• Support cloud service providers in preparing for FedRAMP authorization through readiness assessments • Perform Gap Assessments & Control Analysis • Develop key deliverables such as System Security Plans (SSP), POA&Ms • Translate NIST SP 800-53 control requirements into practical implementations within cloud environments • Provide guidance on security architecture and control design • Lead technical discussions and workshops with client stakeholders • Contribute to RSI’s development of FedRAMP assessment methodologies

Role Description Are you ready to embark on an exciting journey as a Head of Information Security at GenesisCare UK? Join our dedicated team and play a key role in protecting and strengthening the cyber security posture of one of the UK’s leading independent healthcare providers on a 12-month fixed term contract. As the Head of Information Security, you’ll play a pivotal role in leading and developing GenesisCare UK’s cyber security function. You’ll provide strategic and operational leadership across information security, governance, cyber resilience, risk management, compliance and security operations. This is an exciting opportunity to shape and mature our cyber security landscape, ensuring the organisation remains aligned with industry best practice, evolving threats and key legislative requirements including GDPR, NIS2 and the UK Cyber Security and Resilience Bill. You’ll work closely with senior stakeholders across Technology, Risk, Legal, Information Governance and Operations to drive a culture of security awareness and continuous improvement. What You'll Do: - Lead and develop the GenesisCare UK cyber security team, fostering a high-performing and collaborative culture - Develop and implement information security strategies, policies, frameworks and governance processes - Ensure compliance with relevant legislation and standards including GDPR, ISO27001, Cyber Essentials Plus, NIS2 and the UK Cyber Security and Resilience Bill - Lead cyber security incident response activities including investigations, root cause analysis and remediation - Drive continuous improvement of the organisation’s cyber security posture and Information Security Management System (ISMS) - Oversee security audits, penetration testing, vulnerability management and cyber risk assessments - Provide expert guidance on cyber security technologies including IAM, MFA, endpoint protection, cloud and network security - Manage vendor and third-party cyber security risk activities - Support the governance and oversight of AI technologies from a cyber security perspective - Deliver cyber security awareness and training initiatives across the organisation Qualifications - Significant experience in a Head of Information Security or senior cyber security leadership role - Proven experience leading and developing cyber security teams - Strong knowledge of cyber security governance, risk and compliance frameworks - Experience implementing and managing Information Security Management Systems (ISMS) - Strong understanding of GDPR, Data Protection legislation and cyber security regulatory frameworks - Experience managing security incidents, investigations and remediation activities - Advanced knowledge of SIEM, firewalls, endpoint protection, identity management and vulnerability management technologies - Excellent stakeholder management and communication skills with the ability to influence at all levels - CISSP certification (or equivalent) preferred - Experience within healthcare or other highly regulated environments desirable Benefits - Shape your work-life balance with 25 days of annual leave, plus bank holidays, and the option to buy more or sell back annual leave - Prioritise your well-being with complimentary private medical and dental coverage, access to Employee Assistance Program, and Income Protection - Access our world-class radiotherapy - free to you and your immediate family, if required - Secure your future with a competitive Company Contributory Pension Scheme - Nurture your mental health and well-being through our well-being community, with access to Babylon Health and Headspace Wellbeing - Enjoy hassle-free commutes with free parking at most of our centres - Treat yourself with exclusive retail discounts Company Description GenesisCare UK is the leading provider of private oncology services in the UK, pioneering a transformation in cancer care. Through innovative, personalised treatments, we are enhancing patient quality of life, life expectancy, and overall survival rates. We are a team of over 600 highly trained physicians, healthcare professionals and support staff operating 14 specialist outpatient cancer centres across the UK. Our aim is to provide world-class care, offering the latest proven treatments including advanced diagnostics, medical oncology, radiotherapy, and Theranostics. We take an integrated approach to cancer care, focusing on treating the whole patient, not just the cancer. Our personalised treatment programmes include wellbeing services in partnership with Penny Brohn UK and exercise medicine, proven to enhance patient outcomes. Collaborating with universities and leading clinicians globally, we're dedicated to researching and developing improved cancer treatments. Our UK clinical trials programme aims to broaden access to new therapies. We’re passionate about innovation and working together to make great things happen. We make significant investments in our employees to provide opportunities for growth, learning, and development within their roles. Join GenesisCare UK and shape your future, while shaping the future of cancer care.

Reports to: Senior Manager, Internal Security Location: Remote US Compensation Range: $165,000 to $193,000 base plus bonus and equity What We Do: Cybercrime is growing, and more businesses are getting hit by threats that used to target only the biggest organizations. That pushes defenders like us to operate at the highest level, and it deepens our need for good people who want to make a meaningful impact. Founded in 2015 by former NSA cyber operators, Huntress is a remote-first team working to make enterprise-grade cybersecurity accessible to businesses of all sizes. We work closely with security teams and service providers protecting complex environments, often without the time or headcount to handle it all. That’s why we build our technology in-house and back it with a 24/7 human-led Security Operations Center (SOC). As a result, our platform is never disconnected from the experts who manage it, ensuring our customers' protection. Huntress now secures more than 5M endpoints and 11M identities worldwide. Those numbers keep growing because more businesses rely on us to help carry the load and operate with more confidence. Every day, you can see that commitment in how we stand with our customers and how we show up for each other. What You’ll Do: Huntress is looking for a highly skilled Staff Cloud Security Engineer to join our fully remote team. You will take on the critical responsibility of securing the cloud-native infrastructure that powers our SaaS platform and internal processes. This role is perfect for a hands-on engineer who is passionate about designing, building, and defending highly scalable and secure cloud environments. You will be a key player in ensuring our platform remains secure and resilient, enabling us to confidently protect the environments of our rapidly growing customer base. Responsibilities: - Product Security: Huntress is a B2B SaaS company providing a range of cybersecurity services to our partners and customers. You will be a key member of the internal product security team and help drive effective security detection and response across our production platform. A requirement for this role is having worked at a B2B SaaS company that provides cloud-hosted services to customers. You are right at home interacting with developers who work in SaaS production environments. - Secure Cloud Architecture: You will design, evaluate, and implement architectural security standards for our AWS, Azure, and PaaS cloud platforms. You’ll be a key stakeholder when we onboard new technologies or modify existing ones to meet business goals and objectives. - DevSecOps Collaboration: Partner directly with internal DevOps and Platform teams to build security into every stage of the infrastructure-as-code lifecycle. You are comfortable engaging via PRs and reviewing IaC/HCL/DSL configurations. - Threat Modeling: You are comfortable reviewing architecture and product development pitches, leveraging your extensive security knowledge to ensure security and privacy by design. - Platform Vulnerability and Risk Management: You'll manage a robust vulnerability management program specifically tailored to our cloud environments. This entails triaging high-severity alerts and coordinating with internal teams to drive mitigations or remediations. - Threat Detection & Response: You will develop strategies to respond to and recover from security incidents affecting the Huntress platform. You'll also implement tools, including runtime and build-level controls, to assist in threat detection and prevention. - Own Security Compliance: This role will have the primary responsibility of owning cloud security controls end-to-end, including the design, monitoring, and remediation of control failures. What You Bring To The Team: - Flexible Security Mindset: You approach security as a business enabler, with a passion for striking the right balance between security, usability, and agility. You bring a measured, risk-based approach to solving security risks and challenges. - SaaS Background: You have experience working within a fast-paced SaaS company and understand the unique security challenges of a cloud-first environment. - Value Documentation: You recognize documentation as a critical tool for showing impact and value. You effectively detail security recommendations, process improvements, architectural decisions, and innovative ideas to ensure clarity and organizational buy-in. - A Security-as-Code / Infrastructure-as-Code Mindset: You are comfortable with IaC tools such as Terraform / Spacelift, as well as other engineering tools such as CircleCI and Git. You are comfortable reading cloud configurations and understanding architecture from the code up. - Proficiency with Scripting: You are comfortable with a scripting language in order to get things done. Whether that is Python or Go, or something else entirely, you leverage scripting to parse data or comb through logs efficiently. - Team Player: You are an effective collaborator and communicator both cross-functionally and functionally. - Deep Cloud Expertise: You possess extensive knowledge of AWS and/or Azure and other cloud platforms, with demonstrated expertise in designing secure cloud, application, and system architectures. You are intimately familiar with cloud-native security tooling, logging, identity management, and security policy. - Incident Response Knowledge: You have a working knowledge of incident response processes and strategies and are familiar with computer forensic tools and methods. You are familiar with a query language (jQL, SQL, Splunk, etc.) and are comfortable combing through datasets during an incident. - Remote-First Collaboration: You are an excellent communicator, capable of thriving and driving initiatives in a distributed, asynchronous work environment. What We Offer: - 100% remote work environment - since our founding in 2015 - Generous paid time off policy, including vacation, sick time, and paid holidays - 12 weeks of paid parental leave - Highly competitive and comprehensive medical, dental, and vision benefits plans - 401(k) with a 5% contribution regardless of employee contribution - Life and Disability insurance plans - Stock options for all full-time employees - One-time $500 reimbursement for building/upgrading home office - Annual allowance for education and professional development assistance - $75 USD/month digital reimbursement - Access to the BetterUp platform for coaching, personal, and professional growth Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status. We do discriminate against hackers who try to exploit businesses of all sizes. Accommodations: If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com. Please note that non-accommodation requests to this inbox will not receive a response. Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process, but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights. #BI-Remote

• This position will be fully remote and can be hired anywhere in the continental U.S. • Our consultants are skilled technical and consultative resources expected to be strong in both technical and soft skills. • A Consultant must be a proven self-starter with the ability to problem-solve, communicate, participate in diverse project teams from a technical perspective, and interface effectively with customers, vendor partners, and colleagues. • Establish & maintain productive and respectful relationships with the delivery team, practice management, and client management team. • You will actively contribute to improving operational efficiency on projects and internal initiatives. • Deliver timely engagements and work closely with Practice Directors to drive training and education, career development, performance development, and collaboration across the team. • In line with Optiv’s commitment to quality, you will confirm that work is of the highest quality as per Optiv’s quality standards, by reviewing the work provided by other members. • Able to solo deliver or act as "point" for complex projects. • Acts as technical escalation point to assist other consultants. • Lead in capacity planning and HW specification recommendation efforts. • Lead in all Technology deployment activities, connector configuration, custom rule development, workflow configuration and development, and third-party system integration. • Lead in Business Continuity, Cyber Resilience and Disaster Recovery efforts. • Lead User Acceptance Testing and bug-related engineering efforts. • Design, implement and educate on specific technology build processes, code migration, and source control use. • Provide knowledge transfer and post production support activities as necessary. • Effective team communicator. • Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional associations such as ISSA. • Obtain and maintain top tier vendor certification. • Complete administrative project tasks like time and expense entry, status reporting, and project completion reporting. • Acts as contributor in Optiv communities for solutions of focus.