Harbor is seeking a Security Analyst to join our internal IT Operations team. This role is responsible for strengthening Harbor’s security posture through proactive vulnerability management, third-party risk management (TPRM), and client-facing security assurance activities. The ideal candidate brings hands-on experience with vulnerability scanning tools (particularly Qualys), strong analytical skills, and the ability to communicate security practices effectively across internal and external stakeholders. This is a fully remote position located in Canada or the Philippines and must align with United States working business hours (EST). Key Responsibilities: Vulnerability Management (Qualys-Focused) - Administer and operate Qualys for continuous vulnerability scanning across infrastructure, endpoints, and cloud environments - Analyze scan results, prioritize vulnerabilities based on risk, and coordinate remediation efforts with infrastructure and engineering teams - Track remediation progress and produce reporting dashboards and metrics for leadership - Continuously improve vulnerability management processes, including SLAs, exception handling, and risk acceptance workflows Third-Party Risk Management (TPRM) - Support and manage the third-party risk lifecycle, including vendor onboarding, assessments, and periodic reviews - Evaluate vendor security posture using standardized frameworks (e.g., SIG, CAIQ, or equivalent) - Maintain vendor risk inventory and ensure alignment with internal security policies Client Security Questionnaires & Assurance - Own and respond to client security questionnaires, RFPs, and due diligence requests - Collaborate with internal stakeholders to ensure accurate, consistent, and timely responses - Maintain a centralized knowledge base of standard responses to improve efficiency and consistency - Support audits and client security reviews as needed Security Posture & Governance - Review, update, and maintain security policies, standards, and procedures - Identify gaps in current security controls and recommend improvements aligned with industry frameworks (e.g., SOC2, ISO 27001) - Partner with IT and engineering teams to enhance overall security posture and maturity - Stay current on emerging threats, vulnerabilities, and best practices Incident Support & General Security Operations - Assist in the investigation and response to security incidents and vulnerabilities - Support internal security initiatives, including awareness, compliance, and risk reduction efforts - Contribute to continuous improvement of security tooling and processes Required Qualifications: - 4+ years of experience in information security, cybersecurity, or a related field - Hands-on experience with vulnerability management tools (preferably Qualys) - Experience responding to client security questionnaires or audit requests - Foundational understanding of network security concepts (firewalls, SIEM, IDS/IPS, endpoint protection) - Familiarity with risk management principles, including third-party/vendor risk - Familiarity with M365 Security Tools, Exchange Online Protection, Purview, a plus. Preferred Qualifications - Experience with TPRM programs or vendor risk platforms - Knowledge of security frameworks (ISO 27001, SOC 2) - Experience with remediation tracking and security metrics/reporting - Familiarity with penetration testing concepts and vulnerability exploitation techniques Education & Certifications - Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience) About Us: Harbor is the preeminent provider of expert services across strategy, legal technology, operations, and intelligence. Our globally integrated team of 800+ strategists, technologists, and specialists navigate alongside our clients – leading law firms, corporations, and their law departments – to provide essential resources and invaluable insights. Anchored in a rich heritage of deep knowledge, steadfast relationships, and mutual respect, our unwavering dedication lies in shaping the future of the legal industry and fostering enduring partnerships within our community and ecosystem. Harbor is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, marital status, civil union status, national origin, ancestry, age, parental status, disabled status, veteran status, or any other legally protected classification, in accordance with applicable law.

Role Description - Configure, troubleshoot, and maintain security infrastructure. - Respond to security alerts through investigation, documentation, and taking action as needed. - Provide audit support through evidence collection and implementing security controls. - Perform security assessments to support risk assessment and management activities. - Identify opportunities to improve security infrastructure and configurations. - Work cross-functionally with other teams on security initiatives. Qualifications - Strong interpersonal skills to collaborate inside and outside the team. - Strong willingness to learn, incorporate constructive feedback, and consistently improve technical skills. - Basic experience with security tooling, such as antivirus, remote access solutions, and MDM. - Basic experience with Linux and Windows environments. - Basic experience with Cloud platforms (AWS, Azure, GCP, etc.). - Basic experience with modern identity providers such as Azure AD or Google Workplace. - Familiarity with DevOps related concepts is a plus (CI/CD, GitOps, etc.). Company Description Level Data is a leader in K-12 education data solutions, offering innovative data management and integration services that empower schools to streamline operations, enhance student performance, and maintain accurate, real-time data. Our tools help educational institutions simplify data quality, reporting, and compliance - allowing educators to focus on what matters most: student success. Level Data is a fast-growing, software-as-a-service company.

Volkswagen Financial Services, a wholly-owned subsidiary of Volkswagen Group, is the trusted key to mobility for its brand partners. We are committed to supporting the Audi, Ducati, and Volkswagen brands and their Dealers, specializing in providing accessible mobility solutions for its Customers. The company’s offerings include Retail Leasing, Retail Financing, Commercial Financing for new and used vehicles, and End-of-Term vehicle disposition. Brief Role Description This position is Career Level 30L and is Home Based, with a Role Classification of Fully Remote. Role Summary The Sr. Manager of Information Security and IT GRC (Governance, Risk and Compliance) serves a critical and influential leadership position responsible for the planning, oversight and management of the Information Security Program to protect the confidentiality, integrity and availability of corporate and client information. The IT GRC Sr. Manager is responsible for directly managing the enterprise wide IT GRC team and makes strategic risk-based decisions enabling the achievement of business objectives and operational excellence. Leads the team that builds and deploys common governance, risk, and compliance processes, controls, conducts audits, and ensures that technologies and business operations structured and configured for data protection and compliance. Reporting directly to the CISO and functioning as Deputy CISO, this role owns and maintains the IT compliance program, technology risk assessment program, data governance program, cyber awareness training program, business continuity disaster recovery program and third-party risk program. Responsibilities within this Role Leadership and Management - Oversee all activities that address technological governance, risk and compliance - Understand, advocate and communicate company objectives, vision and strategy to staff to ensure contribution towards achieving VCI’s goals - Develop productive relationships with Business Unit leaders across the organization to influence how applications/technology solutions can enable new sources of value - Establish and monitor individual team member objectives and competencies in alignment with Talent Management practices Information Security and IT GRC Strategy and Delivery - Design and develop the enterprise Governance, Risk and Compliance strategy and roadmap that cost-effectively to meet the needs of the business as a whole - Oversee and mentor front line managers leading risk assessment processes using internal VW Group and industry standard frameworks and regulatory requirements including ITMS, ITSP2, GISP, NIST CSF, NYDFS, GLBA, FFIEC, CCPA, Quebec Privacy and Financial Services and US and Canadian Privacy Guidelines for FinTech Companies - Data Governance: - Work with stakeholders to ensure data governance activities are effectively carried out and act as a principal stakeholder on data governance committees and working groups - IT Compliance: - Oversee the team to facilitate and manage Internal and External Audits including supporting the Business Units with gathering of evidences and coordination of on-site examinations - Direct the IT GRC team to conduct on-going relationships with information and business owners on security issues and practices, monitoring compliance, and preparing and enforcing policies - Vendor & Third-Party Risk: - Maintain compliance reporting program and remediation tracking team to convey and influence compliance status of all relevant vendor and third-party relationships - Business Continuity & Disaster Recovery: - Develop detailed and holistic incident response plans which include training and exercising developed plans, implementing the use of technology for emergency use and ensuring partnership with internal and external partners - Validate IT key systems and services to identify continuity risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet requirements where applicable - Cyber Education, Training & Awareness: - Lead collaboration with internal teams to incorporate targeted security centered communications for various platforms and topics - Assist in the promotion of a compliance culture that encourages an “open door” policy for staff to seek clarification on compliance matters. Budgeting, Finance and Administration - Responsible for the day-to-day management of the IT GRC products and services including staffing, budgeting and other relevant management functions — and is required to hold each risk and compliance delivery team accountable for optimizing the cost, risk and value of solutions and products throughout the product life cycle Qualification requirements Relevant Experience: - 12+ years of experience in governance, risk and compliance with responsibility of a $5M budget or greater - 7+ years of experience in management role, managing a high performing team of employees in Information Security Risk and Compliance frameworks, such as SOX-ITGC, PCI, ISO 27001/27002, NIST CSF, GDPR, CCPA, etc., for financial services or similarly regulated industries Required Education: - B.S. in Information Technology, Computer Science (or related field) Required Skills: - Proven ability to lead and direct risk project teams in both traditional and agile development methodologies (XP, CI/CD, TDD, SAFe Agile) - Strong knowledge and experience in all facets of risk management; able to articulate how it applies to business - Strong background in third party risk management - Knowledge of agile and secure software development lifecycle processes and collaboration tools - Knowledge of effective cyber education, awareness and training Volkswagen Financial Services is an Equal Opportunity Employer. We welcome and encourage applicants from all backgrounds, and do not discriminate based on race, sex, age, disability, sexual orientation, national origin, religion, color, gender identity/expression, marital status, veteran status, or any other characteristics protected by applicable laws. This role description is a guideline and does not create contractual rights between the Company and any of its applicants. The Company does not enter into any type of employment contract, implied or written, with its applicants regarding job security. This Organization participates in E-Verify. We maintain a drug free workplace and perform pre-employment substance abuse testing.

• Avaliação de Arquitetura: Analisar e revisar arquiteturas de soluções OT, garantindo aderência às boas práticas de segurança cibernética. • Segurança de Equipamentos OT: Realizar avaliações de segurança em equipamentos como IEDs, PLCs, AMIs e dispositivos de campo. • Controles Cibernéticos: Desenvolver e implementar controles de segurança em ambientes OT, alinhados às normas e regulamentações vigentes. • Gestão de Vulnerabilidades: Identificar, classificar e gerenciar vulnerabilidades, garantindo ações corretivas em tempo hábil. • Monitoramento e Ferramentas: Configurar e operar ferramentas de IDS, antivírus e firewalls específicas para OT. • Análise e Troubleshooting: Realizar análise de pacotes e redes OT, solucionando problemas de desempenho e segurança. • KPIs e OKRs: Definir e acompanhar indicadores de desempenho e objetivos de segurança cibernética.