Join TRG Screen: Building World-Class Teams. One Expert at a Time. Are you ready to be part of a dynamic team at the forefront of subscription spend management innovation? At TRG Screen, we're not just redefining how organizations manage their subscription expenses – we're shaping the future of the industry. With cutting-edge solutions and a commitment to excellence, we empower businesses around the globe to optimize their subscription investments and drive sustainable growth. Join us in our mission to revolutionize subscription management and make a meaningful impact on the way businesses access and utilize critical information. At TRG Screen, your talent and ambition will find a home, where opportunities for growth and advancement abound. About TRG Screen TRG Screen is the leading provider of market data and subscription management technology and automation solutions, tailored to the unique needs of financial institutions and legal firms. Our integrated suite of solutions includes market data and subscription spend management, usage management, compliance reporting, and comprehensive managed services, which hundreds of clients worldwide use to remove cumbersome and inaccurate manual processes and gain control over market data and subscription costs at scale. For more than 25 years, TRG Screen has enabled businesses who rely on market data to monitor and strategically manage spending and usage of data and information services, including market data, research, software licenses, consulting and other necessary corporate expenses. TRG Screen solutions give decisionmakers full transparency into subscription spend and usage, enabling them to proactively manage subscription costs at scale, conduct more informed vendor negotiations, improve governance, and avoid unnecessary spending on these mission-critical business services. TRG Screen is headquartered in New York City, with offices in Europe and Asia, as well as a 24x7 client support center in Bangalore, India. TRG Screen is a portfolio company of Vista Equity Partners, one of the world’s largest and most respected private equity firms. Chief Information Security Officer (CISO), US The Role We are seeking a strategic and hands-on Chief Information Security Officer (CISO) to lead and evolve the security function at TRG Screen, a global provider of market data and technology cost management solutions serving leading financial institutions including banks, asset managers, and hedge funds. The role spans both internal security — corporate IT policies, controls, and a remote workforce across the US, EU, UK, and India — and external security, protecting the products and solutions we deliver to clients. Reporting to the CTO and working closely with the Head of IT/Operations, the CISO will operate across a complex infrastructure encompassing AWS, Azure, and on-premises data centres. This is a high-impact role with genuine ownership — you will set the security agenda for a growing global business, with the mandate and senior leadership backing to build the function on your own terms. The timing is significant: we are actively embedding AI into our products and operations, making this an opportunity to define how we approach AI security from the ground up, in a sector where data protection and client trust are paramount. Key Responsibilities - Security Strategy & Governance - Define and execute the company’s information security strategy, roadmap, policies, and standards - Define and enforce internal IT security policies, covering endpoint security, access management, and controls suited to a remote, globally distributed workforce - Maintain and build upon our existing certifications (ISO 27001, SOC 2 Type II), and drive expansion of SOC 2 coverage across our full product portfolio - Ensure compliance with GDPR and applicable data protection regulations across our EU and global client base, and support the organisation’s future pathway toward ISO 42001 for AI governance - Application & Product Security - Partner with Engineering to embed security into the software development lifecycle (SDLC) - Provide guidance on secure architecture and development planning - Oversee vulnerability management and remediation efforts - Own the external security posture of our client-facing products and solutions, ensuring security is embedded from design through to deployment - AI Security - Define and implement a framework for securing AI-powered features and capabilities embedded within our products, including the security of AI agents, models, and associated infrastructure - Govern the safe and compliant use of AI tools internally, including copilots and AI agents used by our workforce - Client & Operational Security - Oversee security aspects of client support operations, ensuring strong controls and responsiveness - Act as a key escalation point for security-related client matters - Support customer audits, security questionnaires, and due diligence processes - Risk Management & Incident Response - Identify, assess, and manage security risks across the business - Lead incident response planning and execution - Continuously improve detection and response capabilities - Leadership & Collaboration - Act as a trusted advisor to the CTO and broader executive leadership on security risks, strategy, and emerging threats - Work in close partnership with the Head of IT/Operations, and collaborate across Product, Engineering, and Client teams globally to align security priorities with business objectives - Build and scale security awareness across the organisation, including a remote and globally distributed workforce - Grow and shape the security function over time, with the opportunity to build out direct reports as the function matures What We’re Looking For - 7–12 years of experience in information security, with demonstrated senior leadership (e.g., CISO, Director, or Head of Security) within a SaaS or technology environment - Strong understanding of application security and secure software development - Strong working knowledge of compliance frameworks including ISO 27001 and SOC 2, with hands-on experience managing or achieving these certifications; solid understanding of GDPR compliance across multiple jurisdictions - Strong communication skills with the ability to engage both technical and non-technical stakeholders - Experience securing complex, multi-cloud environments (AWS and Azure) alongside on-premises data centre infrastructure - Awareness of AI security practices and risks, including securing AI-powered product features and governing internal AI tool usage - Based in or with easy access to the US East Coast or UK/Ireland, comfortable leading remote teams across the US, EU, UK, and India, and willing to travel periodically to our offices in New York, London, or Belfast Salary Range $210,000—$235,000 USD Join TRG Screen and unlock your potential in an environment where innovation thrives, opportunities abound, and your contributions make a difference. We are an equal opportunities employer. We recognise and value the power of diversity in our workplace and are committed to being an employer of choice for everyone. We welcome and encourage applicants from all backgrounds. All applications for employment are considered strictly on the basis of merit. At TRG Screen, we understand that diverse and inclusive teams are not just beneficial, they are essential to our success. We recognize that embracing diverse perspectives, backgrounds, and experiences fosters innovation, enhances problem-solving capabilities, and drives better business outcomes. By cultivating a culture of inclusion where every voice is heard and valued, we empower our world class teams to thrive, excel, and drive positive change. We are proud of our diverse workforce and are dedicated to creating a safe and welcoming environment for all employees. People from various ethnicities, ages, genders, and abilities are encouraged to apply.

ABOUT IREX IREX is an independent nonprofit organization dedicated to building a more just, prosperous, and inclusive world by empowering youth, cultivating leaders, strengthening institutions, and extending access to quality education and information.POSITION SUMMARY The Cybersecurity Specialist, under the supervision of the Project Senior Technical Advisor, will be hired as a consultant to perform some or all activities including (1) conducting and writing organizational cybersecurity risk assessments, following Center for Internet Security Controls Framework (CIS Controls v8.1), (2) Open Source Intelligence Analysis (OSINT) (3) vulnerability assessments, (4) penetration testing (black box), (5) and developing and delivering Security Awareness Programs (SAP) and ad-hoc trainings in coordination with beneficiary organizations’ needs. IREX will prioritize candidates whose native language(s) are either Spanish, Arabic, Chinese, Urdu, Korean, Russian, or French with experience working on information security, in particular, organizational cybersecurity. However, all candidates who can perform the above-mentioned tasks are encouraged to apply regardless of language abilities. Consultant(s) will be hired on a rolling basis based on project needs. Please note this position is based on the needs of the project, with an expected approximate engagement between 20 and 100 days per year, pending the consultant’s technical skills, relevant language capabilities, and qualifications to fulfill the required tasks. DUTIES AND RESPONSIBILITIES - Plan, manage, and conduct organizational assessments; propose recommendations for improvement; provide guidance, training, mentoring, and support to improve organizational security posture; and provide guidance, training, mentoring, and support to improve organizational security posture for project beneficiaries. - Draft Organization Security Risk Assessment (OSRA) reports geared towards both non-technical and technical audiences. - In collaboration with the Project Director and/or Deputy Project Director, develop organizational Action Plans (APs) based on OSRA findings and in consultation with beneficiary organization executive leadership to help improve beneficiary security postures rooted in organizational assessment findings. - Lead design efforts with assigned beneficiaries on tailored Security Awareness Program (SAP), ensuring that beneficiaries learn, internalize, use, and spread appropriate cybersecurity awareness practices. - Lead the design of specialized training as needed. - Collaborate with SOC team members on services specifically designed for beneficiaries. - Develop, draft, and update documentation, including policies, procedures, baselines, guidelines, etc., in collaboration with beneficiary organizations. - Write technical and programmatic reports on activities and program implementation. - With supervision, provide input to internal/external reports, presentations, and other products. - Contribute to monitoring and evaluation activities, including data management and analysis, as assigned. - Draft correspondence with stakeholders. Guidance and/or approval before engaging stakeholders may be required. - Perform additional duties as assigned. SKILLS AND EXPERIENCE Organizational Assessments - Assessments Execution: Experience leading end-to-end security audits, comparing current technical controls against organizational policies and industry benchmarks. - Framework Guided Assessments: Deep understanding of organizational assessment standards, conducting comprehensive gap analyses and risk assessments against industry standards such as CIS CSC, NIST CSF, and ISO 27001. - Vulnerability Scanning: Experience administering scanning tools (e.g., Tenable Nessus, Qualys, Rapid7) to continuously discover web application and endpoint vulnerabilities. - Risk Analysis and Reporting: Experience quantifying technical vulnerabilities into business risk for non-technical stakeholders and C-suite executives. Remediation Processes - Cross-Functional Remediation: Proven track record of coaching/mentoring beneficiary technical staff to address assessment-identified gaps (recommendations), patches, and configuration changes without disrupting business continuity. - Policy & Control Evaluation: Experience acting as the primary technical liaison during external assessments to review the effectiveness of current security controls and policies. Security Awareness Programs - Phishing Simulations: Experience designing, executing, and analyzing regular social engineering campaigns to test and improve employee resilience against malicious emails. - Curriculum Development: Experience creating engaging, role-specific security training modules and company-wide communications using platforms like KnowBe4 or Infosec IQ. - Culture & Metrics Tracking: Experience monitoring key performance indicators (KPIs) such as simulation click rates, reporting rates, and training completion percentages to report program developments to executive leadership. Other - Very strong verbal, written, and listening communication skills (in English). - Ability to work independently on assigned efforts. - Strong interpersonal skills and experience developing solid professional relationship - Ability to work under pressure and manage multiple activities. Preferred: - Existing, trust-based relationships with a wide array of stakeholders working for civil society organizations, human rights organizations, and independent media, or any relevant experience. - Bachelor’s degree in information or computing sciences. - Fluency in Spanish, Arabic, Russian, and/or French **this position is a remote position** To apply please submit a full CV alongside a separate document summarizing of relevant experience, along with a proposed daily rate (in $ USD). IREX is seeking individual consultants but would also welcome applications from consulting/security firms that are interested in providing these services. IREX may at its discretion ask for additional information, including references. Issuing this call does not commit IREX to select any applicant/expert. IREX may hire more than one applicant/expert from this call. IREX may accept multiple bidders and partial bids for the services requested. IREX reserves the right, based on the availability of funding and consultant performance, to increase the duration and/or enter into subsequent contractual agreements with the selected candidates for up to 5 years without re-publicizing the opportunity. Prior to any engagement, you will be asked to provide references. IREX will not extend an offer until the reference check is completed. IREX conducts anti-terrorism database clearances on candidates who accept employment offers. IREX is committed to a diverse and inclusive workplace and inclusive hiring practice. IREX is an equal-opportunity employer. NO PHONE CALLS PLEASE

Role Description Die APT-ONE GmbH mit Sitz in Berlin ist ein auf Cyber Security spezialisiertes Beratungshaus, das Unternehmen dabei unterstützt, ihre IT-, OT- und KI-Systeme wirksam vor digitalen Bedrohungen zu schützen und sicher für die Zukunft aufzustellen. Bei uns bist du richtig, wenn: - du ein attraktives Fixgehalt kombiniert mit einer leistungsorientierten und überdurchschnittlichen Gewinnbeteiligung erhalten möchtest. - du flexibel und ortsunabhängig arbeiten willst und gleichzeitig an hochrelevanten Projekten in den Bereichen Cyber Security, IT Security und KI-Sicherheit mitwirken möchtest. - du durch anspruchsvolle Projekte tiefgehende Expertise in modernen Sicherheitsarchitekturen, Security Operations, Risikomanagement und technologischen Zusammenhängen aufbauen und dich kontinuierlich weiterentwickeln möchtest. Aufgaben: - Du verbindest Cloud-Security-Expertise mit Beratung, steuerst Projekte eigenständig, bereitest Risiken und Ergebnisse adressatengerecht auf und entwickelst die Kundenbeziehung sowie weiteren Absicherungsbedarf proaktiv weiter. - Durchführung von Cloud Security Assessments und Architektur-Reviews (AWS, Azure, GCP) - Konzeption und Implementierung von Cloud Security Posture Management (CSPM/CNAPP) - Entwurf und Umsetzung von Identity & Access Management (IAM) Strategien inkl. Zero-Trust-Ansätzen in Cloud-Umgebungen - Sicherheitsbewertung und Härtung von Container- und Kubernetes-Umgebungen - Prüfung und Absicherung von Infrastructure-as-Code (Terraform, CloudFormation, Pulumi) - Beratung zur sicheren Multi-Cloud-Architektur und Cloud-Migration - Integration von Security in CI/CD-Pipelines (DevSecOps): SAST, DAST, SCA, Secret Scanning und Policy-as-Code - Aufbau und Optimierung von DevSecOps-Prozessen in Zusammenarbeit mit Entwicklungs- und Platform-Teams - Erstellung von Security-Konzepten, Risikoanalysen und technischen Dokumentationen - Unterstützung bei Cloud-bezogenen Sicherheitsvorfällen und Forensik Qualifications - Mindestens 6 Jahre Berufserfahrung im Bereich Cloud Security oder Cloud Engineering mit Sicherheitsfokus - Tiefgehende Kenntnisse in mindestens zwei der drei großen Cloud-Plattformen (AWS, Azure, GCP) – Azure bevorzugt - Nachweisbare Erfahrung mit IAM-Architekturen, Conditional Access, Entra ID (Azure AD) und Federation - Fundierte Kenntnisse in Container-Sicherheit (Docker, Kubernetes, Service Mesh) - Erfahrung mit CSPM-Tools (Prisma Cloud, Defender for Cloud, Wiz oder vergleichbar) - Praktische Erfahrung mit Infrastructure-as-Code Security Scanning (tfsec, Checkov, KICS) - Erfahrung mit DevSecOps-Toolchains und deren Integration in CI/CD-Pipelines (z. B. GitLab CI, GitHub Actions, Azure DevOps) - Relevante Zertifizierungen erwünscht: CCSP, AWS Security Specialty, AZ-500, CCSK, CKS - Verhandlungssichere Deutsch- und Englischkenntnisse Benefits - Fixgehalt ab 80.000 € mit Gewinnbeteiligung bis zu 70.000 € - Flexible Arbeitszeiten und Remote-Arbeit - 30 Tage Urlaub - IT-Equipment wie Apple MacBook - Regelmäßige Teamevents - Corporate Benefits wie betriebliche Altersvorsorge, betriebliche Krankenversicherung, Shopping- und Mitarbeiterrabatte

• Join our team at Prominent Edge • Support the DoD and the intelligence community • Leverage best-of-breed open source technologies to provide innovative user-centric solutions • Contribute to a positive company culture