• Manage VentureWell’s device fleet (macOS, iOS, iPadOS) using Jamf, including configuration profiles, patching, encryption enforcement, and endpoint hardening • Configure, administer, and secure SaaS platforms including Google Workspace, Okta, Slack, Zoom, Salesforce, Box, and BetterCloud, including integrations and lifecycle management • Administer and maintain cloud-based systems and services (including AWS), partnering with vendors and internal teams to ensure uptime and security • Serve as the escalation point for complex technical issues related to SaaS platforms, device management, identity systems, and integrations • Maintain a transparent, documented SaaS application inventory and support software request review, vetting, and decision documentation • Develop and maintain SOPs and technical documentation for systems, integrations, and operational processes • Identify opportunities to improve system architecture, scalability, and reliability across SaaS and cloud environments and lead implementation of those improvements • Drive continuous improvement of IT systems and processes, balancing day-to-day operational support with longer-term optimization initiatives • Monitor and respond to security alerts, vulnerability findings, and threat intelligence across endpoint, SaaS, and cloud environments • Perform root cause analysis on security incidents and recommend corrective actions • Manage endpoint security tooling and monitoring (e.g., Jamf Protect) and integrate telemetry with logging platforms (e.g., Datadog, CloudWatch) • Lead vulnerability scans, penetration test coordination, and remediation tracking • Review logs and security reports to identify risks, trends, and required remediation • Proactively identify security gaps, risks and emerging threats and implement improvements to strengthen VentureWell’s overall security posture • Continuously enhance monitoring, detection and response capabilities across endpoint, SaaS and cloud environments • Partner with internal team members to priorities and remediate vulnerabilities based on risk, business impact and organizational priorities • Support implementation and ongoing maintenance of NIST SP 800-171 and CMMC Level 2 controls • Maintain and update the System Security Plan (SSP) and Plan of Action & Milestones (POA&M) • Draft, review, and maintain security policies, standards, baselines, and procedures

• Manage inbound security questionnaires/RFIs and coordinate inputs across IT, Legal, Engineering, and other stakeholders • Maintain and continuously improve a centralized library of standardized, policy-aligned security responses • Track questionnaire/RFI status, deadlines, and follow-ups to ensure accurate, on-time delivery • Support the end-to-end third-party vendor risk lifecycle, including onboarding, periodic reviews, and offboarding • Conduct vendor security risk assessments using established frameworks and questionnaires (e.g., SIG, CAIQ, custom templates) • Maintain the vendor risk register, including risk ratings, evidence requests, remediation actions, and review schedules; escalate high-risk findings • Coordinate audit readiness activities (e.g., SOC 2 Type II, TISAX, internal audits), including continuous evidence collection and audit calendars • Serve as a point of contact during audit fieldwork by scheduling walkthroughs, gathering artifacts, and tracking auditor requests • Track audit findings and management responses and follow remediation commitments through closure; help update control narratives, policies, and procedures • Monitor and track vulnerabilities (scans, penetration tests, threat intel), maintain the vulnerability register, drive follow-ups, and produce status reporting.

Role Description Provide enterprise cybersecurity systems engineering, integration, and modernization support for HHS cybersecurity initiatives related to Post-Quantum Cryptography (PQC), Zero Trust (ZT), and enterprise security interoperability. - Support analysis, coordination, and integration of cybersecurity technologies, systems, and enterprise security architectures across HHS environments. - Assess interoperability, dependencies, and integration considerations between cybersecurity tools, cryptographic technologies, governance processes, and enterprise systems. - Support implementation planning and coordination for cybersecurity modernization initiatives involving PQC readiness, cryptographic agility, and Zero Trust alignment. - Assist in evaluating system configurations, security architecture alignment, and technical dependencies across enterprise environments. - Collaborate with technical and program stakeholders to support secure, scalable, and interoperable cybersecurity modernization efforts. - Support enterprise cybersecurity engineering activities across cloud, hybrid, and on-premises environments, as applicable. Qualifications - Support enterprise cryptographic discovery, dependency analysis, and interoperability assessment activities associated with cybersecurity modernization and PQC readiness initiatives. - Support discovery and inventory activities related to cryptographic assets across enterprise environments. - Assess and review data related to cryptographic dependencies across enterprise systems, applications, and network environments to identify vulnerable cryptographic implementations and technologies impacted by PQC migration requirements. - Assist in identifying legacy systems, applications, and technologies that may not support PQC algorithms or cryptographic agility principles. - Support interoperability assessments and dependency analysis related to enterprise cryptographic modernization initiatives. - Assist with the evaluation of operational impacts, integration dependencies, and transition considerations associated with PQC modernization efforts. Requirements - Support planning, coordination, and technical integration activities associated with Post-Quantum Cryptography modernization initiatives. - Support the development of migration strategies and implementation roadmaps for transitioning enterprise cybersecurity environments toward PQC-capable solutions. - Assist with implementation planning for TLS 1.3 adoption and other modern cryptographic protocols. - Support evaluation of vendor documentation, product roadmaps, and PQC readiness statements for enterprise technologies and security platforms. - Assist with architecture reviews to support future-state cybersecurity environments, incorporating cryptographic agility principles. - Assist with the development of technical standards, implementation guidance, and engineering baselines supporting PQC migration and modernization activities. - Support evaluation of emerging cybersecurity technologies, standards, and modernization approaches related to PQC implementation considerations. Benefits - Support testing, validation, and technical assessment activities associated with cybersecurity modernization and PQC readiness initiatives. - Assist with the development of testing procedures, interoperability assessments, and validation criteria for PQC-capable technologies and modernization initiatives. - Support review of test results, operational impacts, compatibility considerations, technical risks, and recommended remediation approaches. - Support pilot implementations, proof-of-concept activities, and technical coordination efforts related to PQC migration and cybersecurity modernization planning. - Support risk identification, impact assessments, and technical analysis associated with enterprise cybersecurity modernization efforts. Documentation, Reporting & Stakeholder Coordination - Support operational visibility, technical documentation, reporting, and stakeholder coordination activities across cybersecurity modernization initiatives. - Assist with the development and maintenance of technical documentation, implementation procedures, engineering diagrams, architecture artifacts, and operational guidance. - Support preparation of reports, technical summaries, status updates, technical briefings, leadership presentations, and decision support materials. - Document identified risks, issues, dependencies, implementation considerations, and recommendations associated with PQC migration and cybersecurity modernization activities. - Support the development of inventory reports, migration-related documentation, dashboards, trackers, and reporting artifacts required for federal reporting and compliance activities. - Communicate technical concepts, modernization impacts, and interoperability considerations clearly to both technical and non-technical stakeholders. - Contribute to continuous improvement efforts supporting enterprise cybersecurity modernization, systems integration, and governance alignment.

Title: Project Coordinator II, Security Location: California, United States Job Description: Location: This is a 100% remote position. The position may be hybrid if the employee is local, in the San Diego, California region. Hybrid work model: 60% remote, 40% on-site as needed. General Summary The Project Coordinator will be part of an established team providing comprehensive project coordination of security projects. The role requires experience with supporting small through large-scale projects from inception through completion. Supervision Level: Reports to Director, Network Communications. Responsibilities: - Provides project support, including meeting coordination and project progress tracking. - Maintains documentation, meeting minutes, action items, deliverables, purchase orders, material shipments, return authorizations, and change orders. - Collaborates with internal and external stakeholders to understand project needs and meet requirements. - Assists project managers with preparing work orders documents, budgets, schedules, statement of work, and project plans. - Prepares summaries and detailed project reports for management and project team members. - Communicates project milestones, progress, and deliverables. - Conducts audits to ensure accuracy, quality, and completeness of project scopes. - Monitors budgets, forecasts, and develops monthly variance reports. - Provides Request for Information and Request for Proposal support as needed. - Identifies and raises issues and risks; recommends actions to resolve. - Performs other duties as assigned.