Most recent job postings at security
via BeBee
posted_at: 17 hours agoschedule_type: Full-time
Location
At GoDaddy, the future of work looks different for each team. Some teams work in the office full-time; others have a hybrid arrangement (they work remotely some days and in the office somedays), and some work entirely remotely...
This is a remote position, so you'll be working remotely from your home. You may occasionally visit a GoDaddy office to meet with your team for events or offsites.
This position is not eligible to be performed
Location
At GoDaddy, the future of work looks different for each team. Some teams work in the office full-time; others have a hybrid arrangement (they work remotely some days and in the office somedays), and some work entirely remotely...
This is a remote position, so you'll be working remotely from your home. You may occasionally visit a GoDaddy office to meet with your team for events or offsites.
This position is not eligible to be performed in Alaska, Mississippi, North Dakota, or the Virgin Islands.
Join Our Team
GoDaddy's Information Security Org is looking for a Director to join our organization. Do you want to be an Information Security Leader at GoDaddy? Can you solve large-scale and cross-company issues, while ensuring that partnership with the development and operational communities remains front of mind? The ideal candidate will apply their hands-on technical skills, strong leadership abilities, and an eagerness to build enterprise-wide security risk assessment programs. You must be comfortable with communicating with stakeholders, performing security assessments, prioritizing security risks, and creating/presenting high-quality deliverables.
What you'll get to do...
• Build and manage an enterprise-wide security risk assessment program.
• Join forces with SRE and development teams to find new and creative ways to reduce the occurrence of vulnerabilities at scale.
• Review quality issues and work towards detecting security flaws, both obvious and discrete.
• Assist with scoping prospective projects, participating in projects from kickoff through "definition of done" via end-to-end ownership.
• Manage a team of security professionals performing security assessments.
• Launch campaigns to perform risk assessments and help mitigate security risks across the company.
Your experience should include...
• 7+ years of progressive security risk management experience with expertise in multiple security domains such as Security Architecture, Cryptography, Network Security, Cloud Security, Mobile Security, Compliance, and Web Security.
• Experience in Secure Development Lifecycle and Shift Left with a Security by Design methodology.
• Experience with building and/or managing security risk management programs.
• Problem-solver with excellent communication skills, and a deep technical understanding of security risk assessments and risk management.
You might also have...
• Bachelor's degree in Computer Science or related field.
• Master's degree or Ph.D. in Computer Science or a related field
• Industry-recognized security certifications from organizations such as ISACA, ISC^2, SANS, Offensive Security, etc.
We've got your back... We offer a range of benefits that may include paid time off, retirement savings (e.g., 401k, pension schemes), incentive eligibility, equity grants, participation in an employee stock purchase plan, and other family-friendly benefits including parental leave. GoDaddy's benefits vary based on individual role and location and can be reviewed in more detail during the interview process.
We also embrace our diverse culture and offer a range of Employee Resource Groups ( Culture ) . Have a side hustle? No problem. We love entrepreneurs Most importantly, come as you are and make your own way.
About us... GoDaddy is empowering everyday entrepreneurs around the world by providing the help and tools to succeed online, making opportunity more inclusive for all. GoDaddy is the place people come to name their idea, build a professional website, attract customers, sell their products and services, and manage their work. Our mission is to give our customers the tools, insights, and people to transform their ideas and personal initiative into success. To learn more about the company, visit About Us .
At GoDaddy, we know diverse teams build better products-period. Our people and culture reflect and celebrate that sense of diversity and inclusion in ideas, experiences and perspectives. But we also know that's not enough to build true equity and belonging in our communities. That's why we prioritize integrating diversity, equity, inclusion and belonging principles into the core of how we work every day-focusing not only on our employee experience, but also our customer experience and operations. It's the best way to serve our mission of empowering entrepreneurs everywhere, and making opportunity more inclusive for all. To read more about these commitments, as well as our representation and pay equity data, check out our Diversity and Pay Parity annual report which can be found on our Diversity Careers page .
GoDaddy is proud to be an equal opportunity employer . GoDaddy will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements. Refer to our full EEO policy here ( ).
Our recruiting team is available to assist you in completing your application. If they could be helpful, please reach out to
GoDaddy doesn't accept unsolicited resumes from recruiters or employment agencies.
Job ID R018483
GoDaddy's compensation is local to where you are and may vary based on an individual's qualifications at the time of the offer. The anticipated annual base salary ranges for select locations are listed below:
• California Bay Area, Santa Clara, San Francisco: $200000.00 - $300000.00
• Seattle, New York City: $188000.00 - $282000.00
• Los Angeles, San Diego: $168000.00 - $252000.00
• California State, Washington State, Colorado State: $160000.00 - $240000.00 Show more details...
At GoDaddy, the future of work looks different for each team. Some teams work in the office full-time; others have a hybrid arrangement (they work remotely some days and in the office somedays), and some work entirely remotely...
This is a remote position, so you'll be working remotely from your home. You may occasionally visit a GoDaddy office to meet with your team for events or offsites.
This position is not eligible to be performed in Alaska, Mississippi, North Dakota, or the Virgin Islands.
Join Our Team
GoDaddy's Information Security Org is looking for a Director to join our organization. Do you want to be an Information Security Leader at GoDaddy? Can you solve large-scale and cross-company issues, while ensuring that partnership with the development and operational communities remains front of mind? The ideal candidate will apply their hands-on technical skills, strong leadership abilities, and an eagerness to build enterprise-wide security risk assessment programs. You must be comfortable with communicating with stakeholders, performing security assessments, prioritizing security risks, and creating/presenting high-quality deliverables.
What you'll get to do...
• Build and manage an enterprise-wide security risk assessment program.
• Join forces with SRE and development teams to find new and creative ways to reduce the occurrence of vulnerabilities at scale.
• Review quality issues and work towards detecting security flaws, both obvious and discrete.
• Assist with scoping prospective projects, participating in projects from kickoff through "definition of done" via end-to-end ownership.
• Manage a team of security professionals performing security assessments.
• Launch campaigns to perform risk assessments and help mitigate security risks across the company.
Your experience should include...
• 7+ years of progressive security risk management experience with expertise in multiple security domains such as Security Architecture, Cryptography, Network Security, Cloud Security, Mobile Security, Compliance, and Web Security.
• Experience in Secure Development Lifecycle and Shift Left with a Security by Design methodology.
• Experience with building and/or managing security risk management programs.
• Problem-solver with excellent communication skills, and a deep technical understanding of security risk assessments and risk management.
You might also have...
• Bachelor's degree in Computer Science or related field.
• Master's degree or Ph.D. in Computer Science or a related field
• Industry-recognized security certifications from organizations such as ISACA, ISC^2, SANS, Offensive Security, etc.
We've got your back... We offer a range of benefits that may include paid time off, retirement savings (e.g., 401k, pension schemes), incentive eligibility, equity grants, participation in an employee stock purchase plan, and other family-friendly benefits including parental leave. GoDaddy's benefits vary based on individual role and location and can be reviewed in more detail during the interview process.
We also embrace our diverse culture and offer a range of Employee Resource Groups ( Culture ) . Have a side hustle? No problem. We love entrepreneurs Most importantly, come as you are and make your own way.
About us... GoDaddy is empowering everyday entrepreneurs around the world by providing the help and tools to succeed online, making opportunity more inclusive for all. GoDaddy is the place people come to name their idea, build a professional website, attract customers, sell their products and services, and manage their work. Our mission is to give our customers the tools, insights, and people to transform their ideas and personal initiative into success. To learn more about the company, visit About Us .
At GoDaddy, we know diverse teams build better products-period. Our people and culture reflect and celebrate that sense of diversity and inclusion in ideas, experiences and perspectives. But we also know that's not enough to build true equity and belonging in our communities. That's why we prioritize integrating diversity, equity, inclusion and belonging principles into the core of how we work every day-focusing not only on our employee experience, but also our customer experience and operations. It's the best way to serve our mission of empowering entrepreneurs everywhere, and making opportunity more inclusive for all. To read more about these commitments, as well as our representation and pay equity data, check out our Diversity and Pay Parity annual report which can be found on our Diversity Careers page .
GoDaddy is proud to be an equal opportunity employer . GoDaddy will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements. Refer to our full EEO policy here ( ).
Our recruiting team is available to assist you in completing your application. If they could be helpful, please reach out to
GoDaddy doesn't accept unsolicited resumes from recruiters or employment agencies.
Job ID R018483
GoDaddy's compensation is local to where you are and may vary based on an individual's qualifications at the time of the offer. The anticipated annual base salary ranges for select locations are listed below:
• California Bay Area, Santa Clara, San Francisco: $200000.00 - $300000.00
• Seattle, New York City: $188000.00 - $282000.00
• Los Angeles, San Diego: $168000.00 - $252000.00
• California State, Washington State, Colorado State: $160000.00 - $240000.00 Show more details...
via Science Jobs
schedule_type: Full-time
Job Description Summary:
Secure the enterprise cloud infrastructure and perform ongoing enterprise information security threat monitoring and remediation, including monitoring and detecting malicious activity. Contribute to the design and development of the Azure and Microsoft 365 security architecture for data and infrastructure. Influence the security vision and strategy around cloud-based... applications (including Infrastructure, Platform, and
Job Description Summary:
Secure the enterprise cloud infrastructure and perform ongoing enterprise information security threat monitoring and remediation, including monitoring and detecting malicious activity. Contribute to the design and development of the Azure and Microsoft 365 security architecture for data and infrastructure. Influence the security vision and strategy around cloud-based... applications (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS)). Align cloud security strategy with business goals. Aid in the prevention of data thefts, unwanted deletion of data, and data breach incidents.
The ideal candidate will be familiar with a variety of cloud security concepts, practices, and procedures, and rely on experience and judgment to plan and accomplish goals.
The anticipated hiring salary range: $95k - $100k
COMPREHENSIVE BENEFITS PACKAGE:
Health coverage on day one, dental, vision, employer paid life, LTD, flexible benefits plan, miscellaneous voluntary plans available, paid vacation and sick (accruing upon hire), paid holidays, paid discretionary day, paid bereavement leave, paid jury duty leave, military leave, paid parental leave, retirement plan.
Job Description:
The Cloud Security Engineer (CSE) will secure the enterprise cloud infrastructure and perform ongoing enterprise information security threat monitoring and remediation. The CSE will contribute to the design and development of the Azure and Microsoft 365 security architecture for data and infrastructure. The CSE will influence the security vision and strategy around cloud-based applications (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS)).
The CSE will aid in the prevention of data thefts, unwanted deletion of data, and data breach incidents and will oversee the strategic, operational, and tactical aspects of cloud security.
The CSE’s responsibility will also include monitoring and detecting malicious activity once the system is deployed.
The CSE will be responsible for aligning cloud security strategy with business goals and working towards finding the optimum balance between information security risks and controls while enabling the business.
Key Roles and Responsibilities:
Identify and Implement:
Identify and mitigate cloud security risks, threats or weaknesses within the existing cloud infrastructure and solutions.
Recommend investments in solutions or changes in work processes that enhance cloud security.
Involvement with the implementation and advancement of a continuous monitoring environment and security controls related to cloud risk.
Involvement in the implementation and advancement of KUMC’s adverse incident response plan.
Based on business requirements, design, develop, and implement cloud-native security architectures and designs that allow those requirements to be met with a minimal degree of risk and with appropriate security controls present.
Analysis/Actions:
Identify cloud security design gaps in existing and proposed architectures and recommend changes or enhancements.
Perform root cause and impact analysis of events that may be a risk to KUMC’s cloud environment.
Conduct postmortem reviews of adverse incidents related to KUMC’s cloud environment, to ensure that actions are appropriate, gaps are identified, and procedures are updated and understood by team members.
Develop and maintain cloud security strategy and architecture which aligns with business goals.
Documentation:
Create documentation on specific remediation steps to close vulnerabilities or mitigate risk to acceptable levels.
Create technical documentation so other team members or peers may use for reference.
Develop and maintain cloud security architecture artifacts (e.g., baselines, models, templates, standards, and procedures) to be used to leverage cloud security capabilities in projects and operations.
Revise and/or update documentation and artifacts to identify and address newly emerging tactics, trends, and techniques.
Compliance / Policy / Process
In conjunction with the Office of Compliance, monitor and assure compliance that is related to federal and state laws and regulations, and University policies and practices.
Develop and implement audit plans for assessing cloud security risks within the KUMC community.
Demonstrated level of integrity and judgment concerning privacy issues, and the ability to maintain a well-reasoned, objective, and independent point of view.
Contribute to the annual employee information security compliance training.
Communicate/Collaborate:
Represent Information Security as a senior technical representative while engaging with other senior technical leaders throughout organization in design and implementation of cloud and cloud/hybrid-based implementations and solutions, including the external teams at Kansas University and the University of Kansas Health System.
Provide detailed cloud security consulting and reporting to executives, clients, business owners, and technical experts across the enterprise.
Establish and maintain effective partnerships with the various teams and KUMC communities, to evangelize and educate about cloud security priorities, methodologies, awareness, and compliance across the organization.
Lead or participate in related committees and coordinate security efforts across the organization to identify key cloud security initiatives and standards.
Coordinates with enterprise architects and information architects to ensure new cloud services align to roadmaps and to understand the impact on the organization’s information architecture.
Other tasks and responsibilities on an ad-hoc or project basis.
Required Qualifications
Graduation from a four-year college or university with a degree or major course work in computer science, telecommunications, networking, engineering, or other related technical fields. Four-year degree can be substituted with eight years of experience.
Seven years of progressive work experience in information technology
4 years’ experience with information security
3 years’ experience utilizing and securing Microsoft Azure cloud computing or Microsoft 365 environments.
Experience with managing and implementing technical solutions that require involvement from multiple team members across the organization.
Certified Cloud Security Professional (CCSP) or similar Cloud certification (candidates not certified will be expected to achieve certification within 12 months of hire).
Must be available for 24/7 on call-support.
Preferred Qualifications
Master’s degree in a related technical area.
Related work experience in a higher education or academic health organization.
Knowledge of and experience implementing technical aspects of compliance standards
egulations such as HIPAA, Gramm-Leach-Bliley, PCI DSS, etc.
Knowledge of and experience implementing an information security framework based on either ISO 17799, NIST 800-30, CObIT, etc.
3 years’ experience utilizing and securing other cloud computing environments. (Ex: AWS and GCP)
Experience with DevSecOps and application security Show more details...
Secure the enterprise cloud infrastructure and perform ongoing enterprise information security threat monitoring and remediation, including monitoring and detecting malicious activity. Contribute to the design and development of the Azure and Microsoft 365 security architecture for data and infrastructure. Influence the security vision and strategy around cloud-based... applications (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS)). Align cloud security strategy with business goals. Aid in the prevention of data thefts, unwanted deletion of data, and data breach incidents.
The ideal candidate will be familiar with a variety of cloud security concepts, practices, and procedures, and rely on experience and judgment to plan and accomplish goals.
The anticipated hiring salary range: $95k - $100k
COMPREHENSIVE BENEFITS PACKAGE:
Health coverage on day one, dental, vision, employer paid life, LTD, flexible benefits plan, miscellaneous voluntary plans available, paid vacation and sick (accruing upon hire), paid holidays, paid discretionary day, paid bereavement leave, paid jury duty leave, military leave, paid parental leave, retirement plan.
Job Description:
The Cloud Security Engineer (CSE) will secure the enterprise cloud infrastructure and perform ongoing enterprise information security threat monitoring and remediation. The CSE will contribute to the design and development of the Azure and Microsoft 365 security architecture for data and infrastructure. The CSE will influence the security vision and strategy around cloud-based applications (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS)).
The CSE will aid in the prevention of data thefts, unwanted deletion of data, and data breach incidents and will oversee the strategic, operational, and tactical aspects of cloud security.
The CSE’s responsibility will also include monitoring and detecting malicious activity once the system is deployed.
The CSE will be responsible for aligning cloud security strategy with business goals and working towards finding the optimum balance between information security risks and controls while enabling the business.
Key Roles and Responsibilities:
Identify and Implement:
Identify and mitigate cloud security risks, threats or weaknesses within the existing cloud infrastructure and solutions.
Recommend investments in solutions or changes in work processes that enhance cloud security.
Involvement with the implementation and advancement of a continuous monitoring environment and security controls related to cloud risk.
Involvement in the implementation and advancement of KUMC’s adverse incident response plan.
Based on business requirements, design, develop, and implement cloud-native security architectures and designs that allow those requirements to be met with a minimal degree of risk and with appropriate security controls present.
Analysis/Actions:
Identify cloud security design gaps in existing and proposed architectures and recommend changes or enhancements.
Perform root cause and impact analysis of events that may be a risk to KUMC’s cloud environment.
Conduct postmortem reviews of adverse incidents related to KUMC’s cloud environment, to ensure that actions are appropriate, gaps are identified, and procedures are updated and understood by team members.
Develop and maintain cloud security strategy and architecture which aligns with business goals.
Documentation:
Create documentation on specific remediation steps to close vulnerabilities or mitigate risk to acceptable levels.
Create technical documentation so other team members or peers may use for reference.
Develop and maintain cloud security architecture artifacts (e.g., baselines, models, templates, standards, and procedures) to be used to leverage cloud security capabilities in projects and operations.
Revise and/or update documentation and artifacts to identify and address newly emerging tactics, trends, and techniques.
Compliance / Policy / Process
In conjunction with the Office of Compliance, monitor and assure compliance that is related to federal and state laws and regulations, and University policies and practices.
Develop and implement audit plans for assessing cloud security risks within the KUMC community.
Demonstrated level of integrity and judgment concerning privacy issues, and the ability to maintain a well-reasoned, objective, and independent point of view.
Contribute to the annual employee information security compliance training.
Communicate/Collaborate:
Represent Information Security as a senior technical representative while engaging with other senior technical leaders throughout organization in design and implementation of cloud and cloud/hybrid-based implementations and solutions, including the external teams at Kansas University and the University of Kansas Health System.
Provide detailed cloud security consulting and reporting to executives, clients, business owners, and technical experts across the enterprise.
Establish and maintain effective partnerships with the various teams and KUMC communities, to evangelize and educate about cloud security priorities, methodologies, awareness, and compliance across the organization.
Lead or participate in related committees and coordinate security efforts across the organization to identify key cloud security initiatives and standards.
Coordinates with enterprise architects and information architects to ensure new cloud services align to roadmaps and to understand the impact on the organization’s information architecture.
Other tasks and responsibilities on an ad-hoc or project basis.
Required Qualifications
Graduation from a four-year college or university with a degree or major course work in computer science, telecommunications, networking, engineering, or other related technical fields. Four-year degree can be substituted with eight years of experience.
Seven years of progressive work experience in information technology
4 years’ experience with information security
3 years’ experience utilizing and securing Microsoft Azure cloud computing or Microsoft 365 environments.
Experience with managing and implementing technical solutions that require involvement from multiple team members across the organization.
Certified Cloud Security Professional (CCSP) or similar Cloud certification (candidates not certified will be expected to achieve certification within 12 months of hire).
Must be available for 24/7 on call-support.
Preferred Qualifications
Master’s degree in a related technical area.
Related work experience in a higher education or academic health organization.
Knowledge of and experience implementing technical aspects of compliance standards
egulations such as HIPAA, Gramm-Leach-Bliley, PCI DSS, etc.
Knowledge of and experience implementing an information security framework based on either ISO 17799, NIST 800-30, CObIT, etc.
3 years’ experience utilizing and securing other cloud computing environments. (Ex: AWS and GCP)
Experience with DevSecOps and application security Show more details...
via LMI - ICIMS
posted_at: 13 days agoschedule_type: Full-time
Overview
LMI is a consultancy dedicated to powering a future-ready, high-performing government, drawing from expertise in digital and analytic solutions, logistics, and management advisory services. We deliver integrated capabilities that incorporate emerging technologies and are tailored to customers’ unique mission needs, backed by objective research and data analysis. Founded in 1961 to help... the Department of Defense resolve complex logistics
Overview
LMI is a consultancy dedicated to powering a future-ready, high-performing government, drawing from expertise in digital and analytic solutions, logistics, and management advisory services. We deliver integrated capabilities that incorporate emerging technologies and are tailored to customers’ unique mission needs, backed by objective research and data analysis. Founded in 1961 to help... the Department of Defense resolve complex logistics management challenges, LMI continues to enable growth and transformation, enhance operational readiness and resiliency, and ensure mission success for federal civilian and defense agencies.
The LMI Chief Information Security Officer (CISO) will be responsible for implementing and running the enterprise Cybersecurity program from strategy to implementation to thought leadership. This will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks and information assets while supporting and advancing business objectives. The CISO position requires a visionary leader with sound knowledge of Federal government contractor business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. He or she will proactively work with the CIO, business units and stakeholders to implement practices that meet agreed-on policies and standards for information security.
Responsibilities
• Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate
• Develops and enhances an up-to-date information security management framework based on, but not limited to, the following: International Organization for Standardization (ISO) 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT, CMMC, and National Institute of Standards and Technology (NIST) Cybersecurity Framework.]
• Coordinates the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas
• Collaborates with IT, cloud, and engineering teams to design and implement security controls that enable cost-effective business initiatives and reduce risk in our products and applications.
• Manages the cost-efficient information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management, and annual performance reviews
• Liaises with external entities, such as Federal customers and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well abreast of the relevant threats identified by these agencies.
• Tracks the evolving status of CMMC and ensures the enterprise is ahead of and compliant with evolving requirements as they become codified and finalized.
Qualifications
• Demonstrated experience and success in senior leadership roles in information security, risk management, and IT or OT security.
• Knowledge of information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Demonstrated experience leading support and response to external security audits.
• Degree in a STEM field (business IT related program), or equivalent work- or education-related experience.
Preferred Qualifications:
• Graduate degree in a STEM field, or an IT Security or Cybersecurity program.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control(CRISC) or other similar credentials.
• Experience establishing a Cyber Supply Chain Risk Management program.
• Previous experience as a corporate CISO or head of a Cybersecurity practice.
• TS/SCI with Full Scope Polygraph (or, if not, then TS/SCI with CI Polygraph).
• Experience maintaining IL6, SCIF, and SAP environments.
• Demonstrated ability to lead and motivate even when only "dotted line" reporting lines exist Show more details...
LMI is a consultancy dedicated to powering a future-ready, high-performing government, drawing from expertise in digital and analytic solutions, logistics, and management advisory services. We deliver integrated capabilities that incorporate emerging technologies and are tailored to customers’ unique mission needs, backed by objective research and data analysis. Founded in 1961 to help... the Department of Defense resolve complex logistics management challenges, LMI continues to enable growth and transformation, enhance operational readiness and resiliency, and ensure mission success for federal civilian and defense agencies.
The LMI Chief Information Security Officer (CISO) will be responsible for implementing and running the enterprise Cybersecurity program from strategy to implementation to thought leadership. This will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks and information assets while supporting and advancing business objectives. The CISO position requires a visionary leader with sound knowledge of Federal government contractor business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. He or she will proactively work with the CIO, business units and stakeholders to implement practices that meet agreed-on policies and standards for information security.
Responsibilities
• Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate
• Develops and enhances an up-to-date information security management framework based on, but not limited to, the following: International Organization for Standardization (ISO) 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT, CMMC, and National Institute of Standards and Technology (NIST) Cybersecurity Framework.]
• Coordinates the development and implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas
• Collaborates with IT, cloud, and engineering teams to design and implement security controls that enable cost-effective business initiatives and reduce risk in our products and applications.
• Manages the cost-efficient information security organization, consisting of direct reports and dotted line reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management, and annual performance reviews
• Liaises with external entities, such as Federal customers and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well abreast of the relevant threats identified by these agencies.
• Tracks the evolving status of CMMC and ensures the enterprise is ahead of and compliant with evolving requirements as they become codified and finalized.
Qualifications
• Demonstrated experience and success in senior leadership roles in information security, risk management, and IT or OT security.
• Knowledge of information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Demonstrated experience leading support and response to external security audits.
• Degree in a STEM field (business IT related program), or equivalent work- or education-related experience.
Preferred Qualifications:
• Graduate degree in a STEM field, or an IT Security or Cybersecurity program.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control(CRISC) or other similar credentials.
• Experience establishing a Cyber Supply Chain Risk Management program.
• Previous experience as a corporate CISO or head of a Cybersecurity practice.
• TS/SCI with Full Scope Polygraph (or, if not, then TS/SCI with CI Polygraph).
• Experience maintaining IL6, SCIF, and SAP environments.
• Demonstrated ability to lead and motivate even when only "dotted line" reporting lines exist Show more details...
via Secure Community Network Jobs
schedule_type: Full-time
REMOTE OPPORTUNITIES AVAILABLE!!
We are Secure Community Network (SCN), a nonprofit 501(c)(3) serving as the official safety and security organization of the Jewish community in North America. Here at SCN, we deeply value the team of people that work diligently to commit their lives to action for a better tomorrow and we are excited to add a Communications and Marketing Manager to our... organization. If you consider yourself to be an ambitious and
REMOTE OPPORTUNITIES AVAILABLE!!
We are Secure Community Network (SCN), a nonprofit 501(c)(3) serving as the official safety and security organization of the Jewish community in North America. Here at SCN, we deeply value the team of people that work diligently to commit their lives to action for a better tomorrow and we are excited to add a Communications and Marketing Manager to our... organization. If you consider yourself to be an ambitious and self-motivated marketing and communications professional with a desire to dedicate your skills in helping others, this role may be for you!
WHAT YOU'LL DO:
The Communications and Marketing Manager will report directly to the Chief Communications and Marketing Officer. The selected individual will support efforts in managing day-to-day communications and marketing operations, including external and internal messaging, marketing, news media relations, social media, and multimedia.
Significant responsibilities include:
• Meet with internal and external stakeholders to determine communications and marketing needs and develop related strategies
• Write, design, review, edit, and proofread communications and marketing materials to be used in print and digital formats
• Develop and implement effective social media strategies and campaigns
• Oversee the production of communications and marketing materials by colleagues and contractors
• Create or work with graphic designers to create multimedia materials
• Gather feedback from stakeholders to improve future materials
• Work with members of the news media to achieve positive news coverage for the organization
• Use monitoring tools to identify relevant news media publications and social media posts and develop analytics
• Apply and maintains the organization's brand identity and visual and style standards
• Conceptualize and builds concepts for stakeholder engagement and partner presentations
• Other related duties as assigned
WHAT SKILLS AND QUALIFICATIONS YOU'LL NEED TO EXCEL:
Education and Experience:
• At least five years of experience in communications, marketing, or public relations, preferably for nonprofit or government organizations
• Bachelor's degree in communications, marketing, public relations, writing, journalism, or a related field required, Master's degree preferred
Skills/Abilities:
• Excellent oral and written communicator, with fluency in written and spoken U.S. English
• Proficient in editing and proofreading, including the application of AP Style
• Experience designing and implementing successful messaging and marketing campaigns using paid, earned, and social media
• Demonstrated current knowledge of widely used internet-based services and social media platforms, such as Facebook, Twitter, YouTube, LinkedIn, TikTok, and Instagram
• Proficient in working with the news media to pitch stories, arrange interviews, provide background information, and craft message points for interview subjects
• Familiarity with news and social media monitoring and reporting platforms
• Experience developing and implementing strategic plans
• Demonstrated leadership and problem-solving skills
• Organized, with attention to detail
• Ability to work on multiple assignments as needed, independently or as a member of a team
• Ability to make independent and accurate decisions with tact and diplomacy
• Ability to work in a dynamic, challenging, and fast-paced organization
• Ability to maintain the integrity of confidential efforts and documents
• Ability to travel as needed, including by air
WHAT WE OFFER:
• A competitive salary commensurate to experience.
• Comprehensive benefits package
MORE ABOUT US:
The Secure Community Network (SCN), a nonprofit 501(c)(3), is the official safety and security organization of the Jewish community in North America. Founded in 2004 under the auspices of The Jewish Federations of North America and the Conference of Presidents of Major American Jewish Organizations, SCN works on behalf of over 50 national Jewish non-profit organizations, 146 Federations, and over 300 independent communities as well as with other partners in the public, private, non-profit, and academic sectors to ensure the safety, security, and resiliency of the Jewish people. Learn more about us here https://securecommunitynetworks.org/.
Secure Community Network is an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of religion, race, color, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.
SCN has long been a committed leader in adopting, modeling, and encouraging adherence to Jewish values, including advocating for approaches that address issues related to Diversity, Equity, Inclusion, and Accessibility (DEIA). Please review our DEIA statement here Show more details...
We are Secure Community Network (SCN), a nonprofit 501(c)(3) serving as the official safety and security organization of the Jewish community in North America. Here at SCN, we deeply value the team of people that work diligently to commit their lives to action for a better tomorrow and we are excited to add a Communications and Marketing Manager to our... organization. If you consider yourself to be an ambitious and self-motivated marketing and communications professional with a desire to dedicate your skills in helping others, this role may be for you!
WHAT YOU'LL DO:
The Communications and Marketing Manager will report directly to the Chief Communications and Marketing Officer. The selected individual will support efforts in managing day-to-day communications and marketing operations, including external and internal messaging, marketing, news media relations, social media, and multimedia.
Significant responsibilities include:
• Meet with internal and external stakeholders to determine communications and marketing needs and develop related strategies
• Write, design, review, edit, and proofread communications and marketing materials to be used in print and digital formats
• Develop and implement effective social media strategies and campaigns
• Oversee the production of communications and marketing materials by colleagues and contractors
• Create or work with graphic designers to create multimedia materials
• Gather feedback from stakeholders to improve future materials
• Work with members of the news media to achieve positive news coverage for the organization
• Use monitoring tools to identify relevant news media publications and social media posts and develop analytics
• Apply and maintains the organization's brand identity and visual and style standards
• Conceptualize and builds concepts for stakeholder engagement and partner presentations
• Other related duties as assigned
WHAT SKILLS AND QUALIFICATIONS YOU'LL NEED TO EXCEL:
Education and Experience:
• At least five years of experience in communications, marketing, or public relations, preferably for nonprofit or government organizations
• Bachelor's degree in communications, marketing, public relations, writing, journalism, or a related field required, Master's degree preferred
Skills/Abilities:
• Excellent oral and written communicator, with fluency in written and spoken U.S. English
• Proficient in editing and proofreading, including the application of AP Style
• Experience designing and implementing successful messaging and marketing campaigns using paid, earned, and social media
• Demonstrated current knowledge of widely used internet-based services and social media platforms, such as Facebook, Twitter, YouTube, LinkedIn, TikTok, and Instagram
• Proficient in working with the news media to pitch stories, arrange interviews, provide background information, and craft message points for interview subjects
• Familiarity with news and social media monitoring and reporting platforms
• Experience developing and implementing strategic plans
• Demonstrated leadership and problem-solving skills
• Organized, with attention to detail
• Ability to work on multiple assignments as needed, independently or as a member of a team
• Ability to make independent and accurate decisions with tact and diplomacy
• Ability to work in a dynamic, challenging, and fast-paced organization
• Ability to maintain the integrity of confidential efforts and documents
• Ability to travel as needed, including by air
WHAT WE OFFER:
• A competitive salary commensurate to experience.
• Comprehensive benefits package
MORE ABOUT US:
The Secure Community Network (SCN), a nonprofit 501(c)(3), is the official safety and security organization of the Jewish community in North America. Founded in 2004 under the auspices of The Jewish Federations of North America and the Conference of Presidents of Major American Jewish Organizations, SCN works on behalf of over 50 national Jewish non-profit organizations, 146 Federations, and over 300 independent communities as well as with other partners in the public, private, non-profit, and academic sectors to ensure the safety, security, and resiliency of the Jewish people. Learn more about us here https://securecommunitynetworks.org/.
Secure Community Network is an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of religion, race, color, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.
SCN has long been a committed leader in adopting, modeling, and encouraging adherence to Jewish values, including advocating for approaches that address issues related to Diversity, Equity, Inclusion, and Accessibility (DEIA). Please review our DEIA statement here Show more details...
via Nexxt
posted_at: 8 days agoschedule_type: Full-time
The EKM Team within Cyber Security Org owns the Public Key Infrastructure (PKI), and is responsible for certificate lifecycle management, distribution, and key management.?The deployed solutions have various integrations from provisioning certs & keys to protect data at rest and in-transit, to signing code binaries, etc. The Lead Info Security Manager will lead/manage a team of subject matter experts to facilitate protection of data at rest, in-transit,
The EKM Team within Cyber Security Org owns the Public Key Infrastructure (PKI), and is responsible for certificate lifecycle management, distribution, and key management.?The deployed solutions have various integrations from provisioning certs & keys to protect data at rest and in-transit, to signing code binaries, etc. The Lead Info Security Manager will lead/manage a team of subject matter experts to facilitate protection of data at rest, in-transit, or in-use by providing systems of processes, technologies, and policies. Key Responsibilities and Duties + Lead a team of security engineers responsible for designing, developing, integrating and deploying encryption and key management solutions both on-prem and cloud. + Own the team charter, define business/technical strategy for the team that reduces the risk and improves the overall security posture of our applications, platforms and infrastructure. + Collaborate with stakeholders at all levels to understand the security needs and... create/prioritize the roadmap accordingly. + Ensure projects are completed on time, within budget, and with high quality. + Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support team goals and objectives. + Coach/mentor the team, help team members in their professional growth and development. + Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs). + Lead and oversee information security budget, staffing, and contracting. + Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals. + Continuously validate the team's products/solutions against policies, guidelines, procedures, regulations/laws to ensure compliance. ? Educational Requirements + University (Degree) Preferred Work Experience + 5+ Years Required; 7+ Years Preferred Physical Requirements + Physical Requirements: Sedentary Work Career Level 9PL Required skills: + 5 + years of experience in Information Security + 3+ years of leadership experience, either as a people manager or a technical leadactively coaching/mentoring engineers. + 3+ years of experience in PKI Preferred Skills : + 3+ years of technical experience with a combination of 2+ services (CLM, KMS, and PKI) + 3+ years of experience with both Linux and Windows systems + 2+ years of working experience in cloud technologies such as AWS, Azure, and Google Cloud Platform + Proven experience leading high performing technical teams + 3+ years of experience in writing requirements for security technologies + Security certifications such as CISSP, CISM, CRISC, AWS, Azure, SANS, etc. + Ability to provide strong customer service. #LI-158487406_MB1 Base Pay Range: $116,700/yr. - $194,400/yr. Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location. In addition to base salary, the competitive compensation package may include, depending on the role, participation in an incentive program linked to performance (for example, annual discretionary incentive programs, non-annual sales incentive plans, or other non-annual incentive plans). _____________________________________________________________________________________________________ Company Overview TIAA is the leading provider of financial services in the academic, research, medical, cultural and government fields. We offer a wide range of financial solutions, including investing, banking, advice and education, and retirement services. Benefits and Total Rewards The organization is committed to making financial well-being possible for its clients, and is equally committed to the well-being of our associates. That's why we offer a comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones. Our benefits include a superior retirement program and highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being. To learn more about your benefits, please review our Benefits Summary (~~~) . Equal Opportunity We are an Equal Opportunity/Affirmative Action Employer. We consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other protected status. Read more about the Equal Opportunity Law here (~~~) . Accessibility Support TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities. If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team: Phone: ~~~ Email: ~~~ Privacy Notices For Applicants of TIAA, Nuveen and Affiliates residing in US (other than California), click here (~~~) . For Applicants of TIAA, Nuveen and Affiliates residing in California, please click here (~~~) . For Applicants of Nuveen residing in Europe and APAC, please click here (~~~) . For Applicants of Greenwood residing in Brazil (English), click here (~~~) . For Applicants of Greenwood residing in Brazil (Portuguese), click here (~~~) . For Applicants of Westchester residing in Brazil (English), click here (~~~) . For Applicants of Westchester residing in Brazil (Portuguese), click here (~~~) . TIAA started out over 100 years ago to help ensure teachers could retire with dignity. Today, many people who work at not-for-profits rely on our wide range of financial products and services to support and strengthen their financial well-being
Show more details...
via Health Industry Distributors Association
schedule_type: Full-time
Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 50,000 employees in nearly 60 countries, Cardinal Health ranks among the top... 20 on the Fortune 500.
We currently have a full-time
Headquartered in Dublin, Ohio, Cardinal Health, Inc. (NYSE: CAH) is a global, integrated healthcare services and products company connecting patients, providers, payers, pharmacists and manufacturers for integrated care coordination and better patient management. Backed by nearly 100 years of experience, with more than 50,000 employees in nearly 60 countries, Cardinal Health ranks among the top... 20 on the Fortune 500.
We currently have a full-time job opening for an Application Security Engineer.
Department overview:
The Information Security organization is on a tremendous growth journey. We aim to be a world-class cybersecurity organization that enables Cardinal Health to be healthcare’s most trusted partner. We boast tremendous opportunities to grow and apply technical skills to meet organizational needs, empowering talented engineers who mentor and uplift others, led by leaders with a maniacal focus on employee development and well-being, dedicated training programs, and a fun, collaborative atmosphere.
As a part of our growth, we are investing heavily in Application Securitytoenable the enterprise to deliver products and services to our customers with security in mind.TraditionallyApplication Security wasa function of Security Architecture.This newteam’ssole function isdedicated to Application Securityandis being created to reflect its importance to our organization.
Job Overview:
The Application Security Analyst is a foundational member of the new Application Security team at Cardinal Health. This engineer blends extensive Software Development experience with a strong Information Securitybackgroundto serve Cardinal Health's best interests by balancing security with software delivery. This role will be focused on Product Ownership and Business Analyst functions within an Application Security Team.
What is expected of you and others at this level
• Applies advanced knowledge and understanding of concepts, principles, and technical capabilities to manage a wide variety of projects
• Participates in the development of policies and procedures to achieve specific goals
• Recommends new practices, processes, metrics, or models
• Works on or may lead complex projects of large scope
• Projects may have significant and long-term impact
• Provides solutions which may set precedent
• Independently determines method for completion of new projects
• Receives guidance on overall project objectives
• Acts as a mentor to less experienced colleagues
Desired Skills/Experience:
• Good understanding of Application Security Concepts
• Security related experience, working with application/software development teams, promoting continuous improvement, problem solving skills.
• Experience writing requirements or user stories for the development of new features, enhancements to existing features, etc.
• Ability to work with team and help prioritize the requirements strategically
• Good Presentation and communication Skills.
Qualifications:
Required Qualifications
• Proven experience with one or more of the following development languages/platforms: Java, JavaScript, .NET/C#, Python, PHP/Laravel or CodeIgniter
• Proven understanding of Application Security concepts
Preferred Qualifications
• Understanding and previous experience in one or more of the following preferred:
• SDLC andDevSecOpsconcepts such as CI/CD pipelines
• Agile development concepts and methods such as Scrum or Kanban
• Container concepts and technologies, including Docker and Kubernetes
• OWASP Top 10
• Static or Dynamic code scanning and subsequent remediations
• Experience in understanding the SCA/SAST/DAST Scanning process.
• Experience in understanding the scan results and share the tools agnostics to the application teams.
• Experience in creating dashboards and guide the application teams through the remediation process.
• Experience in Veracode a Plus.
• Common application security controls, including WAF
• Common patterns forAuthNandAuthZ
• One or more Information Security Certifications preferred: CISSP, CSSLP, CISM, CCSP, GSLC, GSEC, CISA
• Bachelor’s degree in related field, or equivalent work experience
Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.
Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law Show more details...
We currently have a full-time job opening for an Application Security Engineer.
Department overview:
The Information Security organization is on a tremendous growth journey. We aim to be a world-class cybersecurity organization that enables Cardinal Health to be healthcare’s most trusted partner. We boast tremendous opportunities to grow and apply technical skills to meet organizational needs, empowering talented engineers who mentor and uplift others, led by leaders with a maniacal focus on employee development and well-being, dedicated training programs, and a fun, collaborative atmosphere.
As a part of our growth, we are investing heavily in Application Securitytoenable the enterprise to deliver products and services to our customers with security in mind.TraditionallyApplication Security wasa function of Security Architecture.This newteam’ssole function isdedicated to Application Securityandis being created to reflect its importance to our organization.
Job Overview:
The Application Security Analyst is a foundational member of the new Application Security team at Cardinal Health. This engineer blends extensive Software Development experience with a strong Information Securitybackgroundto serve Cardinal Health's best interests by balancing security with software delivery. This role will be focused on Product Ownership and Business Analyst functions within an Application Security Team.
What is expected of you and others at this level
• Applies advanced knowledge and understanding of concepts, principles, and technical capabilities to manage a wide variety of projects
• Participates in the development of policies and procedures to achieve specific goals
• Recommends new practices, processes, metrics, or models
• Works on or may lead complex projects of large scope
• Projects may have significant and long-term impact
• Provides solutions which may set precedent
• Independently determines method for completion of new projects
• Receives guidance on overall project objectives
• Acts as a mentor to less experienced colleagues
Desired Skills/Experience:
• Good understanding of Application Security Concepts
• Security related experience, working with application/software development teams, promoting continuous improvement, problem solving skills.
• Experience writing requirements or user stories for the development of new features, enhancements to existing features, etc.
• Ability to work with team and help prioritize the requirements strategically
• Good Presentation and communication Skills.
Qualifications:
Required Qualifications
• Proven experience with one or more of the following development languages/platforms: Java, JavaScript, .NET/C#, Python, PHP/Laravel or CodeIgniter
• Proven understanding of Application Security concepts
Preferred Qualifications
• Understanding and previous experience in one or more of the following preferred:
• SDLC andDevSecOpsconcepts such as CI/CD pipelines
• Agile development concepts and methods such as Scrum or Kanban
• Container concepts and technologies, including Docker and Kubernetes
• OWASP Top 10
• Static or Dynamic code scanning and subsequent remediations
• Experience in understanding the SCA/SAST/DAST Scanning process.
• Experience in understanding the scan results and share the tools agnostics to the application teams.
• Experience in creating dashboards and guide the application teams through the remediation process.
• Experience in Veracode a Plus.
• Common application security controls, including WAF
• Common patterns forAuthNandAuthZ
• One or more Information Security Certifications preferred: CISSP, CSSLP, CISM, CCSP, GSLC, GSEC, CISA
• Bachelor’s degree in related field, or equivalent work experience
Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.
Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law Show more details...
via TIAA Jobs
schedule_type: Full-timework_from_home: 1
Senior Lead Cloud Security Architect
The Senior Lead Cloud Security Architect job leads in secure design planning and implementation for the company's cloud platform. This job implements operational plans for the processes and standards of developing the organization's cloud security architecture through the creation of a new cloud platform designs. Additionally, this job lends consultative... support to multiple teams within the organization to
Senior Lead Cloud Security Architect
The Senior Lead Cloud Security Architect job leads in secure design planning and implementation for the company's cloud platform. This job implements operational plans for the processes and standards of developing the organization's cloud security architecture through the creation of a new cloud platform designs. Additionally, this job lends consultative... support to multiple teams within the organization to provide high-level technical expertise and insight, along with maintaining consistent knowledge of emerging trends and security best practices in the related technology space.
Key Responsibilities and Duties
• Collaborate with various stakeholders on the strategic vision for the enterprise leveraging cloud, managed solutions and traditional capabilities; provide security designs for new solutions and technologies.
• Security Architects, designs and implements new, cutting edge secure cloud solutions within the organization.
• Support secure cloud platform that enable business applications to transform into scalable, elastic systems that can be created on demand.
• Collect design requirements and create secure designs to meet Control owner requirement.
• Provides threat analysis consultation, when needed, across functional teams of the organization, both within the operating business unit and to Information Technology management and staff.
• Maintains highly technical knowledge of security trends and emerging technologies to best inform secure cloud design, architecture and decision-making processes.
• Communicates with management and leadership to provide updates and ensure integration of new system with existing operations to support the organization's cloud strategy.
Qualifications
• 5 Years Required; 7 Years Preferred
• University (Degree), Preferred
Physical Requirements
• Physical Requirements: Sedentary Work
Preferred Education
• University (Degree)
Career Level
9IC
Required Qualifications
• 3+ years of experience in Cloud Technology
• 5+ years of experience in Cybersecurity
• 2+ years of experience with IT Architecture
Preferred Qualifications
• Experience in Agile Methodology environment (SAFE)
• Experience with risk modeling tools and methodologies
• Knowledge of various architecture frameworks (e.g., TOGAF, etc.)
• General information security certification (e.g., CISSP, CISM, CCSK etc.)
• Technical information security certification (e.g., CEH, GCSA, CCSP, CSK, etc.)
• Experience working with Cloud technologies (e.g. AWS, Azure, GCP)
• Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses
• Knowledge of various platform security tools (e.g., AV, HIPS, firewalls, DLP, etc.)
• Knowledge of various network security tools (e.g., firewalls, NIPS, WIPS, VPN, DLP, etc.)
• Knowledge of various database security tools (e.g., activity monitoring, encryption etc.)
#LI-158487406_MB1
Base Pay Range: $146,100/yr. - $243,400/yr.
Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location. In addition to base salary, the competitive compensation package may include, depending on the role, participation in an incentive program linked to performance (for example, annual discretionary incentive programs, non-annual sales incentive plans, or other non-annual incentive plans).
Company Overview
TIAA is the leading provider of financial services in the academic, research, medical, cultural and government fields. We offer a wide range of financial solutions, including investing, banking, advice and education, and retirement services.
Benefits and Total Rewards
The organization is committed to making financial well-being possible for its clients, and is equally committed to the well-being of our associates. That’s why we offer a comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones. Our benefits include a superior retirement program and highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being. To learn more about your benefits, please review our Benefits Summary (https://www.tiaa.org/public/pdf/benefits-at-a-glance.pdf) .
Equal Opportunity
We are an Equal Opportunity/Affirmative Action Employer. We consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other protected status.
Read more about the Equal Opportunity Law here (https://www.dol.gov/general/topics/posters) .
Accessibility Support
TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities.
If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team:
Phone: (800) 842-2755
Email: accessibility.support@tiaa.org
Privacy Notices
For Applicants of TIAA, Nuveen and Affiliates residing in US (other than California), click here (https://www.tiaa.org/public/tiaa-nuveen-privacy) .
For Applicants of TIAA, Nuveen and Affiliates residing in California, please click here (https://www.tiaa.org/public/tiaa-nuveen-ca-privacy) .
For Applicants of Nuveen residing in Europe and APAC, please click here (https://www.tiaa.org/public/nuveen-eu-uk-privacy) .
For Applicants of Greenwood residing in Brazil (English), click here (https://www.tiaa.org/public/support/privacy/applicants-greenwood-privacy) .
For Applicants of Greenwood residing in Brazil (Portuguese), click here (https://www.tiaa.org/public/support/privacy/applicants-greenwood-portuguese-privacy) .
For Applicants of Westchester residing in Brazil (English), click here (https://www.tiaa.org/public/support/privacy/applicants-westchester-privacy) .
For Applicants of Westchester residing in Brazil (Portuguese), click here (https://www.tiaa.org/public/support/privacy/applicants-westchester-portuguese-privacy) .
TIAA started out over 100 years ago to help ensure teachers could retire with dignity. Today, many people who work at not-for-profits rely on our wide range of financial products and services to support and strengthen their financial well-being Show more details...
The Senior Lead Cloud Security Architect job leads in secure design planning and implementation for the company's cloud platform. This job implements operational plans for the processes and standards of developing the organization's cloud security architecture through the creation of a new cloud platform designs. Additionally, this job lends consultative... support to multiple teams within the organization to provide high-level technical expertise and insight, along with maintaining consistent knowledge of emerging trends and security best practices in the related technology space.
Key Responsibilities and Duties
• Collaborate with various stakeholders on the strategic vision for the enterprise leveraging cloud, managed solutions and traditional capabilities; provide security designs for new solutions and technologies.
• Security Architects, designs and implements new, cutting edge secure cloud solutions within the organization.
• Support secure cloud platform that enable business applications to transform into scalable, elastic systems that can be created on demand.
• Collect design requirements and create secure designs to meet Control owner requirement.
• Provides threat analysis consultation, when needed, across functional teams of the organization, both within the operating business unit and to Information Technology management and staff.
• Maintains highly technical knowledge of security trends and emerging technologies to best inform secure cloud design, architecture and decision-making processes.
• Communicates with management and leadership to provide updates and ensure integration of new system with existing operations to support the organization's cloud strategy.
Qualifications
• 5 Years Required; 7 Years Preferred
• University (Degree), Preferred
Physical Requirements
• Physical Requirements: Sedentary Work
Preferred Education
• University (Degree)
Career Level
9IC
Required Qualifications
• 3+ years of experience in Cloud Technology
• 5+ years of experience in Cybersecurity
• 2+ years of experience with IT Architecture
Preferred Qualifications
• Experience in Agile Methodology environment (SAFE)
• Experience with risk modeling tools and methodologies
• Knowledge of various architecture frameworks (e.g., TOGAF, etc.)
• General information security certification (e.g., CISSP, CISM, CCSK etc.)
• Technical information security certification (e.g., CEH, GCSA, CCSP, CSK, etc.)
• Experience working with Cloud technologies (e.g. AWS, Azure, GCP)
• Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses
• Knowledge of various platform security tools (e.g., AV, HIPS, firewalls, DLP, etc.)
• Knowledge of various network security tools (e.g., firewalls, NIPS, WIPS, VPN, DLP, etc.)
• Knowledge of various database security tools (e.g., activity monitoring, encryption etc.)
#LI-158487406_MB1
Base Pay Range: $146,100/yr. - $243,400/yr.
Actual base salary may vary based upon, but not limited to, relevant experience, time in role, base salary of internal peers, prior performance, business sector, and geographic location. In addition to base salary, the competitive compensation package may include, depending on the role, participation in an incentive program linked to performance (for example, annual discretionary incentive programs, non-annual sales incentive plans, or other non-annual incentive plans).
Company Overview
TIAA is the leading provider of financial services in the academic, research, medical, cultural and government fields. We offer a wide range of financial solutions, including investing, banking, advice and education, and retirement services.
Benefits and Total Rewards
The organization is committed to making financial well-being possible for its clients, and is equally committed to the well-being of our associates. That’s why we offer a comprehensive Total Rewards package designed to make a positive difference in the lives of our associates and their loved ones. Our benefits include a superior retirement program and highly competitive health, wellness and work life offerings that can help you achieve and maintain your best possible physical, emotional and financial well-being. To learn more about your benefits, please review our Benefits Summary (https://www.tiaa.org/public/pdf/benefits-at-a-glance.pdf) .
Equal Opportunity
We are an Equal Opportunity/Affirmative Action Employer. We consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other protected status.
Read more about the Equal Opportunity Law here (https://www.dol.gov/general/topics/posters) .
Accessibility Support
TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities.
If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team:
Phone: (800) 842-2755
Email: accessibility.support@tiaa.org
Privacy Notices
For Applicants of TIAA, Nuveen and Affiliates residing in US (other than California), click here (https://www.tiaa.org/public/tiaa-nuveen-privacy) .
For Applicants of TIAA, Nuveen and Affiliates residing in California, please click here (https://www.tiaa.org/public/tiaa-nuveen-ca-privacy) .
For Applicants of Nuveen residing in Europe and APAC, please click here (https://www.tiaa.org/public/nuveen-eu-uk-privacy) .
For Applicants of Greenwood residing in Brazil (English), click here (https://www.tiaa.org/public/support/privacy/applicants-greenwood-privacy) .
For Applicants of Greenwood residing in Brazil (Portuguese), click here (https://www.tiaa.org/public/support/privacy/applicants-greenwood-portuguese-privacy) .
For Applicants of Westchester residing in Brazil (English), click here (https://www.tiaa.org/public/support/privacy/applicants-westchester-privacy) .
For Applicants of Westchester residing in Brazil (Portuguese), click here (https://www.tiaa.org/public/support/privacy/applicants-westchester-portuguese-privacy) .
TIAA started out over 100 years ago to help ensure teachers could retire with dignity. Today, many people who work at not-for-profits rely on our wide range of financial products and services to support and strengthen their financial well-being Show more details...