• Conduct thorough risk assessments of third-party vendors to identify potential cybersecurity threats. • Regularly monitor vendor compliance with established cybersecurity protocols. • Develop and maintain comprehensive cybersecurity policies and procedures that address third-party risk management. • Ensure these policies align with industry standards and regulatory requirements. • Collaborate with the vendor management team to integrate cybersecurity risk considerations into the vendor selection and onboarding processes. • Implement strategies and controls to mitigate identified cybersecurity risks associated with third-party vendors. • Develop action plans to address vulnerabilities and ensure continuous improvement. • Establish and manage processes for responding to cybersecurity incidents involving third-party vendors. • Coordinate with internal and external stakeholders to effectively manage and resolve incidents. • Maintain accurate and comprehensive documentation of all third-party risk management activities. • Prepare regular reports on the status of third-party cybersecurity risks and mitigation efforts. • Engage with internal and external stakeholders to ensure effective communication and collaboration on third-party risk management. • Provide regular updates to senior management and relevant committees.

Role Description We're on the lookout for a Security Engineer to join Nucleus' Information Security team, to help ensure that we are secure by design. The Security Engineer supports the delivery of Nucleus’s technology and business change agendas by designing and implementing appropriate controls that manage the associated security risks. This will include: - Designing and implementing technical controls. - Embedding these controls into our operations. - Validating that controls are working effectively. The Security Engineer must be able to manage relationships with teams across Nucleus to collaborate on improvements and any outsource partners involved in delivery. The Information Security team aims to ensure that Nucleus is a trusted partner to the firms and people we work with. This role is critical to delivering that outcome: - Being a go-to contact for implementing security controls. - Being ‘hands on’ with their implementation. - Validating that controls are working as intended through technical assessments. - Identifying opportunities for continuous improvement. You’ll work with SMEs across Nucleus to ensure that new processes and controls are handed over to the Security Operations team, and that the Information Security Analysis team have suitable evidence to demonstrate that our risks are effectively managed. Qualifications - Good knowledge of best practice in security capabilities, frameworks, and concepts. - Excellent communicator, able to discuss security effectively with areas of the business. - Good level of Information Security experience, preferably within financial services. - Strong knowledge of IT, Infrastructure, and Networking concepts. - Significant experience maintaining the systems and integrations that enable security controls. - Experience working with cloud platforms such as Microsoft Azure and AWS. - Ownership of tasks, attention to detail, and following through to conclusion. - Ability to prioritize and remain agile with competing work demands. - Excellent attention to detail. Requirements - Apply security best practice in our change and development programmes. - Design and implementation of security controls, following industry best practices and Nucleus standards. - Engage and influence cross-functional stakeholders to produce remediation plans for identified vulnerabilities. - Maintain systems and integrations that enable these controls. - Coordinate on security controls within other members of the Nucleus Group. - Support Audit and Due Diligence activities. - Work with Security Operations and Analysis to adopt and maintain standards. - Take responsibility in everything you do to deliver good outcomes for our customers. - Positively demonstrate the Nucleus Smart, Heart, and Courage values and behaviours. - Ensure compliance with Code of Conduct at all times. Benefits - Generous blend of benefits including a non-contributory pension. - Bonus. - Enhanced parental leave. - Paid time off for emergencies. - Health and wellbeing initiatives. - Flexible working options.

Role Description The PAC Teaching Artist and Mentor in music is responsible for the implementation and support of the Arts Facilitator Training music program inside Avenal State Prison and, as needed, at other CDCR institutions throughout California. They lead classes and mentor peer facilitators, cultivating creative communities within the correctional institutions. Teaching Artists report to the Regional Lead, PAC Leadership team and work closely with teaching and administrative staff. Teaching artists will receive specialized training to facilitate classes in prisons and have a unique opportunity to be part of a collaborative team. Teaching artists are compensated for teaching time as well as class preparation and meetings. Responsibilities - Teaching & Mentoring (50%) - Regular on-site mentor visits - Mentor and support interns and peer facilitators - Submit post-class reports after every site visit - Communication & Collaboration (45%) - Communicate at least monthly with PAC Leadership - Participate in monthly teacher meetings with PAC team - Participate in monthly FT mentor meetings with PAC team - Participate in monthly Regional meetings with the PAC Regional Lead - Support events and exhibitions planned with PAC Leadership - Collaborate with the teaching team, including peer facilitators, to ensure that classes have the appropriate supplies, delivered in a timely manner, and organized on site. - Other duties as Assigned (5%) Qualifications - Ability to communicate clearly, professionally, and consistently with PAC Leadership - Ability to share updates, concerns, and recommendations during meetings and through written communication - Ability to work effectively with diverse teams, including educators, peer facilitators, and leadership - Ability to contribute meaningfully in meetings and collaborative planning sessions - Ability to manage multiple meetings, deadlines, and coordination tasks - Ability to anticipate supply needs and ensure timely delivery and on-site organization - Ability to identify and resolve logistical or communication challenges - Ability to adapt plans to meet changing program or site needs - Ability to support the planning and execution of events and exhibitions in collaboration with PAC Leadership and teaching teams Requirements - One year of experience in planning classes or programs in a specialized field or area, preferably in higher, extended or adult education - OR previous teaching experience in higher or extended education may be substituted for experience on a year for year basis. - Candidates must reside in the designated region at the time of hire. - Job offer is contingent upon clearance of SDSU background check (including criminal record check). - Must successfully complete annual CDCR clearance at the primary institution candidate will be supporting for SDSURF authorization to work. - Must successfully complete CITI certification and implement IRB-approved research practices at the designated site. Preferred Qualifications and Special Skills - Equivalent to graduation from a four-year college or university with courses focused in adult education and curriculum planning. - Bachelor's degree in Studio Art, Art Education, or Art History or similar experience in art and arts education. MFA preferred. - Excellent oral and written communication and ability to collaborate with a team. - Desired qualities: creative problem solver, empathetic, detail oriented, responsive, dedicated to PAC mission. - Practicing and/or experienced artists preferred. - At least four years of teaching experience total. The ideal candidate will have experience teaching in correctional settings. - Experience with PAC or other Arts in Corrections organizations is preferred, but not required. - We strongly encourage candidates with lived experience of the justice system to apply for consideration.

• Responsible for working with network administrators, system administrators, developers, business managers, and end users to manage the security of the IT environment. • Administers security infrastructure, such as firewalls, anti-virus, intrusion prevention systems, VPNs, SMTP gateway, SEIM, etc. • Investigates and resolves incident tickets. • Provides technical support and consultation for enhancement of and change to network security configuration. • Conducts risk assessments, compliance and control reviews for the organization.