Role Description We’re hiring Senior NIST 800-53A Security Control Assessors for multiple federal assessment projects kicking off between. ⚠️ This is NOT a general GRC or compliance role. We are specifically looking for professionals who have hands-on experience executing full NIST 800-53A assessments, not just mapping controls or supporting audits. What you’ll actually be doing: - Developing Security Assessment Plans (SAP) with defined testing procedures (Inspect / Interview / Test) - Conducting control assessments across all control families (technical + administrative) - Interviewing control owners and validating implementation statements in SSPs - Performing evidence-based testing (logs, configurations, artifacts) - Writing Security Assessment Reports (SAR) with formal findings and risk ratings - Building POA&M entries tied to identified control deficiencies 🚫 Not a fit if your experience is limited to SOC 2, ISO 27001, or third-party risk management without hands-on 800-53A assessment execution. Qualifications - 5+ years of direct experience performing NIST 800-53A assessments - Proven ownership of SAP and SAR deliverables - Strong experience designing and executing control testing procedures - Background in RMF, FedRAMP, FISMA, or CMS ARS frameworks - Ability to independently validate controls beyond documentation review Requirements - Experience with CMS ARS / ARC-AMPE baseline (Nice to have) - Strong Excel-based evidence mapping and tracking (Nice to have) Benefits As a lean, growing firm, we prioritize results over red tape, offering you a direct seat at the table and a clear path for career progression as we scale. You won’t be just a number here; you’ll have the autonomy to make a visible impact on the business from day one.

• Define and lead the long-term product security strategy, roadmap, and vision in alignment with company goals, risk appetite, and regulatory requirements. • Serve as the internal authority on application and product security, providing expert guidance to engineering, product, and executive leadership. • Drive a company-wide culture of security ownership embedding security thinking deeply into the habits of every engineering team. • Architect and continuously evolve a best-in-class Product Security program, spanning threat modeling, SAST, DAST, IAST, SCA, runtime protection, and API security. • Lead the design and enforcement of secure development standards across web, mobile, and cloud including secure coding guidelines, IaC policies, and API security frameworks. • Identify and drive resolution of systemic, high-impact vulnerabilities and architectural security gaps across Greenlight's platform. • Lead and mature Greenlight's penetration testing program, both through internal efforts and external vendor partnerships. • Partner with engineering and platform teams to build security-enhancing product features that protect our customers' financial data. • Establish and lead incident response processes for product-level security events, including root cause analysis and systemic remediation. • Evaluate and introduce emerging security tooling, techniques, and frameworks to keep Greenlight ahead of the threat landscape. • Mentor staff and senior engineers across the security and engineering organizations, raising the overall security engineering capability of the company.

• Lead the high-stakes mission of embedding security into the very DNA of our software development lifecycle • Manage a high-performing engineering team dedicated to protecting our LLM-powered features, Kubernetes clusters, and the brand trust our customers rely on • Partnering with engineering teams to embed automated security testing (SAST/DAST/SCA) into CI/CD workflows and IDEs • Implementing NIST and OWASP AI frameworks for LLM features and managing the Software Bill of Materials (SBOM) to mitigate supply chain risks • Leading the PSIRT process, managing the Bug Bounty program, and overseeing offensive security efforts like penetration testing and threat modeling • Owning product security controls for FedRAMP, SOC 2, and ISO 27001 • Managing the product security budget, vendor relationships, and developer enablement programs • Mentor your team to technical excellence while holding them accountable for the security of every line of code • Represent Collibra’s security posture to the world’s most demanding enterprise customers

• Interagir avec les clients d'Airbnb et les membres de la communauté en utilisant tous les canaux actuels et futurs, qu'il s'agisse des outils Airbnb ou d'outils externes, dont le clavardage, les réseaux sociaux, la messagerie et le téléphone. • Gérer de bout en bout des dossiers complexes dans le but de régler les problèmes des clients en suivant la méthodologie de travail et les directives. • Reconnaître le type et la gravité des dossiers et bien les traiter en fonction du champ d'application du service et en faisant appel à d'autres équipes, le cas échéant. • Prendre en charge des dossiers d'un certain degré de gravité ou de complexité sous étroite supervision. • Être capable de reconnaître et d'évaluer les comportements menaçants et risqués.