• Avaliação de Arquitetura: Analisar e revisar arquiteturas de soluções OT, garantindo aderência às boas práticas de segurança cibernética. • Segurança de Equipamentos OT: Realizar avaliações de segurança em equipamentos como IEDs, PLCs, AMIs e dispositivos de campo. • Controles Cibernéticos: Desenvolver e implementar controles de segurança em ambientes OT, alinhados às normas e regulamentações vigentes. • Gestão de Vulnerabilidades: Identificar, classificar e gerenciar vulnerabilidades, garantindo ações corretivas em tempo hábil. • Monitoramento e Ferramentas: Configurar e operar ferramentas de IDS, antivírus e firewalls específicas para OT. • Análise e Troubleshooting: Realizar análise de pacotes e redes OT, solucionando problemas de desempenho e segurança. • KPIs e OKRs: Definir e acompanhar indicadores de desempenho e objetivos de segurança cibernética.

Role Description Reporting to the Global CTO/CISO, the Head of Security owns the full security program across Ignyte and its operating companies: engineering, operations, governance/risk/compliance, and incident response. You will run day-to-day security operations and detection & response, own and rationalize the security technology stack, lead the GRC and regulatory agenda, drive cyber due diligence and post-close security integration for acquisitions, and own incident response end to end. You will lead a direct team of four and manage key security vendors, partners, and budget. Key Responsibilities - Security Engineering & Operations: - Own day-to-day security operations: detection & response, EDR/XDR, email security, endpoint management, SIEM/log management, and vulnerability management. - Drive measurable gains in detection coverage, mean time to detect/respond, and operational maturity. - Manage MDR/MSSP and tooling vendor relationships. - Cloud & Identity Security: - Lead security posture across Microsoft Azure and Microsoft 365 / Entra ID (Microsoft Defender suite, conditional access, identity governance, and privileged access). - Operate cloud security posture management and drive remediation to closure. - M&A Cyber Due Diligence & Integration: - Lead pre-acquisition cyber due diligence: external attack surface mapping, gap assessment, etc. - Own post-close security integration (onboarding acquired entities onto the common baseline, rationalizing overlapping tooling, and supporting TSA stand-up and exit). - Incident Response: - Own the incident response program (playbooks, tabletop exercises, forensics/vendor coordination, and executive communication during incidents). - Governance, Risk & Compliance: - Own the GRC function: security risk management, the risk register, policy and standards, and control-framework alignment (NIST CSF / CIS Controls). - Run the security exception, remediation, and risk-acceptance process and surface residual risk to executive leadership. - Leadership: - Lead, mentor, and grow the security team. - Build global relationships within a matrixed organization. - Own the security operations budget and roadmap; report posture and risk to the CISO and leadership. Qualifications - 10+ years in information security, including 4+ years in security leadership. - Experience owning aspects of a security program end to end: engineering, operations, GRC, and incident response (not just a single function). - Deep, hands-on expertise with the CrowdStrike suite of tools, including Falcon (EDR/XDR, threat hunting, response, Spotlight). - Strong Microsoft Azure and Microsoft 365 / Entra ID security expertise (Defender, conditional access, identity governance). - Hands-on incident response leadership and modern SecOps practices (detection engineering, vulnerability management). - Experience in a regulated industry (insurance or financial services), with working knowledge of NYDFS 23 NYCRR 500 or a comparable regime. - Demonstrable experience with email threat detection and endpoint management, log management/detection (SIEM), and external attack surface management. Preferred Qualifications - Previous MSP/MSSP experience highly desired. - Experience in a highly acquisitive, multi-entity environment. - Insurance, MGA/MGU, or brokerage industry background. - Relevant certifications (e.g., CISSP, CCSP, Azure Security Engineer, GIAC). - Track record standing up or maturing a security program through rapid inorganic growth. - Demonstrated M&A cyber due diligence and integration experience, assessing and onboarding acquired companies onto a common security baseline. Benefits - Competitive benefits offering including medical, dental, vision, and supplemental benefits. - Company-paid life insurance, long-term and short-term disability policies. - 14 annual paid holidays and generous PTO plan. - 401(k) with annual Safe Harbor and profit share contributions. - Open to remote work environment.

Title: Information Systems Security Officer ISSO Location: Albany United States Job Description: Information Systems Security Officer (ISSO) New York, NY | Remote | Hybrid | Albany, NY Information Technology Full Time Hybrid Apply for this job ISSO Employment Type: Full-Time Experienced Department: Information Technology CGS is seeking an Information Systems Security Officer (ISSO) with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support Dept. of Commerce systems and efforts to achieve their Authorization to Operate (ATO). This position is located at the client site in the Herbert Hoover building in Washington DC. The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM. In this role, youll conduct security assessment and information system security oversight activities in accordance with NIST 800.53 that support systems from the perspective RMF requirements. CGS brings motivated, highly skilled, and creative people together to solve the governments most dynamic problems with cutting-edge technology. To carry out our mission, we are seeking candidates who are excited to contribute to government innovation, appreciate collaboration, and can anticipate the needs of others. Here at CGS, we offer an environment in which our employees feel supported, and we encourage professional growth through various learning opportunities. Skills and attributes for success - Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades. - Maintain responsibility for managing cybersecurity risk from an organizational perspective. - Identify organizational risks, prioritize those risks, and maintain a risk registry for escalating and presenting those risks to senior leadership. - Provide security guidance and IS validation using the National Institute of Standards and Technology (NIST) RMF, DoC, and local security policies. - Providing configuration management (CM) recommendations for information system security software, hardware, and firmware, and coordinating changes and modifications with the ISSM, Security Control Assessor (SCA), and Authorizing Official (AO). - Maintain vulnerability scanning tool compliance such as HBSS or ACAS and patch management such as IAVM to ensure IT staff pushes patches to all systems in an effort to maintain compliance with all applicable directives, manage system changes, and assess the security impact of those changes. - Support security authorization activities including transitioning from the legacy Information Assurance Certification and Accreditation Process (DIACAP) to compliance with the DoC RMF. - Provide subject matter expertise for cyber security and trusted system technology. - Apply advanced technical knowledge and analysis of specialized functional areas in task requirements to develop solutions to complex problems. - Research, write, review, disposition, feedback, and finalize recommendations regarding cyber security policy, assessment and authorization assessments (A&As), security test and evaluation reports, and security engineering practices and processes. - Conduct research and write risk assessment reports to include risk thresholds, evaluation, and scoring. - Support analysis of the findings and provide expert technical guidance for mitigation strategies, including implementation advice on the cyber security risk findings and other complex problems. Qualifications - Bachelors Degree. - A minimum of five (5) years experience as an Information Assurance (IA) Analyst, ISSE, ISSO, or similar role in ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, Standard Operating Procedures, test results, etc. - eMASS experience. - Professional security certification such as CCNA Security, CySA, GICSP, GSEC, CompTIA Security+, CE, SSCP, or higher. - Strong desktop publishing skills using Microsoft Word and Excel. - Experience with industry writing styles such as grammar, sentence form, and structure. - Ability to multi-task in a deadline-oriented environment. Ideally, you will also have - CISSP, CASP, or a similar certificate is preferred. - Masters Degree in Cybersecurity or related field. - Strong initiative, detail orientation, organizational skills, and aptitude for analytical thinking. - Demonstrated ability to work well independently and as a part of a team. - Excellent work ethic and a high commitment to quality. Our Commitment Contact Government Services (CGS) strives to simplify and enhance government bureaucracy through the optimization of human, technical, and financial resources. We combine cutting-edge technology with world-class personnel to deliver customized solutions that fit our clients specific needs. We are committed to solving the most challenging and dynamic problems. For the past seven years, weve been growing our government contracting portfolio, and along the way, weve created valuable partnerships by demonstrating a commitment to honesty, professionalism, and quality work. Here at CGS, we value honesty through hard work and self-awareness, professionalism in all we do, and to deliver the best quality to our consumers, mending those relations for years to come. We care about our employees. Therefore, we offer a comprehensive benefits package: - Health, Dental, and Vision - Life Insurance - 401k - Flexible Spending Account - Health, Dependent Care, and Commuter - Paid Time Off and Observance of State/Federal Holidays Contact Government Services LLC is an Equal Opportunity Employer. Applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Join our team and become part of government innovation. Explore additional job opportunities with CGS on our Job Board: https://cgsfederal.com/join-our-team For more information about CGS, please visit https://www.cgsfederal.com or contact Email: emailprotected CJ92213.33 - $125,146.66 a year We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us. Apply for this job

• Own the enterprise IAM governance and architecture strategy • Define multi-year IAM roadmap aligned to Zero Trust and business priorities • Influence funding, prioritization, and sequencing of IAM initiatives • Represent identity risk and posture to senior leadership and governance forums • Establish enterprise identity reference architectures and guardrails • Act as final design authority for identity integrations and access models • Define authentication, authorization, and privilege models across platforms • Ensure consistency across workforce, application, and privileged identities • Guide adoption of password-less, JIT access, and adaptive authentication • Define enterprise IAM policies, standards, and control frameworks • Oversee access governance methodologies (reviews, certifications, exceptions) • Establish IAM risk metrics and maturity assessments • Drive remediation of systemic identity risks • Provide executive-level support for audits and regulatory inquiries • Partner with IT, HR, Legal, Compliance, and Engineering teams • Influence identity operating models without direct operational ownership • Lead working groups and design councils related to identity • Evaluate IAM, IGA, and PAM technologies from a strategic perspective • Define success criteria for IAM tooling and integrations • Stay current with identity threat trends and evolving best practices