In a world of possibilities, pursue one with endless opportunities. Imagine Next!

When it comes to what you want in your career, if you can imagine it, you can do it at Parsons.  Imagine a career working with intelligent, diverse people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find your next, right now. We’ve got what you’re looking for.

Job Description:

What You'll Be Doing:

• Advise management on risk levels and security posture.

• Advise appropriate leadership and the Authorizing Official of changes affecting the organization's cybersecurity posture.

• Collect and maintain data needed to meet system cybersecurity reporting.

• Ensure that security improvement actions are evaluated, validated, and implemented as required.

• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.

• Ensure that cybersecurity requirements are integrated into the continuity planning for each system and/or organization.

• Identify alternative information security strategies to address organizational security objectives.

• Identify information technology (IT) security program implications of new technologies or technology upgrades.

• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the cybersecurity program.

• Manage the monitoring of information security data sources to maintain organizational situational awareness.

• Participate in an information security risk assessment during the Security Assessment and Authorization process.

• Participate in the development or modification of the system/network environment cybersecurity program plans and requirements.

• Recognize a possible security violation and take appropriate action to report the incident, as required.

• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.

• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.

• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.

• Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.

• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

• Support necessary compliance activities, e.g. ensure that system security configuration guidelines are followed, compliance with secure the enterprise (STE) and secure the network (STN) requirements.

What Required Skills You'll Bring:

• Bachelors degree in a technical discipline and 2 years experience, OR

• High school diploma and 4 years experience

• Active TS/SCI security clearance with polygraph

Preferred:

• Bachelors degree in a technical discipline and 4 years experience, OR

• High school diploma and 8 years experience

• Experience with Windows, Linux, VMware, Cisco IOS, and PAN-OS

• Active DoD IAT Level II certification

• Ability to demonstrate cyber/IT related experience with attention to detail, customer service, oral and written communication, and problem solving.

  Join the Mission! Parsons is always searching for diverse, talented, and highly motivated professionals. At Parsons, our workforce tackles the toughest challenges that matter most to the nation.

Minimum Clearance Required to Start:

Top Secret SCI w/Polygraph

This position is part of our Federal Solutions team.

Our Federal Solutions segment delivers resources to our US government customers that ensure the success of missions around the globe. Our diverse, intelligent employees drive the state of the art as they provide services and solutions in the areas of defense, security, intelligence, infrastructure, and environmental. We promote a culture of excellence and close-knit teams that take pride in delivering, protecting, and sustaining our nation's most critical assets, from Earth to cyberspace. Throughout the company, our people are anticipating what’s next to deliver the solutions our customers need now.

Salary Range: 

$96,400.00 - $168,700.00

The position may require a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief as required by customer requirements and some cases federal, state, provincial or local mandates.

Parsons is an equal opportunity employer committed to diversity, equity, inclusion, and accessibility in the workplace. Diversity is ingrained in who we are, how we do business, and is one of our company’s core values. Parsons equally employs representation at all job levels for minority, female, disabled, protected veteran and LGBTQ+.

We truly invest and care about our employee’s wellbeing and provide endless growth opportunities as the sky is the limit, so aim for the stars! Imagine next and join the Parsons quest—APPLY TODAY!

Why work for Nebraska Methodist Health System?
At Nebraska Methodist Health System, we focus on providing exceptional care to the communities we serve and people we employ. We call it The Meaning of Care – a culture that has and will continue to set us apart. It’s helping families grow by making each delivery special, conveying a difficult diagnosis with a compassionate touch, going above and beyond for a patient’s needs, or giving a high five when a patient beats a disease or conquers a personal health challenge. We offer competitive pay, excellent benefits and a great work environment where all employees are valued! Most importantly, our employees are part of a team that makes a real difference in the communities we live and work in.

Job Summary:

Location: Methodist Corporate Office
Address: 825 S 169th St. - Omaha, NE

Work Schedule: Mon - Fri, 8:00am to 5:00pm

Perform monitoring of the environment and respond to all types of information security events. Provides assistance and support in the development and maintenance of information security protocols for the enterprise.

Responsibilities:

Essential Job Functions

1. Strategy and Planning

• Research and stay informed of potential information security threats, industry trends, emerging technologies, and response alternatives.
• Review security policies, procedures, and guidelines as requested.
• Conduct research and provide insight to identify, assess, and deploy security technology solutions and through vendors, including but not limited to encryption, firewalls, authorization, authentication, intrusion detection, and gateway security controls.
• Complete approval, tracking and reporting any security exceptions as the need arises.
• Prepare status reports on security matters to analyze security risk and response of vendor security controls.
• Monitor and proactively recommend solutions for correcting issues related to security technology performance and capabilities of vendors.
• Collaborate on critical technology projects to ensure that security issues are addressed throughout the project life cycle.
• Provide data to assist with recommendations for security improvements and tool acquisition to Board and Senior Management.

2. Acquisition and Deployment

• Assist in the evaluation and use of security technologies and tools.
• Deployment of security technology solutions, which may include technology for encryption, firewalls, authorization, authentication, intrusion detection, and gateway security controls.
• Understand processes and ensure appropriate levels of access are applied throughout the information and identity lifecycles.
• Participate in planning, selection, and implementation of new systems and technology solutions.
• Participate in system deployment or acquisition projects to assess security requirements and controls to ensure that security controls are implemented as planned.

3. Operational Management

• Assist with maintaining health system compliance with security control frameworks such as HIPAA, PCI and other law/regulations.
• Engage in regular assessment of the current IT security environment to identify weaknesses.
• Serve as a technical subject matter expert for assigned systems and backup on assigned systems.
• Demonstrate advanced knowledge in the security domain and provide technical direction to lead appropriate work on security related projects.
• Participate in the assessment of potential threats and risks to systems and management of those risks.
• Weigh business needs against security concerns to articulate issues and recommend options.
• Participate in the design, development, and delivery of security training programs.
• Proficient in following playbooks and procedures for responding to and reporting on Security Incidents.

4. Incidents and Tasks

• Respond with a sense of urgency.
• Escalate to supervisor any situation outside the employee's control that could adversely impact services.
• Ensure quality resolution and thorough and accurate documentation of incidents and tasks.
• Provide analysis regarding recurring incidents, recommending improvements aimed at reducing future occurrences.
• Provides on-call availability.
• Communicates with the appropriate individuals prior to reassigning an incident or task.
• Technical resource for admins and other IT department personnel to troubleshoot and resolve security incidents.

5. Teamwork and Documentation

• Updates system documentation in designated systems as new issues and fixes are identified.
• Defines and implements support procedures and protocols for Desktop, Service Desk, and other team members.
• Defines, develops, and implements procedures for system maintenance.
• Considered a knowledgeable resource for documenting KB Articles and SharePoint documentation.
• Actively mentors and trains teammates to assure needed support coverage.
• Does not exhibit territorialism toward responsibilities.
• Shares responsibilities and knowledge with any/all team members, and learns from them in return.

Schedule:

Mon - Fri, 8:00am to 5:00pm

Job Description:

Job Requirements

Education

• Associate's Degree in Computer Science, Business Information Systems, Information Technology, Information Security or a related field required.
• Bachelor's Degree preferred.
• Relevant equivalent work experience may be substituted for degree.

Experience

• Minimum 3 years of IT experience (e.g., Security Operations Center, Network Operations Center, System Administrator, Helpdesk support, etc.) required.
• Active Directory experience preferred.
• Windows Desktop and Server administration preferred.
• Experience with enterprise-wide security architecture and/or security procedures preferred.

License/Certifications

• CompTIA Security+ certification or Certified Information Systems Security Professional (CISSP) certification required within 1 year of hire.

​
Skills/Knowledge/Abilities

• Skill organizing and managing workload.
• Skill troubleshooting technical issues.
• Skill providing customer service to all levels in the organization.
• Fundamental knowledge of information security technologies and best practices.
• Knowledge of network, software, and hardware configuration, maintenance, and performance tuning.
• Knowledge of LAN/WAN and wireless technology.
• Knowledge of network protocols, operating systems and concepts.
• Knowledge of Office 365 Suite.
• Knowledge of endpoint security solutions.
• Knowledge of Identity and Access Management systems.
• Knowledge of Asset Management systems and processes.
• Knowledge of enterprise CCTV cameras and systems.
• Knowledge of enterprise physical access control systems.
• Knowledge of firewall administration, multi factor authentication.
• Ability to capture and analyze log files.
• Ability to effectively communicate verbally and in writing.
• Ability to work in an environment of change.
• Ability to work in the absence of direct supervision.
• Ability to work a call schedule.
• Ability to automate manual functions.

Physical Requirements

Weight Demands

• Light Work - Exerting up to 20 pounds of force.

Physical Activity

• Not necessary for the position (0%):
  • Climbing
  • Crawling
  • Kneeling
• Occasionally Performed (1%-33%):
  • Balancing
  • Carrying
  • Crouching
  • Distinguish colors
  • Grasping
  • Lifting
  • Pulling/Pushing
  • Speaking/talking
  • Standing
  • Stooping/bending
  • Twisting
  • Walking
• Frequently Performed (34%-66%):
  • Keyboarding/typing
  • Reaching
  • Repetitive Motions
  • Sitting
• Constantly Performed (67%-100%):
  • Hearing
  • Seeing/Visual

Job Hazards

• Not Related:
  • Chemical agents (Toxic, Corrosive, Flammable, Latex)
  • Biological agents (primary air born and blood born viruses) (Jobs with Patient contact) (BBF)
  • Physical hazards (noise, temperature, lighting, wet floors, outdoors, sharps) (more than ordinary office environment)
  • Equipment/Machinery/Tools
  • Explosives (pressurized gas)
  • Electrical Shock/Static
  • Radiation Alpha, Beta and Gamma (particles such as X-ray, Cat Scan, Gamma Knife, etc)
  • Radiation Non-Ionizing (Ultraviolet, visible light, infrared and microwaves that causes injuries to tissue or thermal or photochemical means)
  • Mechanical moving parts/vibrations

About Methodist:

Nebraska Methodist Health System is made up of four hospitals in Nebraska and southwest Iowa, more than 30 clinic locations, a nursing and allied health college, and a medical supply distributorship and central laundry facility. From the day Methodist Hospital was chartered in 1891, service to our communities has been a top priority. Financial assistance, health education, outreach to our diverse communities and populations, and other community benefit activities have always been central to our mission.

Nebraska Methodist Health System is an Affirmative Action/Equal Opportunity Employer and does not discriminate on the basis of race, color, religion, sex, age, national origin, disability, veteran status, sexual orientation, gender identity, or any other classification protected by Federal, state or local law.

In a world of possibilities, pursue one with endless opportunities. Imagine Next!

When it comes to what you want in your career, if you can imagine it, you can do it at Parsons.  Imagine a career working with intelligent, diverse people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find your next, right now. We’ve got what you’re looking for.

Job Description:

Delivering Effective Information Security Systems Management in a Fast-Paced and Dynamic Environment

You are keenly aware of the need to enable a work environment that supports program objectives while at the same time adhering to mission-critical national security requirements regarding the protection of data, systems and capabilities. This awareness and capacity to ensure compliance while enabling approaches and systems that advance the mission will be critical factors underpinning the success of the multiple program execution teams. In addition to leading a team of security IT professionals, you will regularly interact with our Parsons Security managers, Program leaders, their teams, Customer representatives, and corporate IT and Cyber organizations. We will strongly support your need to excel and achieve program security objectives in a balanced and effective manner. Ready to put your skills to work ? If you are committed to our National Security through the delivery of a comprehensive Information Assurance program, Parsons has a challenging and rewarding opportunity for you to contribute to our community.

Role:

The ISSM develops, maintains, and implements information security standards, procedures, and guidelines for systems and applications that align with compliance requirements and program objectives. Ensures that systems and organizational environments are protected from unauthorized access and use. Monitors systems, identifies threats, and handles disaster recovery operations. Manages day-to-day tasking of security IT team to provide system security to production networks. Mentors and develops training plans for team members on various technologies and procedures to help them grow in their career. Develops and delivers materials to Parsons program staff to elevate their understanding of Information Assurance programs and their role in achieving success. Collaborates with other managers in the Security IT organization on company-wide activities such as organizational planning, strategy, and innovation.

Responsibilities:

• Overall responsibility for Information Assurance programs in our Central Maryland region
• Collaborates with program leadership and Security officers to establish agreed scope/requirements and deliverables, set priorities, develop schedules, and provide status updates on progress and operations
• Manage team of System Administrators and ISSOs to build and maintain customer environments
• Consults as necessary to develop and assimilate long-range plans and requirements.
• Provides advice and counsel to the organization in areas of expertise
• Performs assessments of information systems including passive evaluations/compliance audits and active evaluations/vulnerability assessments
• Establishes strict program control processes to ensure mitigation of risks and to support obtaining assessment and authorization of systems (ATO, IATT) which includes support for process, analysis, coordination, security certification test, as well as security documentation, investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits
• Assists in the implementation of required government policy (NISPOM, ICD 503, RMF), and makes recommendations on process tailoring
• Performs analyses to validate established security requirements and recommends additional controls and safeguards where required
• Supports the formal Security Test & Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports
• Trains and mentors team members on government policies to ensure understanding of essential tasks
• Contributes to the development of innovative principles and ideas
• Works on unusually complex problems to identify creative solutions
• Perform other responsibilities as needed

Qualifications:

• Bachelor’s degree and typically 10+ years of related professional experience. An advanced degree may be preferred at this level. Non-degreed an additional 4 years of related experience.
• Experience managing technical teams
• Experienced at requirements gathering and developing technical solutions
• Experience with the Intelligence Community (IC) and DoD collateral. 
• Security standards:
  • ICD 503
  • NISPOM
  • NIST 800-53
• Active TS/SCI with a polygraph
• DoD 8570 compliant IAM Level III certification is required
• Significant experience developing and maintaining SSPs;
• Knowledge and familiarity with XACTA, LatteART, scanning tools (e.g. ScanBoy, Nessus Security Center), NIST RMF, and STE/STN
• Experience with Project Planning and Project Management

Preferences:

• DoD 8570 compliant IAM Level III certification
• Possess a CISSP or CISM
• Experience with Agile Project management
• Experience with Atlassian Jira and Confluence

Minimum Clearance Required to Start:

Top Secret SCI w/Polygraph

This position is part of our Corporate team.

We’re driving the future of the national security and critical infrastructure markets. Our employees work in a close-knit team environment to find new, innovative ways to deliver smart solutions that are used and valued by customers around the world. By combining unique technologies with deep domain expertise across cybersecurity, missile defense, space, connected infrastructure, transportation, smart cities, and more, we're providing tomorrow's solutions today.

Salary Range: 

$126,600.00 - $227,900.00

We value our employees and want our employees to take care of their overall wellbeing, which is why we offer best-in-class benefits such as medical, dental, vision, paid time off, Employee Stock Ownership Plan (ESOP), 401(k), life insurance, flexible work schedules, and holidays to fit your busy lifestyle!

The position may require a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief as required by customer requirements and some cases federal, state, provincial or local mandates.

Parsons is an equal opportunity employer committed to diversity, equity, inclusion, and accessibility in the workplace. Diversity is ingrained in who we are, how we do business, and is one of our company’s core values. Parsons equally employs representation at all job levels for minority, female, disabled, protected veteran and LGBTQ+.

We truly invest and care about our employee’s wellbeing and provide endless growth opportunities as the sky is the limit, so aim for the stars! Imagine next and join the Parsons quest—APPLY TODAY!

Let's Write Africa's Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

The Information Security Analyst (ISA) will provide information security risk support and cybersecurity expertise to the business segments. The support will take the form of operational risk analysis and assessments through the demand management and request tracking tools, consultancy, policy and standards best practice guidance, and process improvements. The ISA will be required to work with project teams, service providers, and business units internal and external to the IT function. The candidate is expected work with leadership and guidance from the Information Security Officer’s and/or the Lead Information Security Analyst, to support and influence technology and business personnel regarding the value and methods of safeguarding information, applications, systems, infrastructure, and work practices are optimized so that the information risks are properly managed.
The Information Security Analyst provides support to the Information Security Officer in managing the organisation-wide Technology, Governance, Risk and Compliance function (IT GRC) within the Office of the Chief Information Security Office.

Location: Hybrid - Cape Town | Johannesburg | Durban

• To support and shape the Information/Cybersecurity initiatives and support business segments in the implementation and execution of the Information/Cybersecurity framework, policies, and reporting of all segment specific Information/Cybersecurity elements.
• Analyse business impact and exposure based on emerging security threats.
• Work closely with information security officers, architects, functional area specialists, and other security staff to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
• Support and document security assessments relating to IT security and risk management compliance, driven by the Lead Information Security Analyst.
• Support the integration of the business-related security risk requirements into the broader governance structures, by initiating relevant discussions, and ensuring the evidencing of key risk-related decisions.
• Log, track and manage risks and report risk trends, opportunities and remediation status monthly.
• Create, log requests and report tasks necessary to continuous improvement and evolution of security services.
• Manage stakeholder requests ensuring strong relationships are built and maintained. Instil confidence across the business that information security risks are identified and mitigated.
• Assist with the creation of processes and process improvement to ensure smooth execution of risk processes with minimal burden on stakeholders..

Role Requirements

• Relevant tertiary (3yr) qualifications in a IT risk discipline required
• A certification from ISACA (CISA), ISC2 (SSCP) is advantageous
• 2 - 4 years relevant industry experience IT risk management or security role.
• Experience within the Insurance and /or financial services sector advantageous
• Knowledge of IT risk management principles and practices
• Understanding of IT Governance, and technology and life cycle development processes (SDLC, technology operations, business continuity, etc).
• Broad knowledge of range of standards, frameworks and methodologies— for example, International Standards Organization (ISO) 27001/2, NIST Cyber Security Framework, IT Infrastructure Library (ITIL), COBIT
• Excellent Written and oral communication skills
• Strong facilitation, negotiation and conflict resolution skills
• Strong Analytical and problem solving skills

Skills

Education

Closing Date

26 March 2024

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

Old Mutual Limited is pro-vaccination and encourages its workforce to be fully vaccinated against Covid-19.

All prospective employees are required to disclose their vaccination status as part of the recruitment process.

Please refer to the Old Mutual’s Covid-19 vaccination policy for further detail. Kindly note that Old Mutual reserves the right to reinstate the requirement to vaccinate at any point if it is of the view that it is imperative to do so.

The Old Mutual Story!

Job Description and Requirements

Information Security Assurance Administrators strengthen the organization's information security posture through the construction, socialization and performance measurement of policies and procedures based on best practices, adopted frameworks, and risk assessment activities. 

Essential Functions and Responsibilities:

• Contribute to the strategic and tactical initiatives involving activities associated with managing IT Risk.
• Assist with auditing systems, processes and users to ensure compliance with the organization's information security policies and procedures.
• Assist in the creation and analysis of information security reports on the performance of controls across the enterprise.
• Assist with documenting an organization’s information security requirements in a business context and participate in high-level discussions to identify and respond to business risks.
• Assist with security reviews with stakeholders throughout the organization, identifying gaps and developing risk mitigation plans.
• Provides ongoing support of an effective disaster recovery/incident response program. Works with management to ensure that disaster recovery/incident response plans drive proper strategy and procedures.
• Assist with the development and execution of testing processes utilized to validate the disaster recovery/incident response plans. Schedule and lead all tabletop exercises.  Develop and understand all testing necessary for a successful execution.
• Works with the IT staff to ensure that disaster/incident response solutions are adequate, in place, maintained, and tested as part of the regular operational life cycle.
• Assist with the development and deployment of training documentation and communication of incident procedures to the organization.
• Assist with vendor risk assessments.
• With guidance, produce deliverables, specifically process flows, procedure documentation, writing specialized assessment reports, related to process, tools, and metrics and communication activities.
• All other duties as assigned (note: essential functions and responsibilities may change or new ones may be assigned at any time with or without notice).

Requirements:

• High School Diploma or GED. Bachelor’s degree in information technology preferred
• Minimum of 3 years’ experience in IT Operations, Security, Risk, and/or Audit
• Technical Project Management and/or Business Analysis experience desired
• Understanding of technical concepts including system, application and network functions and design
• Understanding of financial institution governance and regulations including SSAE16/18, FFIEC, GLBA and NCUA
• Must have high level of communications skills to communicate with all levels of management
• Experience supporting technical projects with technical and non-technical participants
• Experience directly supporting an organization's information security program through development and implementation of policies, standards and procedures

Skills and/or Certifications/Licensing

• Strong oral/written communication, organization, time management and interpersonal skills
• Highly proficient with Microsoft Office software
• Highly self-motivated, able to multi-task and manage deadlines well
• Security certificates, CISA other IT governance related certifications preferred
• Knowledge of regulations and best practices for information security including guidance published by NIST, FFIEC, and CIS

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

ICF is hiring for a cleared ISSO based in Aberdeen, MD.

Key Responsibilities

• Perform all ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and AR 25–2.

• Responsible for ensuring the appropriate operational security posture is maintained for the information system (IS) on multiple security domains and classification to met Intelligence Community (IC), DoD and Army cybersecurity/information assurance regulations and policies. This includes providing guidance and oversight to vendors and/or the

• Develops, reviews, evaluates and verifies self-testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS), Cloud, On-Prem, Tactical, etc., within the program’s portfolio.

• Ensure the appropriate organizational operational security posture is maintained for the assigned Army IS.

• Maintain organizational situational awareness and initiate actions to improve or restore cybersecurity posture of assigned IS.

• Implement and enforce assigned Army IS cybersecurity policies and procedures, as defined by cybersecurity-related documentation.

• Ensure Army IS cybersecurity-related documentation is current and accessible to properly authorized individuals. Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.

• Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool to include, System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required by ICD 503, NIST 800-53, CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO). Direct experience with eMASS, XACTA or other other A&A repositories required.

• Review unit or product vendor RMF BOE and grovides guidance and oversight.

• Fully understand DISA Port Protocol, and Services Management (PPSM) requirement and able to obtain PPSM account for management of PPSM for supporting systems.

• Must be willing to travel, as needed, 25% and more.

Basic Qualifications

• Bachelors Degree

• 7 years of experience

• Active High Level security clearance with SCI and Poly

Preferred Skills/Experience

• Direct experience with implementation of DOD-I-8500, DOD-I-8510, ICD 503, NIST 800-53, CNSSI 1253, Army AR 25-2, and RMF security control requirements and able to provide technical direction, interpretation and alternatives for security control compliant.

• Relevant experience must be in computer or information systems design/development and with information assurance and accreditation processes (e.g., System Security Plans, Risk Assessment Reports, Certification and Accreditation Packages, and System Requirements Traceability Matrices).

#apg1

Working at ICF

ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future.

We can only solve the world's toughest challenges by building an inclusive workplace that allows everyone to thrive. We are an equal opportunity employer, committed to hiring regardless of any protected characteristic, such as race, ethnicity, national origin, color, sex, gender identity/expression, sexual orientation, religion, age, disability status, or military/veteran status. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO & AA policy.

Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation please email icfcareercenter@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

Read more about workplace discrimination rights, the Pay Transparency Statement, or our benefit offerings which are included in the Transparency in (Benefits) Coverage Act.

 

Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position is:

$103,035.00 - $175,160.00

Maryland Client Office (MD88)

In a world of possibilities, pursue one with endless opportunities. Imagine Next!

When it comes to what you want in your career, if you can imagine it, you can do it at Parsons.  Imagine a career working with intelligent, diverse people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find your next, right now. We’ve got what you’re looking for.

Job Description:

Parsons is looking for an amazingly talented Information Security SME to join our team! In this role you will get to design strategies for enterprise database systems and set standards for operations, programming, and security.

What You'll Be Doing:

• The Information Security SME proactively evaluates, plans, implements, upgrades, or monitors security measures for the protection of computer networks and information.
• The Information Security SME will ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses.
• Ensures appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure the system and network enterprise environments and uses technical knowledge and analytical skill to determine the optimum mix of technology, policy, procedures and education to implement effective information security programs and strategies.
• Establishes and manages program control processes, compliance assessments to determine deviations from acceptable configurations, policy, or standards, and provides expertise in compliance requirements for internal and external reviews of requirements.
• Drives identification and mitigation of risk posed to the confidentially, integrity, and availability of information systems.
• Fully masters and explains to others the information security requirements for legal and regulatory.
• Generate Plan of Action & Milestones (POA&M) to track the mitigation of vulnerabilities and compliance issues.

Required Skills:

• 15 Years' experience planning, implement, upgrade, or monitor security measures for the protection of computer networks and information.
• Demonstrated knowledge of computer operating systems and networks, component architectures, application development, and/or data management processes and technologies - the successful candidate must understand the fundamental technical components, processes, and interactions of enterprise-level information systems in both on-prem and cloud environments.
• Demonstrated experience providing security support for application systems (not just networking and infrastructure) in both on-prem and cloud environments.

What You Need To Have:

• A Bachelor’s degree in a STEM discipline with 15 years of work-related experience.
• A Master’s degree in a STEM discipline with 13 years of work-related experience.
• In lieu of a STEM degree bachelor’s degree, a minimum of 20 years of work-related experience is required.
• TS/SCI with Polygraph.

Desired Skills

• One or more industry certifications including CISSP, CAP, SANS GIAC Certifications GSEC, GSLC or comparable certification
• Active AWS, Azure or Google Cloud Certification

Minimum Clearance Required to Start:

Top Secret SCI w/Polygraph

This position is part of our Federal Solutions team.

Our Federal Solutions segment delivers resources to our US government customers that ensure the success of missions around the globe. Our diverse, intelligent employees drive the state of the art as they provide services and solutions in the areas of defense, security, intelligence, infrastructure, and environmental. We promote a culture of excellence and close-knit teams that take pride in delivering, protecting, and sustaining our nation's most critical assets, from Earth to cyberspace. Throughout the company, our people are anticipating what’s next to deliver the solutions our customers need now.

Salary Range: 

$149,900.00 - $269,800.00

The position may require a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief as required by customer requirements and some cases federal, state, provincial or local mandates.

Parsons is an equal opportunity employer committed to diversity, equity, inclusion, and accessibility in the workplace. Diversity is ingrained in who we are, how we do business, and is one of our company’s core values. Parsons equally employs representation at all job levels for minority, female, disabled, protected veteran and LGBTQ+.

We truly invest and care about our employee’s wellbeing and provide endless growth opportunities as the sky is the limit, so aim for the stars! Imagine next and join the Parsons quest—APPLY TODAY!

Summary

Working as part of the information security office within the IT department at Pacific Prime CXA, the GRC (Governance, Risk and Compliance) Manager will be responsible for leading the day-to-day IT compliance, data governance and IT risk management functions. Primary responsibility will include defining, creation, management and maintenance of IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security controls and practices.

Responsibilities

• Establishing corporate information security policies, standards, guidelines, baselines and practices that protect the integrity and confidentiality of information and network infrastructure.
• Develop procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
• Proactively identify audit and compliance related issues to reduce the risk of security exposures, gaps in the design and operating effectiveness of controls whilst seeking opportunities for continuous improvement.
• Driving IT security programs in line with internal and external standards and ensuring compliance with in-country regulatory requirements.
• Maintaining oversight to enterprise-wide security technologies, actively monitoring & responding to security events.
• Develop and maintain standards and controls to ensure the protection of data based on classification.
• Work directly with business units to identify critical data and ensure appropriate data classification and protection standards are implemented.
• Manage the attestation program for all IT controls to support assurance and alignment across all information security stakeholders.
• Support internal and external audit process for relevant compliance concerns including PDPA, GDPR, MAS TRM, ISO27001, etc.
• Perform and evaluate information security risk assessments for various information systems and processes, including annual penetration tests.
• Develop, monitor, track and report against IT Security metrics and KPIs that help the IT Infra understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks.
• Develop and maintain the IT Risk Register to support ongoing tracking and management of all identified risks and issues and to ensure adequate and timely resolutions to all audit/review issues relating to security.
• Lead the development and operation of third-party vendor risk assessment, management and due-diligence program.
• Conduct client meeting and drive all the questions arising from client relationship teams. This includes completing client’s info security questionnaires and liaising with clients on all such requirements within tight deadlines.
• Formulate, lead and communicate security goals and objectives based on an integrated understanding of business priorities, security vision and strategy.
• Providing security related support to IT and business team users and facilitate recommendations on future technical trends/directions that encompass multiple systems and teams to meet business critical initiatives.
• Point of contact to assist and advise on Information Security related matters

Requirement

• BSc in Computer Science or equivalent; with 5+ years of relevant working experience in IT governance, risk, and compliance management.
• ISACA / CISM / CISSP Certification.
• Strong understanding of fundamental information security concepts and technology.
• Familiarity with ISMS and security frameworks, particularly NIST Cybersecurity Framework.
• Understanding of Information Security principles, IT infrastructure (including operating systems, applications, communications and network protocols), architecture elements of Identity Access Management (IAM), network security, data security/DLP, cryptography, logging and monitoring.
• Experience in security design, threat modelling and risk assessments.
• Candidate should be fully aware of the current and emerging security solutions available in the industry.
• Ability to be self-motivated, flexible and be able to drive and manage multiple tasks and priorities on very tight deadlines in a fast paced and rapidly changing environment.
• Strong interpersonal and collaboration skills with the ability to develop, maintain and foster constructive relationships with others.
• Excellent written and oral communication skills.
• Effective communication and analytical skills
• Strong work ethic with attention to detail.

Working at ICF

ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future.

We can only solve the world's toughest challenges by building an inclusive workplace that allows everyone to thrive. We are an equal opportunity employer, committed to hiring regardless of any protected characteristic, such as race, ethnicity, national origin, color, sex, gender identity/expression, sexual orientation, religion, age, disability status, or military/veteran status. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO & AA policy.

Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation please email icfcareercenter@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

Read more about workplace discrimination rights, the Pay Transparency Statement, or our benefit offerings which are included in the Transparency in (Benefits) Coverage Act.

 

Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position is:

$127,478.00 - $216,712.00

Maryland Client Office (MD88)

What if the work you did every day could impact the lives of people you know? Or all of humanity?

At Illumina, we are expanding access to genomic technology to realize health equity for billions of people around the world. Our efforts enable life-changing discoveries that are transforming human health through the early detection and diagnosis of diseases and new treatment options for patients.

Working at Illumina means being part of something bigger than yourself. Every person, in every role, has the opportunity to make a difference. Surrounded by extraordinary people, inspiring leaders, and world changing projects, you will do more and become more than you ever thought possible.

Responsible for successfully executing enterprise-wide Information Security Operational controls and processes that protect the company’s data and functions across all business areas. Adhering to data protection standards, procedures, regulatory oversight, and technical solutions for the Information Security department.

Lead Security Incident Response investigations, establish and improve monitoring processes, analysis of security events, cyber-security-based awareness and education, phishing email analysis, response to alerts, investigation of suspicious activity, cyber-related requests. Point of escalation for security event triage and response for junior staff.

Performs all duties in accordance with the company’s policies and procedures, all state, federal, and country laws and regulations, wherein the company operates.

In accordance with regulatory and audit requirements, this position will perform analysis of systems and programs, including the cyber-security related programs and initiatives. Delivery of activity reporting, including metrics, environment impact, effectiveness progress, and performance, and risk indicators.

Duties

• Hardening of systems in Operational Technology (OT) and corporate environments
• Create and enforce security policies for OT and Corporate systems
• Document change management of OT structures
• Configure and manage SIEM, creating notable events, correlations and documenting playbooks for response efforts
• Monitors, tracks, responds, investigates, and reports in compliance to security requirements, and works with the responsible parties to drive timely results and remediation
• Generates and monitors effective and actionable Information Security reporting across all Information Security technical landscape
• Research and track current security threats
• Participates in the global distribution of the enterprise Cyber-Security Operations Security Awareness training and campaigns
• Practices applicable procedures and standards that meet existing and newly developed policy and regulatory requirements (i.e., PCI-DSS, SOX, GDPR, CCPA)
• Keeps abreast of the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to the organization
• Review, triage, and respond to service requests and alerts.
• Level 2 response to security alerts as primary or a point of escalation to junior team members
• Level 2 response to datal loss prevention (DLP) investigations, and assisting with eDiscovery tasks
• Perform detailed incident response related to security events
• Participate in on-call efforts on a rotational basis
• Act on improving processes and procedures

Skills

• Strong oral and written communication skills appropriate for consultation with all levels of management
• Knowledge of OT network segmentation best practices
• Strong understanding of OT specific network protocols
• Strong problem-solving and analytical skills
• Proficient, or able to gain proficiency with, security software applications and tools
• Experience in collaboration amongst multiple lines of business and geographic theaters
• Information Security-based certification preferred (i.e., CompTIA, Network+/Security+, CEH, GIAC GSE, SANS Academy certs, or similar)
• The ability to thrive in a fast-paced, dynamic environment
• The ability to influence and drive change within teams and the organization
• A self-starter with a hands-on style, high level of energy, stamina, and drive
• A strong team player who is proactive and driven to achieve results
• Commendable organizational and time management skills
• Previous senior team experience working as part of an enterprise Information Security team

Experience/Education

• 5+ years’ experience in multiple Cybersecurity domains (i.e., Identify & Access Control, Network Security, Firewalls, Enterprise Directory Systems, Encryption, Data Loss Prevention {DLP}, Comprehensive Endpoint Protection, & Information Security Operations)
• 5+ years experience with Level 1 security event triage and escalation
• 5+ years experience in phishing triage and response
• 3+ years’ Incident Management, Monitor and Response experience in a Cybersecurity operation-based environment a must
• 3+ years’ Investigation within Operational Technology (OT) environments
• 1+ Threat Hunting and Assessment
• In-depth familiarity with enterprise workflow tools, scripting, and ability to develop and improve tool utilization, and promote process efficiency
• Bachelor's degree in Information Systems, Computer Science, Information Security, and/or related work experience

#LI-HYBRID
#illuminacareers

Illumina believes that everyone has the ability to make an impact, and we are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information.

ICF is a mission-driven company filled with people who care deeply about improving the lives of others and making the world a better place. Our core values include Embracing Difference; we seek candidates who are passionate about building a culture that encourages, embraces, and hires dimensions of difference. 

ICF is hiring a highly cleared Senior CDSS - Information Systems Security Engineer based in Aberdeen, MD.

Key Responsibilities:

• Participates in the research, analysis, design, testing and implementation of complex computer network security/protection technologies for company information and network systems/applications. 

• Assists customers in identifying security solutions for the company's networks and virtual private networks, application systems, key public infrastructures, authentication and directory services to ensure the security of the network and confidential data. 

• Performs periodic vulnerability scans of networks to identify security vulnerabilities and provides remediation alternatives and conducts security risk assessments to ensure compliance with corporate security policies and adherence to best practice.

• Designs enterprise and systems security throughout the development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into security designs and processes.

• Provides subject matter expertise and analysis to bridge the gap between high level security requirements and policies and ensures their integration into information technology component products and information systems through purposeful security design or configuration.

• Provide security consultation/guidance and engineering to PM product owners, customers, system owners and developers, and maintain security process coordination within the Department's lifecycle management and governance process.

Basic Qualifications:

• 7 years of experience

• Active SCI clearance

Preferred Skills/Experience

• SCI clearance with Poly preferred

• DOD 8570 IASAE Level II certification (CASP CE, CISSP, or CSSLP)

• Masters Degree in a relevant field preferred

• Demonstrated experience working hands-on in Linux based environments, troubleshooting on-site technical issues, using and configuring the CDS solutions to deliver critical customer driver requirements.

• Knowledge of GOTS and COTS CDS technologies on the NCDSMO approved products list.

• Responsible for development, configuration control, deployment and testing of CDSS Configurations (including Rules).

• Hands-on experience designing of secured systems architecture deployed to DoD on-prem. and Cloud secured architectures, hands-on securing Development/Test/Deployment environments, hands-on System Security Engineering, and assisting Information Systems Security Manager/Officer (ISSM/ISSO) Services throughout the system Assessment and Authorization processes.

• Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to government organizations (e.g., UNCLASSIFIED, etc.)

• Perform operational support and development for system environments and provide product recommendations for security technologies.

• Must be willing to travel, as needed, up to 25%.

# Indeed

#apg1

Working at ICF

ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future.

We can only solve the world's toughest challenges by building an inclusive workplace that allows everyone to thrive. We are an equal opportunity employer, committed to hiring regardless of any protected characteristic, such as race, ethnicity, national origin, color, sex, gender identity/expression, sexual orientation, religion, age, disability status, or military/veteran status. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO & AA policy.

Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation please email icfcareercenter@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

Read more about workplace discrimination rights, the Pay Transparency Statement, or our benefit offerings which are included in the Transparency in (Benefits) Coverage Act.

 

Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position is:

$103,035.00 - $175,160.00

Maryland Client Office (MD88)

Let's Write Africa's Story Together!

Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.

Job Description

To support the Head of Governance, Risk and Compliance by embedding and maturing the Information Security and Information Technology capabilities, and posture. The candidate is primarily responsible for defining, creating and monitoring of policies, frameworks, controls and related standards in alignment with legislation, regulatory compliance and to support strategy delivery. The Information Security Officer (ISO) will support enablement and embedding of the Information Security Assessment Centre. They will provide information security risk management and cybersecurity expertise to the business segments. The ISO is expected to work independently to advise and influence technology, and business personnel regarding the safeguarding of information, applications, systems, infrastructure to manage information risks.

Governance

• Develop and maintain Information Security and IT Risk Policies, supporting controls catalogue and related standards across the group to manage / mitigate associated risks.
• Design required legislative control frameworks applicable to Old Mutual.
• Manage the capability maturity assessments of various IS and IT capabilities per the frameworks adopted (NIST CSF, COBIT, ITIL) bi-annually drive ownership of the improvement plan to achieve agreed targets and to manage associated risks.
• Analyse outcomes and information to create meaning insights, to influence focus and budget decisions where input is required.
• Provide feedback to senior leadership teams (Steering committees, IT leadership forums).
• Develops and embeds reporting structures per the Information Security and IT management requirements, aligning with Old Mutual Risk and Compliance Governance structures, for risk aggregation and concentration of Old Mutual’s risk exposures.
• Manage and review various requests and submission of information to group wide cyber insurers to determine the best premium for the organisation.
• Educate and inform employees about our practices and standards.

Regulatory

• Ensure that the relevant legislative and regulatory requirements are implemented and enforced in the organisation based on risk appetite, risk tolerance and capability maturity levels (e.g., Cybercrimes Act, joint standard: Cybersecurity and Cyber Resilience, joint standard: IT Governance and Risk Management).
• Manage and review various requests and submission of information to the regulator / provide commentary on draft standards issues by the regulator prior to government approval.

Compliance

• Ensure compliance with Old Mutual’s Information Security and IT requirements set out in policies, the controls catalogue, related standards, regulatory requirements, and industry guidelines.
• Achieve agreed policy compliance targets for the Information Security and IT risk policies.

Leadership

• Collaborate / partner with various stakeholders at different levels across the organisation (IT, Audit, Business Units, Project teams, etc.) to obtain buy-in, ensure alignment and achieve deliverables.
• Manage and lead an internal team of professionals, third party service providers to achieve the agreed objectives per Old Mutual’s values, timelines, and budget.
• Recommended or support optimisation / efficiency / enhancement opportunities aligned to the IT strategy, e.g., automation.

Business Segment Risk Embedment and Oversight

• To lead and shape the Information/Cybersecurity initiatives and support business segments in the implementation and execution of the Information/Cybersecurity framework, policies, and reporting of all segment specific Information/Cybersecurity elements.
• Act as a primary interface between business segments and the CISO Office.
• Participate in design reviews and identify potential mitigation strategies for security risks.
• Review and/or analyse business impact and exposure based on emerging security threats.
• Assists with the strategic planning and tactical execution of information security controls.
• Work closely with architects, functional area specialists, and security staff to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
• Facilitates and co-ordinates the integration of the business -related security risk requirements into the broader governance structures, by initiating relevant discussions, and ensuring the evidencing of key risk-related decisions.
• Tracks and reports risk management trends, opportunities and remediation monthly, and provides updates to the business segments and the CISO Office
• Ensure delivery of the IT/IS service catalogue and business demand management through the central ITSM, GRC and IRM capabilities, and produce monthly reporting insights that inform continuous improvement initiatives for the CISO Office.
• Manage stakeholders at all levels, ensuring strong relationships are built and maintained. Instil confidence across the business that information security risks are identified and mitigated

Requirements:

• Relevant tertiary qualification (Degree / Honours) in Information Technology, IT Auditing, IT Risk, IT or Operational Compliance, IT Governance or equivalent.
• 6 – 8 years of experience in Information Technology, Information/Cyber Security, IT Auditing, IT or Operational Risk, IT Compliance, or IT Governance.
• 2 – 4 years managerial / leadership experience.
• Strong understanding of IT Governance frameworks, methodologies, and related standards.
• At least two relevant industry certifications: ISO27001/27002, COBIT 5/2019, CISM, CRISC, CGEIT, CGRC etc.
• Cloud Certifications an advantage: AWS Cloud Practitioner, AWS Certified Security – Specialty or related.
• Agile training and knowledge of Agile Frameworks.
• Strong analytical & problem-solving skills and facilitation, negotiation, conflict resolution skills.
• Excellent written & oral communication and networking skills
• A motivated self-starter, capable of working on own initiative with a high level of integrity.
• A resourceful, proactive, and confident communicator ensuring adequate quality and timely deliverables.
• Ability to work professionally and constructively as a leader and team member providing advice and consultancy.

ADDITIONAL QUALIFICATIONS/EXPERIENCE (PREFERRED, NOT A REQUIREMENT)

• Proficient in MS Suite (Excel, Word, Visio and PowerPoint)
• A background in audit, assurance within financial services.
• Makes increased contributions by broadening individual skills

Skills

Education

Closing Date

30 March 2024

The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.

Old Mutual Limited is pro-vaccination and encourages its workforce to be fully vaccinated against Covid-19.

All prospective employees are required to disclose their vaccination status as part of the recruitment process.

Please refer to the Old Mutual’s Covid-19 vaccination policy for further detail. Kindly note that Old Mutual reserves the right to reinstate the requirement to vaccinate at any point if it is of the view that it is imperative to do so.

The Old Mutual Story!

Referred applicants should not apply directly to this role.

All referred applicants must first be submitted through Workday by a current Loblaw Colleague.

Come make your difference in communities across Canada, where authenticity, trust and making connections is valued – as we shape the future of Canadian retail, together. Our unique position as one of the country's largest employers, coupled with our commitment to positively impact the lives of all Canadians, provides our colleagues a range of opportunities and experiences to help Canadians Live Life Well®.

At Loblaw Companies Limited, we succeed through collaboration and commitment and set a high bar for ourselves and those around us. Whether you are just starting your career, re-entering the workforce, or looking for a new job, this is where you belong. 

Does working with some of Canada’s most hard-working minds in innovation supporting retail, digital consumer solutions and analytical platforms excite you? Loblaw Technology powers exciting retail solutions, giving our customers the ability to live their lives well. Come work with a team that values diverse ideas, fosters a culture of inclusion and develops our talent from within. Loblaw Technology gives you the chance to excel, and helps you to strive for success in a big way. Keep reading to learn more!

At Loblaw, we seek great people to continually strengthen our culture. We believe great people model our values, are authentic, build trust and make connections.

If that sounds like you, and you are open-minded, responsive to change and up to the challenges provided in a fast-paced retail environment, apply today.

In addition, we believe that compliance with laws is about doing the right thing. Upholding the law is part of our Code of Conduct – it reinforces what our customers and partners expect of us.

Director, Cloud Security and Technology Risk - Hybrid (Toronto and Brampton)

What you will do:

• Be part of a team that will establish best-in-class cloud security capabilities and manage cybersecurity risk. You will work with executives and directors from across the PC Financial & Services (PCF&S) group within the Loblaw family of companies, along with key suppliers, partners, vendors, and managed service providers.
• As part of the cyber security team within PCF&S, you will help build our DevSecOps pipelines and uplift the cloud control environment. You will ensure we enable our Technology and Business partners to implement new products, services, and platforms quickly and securely to better serve our customers while maintaining our ability to react swiftly and contain cyber threats effectively.
• You will also align and mature security governance, risk, and compliance (GRC) programs and frameworks. This will include uplifting third-party risk assessment processes and partnering with Technology and Business groups to ensure early engagement for new initiatives to catch issues earlier and remediate gaps quicker.
• Your knowledge of cloud technology will be key to your success; hands-on experience with deploying infrastructure, containers, serverless, and applications through DevOps pipelines is key. Understanding of cloud environments and security best practices are a must, including privileged access and secrets management, configuration compliance, and application security technologies.
• The team you join will support colleague and vendor teams that operate across Canada, and work closely with other company partners, including privacy, legal, risk management, information technology, and business stakeholders. You will lead a team of specialists to deliver best-in-class GRC solutions and cloud security functions.
• As part of this role, you will:
  • Implement and develop automated cloud security solutions and document-related processes, procedures, and runbooks
  • Conduct security assessments, reviews and testing of internal projects, programs, and technology implementations
  • Execute third-party risk assessments for new and existing third-party relationships
  • Contribute to operational excellence and efficiency
  • Manage large-scale projects to ensure they are on time and on budget
  • Manage a team of 3+ full-time and contract employees

What you will need:

• A Bachelor's Degree or Diploma in a relevant area of study with a preference for Computer Science or Computer Engineering
• Experience in developing applications, infrastructure, or platforms as code in GCP and or Azure
• Professional experience in engineering and development of pipelines and resource architectures
• Working knowledge of securing cloud workloads
• Professional Security Certification (e.g. CISSP, CISM, GIAC) or willingness to obtain a security certification within one year
• Certified Cloud Security Professional (CCSP) or willingness to complete CCSP promptly
• Cloud security training on GCP and/or Azure
• Coding skills in Python or equivalent
• Knowledge of cybersecurity best practices, including risk management and GRC workflows
• Knowledge on information technology, security technology, security threats and trends
• Conceptual knowledge around firewalls, intrusion prevention, privileged access management, and SIEM technologies
• Skills in influencing with and without authority, collaboration, business relationship management and communication

What Loblaw Offers You

We offer flexibility and balance, and an environment that sets you up for success no matter where your workspace is located.

Here, you will find a phenomenal team to help you achieve your goals as you help us achieve ours! Work in our fast-paced, exciting Technology environment, helping our stores, colleagues and customers every day.

Loblaw colleagues also enjoy:

• Work Perks Program
• On-site GoodLife Fitness, Basketball & Volleyball courts, Ice Rink, Groceries delivered to work via PC Express, Dry Cleaning services (1PCC Office)
• Tuition Reimbursement & Online Learning
• Pension & Benefits
• Paid Vacation

If you’re up to the challenge, then we would love to hear from you. Apply today, and get the process started.

At Loblaw, we respect the environment, source products with integrity and make a positive difference in the community. Our CORE Values – Care, Ownership, Respect and Excellence – guide all our decision-making and come to life through our Blue Culture. We offer our colleagues progressive careers, comprehensive training, flexibility, and other competitive benefits – these are some of the many reasons why we are one of Canada’s Top Employers.

Loblaw recognizes Canada's diversity as a source of national pride and strength. We have made it a priority to reflect our nation’s evolving diversity in the products we sell, the people we hire, and the culture we create in our organization. At Loblaw, we celebrate diversity where differences are valued and supported. Commitment to being an equal opportunity employer is a priority to us, and we encourage people from all backgrounds and identities to apply to our jobs.

Accommodation in the recruitment, assessment, and hiring process is available upon request for applicants with disabilities.

We thank all candidates for their interest but please note, those candidates who meet the minimum requirements for the position will be contacted.

www.Loblaw.ca/careers

Our commitment to Sustainability and Social Impact is an essential part of the way we do business, and we focus our attention on areas where we can have the greatest impact. Our approach to sustainability and social impact is based on three pillars – Environment, Sourcing and Community – and we are constantly looking for ways to demonstrate leadership in these important areas. Our CORE Values – Care, Ownership, Respect and Excellence – guide all our decision-making and come to life through our Blue Culture. We offer our colleagues progressive careers, comprehensive training, flexibility, and other competitive benefits – these are some of the many reasons why we are one of Canada’s Top Employers, Canada’s Best Diversity Employers, Canada’s Greenest Employers & Canada’s Top Employers for Young People.

If you are unsure whether your experience matches every requirement above, we encourage you to apply anyway. We are looking for varied perspectives which include diverse experiences that we can add to our team.

We have a long-standing focus on diversity, equity and inclusion because we know it will make our company a better place to work and shop. We are committed to creating accessible environments for our colleagues, candidates and customers. Requests for accommodation due to a disability (which may be visible or invisible, temporary or permanent) can be made at any stage of application and employment. We encourage candidates to make their accommodation needs known so that we can provide equitable opportunities.  
 
Please Note:
Candidates who are 18 years or older are required to complete a criminal background check. Details will be provided through the application process.

Information Security Officer

In order to strengthen the delivery organisation, ING Luxembourg is looking for an Information Security Officer on a temporary contract bases.

Job description :

Your mission will be to reinforce a team of Security Officers in order to maintain the bank within its IT risk appetite and participate in the implementation of the DORA regulation. Taking part in several key security activities in close collaboration with the other Security Officers and Tech department.

To achieve this, the Information Security Officer main responsibilities are to: 

• Support the implementation of new IT regulations such as DORA, by performing gap analysis, action plan definition, implementation support and/or follow-up;
• Participate with the second line of defence and local stakeholders in local and third parties risk assessments activities: assessing threats, mitigating controls, proposed controls, and their risk levels risk (Inherent, current and residual);
• Collaborate with IT teams to ensure the integration of security measures in system designs and implementations;
• Take part in the day-to-day IT security operations (digital certificate issuing, Non Personal account support, incident reports, incident management, etc.);
• Follow-up and support security controls implementation the different IT Risk security domains: Foundations, Identity and Access Management, Change Management, Platform Security, Operational Resilience and Security Monitoring;
• Take part in internal and external Audits;
• Support other Security officers in their various activities;
• Work with highly collaborative agile teams;
• Maintain good working relations with the other bank teams;

Your profile 

Competencies/Behaviour :

• Ability to take initiatives and responsibilities;
• Ability to adapt and anticipate;
• Effective communication skills to convey security concepts to technical and non-technical stakeholders;
• Rigor, precision;
• Customer/result orientation;
• Strong team spirit;
• Ability to learn and transmit it;
• Stay updated on emerging threats and security technologies to proactively enhance the organization’s security posture;
• Knowledge of banking environment is appreciated;

Skills :

• Knowledge of security frameworks, standards, and best practices, such as ITIL, ISO27001, OWASP and PCI-DSS;
• Experience with standard Security components: Firewalls, proxies, DLP, Anti-virus, WAF, SIEM, etc;
• Experience with third party contract management;
• Experience with regulatory requirements analysis;
• Experience with standard enterprise tools: Office suite, ServiceNow, CMDB tools, etc.;
• Scripting knowledge to automate recurring tasks, such as Perl, Python, etc.;
• Knowledge of standard developments practices and tooling such as GIT and Azure pipeline;

Expérience :

• Master degree in IT Security, IT Risk management or related domains;
• At least 5 years of experience in IT Security related job (IT security officer, Information Risk Manager, IT Security governance consultant, etc.);
• Related certifications such as CISSP, CISM or similar experience;

Languages:

• A good knowledge of English and a conversational knowledge of French are required;

Your working environment

With over 1000 employees in the Grand Duchy and thanks to the combination of our local presence and the strength of a robust multinational like ING, we offer our personal and business customers a wide range of solutions through the channel of their choice.
ING is a global bank with a strong European base. 53,000 employees serve around 38.4 million customers, corporate clients and financial institutions in over 40 countries. Operating in the Grand Duchy of Luxembourg since 1960 as a universal and accessible bank, our products include savings, payments, investments, loans and mortgages for retail and private banking customers, whom we sever serve online and through our network of branches. For our Wholesale Banking clients, we provide lending, sustainable finance, payment & cash management and fund services.

Joining Razer will place you on a global mission to revolutionize the way the world games. Razer is a place to do great work, offering you the opportunity to make an impact globally while working across a global team located across 5 continents. Razer is also a great place to work, providing you the unique, gamer-centric #LifeAtRazer experience that will put you in an accelerated growth, both personally and professionally.

Job Responsibilities :

The Senior Information Security Manager is responsible for implementing the organisation's information security (InfoSec) solutions and the development of security frameworks, policies, and controls. He/she will collaborate with experienced business/technology leaders and cross-functional teams to ensure the security of IT systems, data, and compliance with relevant regulations and industry standards.

Information Security Strategy and Planning:

• Contribute to the development the organisation's InfoSec strategy and roadmap
• Stay updated on industry trends, security best practices, and regulatory requirements

Policy and Procedure Development:

• Create, maintain, and update InfoSec Architecture, frameworks and policies, standards
• Ensure alignment of security policies across different Business Units (BUs) and with industry standards and compliance requirements

Risk Management:

• Collaborate with BUs in risk assessments and identify vulnerabilities in systems, applications, and processes
• Develop and implement risk mitigation strategies and controls
• Review contracts and the associated documents with specific focus on risks related to cybersecurity and compliance with regulations such as GDPR.

Security Awareness:

• Design and conduct Phishing Simulation exercises as part of the overall effort in promoting security awareness and best practices among employees

Incident Response and Management:

• Review BU’s security incident response plans
• Co-lead incident response efforts with BU Leads in the event of security incidents
• Coordinate with Legal, IT, and other relevant departments during incident investigations

Security Monitoring and Operations:

• Manage Bug Bounty Program
• Manage outsourced security service providers
• Review, analyse and ensure the timely closure of security vulnerabilities, alerts, and issues while working with BU-InfoSec to plan for remediation or implementing controls to mitigate them

Security Projects and Initiatives:

• Evaluate and select security solutions, including the negotiation of the associated contracts
• Lead security projects and work closely with internal IT team and BU-InfoSec in rolling out security solutions
• Manage, operate and fine-tune security solutions deployed within the organisation with the support of BU-InfoSec and the vendors
• Carry out Red-Teaming exercises

Security Team Management:

• Lead and manage junior security team members, including training  and development, and performance evaluations
• Set team goals, objectives, and KPIs to ensure effective security operations
• Foster a culture of collaboration, innovation, and continuous improvement within the security team

Pre-Requisites :

• Degree in Computer Science or Cyber Security with at least 7 years of cybersecurity experience
• Possess industry certifications such as CISSP, CEH and AWS Security
• Proven track record of progressively responsible roles in cybersecurity, with managerial experience
• Hands-on experience in security solutions implementation, management and operations, coupled with the knowledge of techniques to exploit vulnerabilities in networks, systems and applications
• Proficiency in various cybersecurity solutions, including firewalls, SIEM, VAPT, Privileged Access Management (PAM), Breach & Attack Simulation systems (BAS) and Security Orchestration & Automated Response (SOAR)
• Experience in network security, AWS cloud security, and application security best practices
• Experience with investigating threat campaign(s) techniques, lateral movements, Command and Control communications, and indicators of compromise (IOCs)
• Good Purple Team and Blue team experience.
• Red Team experience will be advantageous.
• Good working knowledge of risk management, BCP and security frameworks (NIST or ISO2700), compliance frameworks (GDPR) and Technology Risk Management Frameworks (e.g., MAS TRM)
• Strong project management and stakeholder management skills
• Excellent oral/written communication skills and interpersonal skills
• Positive mindset, open-minded, flexible and proactive
• A strong multi-tasker with a keen eye for detail
• Experience in an end-user environment and managing cyber security vendors

Are you game?