Role Description C3 is looking for a Cybersecurity Advisor who is self-motivated and comfortable working both independently and as part of a collaborative consulting team. In this role, you will act as a trusted cybersecurity subject matter expert (SME) helping clients understand their risk posture and implement meaningful improvements to their security programs. You will work directly with client leadership, technical teams, and compliance stakeholders to assess environments, identify gaps, and design practical security strategies. Some days may involve: - Reviewing security policies - Conducting risk assessments - Advising executives on security strategy - Leading tabletop exercises - Helping organizations prepare for compliance audits The common thread is simple: helping clients make smart security decisions. The Cybersecurity Advisor should be familiar with: - Federal laws - NIST information security concepts and frameworks - Common industry standards such as SOC 2, CIS, ISO 27001, COSO, PCI-DSS, HIPAA, and COBIT Qualifications - Minimum of 5+ years working in Cybersecurity roles such as Consulting, Auditing, and Project Management - CISSP, CISA, CGRC, GSE, or CISM Certification - Bachelor’s Degree in Business, Accounting, Cybersecurity, Information Technology, Computer Science, Computer Information Systems, or a related discipline - Understanding in the areas of Information Assurance, Risk Management, Information Security, IT Audits, Compliance, Internal Control Frameworks, and Risk Assessments - Demonstrated ability to prioritize while simultaneously managing multiple projects, often under tight deadlines - Business-fluent written and spoken English language skills - Excellent written and verbal communications skills - Proven commitment to providing exceptional client service - Effective time management and organizational skills - Team player with strong interpersonal communication - Self-starter with a strong work ethic - Able to perform work which requires attention to detail, analytical ability, and organization - Skilled at using Microsoft Excel, Word, PowerPoint, etc. - Strong attention to detail Requirements - Perform Risk Assessments (utilizing well-known frameworks such as NIST CSF, NIST RMF, CIS RAM, ISO27001) - Provide Security Control Implementation (NIST 800-53, NIST 800-171, CIS 18, PCI-DSS, HIPAA) - Perform Gap Analyses (based on compliance frameworks such as AICPA SOC 2, HIPAA, PCI-DSS, FFIEC) - Develop Simulated Phishing Testing Campaigns - Develop and Implement Security Awareness Training Programs - Act as Virtual Chief Information Security Officer to Clients - Perform Business Impact Analyses (BIA) - Facilitate Incident Response & Business Continuity Tabletop Exercises - Review, Develop, and Implement Cybersecurity Risk Management Programs - Review, Develop, and Implement Vendor/Third Party Risk Management Programs - Review & Develop Policies (Information Security, Business Continuity, Disaster Recovery, Incident Response, Vulnerability Lifecycle Management, Physical Security, etc.) - Communicate Assessment Results with Management and Executives - Analyze Conditions and Offer Recommendations on Best Practice - Establish and Maintain Strong Client Relationships - Assist with further developing our next generation service offerings and the infrastructure required to facilitate these offerings (proposals, client-facing materials, work programs, templates) Benefits - To be a part of one of the fastest-growing companies in America, and a talented team to back you up - An awesome culture, backed up by winning several Best Places to Work awards - Medical, Dental, Vision Insurance - Four Weeks of Paid Time Off (vacation & sick leave) - Four weeks of Paid Maternity and Paternity leave - Two days of Paid Volunteer Time - 401(k) with 4% Company Match - Company Bonus Structure - Tuition Reimbursement - Employer-sponsored Disability & Life Insurance - Professional Development

• Collects, analyzes, and summarizes information on project phases, task, duration, resources, and costs. • Participates in developing plans, work breakdown structures, schedules, budgets, and resources assignments for projects that are subject to management review and approval. • Act as liaison among internal and external stakeholders, business unit functional areas and project development teams to ensure effective project coordination among participating groups. • Facilitates communication among project participants to expedite project processes to resolve issues and problems. • Schedule and facilitate meetings on project status and issue resolution. • Determines specific project deliverables, defines the process for the review and approval of deliverables, and specifies quality criteria for deliverables assessment. • Defines project scope subject to management approval, establishes the process for altering the scope, and responds to requests for changes to the scope. • Builds time estimates, develops project schedule, and addresses scheduling problems as they arise. • Develops, maintains, publishes and distributes comprehensive project plans. • Identifies, mitigates and recommends alternatives to handling risks and issues that threaten the successful completion of the project within the deadline. • Monitors and reports project progress to objectives in timeframes, scope, quality, costs and risks. • Receives information on project status, changes and issues. • Identifies potential sources for solutions, and contacts appropriate parties to initiate action. • Takes an outward focused stance to delivery, removing roadblocks that could distract the team. • Prepare project status reports for upper management. • Collaborate with key project members to document and obtain buy-in and approvals items such as requirements, scope to meet the requirements, milestones, project health changes, issue and risks. • Manage project security assessment to ensure completeness and approval before project Go-Live date. • Identity, mitigate and recommend alternatives for handling risks and issues that threaten the successful completion of the project within the deadline. • Develop and maintain project risk management plans. • Coordinate project risk identification, quantification, response development and control.

Role Description Senior Engineers must be capable of operating without direct oversight. They must also possess a sufficient depth of experience and knowledge in IT and security to be responsible for performing complex engineering tasks, including: - Tool testing - Deployment - Maintenance - Troubleshooting - Enhancements Additionally, they must possess the technical analytical skills to support intrusion detection and incident response (IR) activities, including: - Threat hunting - Leading IR engagements - Performing forensics as needed As a senior member of the SecOps team, Senior Engineers will be expected to provide mentorship, support, and training to Engineers, as needed. We are seeking a Security Engineer specializing in Disaster Recovery (DR) to design, implement, and maintain the technical resilience capabilities that ensure the continuity of critical systems and services during disruptions. This role sits at the intersection of: - Cybersecurity - Infrastructure engineering - Continuity planning - Cloud operations - Incident response You will be responsible for building and validating DR architectures, coordinating recovery procedures, ensuring data integrity, and driving enterprise readiness through repeatable testing and continuous improvement. This role requires hands-on technical depth and strong collaboration across security, infrastructure, operations, and business stakeholders. Qualifications - 5+ years in cybersecurity, systems engineering, cloud engineering, or infrastructure roles - Hands-on experience with DR technologies, systems recovery, or backup administration - Strong knowledge of backup systems, replication technologies, and DR platforms (e.g., Veeam, Cohesity, Commvault, Rubrik) - Cloud resilience (Azure, AWS, or GCP) including cross-region failover, cloud backups, and native DR tooling - Virtualization and storage platforms (VMware, Hyper-V, SAN/NAS replication) - Networking fundamentals for DR: DNS failover, routing, load balancing, connectivity validation - Familiarity with identity and access resilience (AD/Entra ID, Federation, SSO) - Knowledge of NIST SP 800-34 (Contingency Planning), NIST CSF, and CIS Controls related to resilience - Strong analytical and documentation abilities; effective communication with technical and non-technical stakeholders - Ability to coordinate multi-team efforts during DR testing or real-world events Requirements - Design and implement DR and resilience architectures across on-prem, cloud, and hybrid environments - Engineer backup, replication, failover, and failback solutions for critical applications and infrastructure - Validate that technology solutions meet or exceed RTO/RPO targets - Develop reference architectures and patterns for: - Multi-region and multi AZ cloud failover - Storage and VM replication - Database resilience (e.g., AlwaysOn, read replicas, cross region failover) - Evaluate and implement DR related security tooling, including backup encryption and immutable storage - Maintain DR systems, runbooks, and automation scripts across environments - Ensure continuous monitoring of backup health, replication status, capacity, retention, and data integrity - Work with infrastructure teams to ensure patching, configuration, and change management do not impact recoverability - Conduct root cause analysis for failures in backup or DR processes and drive corrective actions - Plan and execute DR exercises, including tabletop, functional, and full-scale failover tests - Develop comprehensive DR runbooks, architecture diagrams, and recovery workflows - Partner with application owners to validate recovery procedures and ensure they are up-to-date, accurate, and actionable - Document test outcomes, improvement plans, residual risks, and executive level reporting - Align DR engineering with corporate security standards, regulatory requirements, and audit expectations (e.g., SOX, HIPAA, PCI) - Perform technical risk assessments, identify single points of failure, and recommend remediation strategies - Support internal and external audits related to business continuity, disaster recovery, and data protection - Collaborate with Business Continuity to ensure DR capabilities align to broader resilience goals - Continuously evaluate new DR technologies and cloud-native features to modernize recovery capabilities - Identify opportunities to improve cost efficiency while maintaining or improving resilience posture Benefits - Medical, dental, vision, and disability insurance plans - 401(k) retirement savings plan - PTO (including paid sick time) - 8 paid holidays per year (for salaried and hourly team members)

Role Description This is a remote role that can be hired in NC, AZ, and TX. We are looking for a motivated Privileged Access Management (PAM) Engineer to join our Information Security team. This role is ideal for someone with foundational experience in identity or infrastructure security who is looking to grow their expertise in PAM technologies and privileged account protection. You will help support and enhance enterprise PAM solutions while gaining hands-on experience in securing critical systems and credentials. - Assist in the deployment, configuration, and integration of PAM solutions across the enterprise. - Provide day-to-day operational support and administration of PAM platforms. - Support the management and security of privileged accounts and credentials, including service accounts and keys. - Collaborate with team members and stakeholders to gather requirements and support implementation efforts. - Help develop and maintain technical documentation, including SOPs and system design artifacts. - Create and update system diagrams and process documentation using tools like Visio. - Participate in system upgrades, patching, and security updates for PAM tools. - Assist with troubleshooting, performance tuning, and enhancements of security tools. - Support multiple initiatives and projects under guidance from senior engineers. - Participate in on-call or after-hours support on a rotational basis. Qualifications - Bachelor's Degree and 2 years of experience in Systems engineering, networking, or information security OR High School Diploma or GED and 6 years of experience in Systems engineering, networking, or information security. Requirements - Basic to intermediate experience with PAM tools (e.g., CyberArk, HashiCorp Vault, Delinea) or exposure to identity/security platforms. - Familiarity with privileged account concepts and access control principles. - Experience with scripting or automation (PowerShell, Python, or similar) is preferred. - Working knowledge of Windows Server administration. - Basic experience with Active Directory and directory services (LDAP). - Exposure to Linux/UNIX environments. - Fundamental understanding of networking concepts (TCP/IP, firewalls). - Familiarity with common protocols such as HTTP/HTTPS, DNS, SSH, and SMTP. - Proficiency with Microsoft Office tools (Word, Excel, PowerPoint); Visio experience is a plus. Preferred Qualifications - Exposure to identity governance tools such as SailPoint. - Experience with role-based access control (RBAC) concepts. - Understanding of security best practices and frameworks. - Relevant certifications (e.g., Security+, CySA+, or vendor-specific PAM/IAM certifications) are a plus. Benefits Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits .