Role Description We are seeking a detail-oriented cybersecurity compliance professional to support system authorization and continuous monitoring activities within a Federal environment. This role is responsible for managing the security authorization lifecycle for one or more information systems, ensuring compliance with Federal cybersecurity requirements, and maintaining the documentation necessary to support Authorization to Operate (ATO) decisions. The ideal candidate will have experience working with NIST RMF, NIST SP 800-53 controls, security authorization packages, POA&M management, and compliance documentation. Candidates should be comfortable working with technical teams to assess control implementation, identify compliance gaps, and provide guidance to support remediation efforts and POA&M closure. Key Responsibilities - Manage the security authorization lifecycle for one or more information systems in accordance with Federal Risk Management Framework (RMF) requirements. - Coordinate activities required to obtain and maintain Authorization to Operate (ATO) approvals. - Assess and track implementation of NIST SP 800-53 security controls and associated compliance requirements. - Develop, review, update, and maintain authorization package documentation, including: - System Security Plans (SSPs) - Security Assessment Reports (SARs) - Plan of Action and Milestones (POA&Ms) - Risk Assessments - Continuous Monitoring documentation - Security-related policies and procedures - Manage POA&M activities by tracking findings, monitoring remediation progress, validating corrective actions, and supporting closure efforts. - Provide technical guidance and compliance recommendations to system owners, engineers, administrators, and security stakeholders to facilitate POA&M remediation and closure. - Coordinate with technical teams to gather evidence supporting security control implementation and compliance requirements. - Review vulnerability scan results, assessment findings, and security documentation to identify compliance gaps and areas requiring remediation. - Support continuous monitoring activities by tracking security posture, compliance status, and ongoing control effectiveness. - Participate in security assessments, audits, and compliance reviews conducted by internal and external stakeholders. - Assist in the development of risk mitigation strategies and recommendations for addressing identified security weaknesses. - Track authorization milestones, compliance deadlines, and remediation activities to ensure timely completion. - Communicate compliance status, risks, findings, and recommendations to both technical and non-technical stakeholders. - Support audits and reporting activities related to Federal cybersecurity requirements and organizational security programs. Qualifications - Experience supporting cybersecurity compliance, security authorization, risk management, or information security programs. - Experience working with the NIST Risk Management Framework (RMF). - Subject matter expertise with NIST SP 800-53 security controls and Federal cybersecurity compliance requirements. - Experience supporting the development, maintenance, or review of authorization package documentation, including SSPs, SARs, POA&Ms, and Risk Assessments. - Understanding of the Authorization to Operate (ATO) process and continuous monitoring requirements. - Experience tracking and managing POA&M findings through remediation and closure. - Ability to review technical security information and translate findings into compliance documentation and actionable recommendations. - Understanding of cybersecurity principles, security controls, vulnerability management, and risk management concepts. - Strong organizational skills with the ability to manage multiple systems, priorities, and compliance activities simultaneously. - Strong written and verbal communication skills, including the ability to develop and review formal security documentation. - Proficiency with Microsoft Office applications, particularly Excel, Word, and PowerPoint. - U.S. Citizen or Green Card Permanent Resident with a minimum of three (3) years of U.S. residency. - Ability to obtain and maintain an FAA Public Trust. Education & Experience Substitutions - Mid to senior: Bachelor’s degree in Cybersecurity, Information Technology, Telecommunications, or a related field with 9+ years of experience in cybersecurity or network security roles. - Substitutions: A High School degree with a total of 15 years of experience in cybersecurity or network security roles; a Master's degree with a total of 6 years of experience in cybersecurity or network security roles. - Senior: Bachelor’s degree in Cybersecurity, Information Technology, Telecommunications, or a related field with 16+ years of experience in cybersecurity or network security roles. - Substitutions: A High School degree with a total of 20 years of experience in cybersecurity or network security roles; an Associate's Degree with a total of 18 years of experience in cybersecurity or network security roles; a Master's degree with a total of 13 years of experience in cybersecurity or network security roles. Desired Qualifications - Experience supporting federal government programs, preferably within the FAA, Department of Transportation, or other civilian federal agencies. - FAA or transportation sector experience preferred. - Experience serving as an Information System Security Officer (ISSO), Security Control Assessor (SCA), Information System Security Manager (ISSM), or similar cybersecurity compliance role. - Experience managing authorization packages for multiple systems simultaneously. - Strong knowledge of NIST SP 800-53 Rev. 5, NIST RMF, FISMA, and related Federal cybersecurity requirements. - Experience developing, reviewing, and maintaining SSPs, SARs, POA&Ms, Risk Assessments, Contingency Plans, and other authorization artifacts. - Experience conducting control assessments, compliance reviews, and security documentation audits. - Ability to interpret technical findings from vulnerability scans, configuration assessments, and security reviews to support risk-based decision-making. - Experience providing technical guidance to engineering and operations teams to support corrective actions and POA&M closure. - Familiarity with continuous monitoring programs and ongoing authorization requirements. - Experience working with vulnerability management tools, compliance dashboards, and governance, risk, and compliance (GRC) platforms. - Knowledge of cloud security compliance, Zero Trust Architecture, and modern Federal cybersecurity initiatives. - Industry certifications such as: - CISSP - CAP (Certified Authorization Professional) - Security+ - CISM - GSLC - CGRC - or equivalent certifications - Strong written, verbal, analytical, and interpersonal communication skills, with the ability to interact effectively with technical teams, auditors, system owners, and government stakeholders. Compensation Ranges - For D.C., NJ, Remote: $78,900 - $123,300 - Senior: For D.C., NJ, Remote: $95,500 - $180,525

• Protect the organization’s digital banking systems • Safeguard sensitive member data from cyber threats • Monitor and analyze security events across on-premises and cloud environments • Identify system vulnerabilities and implement risk mitigation strategies • Ensure compliance with PCI data and cloud infrastructure

Job Description Are You Ready to Make It Happen at Mondelēz International? Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours. You work with the information security team as a competent and experienced information security and compliance specialist. How you will contribute You will assess information security risks in line with internal policy and external best practices, and support security of information and IT assets by testing security systems and applying security standards, policies, and procedures. Under the guidance of global information security lead, you will implement cyber security technology and provide day-to-day business support. If relevant to your role, you will manage third-party providers to ensure that any internal or third-party adhere to standards. You will also provide information security training to appropriate teams. What you will bring A desire to drive your future and accelerate your career. You will bring experience and knowledge in: - Information security, compliance and risk management - Security solutions and their applicability to Mondelēz International - Security strategies, awareness campaigns, policies/standards and governance - Communicating effectively with technical specialists, leaders and peers - Analytical and problem-solving abilities - Being a team player by supporting and leading to achieve common goals No Relocation support available Business Unit Summary At Mondelēz International, our purpose is to empower people to snack right by offering the right snack, for the right moment, made the right way. That means delivering a broad range of delicious, high-quality snacks that nourish life's moments, made with sustainable ingredients and packaging that consumers can feel good about. We have a rich portfolio of strong brands globally and locally including many household names such as Oreo, belVita and LU biscuits; Cadbury Dairy Milk, Milka and Toblerone chocolate; Sour Patch Kids candy and Trident gum. We are proud to hold the top position globally in biscuits, chocolate and candy and the second top position in gum. Our 80,000 makers and bakers are located in more than 80 countries and we sell our products in over 150 countries around the world. Our people are energized for growth and critical to us living our purpose and values. We are a diverse community that can make things happen-and happen fast. Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. Job Type Regular Information Security Technology & Digital

• Support organization-wide data classification programs tailored for international and government contexts. • Implement and maintain classification-driven security controls in data warehouses (Snowflake, Redshift, BigQuery, Databricks, Azure Synapse, Microsoft Fabric or on-prem solutions). • Manage data sovereignty, localization requirements, and cross-border transfer mechanisms (Standard Contractual Clauses, Binding Corporate Rules, adequacy decisions). • Support FedRAMP, FISMA, NIST 800-53, CMMC, ITAR, or equivalent government frameworks. • Secure data ingestion, transformation, and movement processes with classification-aware controls. • Enforce strict access controls based on data classification, user clearance levels, and need-to-know principles. • Support risk assessments, vulnerability scans, and penetration testing focused on international data flows and government environments. • Support security incident investigations involving data warehouses, ensuring proper handling per government and international breach notification requirements. • Partner with data engineering, compliance, legal, and government stakeholders to embed security and classification into data architecture and pipelines.