• Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations). • Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council). • Define and enforce security risk appetite and decision criteria for third-party relationships and integrations. • Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding. • Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators. • Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria. • Own program KPIs, dashboards, and reporting (Jira STPRM Ops, AuditBoard, Sigma/BI, MetricStream). Drive improvements in throughput, turnaround, backlog age, and remediation velocity. • Partner with Automation/TPRM Ops to operationalize threat-modeling outputs, integration inventories, pre-integration gates, and CI/CD checks; prioritize automations that reduce manual work and surface strategic escalations. • Implement and maintain QA processes (quarterly QA), runbooks, SOPs for ticket ownership, and evidence standards. • Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale. • Act as the primary security contact for Legal, Procurement, Privacy, Product, and Engineering on vendor risk and governance matters. • Represent Security in executive forums, audit meetings, and regulatory engagements; own remediation commitments and timelines. • Serve as the security liaison for Internal Audit and external assessments; ensure timely remediation of findings and demonstrable progress. • Produce regular program health reporting for senior leadership and Board-level stakeholders.

• Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations). • Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council). • Define and enforce security risk appetite and decision criteria for third-party relationships and integrations. • Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding. • Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators. • Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria. • Own program KPIs, dashboards, and reporting (Jira STPRM Ops, AuditBoard, Sigma/BI, MetricStream). Drive improvements in throughput, turnaround, backlog age, and remediation velocity. • Partner with Automation/TPRM Ops to operationalize threat-modeling outputs, integration inventories, pre-integration gates, and CI/CD checks; prioritize automations that reduce manual work and surface strategic escalations. • Implement and maintain QA processes (quarterly QA), runbooks, SOPs for ticket ownership, and evidence standards. • Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale. • Act as the primary security contact for Legal, Procurement, Privacy, Product, and Engineering on vendor risk and governance matters. • Represent Security in executive forums, audit meetings, and regulatory engagements; own remediation commitments and timelines. • Serve as the security liaison for Internal Audit and external assessments; ensure timely remediation of findings and demonstrable progress. • Produce regular program health reporting for senior leadership and Board-level stakeholders.

Role Description The Manager, DevSecOps is responsible for leading the DevSecOps function and driving the adoption of secure, scalable, and efficient software delivery practices across the organization. This role will manage a team of DevSecOps engineers and work closely with Engineering, Security, Infrastructure, SRE, and Product teams to embed security, automation, and operational excellence throughout the software development lifecycle. This leader will play a key role in advancing CI/CD maturity, strengthening cloud security and compliance, improving developer experience, and enabling platform engineering capabilities that support standardization, self-service, and faster delivery. Key Responsibilities - Team Leadership and Management - Lead, mentor, and develop a team of DevSecOps engineers. - Set team priorities, assign work, and ensure accountability for deliverables and outcomes. - Build a high-performing team culture focused on ownership, collaboration, continuous improvement, and execution excellence. - Support hiring, onboarding, coaching, and performance management for the DevSecOps team. - DevSecOps Strategy and Execution - Drive the implementation and continuous improvement of DevSecOps practices across the organization. - Lead efforts to design, standardize, and support secure CI/CD pipelines, release automation, and deployment frameworks. - Promote shift-left security by integrating security controls and compliance checks into the software development lifecycle. - Establish and maintain standards for infrastructure as code, automation, and secure delivery practices. - Cloud Security, Governance, and Compliance - Partner with Security and Cloud teams to implement cloud security guardrails, policy enforcement, and compliance controls. - Help ensure alignment with regulatory and compliance requirements, including healthcare and enterprise security standards where applicable. - Oversee remediation of security findings related to infrastructure, CI/CD, containers, and cloud platforms. - Drive security awareness and secure engineering practices across teams. - Observability, Reliability, and Operational Excellence - Collaborate with SRE and Infrastructure teams to improve observability, monitoring, alerting, and operational readiness. - Support the use of logs, metrics, traces, and dashboards to improve service visibility and reduce operational risk. - Ensure DevSecOps practices support reliability goals, incident response readiness, and operational maturity. - Platform Engineering and Developer Experience - Support platform engineering initiatives that improve developer productivity and self-service capabilities. - Contribute to the development of internal developer platforms and standardized tooling that simplify infrastructure and application delivery. - Drive improvements in developer experience by reducing friction in provisioning, deployment, and operational workflows. - Promote the use of tools and frameworks such as Backstage, Crossplane, and GitOps-based models where appropriate. - Cost Optimization and Efficiency - Partner with Cloud and Finance stakeholders to promote cost-aware engineering practices and cloud optimization. - Identify opportunities to improve resource utilization, standardization, and automation to reduce unnecessary spend. - Support governance processes that align engineering velocity with operational and financial discipline. - Cross-Functional Partnership - Work closely with Engineering, Product, Security, Infrastructure, SRE, and leadership teams to align priorities and execution. - Communicate plans, progress, risks, and dependencies clearly to both technical and non-technical stakeholders. - Serve as a trusted partner in driving enterprise-wide DevSecOps and platform engineering initiatives. Qualifications - Bachelor’s degree in computer science, Engineering, Information Technology, or a related field; equivalent experience may be considered. - 10+ years of experience in DevOps, DevSecOps, Cloud Engineering, Site Reliability Engineering, or related disciplines. - 3+ years of experience leading or managing technical teams in DevOps, DevSecOps, Platform Engineering, or Infrastructure. - Strong experience with CI/CD tools and practices, including pipeline automation and release management. - Hands-on experience with cloud platforms, preferably AWS, including infrastructure, security, and automation services. - Strong knowledge of Infrastructure as Code tools such as Terraform, CloudFormation, Pulumi, or similar technologies. - Experience with containers and orchestration platforms such as Docker and Kubernetes. - Solid understanding of application and cloud security practices, including SAST, SCA, secrets management, container security, and policy enforcement. - Experience working with observability and monitoring platforms such as New Relic, Prometheus, Grafana, OpenTelemetry, or CloudWatch. - Strong communication, leadership, and stakeholder management skills. Preferred Qualifications - Experience in healthcare, regulated industries, or enterprise SaaS environments. - Exposure to platform engineering and Internal Developer Platform concepts. - Experience with tools such as Backstage, Crossplane, ArgoCD, GitHub Actions, Jenkins, SonarQube, Artifactory, or similar platforms. - Familiarity with FinOps practices and cloud cost governance. - Knowledge of DORA metrics and engineering performance measurement. - Experience with database or data platform environments such as MongoDB, Elasticsearch, SQL Server, or Oracle. - Relevant certifications such as AWS Solutions Architect, AWS Security Specialty, CKA, CKAD, or FinOps certifications. Benefits - Estimated Salary: $128,000 - $170,000 plus bonus

Role Description This position may be filled as a Level I, II, or III based on additional responsibilities and qualifications required. The responsibility of this position includes serving as a cybersecurity infrastructure engineer in the enterprise Cybersecurity Operations team. This position serves as a systems engineer responsible for the implementation, maintenance, analysis, and reporting of the enterprise cybersecurity related systems utilized by the IT department using a comprehensive security knowledge of Endpoint, Server, IOT, IT Security Management Platforms, LAN and WAN technologies. Responsibilities - Responsible for the monitoring and support of all Intrusion Detection/Intrusion Prevention Systems within the organization. - Conduct security monitoring and tuning recommendations for all Next Generation Firewall Systems, Routing and Switching infrastructure. - Monitor and manage enterprise logging and vulnerability management systems. - Assist management in the planning and implementation of a defense in depth program. - Serve as a liaison between the IT department and Information Security/Audit departments. - Responsible for monitoring and tuning recommendations for enterprise endpoint detection response and network detection response systems. - Provides 24x7x365 support operations for all security monitoring infrastructure. - Serve as a member of the Security Operations Center and provide daily support. - Perform additional duties as assigned. Qualifications - At least 1-4 years of experience in network infrastructure and security. - Demonstrated experience in the daily implementation, support, and auditing of networks, operating systems, and applications. - Solid understanding of how to implement vulnerability remediation technologies. - Proven experience in: - Security incident response - Intrusion Detection and Prevention - Next Generation Firewall - Penetration testing techniques and tools - Using project management methodologies - Firewalls, proxies, virus protection and remediation - Experience in routing and switching environments and routing protocols. - Working knowledge of network infrastructure components. - Knowledge of operating systems including Windows, UNIX, and Linux. - Understanding of Patch Management processes and procedures. - Administrative and security expertise in the implementation and support of network infrastructure. - CCNP, CCIE, GIAC, CISSP or other network and security certifications preferred. - Network Infrastructure and Security Experience in the Financial Industry preferred. - Experience with SIEM technology – Splunk preferred. - Experience with NGFW and NGFW Management Platforms – Fortinet FortiManager, Fortinet FortiAnalyzer preferred. - Experience with Vulnerability Management Platforms – Rapid7 preferred. Requirements - At least 5-7 years of experience in network infrastructure and security (Level II). - System administration experience in a large production environment (500+ Servers, 200+ routers, 5000 devices). - Experience in the daily implementation, support, and auditing of networks, operating systems, and applications based on best practices. - Experience with implementing vulnerability remediation technologies. - Bachelor of Science degree preferred (Level II). Benefits - At least 8-10 years of experience in network infrastructure and security (Level III). - Ability to work in a heterogeneous computing environment. - Bachelor of Science degree preferred (Level III). Physical Requirements/Working Conditions - Must be able to sit for long periods of time and use computer keyboard and/or mouse, while viewing computer screens.