Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce. Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. Location: Work is what you do, not where you go. For this role, we are open to remote work and can hire anywhere in the United States. Citizenship Requirement for US Candidates: - Must be a US citizen About the opportunity The Cybersecurity Program Manager is responsible for overseeing the third-party risk management (TPRM) program, ensuring that key stakeholders are effectively executing their risk assessment and mitigation responsibilities. This role involves coordinating with cross-functional teams to establish program standards, monitor compliance with TPRM policies, and provide oversight to ensure that third-party risks are managed in alignment with company policies and regulatory requirements. The ideal candidate has a strong background in program management, third-party risk, and experience working with diverse stakeholder groups in a governance or oversight role. What you'll get to do Program Development & Governance - Lead the design, implementation, and maintenance of the third-party risk management framework, aligning it with industry standards, regulatory requirements, and company policies. - Establish and update policies, procedures, and controls to ensure consistency and effectiveness across all TPRM activities. - Define, implement, and monitor key performance indicators (KPIs) and metrics to evaluate the effectiveness of the TPRM program, using data to drive continuous improvement. Program Oversight & Governance - Oversee the TPRM program framework, ensuring it aligns with company policies, industry standards, and regulatory requirements. - Develop and implement program standards, templates, and tools to support consistent risk assessment and mitigation across departments. - Monitor key performance indicators (KPIs) for the TPRM program, tracking the effectiveness of risk management activities and identifying areas for improvement. Stakeholder Coordination & Support - Act as the primary point of contact for TPRM program stakeholders, including representatives from Legal, Compliance, Procurement, IT Security, and Finance, to ensure effective execution of third-party risk activities. - Facilitate regular meetings and working groups with stakeholders to discuss program updates, address challenges, and ensure alignment on TPRM objectives. - Provide guidance and support to stakeholders on the use of TPRM tools, templates, and best practices to streamline risk management efforts. - Support internal and external audits by maintaining accurate documentation of TPRM activities, findings, and remediation plans. - Identify and assess emerging risks within the third-party ecosystem, adapting TPRM strategies as needed to address changes in the regulatory landscape. Monitoring & Reporting - Develop and maintain TPRM dashboards and reports that provide insights into program performance, including status updates, compliance levels, and risk assessment completion rates. - Create and present regular reports on TPRM program status to senior management, highlighting areas of progress, gaps, and recommendations for improvement. - Monitor stakeholder compliance with TPRM policies and timelines, ensuring timely completion of third-party risk assessments and required follow-ups. Policy Development & Continuous Improvement - Support the creation, maintenance, and periodic review of TPRM policies, ensuring they remain current with industry standards and regulatory expectations. - Identify and implement continuous improvement initiatives to enhance TPRM processes, increase program efficiency, and reduce risk exposure. - Collaborate with internal audit and compliance teams to support audits of the TPRM program and address any identified gaps or findings. Training & Awareness - Develop and deliver training sessions to educate stakeholders on TPRM policies, procedures, and best practices. - Create awareness materials and resources to ensure all relevant departments understand their roles and responsibilities within the TPRM program. - Maintain documentation of training sessions and attendance, ensuring records are up-to-date for audit and compliance purposes. Stakeholder Management & Influencing - Collaborate with key stakeholders across Legal, Compliance, IT Security, Procurement, and Finance to ensure alignment on third-party risk management objectives. - Act as a trusted advisor to stakeholders, providing expertise and insights on TPRM program requirements and best practices. - Influence stakeholders to adopt program improvements and ensure adherence to established risk management processes. Skills and experience we value - Bachelor’s degree in Business, Risk Management, Supply Chain, or a related field - Relevant certifications in risk management or third-party risk (e.g., Certified Third Party Risk Professional (CTPRP), Certified Information Systems Security Professional (CISSP), or Certified Risk Manager (CRM)) are a plus - 5+ years of experience in risk management, compliance, or program management, preferably with experience in third-party risk management - Strong program management skills, with a proven track record of overseeing large-scale programs and driving stakeholder engagement - Familiarity with third-party risk management frameworks, regulatory requirements, and industry best practices - Proficiency in risk management tools and reporting platforms, with strong analytical skills to track and report on program metrics What’s in it for you Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. About the Salary Ranges Please note that the salary range mentioned in this job description should serve simply as a guide. The final compensation offered may vary based on a variety of factors, including bonuses and/or incentives, or a candidate’s experience, skills, budget and location. Our company is committed to providing a fair, equitable, and competitive package that reflects the value an individual brings to the organization. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here: https://www.dayforce.com/be-aware-of-recruiting-fraud Dayforce actively monitors all job applications to ensure authenticity. Submissions determined to be fraudulent or misleading will be declined from the recruitment process #LI-Remote

• Manage one or more information systems throughout the full six-step RMF lifecycle, including assessment, authorization, and continuous monitoring activities • Serve as an RMF Subject Matter Expert (SME), advising stakeholders on cybersecurity compliance, risk posture, and ATO readiness • Develop, review, and maintain RMF packages and associated documentation, including Security Plans, POA&Ms, Risk Assessment Reports, and security control policies • Assess system compliance against NIST SP 800-53 controls and DHA RMF requirements as part of self-assessment and annual reviews • Document and maintain evidence supporting control implementation and compliance • Lead and participate in A&A and stakeholder meetings to track system status, resolve issues, and drive RMF progress • Coordinate with engineers and system owners to develop architecture diagrams, system asset inventories, and security policies • Prepare and deliver status reports to DHA leadership on system authorization and compliance efforts

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce. Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. Location: Work is what you do, not where you go. For this role, we are open to remote work and can hire anywhere in the United States. Citizenship Requirement for US Candidates: - Must be a US citizen About the opportunity The Cybersecurity Program Manager is responsible for overseeing the third-party risk management (TPRM) program, ensuring that key stakeholders are effectively executing their risk assessment and mitigation responsibilities. This role involves coordinating with cross-functional teams to establish program standards, monitor compliance with TPRM policies, and provide oversight to ensure that third-party risks are managed in alignment with company policies and regulatory requirements. The ideal candidate has a strong background in program management, third-party risk, and experience working with diverse stakeholder groups in a governance or oversight role. What you'll get to do Program Development & Governance - Lead the design, implementation, and maintenance of the third-party risk management framework, aligning it with industry standards, regulatory requirements, and company policies. - Establish and update policies, procedures, and controls to ensure consistency and effectiveness across all TPRM activities. - Define, implement, and monitor key performance indicators (KPIs) and metrics to evaluate the effectiveness of the TPRM program, using data to drive continuous improvement. Program Oversight & Governance - Oversee the TPRM program framework, ensuring it aligns with company policies, industry standards, and regulatory requirements. - Develop and implement program standards, templates, and tools to support consistent risk assessment and mitigation across departments. - Monitor key performance indicators (KPIs) for the TPRM program, tracking the effectiveness of risk management activities and identifying areas for improvement. Stakeholder Coordination & Support - Act as the primary point of contact for TPRM program stakeholders, including representatives from Legal, Compliance, Procurement, IT Security, and Finance, to ensure effective execution of third-party risk activities. - Facilitate regular meetings and working groups with stakeholders to discuss program updates, address challenges, and ensure alignment on TPRM objectives. - Provide guidance and support to stakeholders on the use of TPRM tools, templates, and best practices to streamline risk management efforts. - Support internal and external audits by maintaining accurate documentation of TPRM activities, findings, and remediation plans. - Identify and assess emerging risks within the third-party ecosystem, adapting TPRM strategies as needed to address changes in the regulatory landscape. Monitoring & Reporting - Develop and maintain TPRM dashboards and reports that provide insights into program performance, including status updates, compliance levels, and risk assessment completion rates. - Create and present regular reports on TPRM program status to senior management, highlighting areas of progress, gaps, and recommendations for improvement. - Monitor stakeholder compliance with TPRM policies and timelines, ensuring timely completion of third-party risk assessments and required follow-ups. Policy Development & Continuous Improvement - Support the creation, maintenance, and periodic review of TPRM policies, ensuring they remain current with industry standards and regulatory expectations. - Identify and implement continuous improvement initiatives to enhance TPRM processes, increase program efficiency, and reduce risk exposure. - Collaborate with internal audit and compliance teams to support audits of the TPRM program and address any identified gaps or findings. Training & Awareness - Develop and deliver training sessions to educate stakeholders on TPRM policies, procedures, and best practices. - Create awareness materials and resources to ensure all relevant departments understand their roles and responsibilities within the TPRM program. - Maintain documentation of training sessions and attendance, ensuring records are up-to-date for audit and compliance purposes. Stakeholder Management & Influencing - Collaborate with key stakeholders across Legal, Compliance, IT Security, Procurement, and Finance to ensure alignment on third-party risk management objectives. - Act as a trusted advisor to stakeholders, providing expertise and insights on TPRM program requirements and best practices. - Influence stakeholders to adopt program improvements and ensure adherence to established risk management processes. Skills and experience we value - Bachelor’s degree in Business, Risk Management, Supply Chain, or a related field - Relevant certifications in risk management or third-party risk (e.g., Certified Third Party Risk Professional (CTPRP), Certified Information Systems Security Professional (CISSP), or Certified Risk Manager (CRM)) are a plus - 5+ years of experience in risk management, compliance, or program management, preferably with experience in third-party risk management - Strong program management skills, with a proven track record of overseeing large-scale programs and driving stakeholder engagement - Familiarity with third-party risk management frameworks, regulatory requirements, and industry best practices - Proficiency in risk management tools and reporting platforms, with strong analytical skills to track and report on program metrics What’s in it for you Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. About the Salary Ranges Please note that the salary range mentioned in this job description should serve simply as a guide. The final compensation offered may vary based on a variety of factors, including bonuses and/or incentives, or a candidate’s experience, skills, budget and location. Our company is committed to providing a fair, equitable, and competitive package that reflects the value an individual brings to the organization. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here: https://www.dayforce.com/be-aware-of-recruiting-fraud Dayforce actively monitors all job applications to ensure authenticity. Submissions determined to be fraudulent or misleading will be declined from the recruitment process #LI-Remote

FirstEnergy at a Glance We are a forward-thinking electric utility powered by a diverse team of employees committed to making customers’ lives brighter, the environment better and our communities stronger. FirstEnergy (NYSE: FE) is dedicated to safety, reliability, and operational excellence. Headquartered in Akron, Ohio, FirstEnergy includes one of the nation's largest investor-owned electric systems, more than 24,500 miles of transmission lines that connect the Midwest and Mid-Atlantic regions, and a regulated generating fleet with a total capacity of 3,780 megawatts. This position is within FirstEnergy Service Co., a subsidiary of FirstEnergy Corp. This position is in Akron, Ohio, reporting to the Supv of Threat Hunting, but has remote work opportunities while the person must be able to reach the FirstEnergy HQ facility based on business need within one hour travel time. This position may, subject to conditions and availability, qualify to be filled under the same terms but reporting to a regional office in Greensburg PA, Reading PA, Fairmont WV, Holmdel NJ, or Holland (Toledo) OH. The Cybersecurity Automation Developer is responsible for designing, developing, and maintaining automated solutions that scale and mature the organization’s security operations. This role enhances threat detection and accelerates incident response. A primary focus will be reducing manual workloads through automation, standardized playbooks, and repeatable engineering practices. This role designs and implements automation frameworks functions including alert triage, incident response and threat hunting. The Cybersecurity Automation Developer will develop and maintain playbooks and workflows within the SOAR, integrating tools including SIEM and EDR into cohesive automated pipelines. The Cybersecurity Automation Developer will lead initiatives to streamline security monitoring and remediation, create scalable scripting and orchestration solutions using Python, PowerShell, and JavaScript, and leverage APIs and data pipelines to normalize and correlate telemetry from multiple security sources. The Cybersecurity Automation Developer will analyze complex security datasets to identify gaps and opportunities, tune automated processes to reduce false positives, and support advanced detection through analytics and emerging technologies. Additionally, this position provides technical leadership by defining an automation strategy, mentoring junior developers, supporting vendor relationships, and contributing to architecture and lifecycle decisions. Strong communication skills, sound engineering judgment, and the ability to translate technical requirements into practical, scaled solutions are essential for success. Responsibilities Include - Design, develop, and maintain automated security workflows that streamline SOC and Threat Hunting operations, reduce manual effort, and accelerate incident detection, response, and remediation - Lead expert-level development, tuning, and lifecycle management of SOAR playbooks to automate alert triage, enrichment, containment, and response processes - Identify, troubleshoot, and remediate playbook failures, integration issues, and automation errors, performing break-fix and tuning activities prior to production deployment - Architect and maintain integrations between SOAR, SIEM, EDR, and third-party security tools using APIs and custom scripting to ensure reliable data ingestion and orchestration - Develop custom automation scripts and integrations in Python and JavaScript to extend platform capabilities and address unique SOC and enterprise security requirements - Create and maintain dashboards, reports, and metrics to provide visibility into automation performance and effectiveness - Install, validate, and deploy content packs and updates, following change management best practices to promote stable releases from development through production - Serve as the primary subject matter expert (SME) for the SOAR and security automation platforms, providing technical guidance, troubleshooting, and consulting support to the SOC, and Threat Hunting teams. - Design and maintain scalable automation frameworks and data pipelines to normalize, correlate, and enrich security telemetry across enterprise and cloud environments - Monitor and manage platform health, internal databases, and system performance to ensure reliability, data integrity, and continuous availability of automation services - Lead vendor engagement and support activities, including ticket management, platform optimization discussions, and roadmap alignment with Customer Success Engineers - Continuously evaluate and improve automation processes to reduce false positives, eliminate repetitive tasks, and increase efficiency and response quality - Document standards, playbook designs, troubleshooting procedures, and best practices to promote knowledge sharing and operational consistency across the team - Educate and mentor threat hunters and analysts on automation tools, workflows, and best practices to elevate overall SOC effectiveness - Support metrics collection, reporting, and operational communications to leadership and stakeholders Qualifications - Bachelor's degree in computer science, Information Security, or similar discipline is required with 3 years of experience - Industry standard certifications will be considered such as OSCP, GIAC (GCTI, GCIH, GREM, GCFA, GPYC, GASAE, GCSA), CISSP and HTB CPTS - A bachelor's degree in another field with 4 years relevant industry experience in cyber/information security will be considered - In lieu of a degree, 5 years of related experience is required - Related experience includes but is not limited to: SOC (Security Operations Center) experience, IT Security experience in detection, triage, investigation, and remediation of security incidents within a network and cyber automation engineer - Understanding of adversarial techniques (i.e., MITRE ATT&CK framework) - Strong understanding of programming/scripting code (Python, PowerShell, Bash. C#, JavaScript) - Hands-on administration and engineering experience with SOAR (e.g., Cortex XSOAR, Splunk SOAR, Sentinel) platforms including advanced playbook design, integration management, and production support - Experience troubleshooting and remediating automation failures, playbook errors, and platform performance issues in production environments - Experience integrating security technologies (SIEM, EDR, IAM, firewalls, cloud tools) through REST APIs and automated data pipelines - Ability to create, detect, and enhance security content - Ability to develop and maintain automation playbooks and workflows - Ability to handle, protect and preserve highly confidential information - Understanding of networking concepts and technologies - Basic understanding of statistics - Must be organized and comfortable with ongoing changes in priorities - Must be able to work independently with minimal supervision and within a team environment - Strong foundation in cyber security - Understanding of both Linux and Windows operating systems - Demonstrate strong communication skills, both verbal and written - Demonstrate creative problem solving and solutioning Benefits, Compensation & Workforce Diversity At FirstEnergy, employees are key to our success. We depend on their talents to meet the challenges of our changing business environment. We are committed to rewarding individual and team efforts through our total rewards philosophy which includes competitive pay plus incentive compensation, a company-sponsored pension plan, 401(k) savings plan with matching employer contribution, a choice of medical, prescription drug, dental, vision, and life insurance programs, as well as skills development training with tuition reimbursement. Please visit our website at www.firstenergycorp.com to learn more about all of our employee rewards programs. FirstEnergy proudly supports workforce diversity. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with a disability. No recruiters or agencies without a previously signed contract. Unable to sponsor or transfer H-1B visas at this time. Safety Safety is a core value for FirstEnergy and is essential to all of our business activities. We ensure employees have the tools, information, and processes to perform their duties in a manner that assures safety for themselves, their co-workers, our customers and the public. Our goals are to provide a safe work environment, to maintain an accident-free, injury-free workplace, and to promote and maintain public safety. To meet these goals, we dedicate ourselves to achieving world-class safety standards. Position Classification Exempt FirstEnergy Human Resources Team