Role Description We’re looking for a Head of Security to own and lead information security at Reach. This is a hands-on leadership role: you will set the strategy, own the program end-to-end, and stay actively in the work alongside your team. In a given week you might be writing a policy, triaging a pen test finding, running a phishing campaign, responding to a customer security questionnaire, and presenting the quarterly security update to leadership. The right person is energized by owning an entire domain end-to-end, is comfortable moving between strategy and execution, and is equally credible with a senior engineer and a SOC 2 auditor. You believe security is most effective when it is practical, measurable, and built into how the business operates. Key Responsibilities - Vulnerability management and offensive testing: Own the vuln lifecycle end-to-end — intake, triage, prioritization, risk acceptance, ticketing to dev teams, and remediation within SLA — and manage external pen tests and targeted assessments. Report regularly on status, SLA performance, and trends. - Security operations and incident response: Manage our MSSP partner for 24/7 SIEM and SOC monitoring; ensure telemetry, detections, and playbooks match our threat model. Serve as incident commander for real events, and run regular tabletops and post-incident reviews. - Policy, controls, and risk: Define and maintain Reach’s security policies and control framework. Design, implement, and measure the effectiveness of controls; maintain a risk register; and surface material risk decisions to leadership. - Compliance and audits: Own SOC 2 Type II and PCI DSS end-to-end with continuous control monitoring and evidence collection between audits. Serve as the primary contact for external auditors. - Application and cloud security: Partner with engineering on secure SDLC, threat modeling for new products and features, SAST/DAST/SCA coverage, and cloud security posture (IAM, configuration, workload protection). - Identity and access management: Own IAM policy, periodic access reviews, privileged access, and joiner/mover/leaver processes, in partnership with IT and People. - Third-party and customer security: Run Reach’s vendor risk program (due diligence, questionnaires, DPAs, ongoing monitoring) and own responses to customer and prospect security reviews. - Security awareness and training: Run phishing simulations, ongoing and role-targeted training, and regular company-wide sessions on new threats and best practices. - Executive reporting: Provide regular security posture updates with meaningful metrics (MTTD/MTTR, patch latency, control coverage, phishing outcomes, audit readiness). - People, budget, and tooling: Act as a mentor for your report; own the security budget and tool stack — evaluating, procuring, rationalizing, and retiring tools as the program matures. Qualifications - 8+ years in information security, with 3+ years leading a security program or a major security function. - Direct experience owning SOC 2 Type II audits end-to-end; PCI DSS experience strongly preferred. - Proven, hands-on ownership of vulnerability management programs at scale. - Experience managing an MSSP/MDR relationship for SIEM and 24/7 SOC. - Strong application and cloud security fundamentals, with hands-on experience in AWS, GCP, or Azure, and the ability to partner credibly with engineering. - Experience leading incident response end-to-end, including cross-functional coordination and working with external parties. - Experience writing and operationalizing security policies against recognized frameworks (NIST CSF, ISO 27001, CIS Controls). - Excellent written and verbal communication — credible with engineers, executives, auditors, and customers. - Comfortable as a player-coach in a lean environment, with a strong sense of ownership and bias for action. Additional Assets - Experience in fintech, payments, or ecommerce — ideally cross-border or merchant-of-record. - Prior experience standing up or scaling a security program at a growth-stage company. - Familiarity with GRC/continuous compliance platforms (e.g., Vanta, Drata, Secureframe). - AWS experience (our primary cloud) and Atlassian suite (Jira, Confluence) for workflow and documentation. - Formal people-management experience. - Relevant certifications (e.g., CISSP, CISM, CCSP). Benefits - Competitive compensation - Flexible remote work - Comprehensive benefits - Opportunity to build and own a security function - Direct impact on a global commerce platform Our Core Values - We value solving problems and building products by focusing on outcomes - We value making decisions while considering input from multiple sources - We value taking action over getting stuck in planning - We value taking chances and failing fast - We value teamwork over individual accomplishments - We value optimizing time to value and achieving outcomes, not checking boxes - We value work/life balance and a mindset of “it’s a marathon, not a sprint” - We value using the right technology to solve the right problems Apply with your CV and a brief cover letter outlining your security leadership experience and your interest in joining Reach. #LI-Remote

Role Description GovCIO is currently hiring for RES Cyber Engineer to support the eVA Authority to Operation process. This position will be a fully remote position within the United States. - Develop and maintain portions of ATO documentation such as SSP control narratives, RA inputs, IRP/ISCP sections, and configuration management artifacts. - Manage day‑to‑day updates in eMASS including POA&M edits, control evidence uploads, package preparation, and workflow tracking with moderate independence. - Support Continuous Monitoring activities by updating ServiceNow CAM dashboards, analyzing control status, and assisting in monthly/quarterly reporting. - Coordinate vulnerability scans and perform preliminary analysis to identify potential weaknesses. - Participate in security audits and assessments by assembling evidence, drafting responses, and executing assigned tasks. - Contribute to risk assessments by identifying gaps, summarizing findings, and proposing initial remediation recommendations. - Assist in planning and conducting IRP/ISCP/DRP tabletop exercises; update plans based on observed results. - Work with cross‑functional partners to support alignment of engineering, security, and privacy requirements. - Draft SOPs, workflows, and documentation to improve security processes. - Develop proficiency with VA cybersecurity frameworks, GRC requirements, and system boundary documentation. Qualifications - Bachelor’s degree in Computer Science, Cyber Security, Information Systems, or equivalent experience. - 2–5 years of hands‑on cybersecurity or GRC experience supporting ATO or compliance activities. - Working knowledge of RMF, NIST SP 800‑53 controls, and federal security requirements. - Experience using eMASS, GRC tools, or vulnerability management platforms. - Ability to analyze security findings, interpret scan results, and document remediation steps. - Strong writing ability for security documentation. - Strong attention to detail and organizational skills. - Effective communication and collaboration skills across technical and non‑technical teams. Requirements - Experience with Jira, Confluence, and Microsoft 365. - Experience supporting VA cybersecurity programs or other federal clients. - Certifications such as Security+, CAP, CISA (in progress), or similar. - Experience with or interest in AI‑assisted automation for evidence review and control mapping. Regulation Knowledge - FISMA, FedRAMP - NIST SP 800‑53 Rev 4/5 - NIST SP 800‑37 RMF - VA Directive 6500 and VA RMF processes Clearance Required - Ability to obtain and maintain Suitability for Public Trust clearance Posted Salary Range USD $95,000.00 - USD $113,000.00 /Yr.

Requisition Number: 2357053 Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. Primary Responsibilities: - Be able to work on Manual Provisioning tasks also which related to granting, revoking access of Joiners, Movers, Levers and rehires - Be able to do work as individual contributor for IAM related deliverables. Successful implementation of SailPoint IDN with all the modules and onboarding of various type of trusted and target applications - Working with clients to support user acceptance testing, debugging and migration to production environments - Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations - Create innovative insights for clients, adapts methods & practices to fit operational team needs & contributes to thought leadership documents - Maintain a solid client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business - Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: - College Graduate of any course - Hands-on User Access Certification development and testing experience - Hands-on Development experience on Sailpoint identity Now workflows, transforms, Rules and customizing the tool as per the requirements - Hands-on experience on SailPoint Migration projects, Sailpoint Identity Now V3 API, Custom reports, REST Services, Web services connector, AD, LDAP, JDBC, EPIC connectors - Hands-on experience on Integration of Sailpoint Identity Now with SNOW for SDIM or Service Catalog - Hands-on experience on end-to-end implementation of Identity and Access Management tool including SailPoint Identity Security Cloud - Completed at least 1-2 implementations as engineer or business analyst - Have done at least 2-3 SailPoint ISC implementation as Business Analyst or Implementation Engineer - Working knowledge of Privileged Access Management. Hands-on experience on CyberArk or Delinea is beneficial - Solid understanding of Identity Access Management concepts - Capability of understanding the business requirement and converting that into low level design and development artifacts - Demonstrated ability to work on Manual Provisioning tasks also which related to granting, revoking access of Joiners, Movers, Levers and rehires - Proven advanced written and verbal communication skills and presentation skills - Proven excellent teamwork and client service skills Preferred Qualifications: - PAM knowledge also Privileged Access Management - Proficiency in data analysis tools and techniques (e.g., SQL, Python, R, Excel) At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.

• Deliver compelling technical presentations and live demonstrations of Tenable Enterprise products • Manage enterprise software trials and Proof of Concept evaluations, mapping unique business values with customer business objectives • Answer technical questions and provide consultative guidance on security best practices, compliance frameworks, and risk management • Apply advanced technical skills to demonstrate the value and impact of Tenable’s solutions in solving real-world customer challenges • Maintain and strengthen relationships with existing customers, while identifying and cultivating new strategic opportunities • Present thought leadership content and represent Tenable at industry events, executive briefings, and customer-facing sessions • Leverage strategic technical selling skills to engage key stakeholders, from engineers to CISOs, and influence decision-making • Travel as needed (typically around 50%) to support key customer engagements, critical sales opportunities, and high-impact cybersecurity events • Collaborate cross-functionally with product management and engineering to surface customer feedback and prioritize critical customer use cases • Help shape future innovations by identifying gaps and contributing ideas for new product features and capabilities • Deliver clear status reports for Proofs of Value (POVs) and active opportunities; this data is mission-critical for forecasting business health and ensuring alignment with territory and organizational growth goals • Meet with prospective clients to discover what their biggest security challenges and highest priority business drivers are