Job Description Are You Ready to Make It Happen at Mondelēz International? Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours. You work with the information security team as a competent and experienced information security and compliance specialist. How you will contribute You will assess information security risks in line with internal policy and external best practices, and support security of information and IT assets by testing security systems and applying security standards, policies, and procedures. Under the guidance of global information security lead, you will implement cyber security technology and provide day-to-day business support. If relevant to your role, you will manage third-party providers to ensure that any internal or third-party adhere to standards. You will also provide information security training to appropriate teams. What you will bring A desire to drive your future and accelerate your career. You will bring experience and knowledge in: - Information security, compliance and risk management - Security solutions and their applicability to Mondelēz International - Security strategies, awareness campaigns, policies/standards and governance - Communicating effectively with technical specialists, leaders and peers - Analytical and problem-solving abilities - Being a team player by supporting and leading to achieve common goals No Relocation support available Business Unit Summary At Mondelēz International, our purpose is to empower people to snack right by offering the right snack, for the right moment, made the right way. That means delivering a broad range of delicious, high-quality snacks that nourish life's moments, made with sustainable ingredients and packaging that consumers can feel good about. We have a rich portfolio of strong brands globally and locally including many household names such as Oreo, belVita and LU biscuits; Cadbury Dairy Milk, Milka and Toblerone chocolate; Sour Patch Kids candy and Trident gum. We are proud to hold the top position globally in biscuits, chocolate and candy and the second top position in gum. Our 80,000 makers and bakers are located in more than 80 countries and we sell our products in over 150 countries around the world. Our people are energized for growth and critical to us living our purpose and values. We are a diverse community that can make things happen-and happen fast. Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. Job Type Regular Information Security Technology & Digital

• Support organization-wide data classification programs tailored for international and government contexts. • Implement and maintain classification-driven security controls in data warehouses (Snowflake, Redshift, BigQuery, Databricks, Azure Synapse, Microsoft Fabric or on-prem solutions). • Manage data sovereignty, localization requirements, and cross-border transfer mechanisms (Standard Contractual Clauses, Binding Corporate Rules, adequacy decisions). • Support FedRAMP, FISMA, NIST 800-53, CMMC, ITAR, or equivalent government frameworks. • Secure data ingestion, transformation, and movement processes with classification-aware controls. • Enforce strict access controls based on data classification, user clearance levels, and need-to-know principles. • Support risk assessments, vulnerability scans, and penetration testing focused on international data flows and government environments. • Support security incident investigations involving data warehouses, ensuring proper handling per government and international breach notification requirements. • Partner with data engineering, compliance, legal, and government stakeholders to embed security and classification into data architecture and pipelines.

Role Description QuadMed is looking for an IT Security Analyst to join our QuadMed IT team. This is a remote role with occasional travel. The IT Security Analyst assists the Director of Information Security and Compliance in developing, coordinating, and supporting the overall objectives of QuadMed’s information security, risk management and compliance programs. This includes: - Participating in special projects. - Developing and implementing information security and compliance auditing and monitoring activities. - Identifying opportunities to improve QuadMed’s overall risk posture. Qualifications - Bachelor’s Degree from a four-year college or university in business, healthcare, information technology, security or a related field required. - At least one (1) year experience in a healthcare setting, most notably in a HIPAA, privacy, security or audit/compliance-related role. - Certifications in areas of healthcare compliance, privacy, security, health information management, risk management assurance, internal auditing, and/or Epic Systems preferred. Requirements - Knowledge of healthcare laws and regulations, auditing and monitoring principles, risk management, electronic health record systems. - Strong ability to interpret and present multifaceted concepts and analyses. - Knowledge and experience with HIPAA and other privacy-related regulations. - Requires analytical and problem-solving skills to ensure that internal controls, policies and procedures are being followed consistently. - Excellent attention to detail, strong writing and verbal communications skills. - Ability to work independently, make independent judgments and set priorities. - Demonstrated ability to research, compile and analyze regulatory and business information. - Proven ability to work effectively with diverse populations and a demonstrated commitment to fostering inclusion. - May require occasional travel. Benefits - Comprehensive benefits for eligible employees including medical, prescription, dental and vision insurance. - 401(k) retirement savings. - Paid time off. - Holidays and additional benefits. Company Description QuadMed was founded in 1991 by Harry Quadracci with the belief that there had to be a better way to provide employees with access to affordable, high-quality health care. Now, 30 years later, we partner with employers across the nation to provide value-driven health and wellness services in or near the workplace. - Focus on breaking down cost, access and quality barriers. - Empower employees and their families to live healthier, happier lives. QuadMed and Quad are proud to be an equal opportunity employer. We are committed to creating a place of belonging — a space where employees do not need to sacrifice who they are to exist and grow in our workplace. QuadMed and Quad do not discriminate on any unlawful basis and prohibit harassment of applicants and employees based on protected categories. Drug-Free Workplace.

Role Description The IT Security Analyst II supports the Credit Union’s information security governance, risk, and compliance programs through various activities. This role helps ensure alignment with regulatory requirements, cybersecurity frameworks, and organizational security objectives while supporting the overall maturity of the Information Security Program. Essential Duties/Responsibilities: - Support the Credit Union’s Information Security Governance, Risk, and Compliance (GRC) program in alignment with FFIEC, NCUA, GLBA, NIST CSF, and CIS Controls. - Assist with the development, review, maintenance, and administration of Information Security policies, standards, and procedures. - Coordinate Information Security risk assessments, remediation tracking, exception management, and control validation activities. - Support internal and external audits, regulatory examinations, and compliance reviews through evidence collection and documentation management. - Prepare recurring security metrics, dashboards, reports, and board reporting materials. - Support governance activities related to incident response, business continuity, disaster recovery, and change management. - Assist with monitoring regulatory changes and compliance impact assessments and remediation coordination. - Support security awareness training initiatives, phishing campaigns, and training completion tracking. - Maintain Information Security documentation, audit artifacts, governance records, and operational repositories. - Track audit findings, remediation activities, risk items, and security-related tasks to completion. - Support administration of GRC platforms, workflow systems, and security request tracking processes. - Coordinate with the IT Security Manager on access review activities, documentation management, and security governance workflows. - Maintain vendor management records, asset inventories, and security operational tracking documentation. - Assist with incident response tabletop exercises, reporting coordination, and documentation updates. - Support recurring operational reporting, committee materials, and executive reporting preparation. Other Duties/Responsibilities: - Participate in continuous improvement efforts for the Information Security Program. - Collaborate with Information Technology, Compliance, Risk Management, Internal Audit, and business units on security initiatives. - Support strategic Information Security projects and governance initiatives. - Stay informed on evolving cybersecurity threats, regulatory requirements, and financial industry security practices. - Attend professional development and security training as required. Qualifications - Working knowledge of Information Security governance, risk management, and compliance frameworks including FFIEC, NCUA, GLBA, NIST CSF, CIS Controls, and PCI-DSS. - Understanding of Information Security policies, audit coordination, regulatory examinations, risk assessments, and remediation tracking processes. - Familiarity with third-party/vendor risk management, security awareness training, business continuity, and incident response coordination. - Familiarity with governance, reporting, and workflow management tools such as Microsoft Office, ServiceNow, Tandem, or similar business applications. Requirements - Vision: A sighted person to read and interpret data. - Speech/Hearing: Ability to communicate verbally and in writing with staff and vendors. - Manual Dexterity: Ability to perform necessary computer-related input. - Physical Mobility: Prolonged periods sitting at a desk and working on a computer. Ability to work flexible hours. - Familiarity in using and managing SIEM tools, endpoint protection platforms, and cloud security technologies. - Strong analytical and problem-solving skills to handle complex incidents. - Excellent written and verbal communication skills for technical and non-technical audiences. Benefits - Ability to prioritize tasks and manage time effectively in a fast-paced environment. - Ability to perform detailed analyses of security incidents and recommend appropriate solutions. - Interpersonal skills to collaborate with technical and non-technical teams effectively. - Ability to produce high-quality, accurate work under pressure. - Capacity to stay ahead of rapidly evolving cybersecurity trends. - Ability to use various IT security tools and devices in a dynamic environment. Company Description Black Hills Federal Credit Union (BHFCU) is committed to improving the lives of our members every day, and we look for people who share that passion. Our onboarding includes an orientation program with ongoing training to help staff further their career at BHFCU by building on their existing strengths.