledge of Microsoft 365 and fundamental cloud concepts. - Interest in learning enterprise tools like Microsoft Defender, Cloudflare, and 1Password (prior experience is a plus but not required). - Strong communication skills and patience when working with non-technical staff in a mission-driven environment. - Proven reliability, confidentiality, and integrity in managing sensitive information. Requirements - Location: Fully Remote - Pay Rate: $25.00 per hour. Since this is a temporary position, it is not eligible for benefits. - This is a Part-Time Internship: 20-25 hours per week. - Interns must have their own laptop and access to high-speed internet. - Reports To: Jeff Gray, Director of IT Infrastructure & Cyber Security. Company Description Circular Action Alliance is an equal employment opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex (including pregnancy, childbirth, lactation, and related medical conditions), national origin, military or veteran status, sexual orientation, gender identity, age or any other category protected by applicable federal, state, or local law. If you require accommodation as part of the application process, please contact careers@circularaction.org.