Role Description We are looking for a hands-on Senior Information Security Specialist to provide technical expertise across multiple security domains, ensuring our infrastructure, systems, and data are protected against evolving cyber threats. - Define, design, and enhance security architecture, frameworks, and technical controls aligned with business objectives and security strategy. - Develop and maintain security reference architectures, standards, and design patterns across corporate and production environments. - Act as a subject matter expert across infrastructure, cloud, network, and application security. - Support and lead incident response activities for major incidents, breaches, and investigations. - Partner with GRC and Legal teams as a technical expert to ensure compliance with security, privacy, and data protection regulations. - Define and track KPIs and KRIs to measure control effectiveness and drive continuous improvement. - Collaborate with SOC and Threat Intelligence teams to stay current on threat trends and emerging technologies. - Evaluate and integrate AI-driven security capabilities for proactive threat detection and incident response. Qualifications - Bachelor’s degree in Information Security or a related field. - 5+ years of experience in information security or a related field. - Certifications such as CISSP, CCSP, or CISM. - Advanced certifications such as GIAC (GSE, GCIA, GCIH) or OSCP. - ISO 27001 Lead Implementer/Auditor or NIST CSF practitioner credentials preferred. - Proven expertise in cloud and infrastructure security. - Hands-on experience with SIEM, vulnerability scanning, SOAR, and XDR tools. - Demonstrated experience implementing and operationalizing security controls in large-scale, distributed environments. - Strong knowledge and implementation experience with frameworks such as ISO 27001, NIST, PCI DSS, SOC 2, and SOX. - Experience in online gambling, sports betting, or financial services environments is preferred. - Strong communication skills, with the ability to work effectively with technical and non-technical stakeholders. - Familiarity with AI-driven security tools and approaches. - Able to travel occasionally both domestically and internationally. Benefits - Comprehensive compensation. - Work-life balance initiatives. - Autonomy – we embrace personal freedom and responsibility. - Creativity – we are open to new ideas of how we can be better. - Growth – we want you to develop personally as well as professionally. - Top-notch professionals who are passionate about what they do. - People-oriented environment and supportive atmosphere. Company Description Rush Street Interactive (NYSE: RSI) is a market leader in online casino and sports betting, currently operating real-money gaming with our brands: BetRivers.com, PlaySugarHouse.com, and RushBet.co. We’re building bridges between online, social and land-based gaming businesses to create amazing, integrated experiences that keep players in the game. As a rapidly growing company in an emerging industry, you’ll have a huge impact on our product and our company. We like proactive team members and strive to have a company of self-disciplined professionals who enjoy collaboration, having fun, and of course, achieving together what others believe to be improbable. We are dedicated to treating everyone with respect and to support your professional and personal growth. Rush Street Interactive is an equal opportunity employer and committed to a diverse and inclusive workplace. All qualified applicants will be considered for employment without regard to race, national origin, ancestry, sex, sexual orientation, sexual identity and expression, marital status, family status, lifestyle, age, culture, religion, military and veteran status, citizenship, or disability.

• Set the security agenda for the platform. • Hold the line between security and developer experience. • Lead our security strategy for AI agents. • Own our security product surface. • Define the unified access model across Supabase. • Drive the compliance roadmap. • Be the customer's voice for security. • Ship the docs that go with the code.

Title: Information Security Officer Location: Remote (United States) Department: Technology, Product & Design Job Description: Role Snapshot Reports to: Chief Technology & Product Officer (CTPO) Location: North America (remote with periodic travel to UniUni hubs) Scope: Worldwide operations with focus on North America The Role We are hiring an Information Security Officer to lead UniUni's security and governance function end to end. This is a hands-on leadership role reporting directly to the CTPO. You will own the security program across cloud infrastructure, application security, data security and governance, corporate IT, compliance, and risk, and you will be the senior accountable owner for our ISO 27001 certification and SOC 2 Type II attestation. You will work closely with engineering, platform, IT, legal, and executive leadership, and you will be UniUni's primary security voice in front of customers, auditors, and investors. You will build and lead a small, high-leverage team and set the bar for how security operates as the business scales. Key Responsibilities Cloud Security Set the security posture of our AWS environments, including IAM, network segmentation, encryption, logging, secrets management, and workload protection. Drive cloud security baselines aligned to CIS Benchmarks and the AWS Well-Architected Security Pillar, and enforce them through infrastructure as code and platform guardrails. Lead continuous monitoring and threat detection across cloud workloads using native AWS services (GuardDuty, Security Hub, CloudTrail, Config) and complementary third-party tooling. Run vulnerability management for cloud infrastructure, including patching cadence, remediation SLAs, and exception governance. Application Security Embed secure development practices into the SDLC, including threat modeling, secure code review, SAST, DAST, SCA, and secrets scanning in CI/CD. Partner with engineering leaders to triage and remediate application vulnerabilities without slowing delivery. Run the open source software program, including license compliance, vulnerability tracking, and remediation. Manage the external penetration testing program, from scoping and vendor selection through findings triage and remediation verification. Set and evolve standards for authentication, authorization, session management, and API security across internal and customer-facing applications. Deliver enterprise SSO (SAML 2.0 and OpenID Connect) for customer-facing products in support of contractual security commitments. Data Security and Governance Own the data security program end to end, covering data classification, encryption in transit and at rest, key and secrets management, and protections against unauthorized access, exfiltration, and misuse. Maintain and evolve the data classification framework across UniUni's regional and shared data warehouse environments, and drive schema-level classification into operational use by engineering and analytics teams. Govern access to production databases, data warehouses, and analytics platforms, including approval workflows, periodic access reviews, and audit trails. Implement and operate data loss prevention controls across endpoints, email, SaaS, and cloud storage, calibrated to the sensitivity of the data and the realities of how the business operates. Set and enforce data residency, retention, and minimization standards in line with customer commitments and regulatory obligations across the jurisdictions in which UniUni operates. Partner with engineering, data, and product teams on privacy by design, including data flow mapping, data sharing agreements, and the secure handling of personal information for shippers, drivers, and end recipients. Lead the response to data subject requests, data incidents, and breach notification obligations under applicable privacy laws. Compliance and Governance Maintain and continuously improve UniUni's ISO 27001 certification, including surveillance audits, internal audits, risk assessments, and management reviews. Sustain UniUni's SOC 2 Type II attestation, owning control operation, evidence collection, auditor relationships, and remediation. Own the information security policy framework, including authoring, approval workflows, annual reviews, and employee attestations. Operate the risk management program, including the risk register, risk treatment plans, and executive risk reporting. Lead customer-facing security activities, including security questionnaires, contract reviews, and security clauses in vendor and customer agreements. Support regulatory compliance efforts relevant to our business, including the DOJ Data Security Program, Canadian PIPEDA, and applicable US state privacy laws. IT Security and Operations Partner with IT to operate and mature endpoint security, including EDR, MDM (Intune), disk encryption, and device compliance. Govern identity and access across SaaS and corporate systems, including SSO adoption, MFA enforcement, privileged access controls, and joiner-mover-leaver processes. Own the SaaS inventory and run periodic access reviews, with particular attention to shadow IT and uncontrolled data flows. Lead security awareness training and phishing simulation programs. Run the incident response program, including the IR plan, tabletop exercises, on-call rotation, and post-incident reviews. Contribute to business continuity and disaster recovery planning in partnership with engineering and operations. Leadership and Stakeholder Engagement Build and lead a small security team, with hiring underway across two tracks: Compliance and GRC, and Application and Platform Security. Serve as UniUni's senior security voice with customers, prospects, auditors, regulators, and investors. Report on security program status, KPIs, and risks to the CTPO and the executive team on a regular cadence. Represent security considerations in cross-functional decisions across product, infrastructure, vendor selection, and business expansion. Required Qualifications 10+ years in information security, with at least 3 years owning a security program or a major security domain. Demonstrated ownership of ISO 27001 certification maintenance and SOC 2 audit execution in a cloud-native organization. Deep hands-on experience securing AWS environments at scale, including IAM, networking, logging, and workload protection. Strong application security background across secure coding practices, common vulnerability classes, and modern AppSec tooling (SAST, DAST, SCA, secrets scanning). Demonstrated experience building data security and governance programs, including data classification, encryption, DLP, access governance for data stores, and privacy-aligned data handling. Practical experience with SAML 2.0 and OpenID Connect, and a track record of rolling out enterprise SSO and MFA. Experience operating core IT security controls, including EDR, MDM, and SaaS access governance. Track record of leading incident response, including coordination with engineering, legal, and executive stakeholders. Ability to translate security risk into business terms for non-technical executives, customers, and investors, in writing and in person. Preferred Qualifications Background in logistics, supply chain, or high-volume transactional businesses. Experience in an organization with worldwide cross-border data flows and a focus on North America. Familiarity with the DOJ Data Security Program and bulk data transfer rules. Hands-on experience with the Microsoft security stack (E5, Defender, Entra, Purview, Intune), and the perspective to evaluate it against alternatives such as CrowdStrike. Relevant certifications such as CISSP, CCSP, CISM, or ISO 27001 Lead Auditor or Lead Implementer. Prior experience taking a late-stage company through IPO-readiness security maturation. What You Will Find at UniUni A direct reporting line to the CTPO and regular exposure to the CEO, CFO, and the rest of the executive team. A security program with real executive commitment, a live ISO 27001 certification, and an active SOC 2 Type II attestation. Meaningful autonomy to shape the program and the team, balanced by the discipline and cadence of a late-stage operating company. A growing business with the operational complexity, customer scrutiny, and learning opportunities that come with scale. How We Work We value direct, precise, and accurate communication. We prefer honest and defensible language over favorable framing. We write concise documentation, our meeting minutes stand up to auditor review, and we make decisions with our customers and our long-term credibility in mind. Equal Opportunity UniUni is an equal opportunity employer. We evaluate candidates on the basis of qualifications, experience, and demonstrated ability, and we do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, or any other protected characteristic.

Operational Technology Security Engineer Location: Remote, USA Type: Permanent Category: Security Industry: Government Workplace Type: Remote Reference ID: JN -042026-106569 Job Description: Our client seeks an Operational Technology Security Engineer to secure industrial and OT environments through the design, implementation, and monitoring of controls aligned to DoD and industry standards. The engineer will assess risk, harden architectures, and integrate cybersecurity across the OT system lifecycle. The role will bridge IT and OT practices, support inspections and incident response, and deliver analytics to inform leadership decisions. Salary: $110,000 - $135,000/ yr. w2 Responsibilities: - Support planning, design, development, testing, integration, and security of OT systems. - Analyze and implement OT cybersecurity requirements and controls. - Conduct vulnerability assessments across OT and IT systems, networks, applications, and databases. - Develop, maintain, and validate cybersecurity documentation and artifacts. - Manage and track POA&M entries, including remediation actions and timelines. - Perform OT-specific risk assessments and recommend mitigation strategies. - Support DoD cybersecurity inspections and ensure environment readiness. - Deploy and tune OT security monitoring solutions including IDS, IPS, and anomaly detection. - Develop and implement OT-specific incident response plans. - Manage software and firmware updates while minimizing operational disruption. - Generate cybersecurity reports, analytics, and trend analysis for leadership. - Bridge IT and OT cybersecurity practices to ensure aligned protections. - Provide technical recommendations to engineers, operators, and leadership. - Support compliance with industry and regulatory cybersecurity standards. - Build automated workflows for vulnerability management and reporting. Experience Requirements: - Minimum seven years of experience in OT cybersecurity or a related field. - Experience supporting DoD or federal cybersecurity environments (preferred). - Hands-on experience with industrial control systems and OT environments. - Strong knowledge of OT systems including SCADA, ICS, DCS, PLCs, HMIs, RTUs, and field devices. - Experience with OT communication protocols such as Modbus/TCP, DNP3, BACnet, and IEC 61850. - Understanding of secure OT network architectures including segmentation, firewalls, and IDS/IPS. - Knowledge of secure remote access solutions for OT environments. - Experience with vulnerability scanning tools such as ACAS, Nessus, Qualys, Forescout, and EyeInspect. - Familiarity with cybersecurity frameworks including NIST CSF, ISA/IEC 62443, and NERC CIP. - Understanding of DoD cybersecurity requirements including STIGs, IAVMs, and configuration guides. - Experience with patch management and change management processes. - Ability to conduct forensic analysis within OT environments. - Proficiency with Microsoft Excel, Access, Power BI, and Power Platform. - Strong analytical, problem-solving, and research skills. - Excellent written and verbal communication skills. - Ability to work independently and in team environments. - Active DoD Secret Clearance. - Training module or course completion in Forescout. Education Requirements: - One of the following certifications: 300 - ICS Cybersecurity; AWS Certified Solutions Architect - Associate; GIAC Certified Windows Security Administrator (GCWN); Infoblox Core DDI Configuration and Administration; ISA Certified Control System; Microsoft Certified: Azure Administrator Associate; Microsoft Certified Solutions Associate Windows Server 2016; Microsoft 365 Certified: Messaging Administrator Associate; MS 2016 Active Directory Identity and Networking; Oracle Cloud Infrastructure Foundations 2020 Certified Associate; OCI Cloud Infrastructure Foundations Associate 2025 Exam. - And one of the following certifications: CCNA Security; CompTIA CySA+; GICSP; CompTIA Security+ CE; CND; SSCP. Recruitment Transparency Notice Eliassen Group values transparency in our recruitment practices. Please be advised that Eliassen Group utilizes artificial intelligence (AI) tools as part of its initial application screening and hiring process. You may receive email and SMS notifications from the Eliassen Virtual Recruiting Team (noreply@eliassen.com, 781-808-2924) inviting you to complete a brief voice screening as part of your application process. These tools assist our hiring teams in different ways, including but not limited to, assistance in reviewing application materials to help identify candidates whose qualifications most closely match the requirements of the position. All AI-assisted evaluations and responses are reviewed by human recruiters before any hiring decisions are made. The use of AI in our process is intended to support fairness, efficiency, and consistency, and Eliassen Group takes measures to prevent bias or discrimination in connection with its hiring practices. By proceeding, you acknowledge, agree, and consent to Eliassen Group’s use of these tools, including AI tools, as part of the application and hiring process. Skills, experience, and other compensable factors will be considered when determining pay rate. The pay range provided in this posting reflects a W2 hourly rate; other employment options may be available that may result in pay outside of the provided range. W2 employees of Eliassen Group who are regularly scheduled to work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law in the worked-in state/locality. If anyone reaches out to you about an open position connected with Eliassen Group, please ensure that you are working directly with us by confirming the following: About Eliassen Group: Eliassen Group is a strategic consulting firm that helps organizations reach further and achieve more through our technology, business advisory, and life sciences solutions. For nearly 40 years, we have combined exceptional people, deep domain expertise, and intelligent capabilities to expand our clients’ capacity and accelerate meaningful outcomes. We are driven by a purpose to positively impact the lives of our employees, clients, consultants, and the communities we serve. Eliassen is committed to building a diverse and inclusive team from a variety of backgrounds, perspectives, and skills. We are an Equal Opportunity and Affirmative Action Employer and all employment decisions are based on merit, performance, and business needs. Eliassen does not discriminate on the basis of race, color, gender identity or expression, sexual preference or orientation, sex (including pregnancy, childbirth, and related medical conditions), marital status, creed, religion, physical or mental disability, genetic information, military or veteran status, age, ancestry, national origin, citizenship status, prohibited criminal record inquiries of applicants and employees, or any other category protected by federal, state, or local laws.