Role Description We are seeking a Senior Cybersecurity Analyst – GRC (Governance, Risk, and Compliance) to support and improve our security compliance and risk management program. This individual will help manage third-party audits, perform risk assessments, ensure ongoing compliance with security frameworks, and support business teams with customer and vendor assurance. You’ll work closely with security, engineering, legal, and customer teams to ensure Eltropy’s security posture remains strong, transparent, and audit-ready. - Assist in the preparation and execution of third-party audits and assessments, including SOC 2, PCI-DSS, NIST CSF, and ISO 27001. - Support the development and maintenance of Eltropy’s GRC program, ensuring alignment with business and regulatory requirements through well-defined policies, controls, and risk processes. - Respond to customer security questionnaires and due diligence requests. - Conduct and manage vendor security assessments, maintain risk tracking, and ensure third-party compliance. - Perform risk assessments across systems, tools, and business processes; manage mitigation plans and maintain an exceptions register. - Contribute to access governance, including quarterly access reviews, enforcement of least privilege, and identity and access documentation. - Draft, review, and update security policies, standards, and procedures to reflect current risk posture and best practices. - Lead or support security awareness programs to promote a risk-conscious culture among staff and end users. - Contribute to the development and testing of incident response and disaster recovery plans. - Monitor and analyze cybersecurity threats, trends, and technologies, and recommend enhancements to Eltropy’s security posture. - Help ensure the security of IT infrastructure by supporting the implementation and maintenance of measures against unauthorized access, cyber threats, and vulnerabilities. - Track and report on compliance status, audit readiness, and risk trends to key stakeholders. Qualifications - 3–5 years of experience in cybersecurity or IT risk/compliance, with a focus on GRC. - Familiarity with major frameworks like SOC 2, PCI-DSS, ISO/IEC 27001, and NIST CSF. - Experience supporting third-party audits or certifications. - Knowledge of risk management processes and frameworks. - Ability to respond to security due diligence questionnaires and document technical and organizational controls. - Understanding of access governance and identity lifecycle best practices. - Excellent communication, documentation, and stakeholder coordination skills. - Comfort with tools like Vanta, Drata, or similar GRC platforms. Preferred Skills - Experience in a SaaS, FinTech, or regulated technology environment. - Familiarity with cloud environments such as GCP, AWS, or Azure. - Understanding of security operations, incident response, or DevSecOps concepts. Certifications (Preferred But Not Mandatory) - CISA – Certified Information Systems Auditor - ISO 27001 Lead Auditor / Implementer - PCI ISA – Internal Security Assessor Company Description Eltropy is a rocket ship FinTech on a mission to disrupt the way people access financial services. Eltropy enables financial institutions to digitally engage in a secure and compliant way. Using our AI enabled digital conversations platform, community financial institutions can improve operations, engagement and productivity. - CFIs (Community Banks and Credit Unions) use Eltropy to communicate with consumers via Text, Video, Secure Chat, co-browsing, screen sharing and chatbot technology — all integrated in a single platform bolstered by AI, skill-based routing and other contact center capabilities. - Customers are our North Star - No Fear - Tell the truth - Team of Owners Eltropy is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

• Provide support in the areas of export controls, research conflict of interest, and research security. • Identify, analyze, track, and communicate new and emerging federal, state, and sponsor research security legislation, policies, requirements, and resources. • Interpret complex regulatory guidance and provide clear recommendations to University leadership, researchers, and staff. • Facilitate compliance with federal, state, sponsor, and institutional requirements. • Provide high-level support related to research security, export controls and research conflict of interest aspects of sponsored projects. • Conduct initial reviews of international outside activities and agreements to assess research security and compliance considerations. • Conduct reviews of travel disclosures and provide briefings as needed. • Support the development, revision, and implementation of University policies, guidance documents, and resources. • Develop educational materials and provide outreach, training, and advisory support to researchers and staff to promote awareness and compliance. • Serve as a subject matter expert and advise internal stakeholders on mitigation and best practices. • Provide program management for sponsored projects, including coordinating project activities, engaging stakeholders, supporting recruitment efforts, and developing reports, products, and resources. • Manage multiple priorities in a dynamic regulatory environment while maintaining accuracy and attention to detail.

Role Description The NISC IV program at Leidos is seeking a motivated and detail-oriented Junior Digital Forensics Analyst to join our cybersecurity team. In this role, you will assist with digital investigations, incident response activities, evidence collection, and forensic analysis across endpoints, networks, and cloud environments. This is an excellent opportunity for someone looking to build a career in cybersecurity and digital forensics. Primary Responsibilities: - Identify, preserve, acquire, and analyze electronically stored information (ESI) throughout the FAA. - Collect, preserve, and analyze digital evidence from computers, mobile devices, and cloud systems. - Support investigations involving cyber incidents, insider threats, malware infections, and policy violations. - Participate in incident response activities, including containment and recovery efforts. - Manage complex, large volume, and previously un-encountered digital forensics examinations. - Provide analytic case support for investigations, administrative or security inquiries, risk assessments, or other inquiries. - Maintain proper chain-of-custody documentation and forensic procedures. - Analyze logs, system artifacts, and network activity to identify indicators of compromise. - Help prepare forensic reports and present findings to senior analysts or stakeholders. - Familiarity with digital forensic tools, techniques, and procedures. - Research and maintain proficiency in digital forensics tools, techniques, trends, cyber threats. - Prepare and present briefings and reports. - Collaborate with IT, legal, compliance, and security teams as needed. Qualifications - Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Criminal Justice, or related field (or equivalent experience). - Basic understanding of digital forensics and cybersecurity principles. - Familiarity with Windows, Linux, and macOS operating systems. - Knowledge of networking fundamentals, file systems, and system logs. - Strong analytical and problem-solving skills. - Excellent written and verbal communication skills. - Ability to handle sensitive and confidential information professionally. - Must have the ability to obtain a Public Trust Security Clearance Suitability. Requirements - Internship, lab, or hands-on experience in cybersecurity or digital forensics. - Familiarity with forensic tools such as: - EnCase - FTK - Autopsy - Volatility - Wireshark - Understanding of SIEM platforms and incident response workflows. - Relevant certifications are a plus: - CompTIA Security+ - CompTIA CySA+ - GIAC GCFE - CHFI Benefits - Pay Range: $57,850.00 - $104,575.00 - The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. - Additional factors considered in extending an offer include responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Role Description We are seeking a Cyber Security Analyst with hands-on experience in SOC operations, threat hunting, detection engineering, or network security engineering. - Monitor and investigate security alerts and incidents - Perform threat hunting and security investigations - Develop and improve detection rules and monitoring capabilities - Support incident response and remediation efforts - Work directly with clients through email, chat, and video meetings - Create documentation, reports, and technical recommendations Qualifications - 2+ years of experience in SOC, threat hunting, detection engineering, or network security - Experience with SIEM tools and security monitoring - Strong troubleshooting and analytical skills - Knowledge of multiple security domains such as cloud, network, endpoint, incident response, vulnerability management, or threat intelligence - Experience with PowerShell, Python, or Bash is a plus Requirements - CRISC or SSCP certification - SOAR automation experience - Knowledge of MITRE ATT&CK, OWASP, and NIST frameworks - Experience using AI tools for security research and automation