Data Security Engineer Location: Ford Island United States Job Description: Data Security Engineer The Opportunity: Architect, deploy, and configure data security solutions across various clients for DoD, IC, and civilian federal clients. Create new architectures to meet client requirements adhering to Zero Trust best practices and IC data header guidelines. Interface with key stakeholders, including agency personnel and internal delivery and engineering teams. Assist in building custom policy to ensure positive control of data across hybrid cloud environments. You Have: - 3+ years of experience designing, deploying, and configuring data security solutions - Experience with Data Security Posture Management (DSPM) tools such as Varonis or BigID - Experience with Data Loss Prevention (DLP) tools such as Forcepoint, Trellix, or Symantec - Experience with data labeling and tagging solutions such as Purview, Fortra, or Titus - Experience documenting and diagraming technical architectures - Secret clearance - HS diploma or GED Nice If You Have: - Experience working in federal, DoD, or IC agency environments - Experience managing and maintaining containerization solutions - Knowledge of federal information security policies, standards, procedures, directives, frameworks, federal security authorizations, assessment, and risk management processes for enterprise systems - Knowledge of Trusted Data Format (TDF) and Attribute Based Access Control (ABAC) - Knowledge of Virtru Data Security Platform (DSP) and Keycloak - Top Secret clearance - Bachelor's degree in an IT, Cybersecurity, or Engineering field Clearance: Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required. Compensation At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page. Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $86,900.00 to $198,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen's total compensation package for employees. This posting will close within 90 days from the Posting Date. Identity Statement As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud. Candidate AI Usage Policy AI is a part of our daily work at Booz Allen, and we are committed to the responsible and ethical use of AI tools. However, we want to ensure a fair candidate process based on your own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) or other tools to assist with responses during interviews (whether in-person or virtual) is prohibited unless permission is explicitly provided. Work Model Our people-first culture prioritizes the benefits of collaboration, whether it occurs in person or virtually. To support engagement and effective communication, employees working virtually are generally expected to have their cameras on during meetings. - Remote: If this position is listed as remote, there may still be occasions when you are required to work in person at a Booz Allen or customer facility. - Hybrid: If this position is listed as hybrid, you will be expected to work from a Booz Allen facility frequently, in alignment with leadership expectations and the needs of the role. You may also be required to work from or visit a customer facility. - Onsite: If this position is listed as onsite, work will primarily be performed at a Booz Allen office or customer facility, where employees will collaborate directly with colleagues and customers as required by the role. Commitment to Non-Discrimination All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

Administer US government security policies, create assessment packages using Risk Management Framework, manage system administrators for software updates, and conduct security self-reviews to ensure compliance with security protocols and procedures.

Title: Cybersecurity Risk Analyst Location: Houston, TX, US, 77010 Company: NRG As an NRG employee, we encourage you to take charge of your career and development journey. We invite you to explore exciting opportunities across our businesses. You’ll find that our dynamic work environment provides variety and challenge. Your growth is key to our ongoing success—take the lead in shaping your career development, goals and future! JOB SUMMARY: The Cybersecurity Risk Analyst supports the organization's cyber risk management program by identifying, assessing, documenting, and communicating cyber risk across systems, applications, technologies, and business initiatives. This role partners with Technology, Business, Enterprise Risk and other stakeholders to enable risk-informed decisions and practical risk treatment outcomes. The role is focused on internal cybersecurity risk assessments evaluating threats, vulnerabilities, control gaps, and business impact while helping stakeholders align on risk acceptance decisions consistent with organizational risk tolerance. Work is guided by the NIST CSF 2.0, with expected familiarity with FAIR and professional AI tools, as well as awareness of emerging technology risks and evolving cyber threats. This role is distinct from team responsibilities centered on third-party risk, vendor contracts, security surveys, or regulatory compliance. Essential Duties and Responsibilities: Cybersecurity Risk Assessment - Conduct cybersecurity risk assessments for systems, applications, infrastructure, technologies, projects, and business initiatives. - Identify, assess, analyze, and document cybersecurity threats, vulnerabilities, control gaps, exploitability considerations, and potential business impacts. - Evaluate inherent and residual cyber risk and develop clear, supportable risk statements, ratings, and recommendations. - Apply established cybersecurity risk assessment methodologies, frameworks, and reference materials, including FAIR and other relevant cyber risk analysis approaches. - Support practical and well-informed cyber risk treatment recommendations, including mitigation, remediation, transfer, avoidance, and acceptance. - Assist in identifying and documenting reasonable cyber risk acceptance positions aligned with business objectives, governance expectations, and organizational risk tolerance. Stakeholder Engagement and Risk Facilitation - Partner with stakeholders across Technology, Cybersecurity, Business, and Enterprise Risk to gather information and support effective cyber risk assessments. - Facilitate meetings, workshops, and working sessions to bring the right stakeholders together for risk identification, analysis, treatment, and acceptance discussions. - Build alignment across teams and help translate technical cybersecurity issues into clear business risk implications and decision points. - Coordinate with team members responsible for adjacent activities, including third-party risk management, compliance support, contract review, security surveys, and regulatory matters, while maintaining primary focus on internal cyber risk assessment and analysis. Vulnerability and Threat-Informed Risk Analysis - Work closely with vulnerability management and other cybersecurity teams to understand vulnerability exposure, remediation priorities, compensating controls, and the impact of technical findings on cyber risk. - Analyze vulnerability data, remediation status, exploitability, and exposure trends to inform cyber risk assessments and recommendations. - Maintain awareness of emerging cyber threats, attack techniques, threat actor activity, and technology developments that may affect the organization’s risk posture. Metrics, Reporting, and Program Support - Collect, organize, analyze, and report cybersecurity risk metrics, trends, and themes to support leadership reporting and program oversight. - Prepare clear and concise risk assessment documentation, reports, summaries, and presentations for technical and non-technical stakeholders. - Support the continuous improvement of cybersecurity risk assessment processes, templates, standards, and reporting practices. - Use approved AI-enabled tools responsibly to support cyber risk research, analysis, documentation, and operational efficiency in accordance with company requirements. - Incorporate considerations related to artificial intelligence, generative AI, and other emerging technology risks into cybersecurity risk assessments, as applicable. Working Conditions: - Hybrid. - Travel minimally. Minimum Requirements: - A bachelor’s degree in Cybersecurity, Information Technology, Information Systems, Risk Management, Business, or a related field is preferred but not required. - A minimum of five years of experience in cybersecurity, information security, cyber risk, technology risk, vulnerability management, IT audit, or a related discipline is essential. - Demonstrated experience performing cybersecurity or technology risk assessments is required. - Familiarity with the NIST Cybersecurity Framework (CSF) 2.0 is required. - Familiarity with FAIR and other recognized cybersecurity risk assessment methodologies, models, or reference resources are required. - Experience with vulnerability management concepts, processes, and reporting, including the ability to interpret vulnerability data in a risk context, is required. - Proficiency in Microsoft Office products, including Word, Excel, PowerPoint, and SharePoint, is expected. - Ability to effectively apply approved AI technologies such as CoPilot in a professional environment is expected. Additional Knowledge, Skills and Abilities: Technical & Domain Expertise: - Strong understanding of cybersecurity risk principles, threats, vulnerabilities, control environments, and risk treatment concepts. - Working knowledge of cybersecurity frameworks and references, including NIST CSF 2.0, and familiarity with related standards such as NIST 800-53, CIS Controls, ISO 27001, or COBIT. - Familiarity with cyber risk analysis methods such as FAIR; familiarity with quantitative risk analysis concepts, including Monte Carlo simulation, is preferred but not required. - Knowledge of vulnerability management practices and the ability to connect technical findings to broader business and cyber risk considerations. - Awareness of artificial intelligence, generative AI, and emerging technology risks, and the ability to incorporate those considerations into cyber risk assessments. - Experience in energy, utilities, critical infrastructure, or other highly regulated industries is preferred. - Knowledge of operational technology, industrial control systems, or energy generation and retail environments is preferred. Skills & Competencies: - Strong analytical, critical thinking, and problem-solving capabilities. - Effective stakeholder engagement and facilitation skills, with the ability to bring teams together and drive productive risk discussions. - Ability to gather, interpret, and present risk metrics and related data in a meaningful and actionable manner. - Strong written and verbal communication skills, including the ability to prepare professional documentation and communicate effectively with both technical and non-technical audiences. - Ability to translate complex cybersecurity issues into clear, concise, and business-relevant risk information. - Strong organizational skills and the ability to manage multiple priorities while delivering high-quality work within established deadlines. - Demonstrated ability to work collaboratively across Cybersecurity, Technology, Business, and Enterprise Risk teams. Physical Requirements: - From time to it may be required to move light computer equipment such as laptops. NRG Energy is committed to a drug and alcohol-free workplace. To the extent permitted by law and any applicable collective bargaining agreement, employees are subject to periodic random drug testing, and post-accident and reasonable suspicion drug and alcohol testing. EOE AA M/F/Vet/Disability. Level, Title and/or Salary may be adjusted based on the applicant's experience or skills.

Title: Information Security Officer Location: Stockholm, Sweden Workplace: hybrid Category: EU Security & Tech Foundation Job Description: WHO WE ARE At Trustly, we're building a smarter, faster, and more secure financial future by revolutionizing the world of payments. As a global leader in Open Banking Payments, we are establishing Pay by Bank as the new standard at checkout, providing unparalleled freedom, speed, and ease to millions of consumers and merchants worldwide. Our Ambition: To build the world’s most disruptive payment network and redefine what the payment experience should feel like. Trustly is a global team of innovators, collaborators, and doers. If you are driven by a strong sense of purpose and thrive in a dynamic, entrepreneurial, and high-growth environment, join us and be part of a team that’s transforming the way the world pays ABOUT THE TEAM The Security team is Trustly's first line of defence. We do the hands-on security work - running risk assessments, reviewing vendors, maintaining policies and procedures, driving business continuity and disaster recovery, and making sure security is embedded in how Trustly builds and operates its products. We work closely with engineering, legal, finance, risk & compliance, HR and senior leadership, and partner with the second line for governance and oversight. ABOUT THE ROLE We are looking for an experienced Information Security Officer to join the Information Security team, reporting to the Director of Security in Stockholm. The role sits in the first line of defence, meaning you will be directly responsible for executing and operating security activities - not just governing or overseeing them. You will work across the full breadth of the role — owning and driving security governance, risk management, third-party oversight, business continuity, compliance and awareness. You will be expected to work independently, influence decisions across teams, and improve how we operate. At the more senior end, you will help shape security strategy and act as stand-in for the Director of Security when needed. What you'll do - Develop, maintain and communicate Trustly's information security framework (ISMS), including instructions and routines aligned with regulatory requirements and industry standards - Lead information security risk assessments, define and track risk treatment plans, and keep the risk register current - Assess the security posture of third-party vendors and partners during onboarding and through ongoing oversight, define contractual security requirements, and drive remediation of gaps - Ensure business continuity, disaster recovery and crisis management capabilities meet regulatory requirements and are regularly tested - Define and maintain security controls across areas such as access management, internal fraud prevention, monitoring and segregation of duties - Ensure compliance with applicable regulatory requirements, contractual obligations and industry standards; coordinate and support internal and external audits and certifications - Respond to customer due diligence requests, security questionnaires and supplier assessments - Promote security awareness across the organisation through training, communication and guidance - Manage the security incident process and the exception and risk acceptance process, ensuring deviations are documented and approved at the right level - Act as stand-in for the Director of Security when required Who you are - 5+ years of experience in information security, with a focus on governance, risk management or compliance - ideally in regulated financial services or payments - Experience leading and building a team(s) and/or larger projects - Strong working knowledge of ISO/IEC 27001 - Familiarity with frameworks such as NIST CSF will be considered as beneficial - Practical experience translating regulatory requirements (e.g. any regulations and standards such as DORA, NIS 2, PSD2, EBA guidelines) into policy and process - Proven experience with third-party risk management across the vendor lifecycle - Excellent written and verbal communication - you can write a clear policy, present to an all-hands audience, and advise senior leadership with equal ease - Comfortable driving cross-functional initiatives and influencing stakeholders at all levels - If you hold one or more relevant certifications (active or expired) such as CISM, ISO 27001 Lead Implementer, CISA, CISSP or similar, this is considered beneficial - Fluent in English, written and spoken. Swedish is a bonus but not a requirement Our Fantastic Benefits (varies by location) 20 to 30 days of holiday to support a healthy work-life balance Monthly team outing allowance to enjoy social events with your colleagues Parental leave top-up additional support for new parents Daily breakfast and on-site perks to make your workday smoother Well being support our health allowance covers gym memberships, massages, and much more to help you feel your best PLUS additional benefits designed to enhance your work-life experience!