Title: Information Security Officer Location: Naperville, IL Full Time Experienced Job Description: Sourcebooks is seeking an Information Security Officer to own and manage key components of the company’s Information Security Management System (ISMS) and help strengthen our security and compliance program. This role plays an important part in protecting company systems, data, and operations by leading risk management activities, coordinating security audits, managing policy governance, and supporting business continuity planning. The Information Security Officer will work closely with IT, Legal, and business stakeholders across the organization to ensure the company maintains strong security governance, regulatory compliance, and operational resilience. This is an exempt, salaried position with a range of $110, 000 - $120,00/annually. Starting pay is based on a thoughtful evaluation of job-related factors including geographic location, market conditions, relevant experience, training, and education to ensure a fair and competitive offer. This is a hybrid role based out of our Naperville, IL office with training 5 days/week in office for the first 90 days. Hybrid schedule will be discussed after 90 days. What you’ll do - Manage and help mature the company’s Information Security Management System (ISMS). - Lead risk assessments, control gap assessments, and Business Impact Analyses (BIA). - Maintain the organization’s risk register and track key risk indicators (KRIs) and security metrics. - Coordinate remediation activities to address security risks and control gaps. - Support internal and external security audits and regulatory compliance initiatives. Business Continuity & Resilience - Maintain and coordinate the company’s Business Continuity and Disaster Recovery program. - Lead Business Impact Analyses with stakeholders to identify critical systems and operational dependencies. - Support periodic testing of continuity and recovery plans. Policy Governance - Develop, maintain, and enforce information security policies, standards, and guidelines aligned with regulatory requirements and industry best practices. - Partner with the Legal team to ensure policies address regulatory, privacy, and contractual obligations. - Promote adoption of security policies across the organization and support compliance monitoring. Third-Party Risk - Assess security risks related to vendors and service providers that access company systems or data. - Support security reviews for new vendors and coordinate remediation activities related to third-party security findings. Fraud & Threat Monitoring - Monitor external threat intelligence to identify potential fraud or malicious activity. - Coordinate with Legal and external services to address domain spoofing, impersonation, and related threats. Security Awareness & Program Support - Support cybersecurity awareness initiatives including phishing simulations and employee training. - Track security initiatives and communicate program progress, risks, and accomplishments to leadership. - Develop security metrics and reporting to communicate the organization’s risk posture and program maturity. What you bring: - Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field. - 5+ years of experience in cybersecurity, technology risk, governance/risk/compliance (GRC), or technical compliance roles. - Strong understanding of security governance, policy development, and risk management practices. - Experience supporting security audits and regulatory compliance initiatives. - Familiarity with security frameworks such as ISO 27001, ISO 27701, NIST Cybersecurity Framework, NIST SP800-53, NIST SP800-171, PCI-DSS, HITRUST, or CMMC. - Experience evaluating and implementing security controls. - Strong analytical, project management, and communication skills. - Familiarity with Governance, Risk & Compliance (GRC) tools. Nice to have - Security certifications such as CISSP, CISM, CISA, or CRISC. - Experience supporting Business Continuity Planning or Disaster Recovery programs. - Experience working within an ISO-aligned Information Security Management System. Why Sourcebooks? As Newsweek’s #2 Most Loved Workplace in 2024 and a recognized leader in innovation by Fast Company (2024 Most Innovative Companies, 2023 Best Workplaces for Innovators), we use a mission-driven, data-centered approach to drive success for our authors and their books. We’re a thriving entrepreneurial company that creates books that transcend categories and defy odds, and we’ve been honored with hundreds of national bestsellers and awards. We are passionate book lovers dedicated to connecting books to readers in innovative ways. Story by story, book by book, we have changed more than 300 million lives. Join us as we change 300 million more! Full-time employees are eligible for our comprehensive benefits program. Our range of benefits include, but are not limited to, Medical/Prescription drug insurance, Dental, Vision, Health Care, Dependent Care, Flexible Spending Account, Health Savings Account, 401(k), Short and Long-Term Disability Insurance, Life/AD&D Insurance, and generous paid time off. Sourcebooks values the array of talents and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status.

Title: Cloud Security Specialist IV Location: Remote Full Time Experienced Job Description: GAMA-1 is seeking a remote Cloud Security Specialist IV focused on AWS security operations, IAM, incident response, vulnerability management, and compliance in regulated environments. In partnership with the ISSO, this role is responsible for the overall protection of the enterprise cloud environment, ensuring data security and regulatory compliance while implementing best practices for access control, encryption, and threat mitigation. The Cloud Security Specialist IV collaborates with engineering and operations teams to secure systems, support audits and compliance efforts, and drive effective security across AWS environments. What You Will Do in This Role The Cloud Security Specialist IV is responsible for leading AWS security operations, managing enterprise security controls and IAM, driving incident response and compliance, and serving as the SME and customer point of contact to ensure secure, resilient, and well-governed cloud environments. Responsibilities include: - Serve as the Cloud Security SME and primary customer point of contact - Operate and monitor security controls across enterprise IT systems to support security operations - Lead cloud security operations in AWS (e.g., WAF, GuardDuty, Macie, CloudTrail, CloudWatch, Control Tower), ensuring effective detection, response, and governance - Perform security monitoring, incident response, and digital forensics using SIEM tools - Direct and influence multi-disciplinary teams in the implementation and operation of cybersecurity controls across the enterprise - Collaborate with application developers and database administrators to deliver innovative solutions to complex technology challenges and business requirements - Provide subject matter expertise on information security architecture and systems engineering to IT and business stakeholders - Drive automation of security controls, data, and processes to enhance metrics, visibility, and operational efficiency - Implement and manage IAM solutions (ForgeRock, SailPoint, SSO, provisioning, lifecycle management) to ensure secure and effective access governance - Assess risks and vulnerabilities and implement appropriate mitigation strategies - Support audits, compliance activities, and execution of the security roadmap to ensure regulatory alignment and continuous improvement What You Will Bring Required Qualifications - 8+ years of experience securing enterprise or mission-critical systems in regulated or government environments - 5+ years of hands-on security operations experience, including monitoring, detection, and response - 4+ years of AWS cloud security experience in production environments - 4+ years of Windows and Linux security administration in enterprise environments - Experience developing and enhancing security compliance reporting (e.g., AWS Security Hub, CloudTrail) - Demonstrated experience identifying, mitigating, and managing vulnerabilities - Experience supporting incident response activities and working with SIEM platforms Preferred Qualifications - Experience with IAM integrations (Active Directory, LDAP, enterprise databases), SSO, and identity lifecycle management - Working knowledge of federal security frameworks and standards, including NIST 800-37/53, IRS 1075, and MARS-E - Experience with vulnerability management, penetration testing, and enterprise firewall administration - Scripting experience in Java, JavaScript, or shell scripting Work authorization/security clearance requirements - Ability to obtain a security clearance. Work Environment - This work is normally completed in a remote environment. Physical Demands - Prolonged periods of sitting at a desk and working on a computer. - Must be able to access and navigate each department at the organization's and client facilities. Travel Required - No Proficiency Requirement - The employee is expected to demonstrate proficiency in all essential job functions, tools, and processes related to this position within the first 90 days of employment. This includes acquiring a thorough understanding of job-specific responsibilities, systems, and workflows as outlined during onboarding and training. Failure to meet this requirement may result in additional training, reassessment, or other actions as deemed necessary by management. GAMA-1 also offers a variety of benefits, including health insurance coverage, life and disability insurance, 401(k) savings plan, training and career development opportunities, paid holidays and paid time off (PTO - to cover vacation, illness or disability, appointments, emergencies or other situations that require time off from work).

• Own and evolve parts of the cloud security landscape across AWS and GCP • Embed security practices into CI/CD pipelines and Infrastructure as Code using Terraform • Drive security automation across environments, reducing manual processes and operational risk • Act as a security evangelist, influencing engineers to adopt secure-by-default practices • Partner with development, SRE, and infrastructure teams to improve security remediation and incident management • Support incident response activities, post-incident improvements, and operational readiness • Contribute to security tooling, standards, documentation, and continuous improvement initiatives

Description and Requirements About the Role: MetLife is seeking an experienced and innovative individual to lead the architectural design and evolution of our global enterprise identity governance platform. This role is critical in shaping the architecture, development standards, and strategic direction of MetLife's IAM solutions. Key Responsibilities: - Define and drive the architectural vision for our global SailPoint IdentityIQ implementation to support the enterprise. - Lead the design and development of IAM solutions, including but not limited to custom workflows, rules, connectors, plugins, scripts and other integrations to support complex business requirements. - Lead regular architectural design and code reviews to ensure adherence to best practices, security standards, and performance benchmarks. - Oversee and guide the implementation of CI/CD pipelines in Azure DevOps for IAM code deployments. - Collaborate with engineering, security, and compliance teams to align IAM solutions with enterprise goals. - Mentor and support engineering teams in implementing scalable and maintainable IAM solutions. Required Qualifications: - 7+ years of overall Identity and Access Management experience, including SailPoint IdentityIQ. - Demonstrated leadership in architectural design and technical governance, including code reviews and solution validation. - Deep understanding of identity lifecycle management, role-based access control (RBAC), access certification, and policy enforcement. - Experience with SailPoint IdentityIQ, including lifecycle management, custom workflows, application onboarding, and other advanced customizations using Java and/or Beanshell. Preferred Qualifications: - Hands-on experience with infrastructure and IT operations supporting SailPoint IdentityIQ, including application server architecture, database connectivity, load balancing, certificate management, and coordination with network, platform, and security teams to ensure performance, scalability, and reliability. - Strong scripting skills (e.g., PowerShell, Python) for automation and integration tasks. The expected salary range for this position is $112,400 - $189,400. This role may also be eligible for annual short-term incentive compensation. All incentives and benefits are subject to the applicable plan terms. Benefits We Offer Our U.S. benefits address holistic well-being with programs for physical and mental health, financial wellness, and support for families. We offer a comprehensive health plan that includes medical/prescription drug and vision, dental insurance, and no-cost short- and long-term disability. We also provide company-paid life insurance and legal services, a retirement pension funded entirely by MetLife and 401(k) with employer matching, group discounts on voluntary insurance products including auto and home, pet, critical illness, hospital indemnity, and accident insurance, as well as Employee Assistance Program (EAP) and digital mental health programs, parental leave, paid time off, paid holidays, volunteer time off, tuition assistance and much more! About MetLife Recognized on Fortune magazine's list of the "World's Most Admired Companies", Fortune World's 25 Best Workplaces™, as well as the Fortune 100 Best Companies to Work For®, MetLife, through its subsidiaries and affiliates, is one of the world's leading financial services companies; providing insurance, annuities, employee benefits and asset management to individual and institutional customers. With operations in more than 40 markets, we hold leading positions in the United States, Latin America, Asia, Europe, and the Middle East. Our purpose is simple - to help our colleagues, customers, communities, and the world at large create a more confident future. United by purpose and guided by our core values - Win Together, Do the Right Thing, Deliver Impact Over Activity, and Think Ahead - we're inspired to transform the next century in financial services. At MetLife, it's #AllTogetherPossible . Join us! MetLife is an Equal Opportunity Employer. All employment decisions are made without regards to race, color, national origin, religion, creed, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, marital or domestic/civil partnership status, genetic information, citizenship status (although applicants and employees must be legally authorized to work in the United States), uniformed service member or veteran status, or any other characteristic protected by applicable federal, state, or local law ("protected characteristics"). If you need an accommodation due to a disability, please email us at accommodations@metlife.com. This information will be held in confidence and used only to determine an appropriate accommodation for the application process. MetLife maintains a drug-free workplace. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liabilities. $112,400 - $189,400