179 jobs found

The Risk Assessor will play a central role in operationalizing risk reviews, providing defensible risk ratings, identifying compensating controls, and helping departments reduce or accept risk in a documented, auditable manner. This supports strategic objectives related to HIPAA compliance, CJIS certification, PCI standards, and internal control monitoring under NIST SP 800-53. Key Responsibilities: Review policy and security risk exception requests submitted by internal departments using the ServiceNow GRC platform Perform structured risk assessments, analyze compensating controls, determine residual risk, and provide formal recommendation regarding the acceptance or denial of exception requests. Apply industry standard risk rating models (e.g. NIST SP 800-30, FAIR, qualitative matrices) to all risk assessments Collaborate with stakeholders (data owners, system administrators, compliance leads) to communicate risk, document justifications, and suggest mitigation strategies. Assist with tracking and closure of internal and external audit findings. Support internal control assessments and monitor compliance with HIPAA, CJIS, PCI DSS, and Maryland PIPA. Review SOC 1 and SOC 2 reports from third-party vendors, identify control exceptions and user control considerations. Contribute to GRC documentation including policies, procedures, workflows, and risk rating methodologies. Support remediation of audit findings and internal control deficiencies. Contribute to GRC reporting metrics, dashboards, and executive summaries. Knowledge/Skills/Abilities: Bachelor's Degree with 3-5 years (or commensurate experience) of experience as a Security Control or Risk Assessor. Strong Technical background able to understand network diagrams, threat models and vulnerability and compliance scans. Strong understanding of information security principles, regulatory frameworks, and control families (e.g., NIST 800-53, NIST RMF 800-37, HIPAA, PCI). Ability to conduct structured risk assessments, to include the analysis of compensating controls, residual risk determination, application of quantitative risk models, and providing formal recommendation regarding the acceptance or denial of exception requests. Experience conducting assessments based on the NIST Risk Management Framework approach Experience reviewing and interpreting SOC 1/SOC 2 reports and vendor attestations Proficiency in using GRC platforms (ServiceNow preferred) for workflow management and documentation Ability to work independently, meet deadlines, and communicate complex risk concepts to business units. Experience supporting third-party assessments, audit responses, or internal control monitoring. Experience reviewing policy exceptions, risk acceptances, or control deviations in a regulated environment. Industry certifications such as CISSP, CGRC, CISA, CRISC, or Security+ preferred.

Overview The Salvation Army, an international movement, is an evangelical part of the universal Christian Church. Its message is based on the Bible. Its ministry is motivated by the love of God. Its mission is to preach the gospel of Jesus Christ and to meet human needs in His name without discrimination. We are the largest non-governmental provider of social services in America and every year, we help over 30 million Americans overcome poverty, homelessness, addiction, economic hardships, loneliness, and exploitation through a wide range of programs and services. Our Eastern Territorial Headquarters' Information Technology Department has an opening for a Cyber Incident Manager. This position will lead the response to cyber incidents, ensuring they are handled promptly and efficiently to minimize damage and reduce recovery time and costs. They play a pivotal role in coordination with various internal and external stakeholders to manage the incident lifecycle from preparation to post-incident review through identification, containment, eradication, recovery, and lessons learned. This position is integral to the cybersecurity framework, serving as the frontline defense against incidents that can compromise sensitive data, disrupt business operations, and damage the organization's reputation. The Cyber Incident Manager is not just a technical role. The role is a strategic position that requires a blend of technical acumen, leadership skills, and business understanding to appropriately address incidents while maintaining customer engagement. This individual is critical in ensuring the organization's resilience against ever-evolving cyber threats. This position requires approximately 35 hours of work per week and is eligible for a hybrid work arrangement (3 days onsite/ 2 days remote) after three months of employment. Responsibilities Incident Leadership: The Cyber Incident Manager is responsible for taking command during cybersecurity events, orchestrating response efforts, and promptly addressing incidents. This involves quick decision-making, prioritizing tasks, and directing response teams effectively. Strategic Planning and Preparedness: Beyond reactive measures, this role demands proactive planning and preparedness. This includes developing, maintaining, and regularly updating incident response plans, ensuring the organization is equipped to handle various cyber incidents. It also involves conducting risk assessments and scenario planning (tabletop exercises) to anticipate potential threats and vulnerabilities. Coordination and Collaboration: The position requires extensive coordination with various internal departments (e.g., IT, Legal, HR, and public relations) and external entities (such as law enforcement, cybersecurity firms, and regulatory bodies). This coordination is crucial for a holistic approach to incident management, encompassing technical response, legal compliance, internal and external communications, and post-incident recovery. Technical Expertise and Analysis: The Cyber Incident Manager should deeply understand the cyber threat landscape, including the latest trends in cyber-attacks and defense strategies. They are expected to analyze incident patterns and weaknesses, offering insights that drive improvements in the organization's cybersecurity posture. Stakeholder Engagement: Effective communication with stakeholders, including executive leadership, is a key aspect of this role. The Cyber Incident Manager must be able to translate complex technical incidents into understandable terms, advising on the impact, necessary actions, and implications for the business. Continuous Improvement and Learning: Post-incident analysis is a critical function. Learning from incidents to improve systems, processes, and training is essential. This role involves regularly reviewing and refining incident response strategies, staying informed about new technologies and methodologies in cybersecurity, and integrating these into the organization's practices. Regulatory Compliance and Documentation: Ensuring that incident response activities adhere to legal and regulatory requirements is paramount. The Cyber Incident Manager maintains comprehensive records of incidents, responses, and outcomes for compliance purposes, audits, and continuous improvement. Risk Mitigation: By effectively managing cyber incidents, this role directly contributes to reducing the risk and impact of cyber threats on the organization. Operational Continuity: Ensuring rapid and efficient response to incidents minimizes downtime and maintains business operations, which is crucial for the organization's success and reputation. Compliance and Trust: Adherence to compliance standards and effective incident handling enhances the organization's credibility and trust among clients, partners, and regulatory bodies. Qualifications Bachelor's degree from four-year college or university. 3-5 years of related experience. Technical Skills: • Digital Forensics & Incident Response (DFIR) • Security Information and Event Management (SIEM) (e.g., Splunk, Sentinel, QRadar) • Intrusion Detection/Prevention Systems (IDS/IPS) • Endpoint Detection & Response (EDR) (e.g., CrowdStrike, Darktrace, SentinelOne) • Network Traffic Analysis & Packet Capture (Wireshark, etc.) • Malware Analysis & Reverse Engineering (basic to intermediate) • Log Correlation and Threat Hunting • Firewall, Proxy, and IDS Log Analysis (e.g., Fortinet, Meraki) • Threat Intelligence Integration and Analysis • Email Header and Phishing Analysis • Security Orchestration, Automation, and Response (SOAR) platforms (e.g., Palo Alto XSOAR, Swimlane) • Forensics Tools: EnCase, FTK, Autopsy, Volatility • Threat Intel Platforms: Recorded Future, ThreatConnect, MISP • Ticketing Systems: ZenDesk, ServiceNow, Jira, Remedy Framework Proficiency: • Incident Response Lifecycle (NIST SP 800-61, PICERL model) • Knowledge of MITRE ATT&CK Framework • Vulnerability Management & Prioritization • Disaster Recovery & Business Continuity Planning (e.g., DR/BC, BIA) • Risk Assessment & Gap Analysis • Change Control and Root Cause Analysis (RCA) Regulatory, Compliance, and Privacy Awareness: • HIPAA, PCI-DSS, NY SHIELD, GDPR, CCPA, CJIS, etc. • SOX ITGC Controls and Audit Support • Cyber Insurance (CLI) & Legal Considerations in Breach Response • Chain of Custody and Evidence Handling Leadership and Management Skills: • Relevant certifications (e.g., CISSP, CISM, GCIH, GCFA, CRISC). • Collaboration: Confluence, MS Teams, Slack, Telegram (war room coordination) • Strong leadership and decision-making. • Excellent communication and interpersonal skills. • Deep understanding of cybersecurity frameworks and standards. • Ability to work under pressure and handle crises effectively. What We Offer Generous Medical, Dental, Vision Benefits TSA paid Life Insurance for Employees Additional life insurance options for employees On-site cafeteria Paid Time Off - Vacation, Sick, Personal day 403(b) retirement savings plan Non-contributory Pension Plan Professional Development Free, on-site Fitness Center Federal holidays Opportunities to give back and support our communities All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, disability or protected veteran status.ã Compensation details: 00 Yearly Salary PIba3e8d7bb76e-8480

For the past 162 years, Swisher has been an industry leader known for its iconic products and commitment to high quality standards. With a rich history, Swisher serves adult consumers through a diverse range of businesses, including Swisher Sweets Cigar Company, Helme Tobacco Co., Hempire, Rogue Holdings, and Drew Estate: The Rebirth of Cigars. We have a passion for people and helping them build rewarding careers. If you're ready to create excitement and drive what's next in the industry, we'd love to hear from you. The Senior Security Engineer is responsible for designing and implementing security strategies that meet the business's needs. You will focus on designing, implementing, and managing comprehensive security solutions to protect systems, data, and applications from cyber threats. Key Responsibilities Responsible for the design, deployment, and support of secure systems aligned with business objectives and regulatory compliance Responsible for developing, implementing, and maintaining security policies, standards, and best practices to maintain compliance and improve overall security posture Responsible for architecture development, build, and supporting the security infrastructure to detect and respond to threats including security information and event management (SIEM), data loss prevention (DLP), intrusion prevention systems (IPS), and other tools in action plan designs Responsible for managing security systems, including provisioning, monitoring, and incident response Responsible for providing on-call support to address production incidents or issues that occur outside of normal business hours Proactively research emerging threats, evaluate and pilot mitigation technologies, and collaborate with engineering teams to seamlessly deploy these protections into production Continuously improve security posture through infrastructure management, threat analysis, and vulnerability mitigation Collaborate with business leaders, project managers, and technical teams to ensure security considerations are factored into all technology projects Responsible for performing system patching, maintenance, and administration, as necessary Qualifications Bachelor's degree in Cyber Security, Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study 5+ years of related IT experience Knowledge of cybersecurity frameworks Demonstrated experience with encryption, system and network security, cloud security, and identity management Strong understanding of security tools (e.g. SIEM systems, firewalls, anti-malware) Working knowledge of cloud platforms (e.g. AWS, Azure, Google Cloud) Experience with security assessment methods and penetration testing techniques Demonstrated experience in identifying risk and development of mitigation plans Knowledge of security related legislation/regulations with emphasis on PCI and Privacy Strong problem solving skills with an ability to develop creative alternatives to complex problems, as well as continuous improvement process skills Demonstrated professional written, verbal, and presentation communications skills Proven ability to work effectively in a fast-paced environment as part of a high performance team Security accreditation (e.g., CISSP, GCIH, CISM, etc.) Preferred Qualifications Master's degree in Computer Science, Information Security, Cybersecurity, or a related field Experience in developing and delivering security awareness training Major cloud provider platform certification (e.g. AWS Solution Architect, Google Cloud Engineer, Microsoft Solution Architect, etc.) Proficiency in scripting languages What we offer Base salary and bonus program Medical, dental, vision, life insurance effective on date of hire Generous 401(k) Plan Defined Contribution Plan Paid vacation and paid holidays Tuition reimbursement Professional growth and development programs to help advance your career! Official Contact Information Email: All official emails will come from address Website: Verify job listings and contact details on Phone: Call our main number listed on for verification Important: We will never contact you via Teams, Zoom, or Google Meets. If you qualify for an interview, the proper meeting method will be shared with you beforehand. Confidential information should only be shared through secure methods outside of email

Title: GRC Analyst (Governance, Risk and Compliance) Duration: Contract to Hire Location: Hybrid- Phoenix, AZ (Local Arizona candidates only) Pay Rate: Upto $46/hr on W2 (All inclusive / no benefits) Job Description: Required Skills NIST 800-53R5 (Must have) Risk Management Framework (RMF) Windows/Unix experience Preferred Skills Project Management experience CISSP, CCSP, GSTRT, GSNA, or CAP certification GRC Analyst (Governance, Risk and Compliance) This is a 4 month contract to hire. All candidates must be eligible to convert to an FTE. This has to be local to Phoenix meaning 1 hour drive max. Job Summary: Client is seeking an experienced and highly motivated individual to join our team as a Information Security Analyst, (ISA) contractor. This position will work on the Governance Risk and Compliance (GRC) Team to communicate and engage with business units to develop a strong understanding of their reporting, data, and product needs. The team member will work with other personnel across departments to define requirements for projects, identify data dependencies and relationships to develop logical and physical data models, data flows and system activity diagrams, and write specifications for managing enterprise information policies. The team member will help develop plans and materials to support user adoption, training, and customer service, working through direct and regular contact with users from other divisions, programs, and service units to provide regular insight and guidance in prioritizing enhancements for the data systems. The team member will also support technical project managers to ensure that all aspects of the information analysis and requirements gathering process are completed with the highest degree of accuracy and quality, which includes developing and socializing key project artifacts. Job Duties: Perform risk assessments, audit reviews, generate findings reports, and make appropriate recommendations for improvement and track outcomes from those activities for client's reporting requirements. Develop and formulate comprehensive reports detailing the findings, areas of non-compliance, required POA&Ms (Plan of Action and Milestones), environmental observations, and incident reports. Review, update, and manage security related audit plans, security plans and risk plan documentation for accuracy and consistency, proactively solves problems. Evaluate data and formulate comprehensive reports detailing the findings, areas of non-compliance, required action plans, and environmental observations. Generates incident reports and investigates suspicious network activity. Preparing audit documentation that supports audit results, drafting and editing audit findings to adhere to the standards and the agency's writing style. Research agency and industry IT security practices standards, best practices, laws and regulations, and other applicable resources, ensures compliance with standards Knowledge, Skills & Abilities (Not incompassing) Knowledge of security principles, policies, and procedures, and be able to develop effective security policies. Knowledge of Information Security Risk Management. Knowledge of laws, regulations, policies, principles, and ethics as they relate to cybersecurity and privacy. (Required: NIST 800-53 R5, IRS Pub1075, IPAA/HITRUST, CJIS and MARS-E) Expert knowledge of internal auditing, internal controls, and risk management practices and methods. Knowledge of Selection/Approval, Implementation, and Assessment/Audit of Security and Privacy Controls. Knowledge of Risk Management Framework (RMF) requirements. Knowledge of Authorization/Approval of Information Systems. Knowledge in conducting audits or reviews of technical systems. Knowledge in comprehensive understanding of internal control environments within the IT function. Knowledge in multiple technology domains including aspects of Windows, Unix and/or database administration, software development and networking. Knowledge in identifying cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations. Ability to produce high quality work products for both the IT groups and Senior Management. Ability to perform excellent interpersonal, written and oral communication skills. Ability to assess, manage, and improve security policies and procedures. Ability to work collaboratively in teams and across organizations. Ability to synthesize feedback and adjust plans accordingly, build strong relationships inside and outside the organization and manage large teams. Ability to ensure security practices are followed throughout all phases of the life cycle of every aspect of business and IT processes. Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. Ability to exercise judgment when policies are not well-defined. Ability to ensure information security management processes are integrated with strategic and operational planning processes. Ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control. Ability to understand technology, management, and leadership issues related to organization processes and problem solving. Ability to understand the basic concepts and issues related to cyber and its organizational impact.Develop plans and materials to support user adoption, training, and customer service. Ability to work collaboratively in teams and across organizations. Develop plans and materials to support user adoption, training, and customer service. Work directly with users from other divisions, programs, and service units to provide insight and guidance. Identify risks and suggest improvements to information systems and processes. Support technical project managers to fulfill information analysis requirements with the highest degree of accuracy and quality. Develop and maintain key project artifacts.

Got the Government Contractor Blues? Looking for a company that cares and goes beyond just filling another contract billet? Well, look no further! Experience this family-oriented company that takes pride in you and will help you grow where your passions lie. Holding many Defense & Federal government contracts around the globe, with Systems Plus you have the opportunity to take on new and evolving challenges, aim beyond what you think you are capable of, and work in collaborative, dynamic, and high-tempo environments. Our employees are our most valued asset and we invest in our people because we are in it for the long term. We are committed to your success and well-being and offer competitive benefits packages, salaries, bonus/award programs, and a high potential for professional growth and job opportunities worldwide. Systems Plus is the company for you! Experience the difference and let's talk about your future at Systems Plus today. Position Title Information Assurance/Security Specialist - Level II Position Type Full Time Position Location Charleston, SC (onsite) Daily Responsibilities Serve as an Information System Security Officer (ISSO) for designated systems, ensuring compliance with DoD cybersecurity policies and RMF requirements. Prepare and deliver monthly security vulnerability tracking reports detailing system vulnerabilities, remediation progress, and vulnerability mitigation status. Track vulnerability remediation efforts including IAVM patch implementation and configuration compliance activities across supported systems. Lead security incident investigations and cybersecurity compliance activities including vulnerability scanning, STIG compliance documentation, and security assessments for site systems, and coordinate efforts with security teams and system administrators to address vulnerabilities and risks. Develop and maintain system security plans, security controls, and associated documentation supporting system authorization and accreditation activities. Provide security briefings, risk assessments, and mitigation recommendations to stakeholders and leadership. Required Experience Minimum 4 years of progressive experience Required Degree Bachelor's degree and/or equivalency. Required Certification IAT III, IAM III and CE: Associate Level Required Clearance Ability to obtain and maintain a Tier 3 security clearance About Systems Plus Systems Plus is headquartered in Rockville, MD with over 2 decades of experience providing Global Enterprise Management, Technology, Engineering and Professional services and solutions across Defense and Federal Civilian government sectors. From Discovery to Delivery, Systems Plus brings a greater measure of confidence, commitment and value to our clients. With various Defense and Federal contracts across the United States, Europe and Pacific/Asia, we are driving innovation and excellence within the Special Operations Forces Components and Commands, Defense Health Agency, United States Air Force, United States Marine Corps, National Institute of Standards and Technology, House of Representatives and more. Through our diverse portfolio of clients and capabilities we power vision and insight - discover what's possible with a Small Business that thinks BIG! Interested? Click Apply Now!

A-Line Staffing is now hiring a Chief Information Security Officer (CISO) in Dallas, TX ! The Chief Information Security Officer (CISO) will be working for a respected organization and has career growth potential. See additional details below. Chief Information Security Officer Highlights • The pay for this position is $ 240,000 - $ 260,000 annually . • Onsite position . • This position is a full-time executive leadership role, direct hire . • Stock option eligibility (5,000 shared options available; vesting and board approval required for purchase). Responsibilities • Develop and execute the enterprise-wide cybersecurity strategy to protect technology platforms, data systems, and digital assets. • Establish information security governance frameworks aligned with NIST, ISO 27001, and CIS Controls . • Report on cybersecurity posture, risks, and incidents to executive leadership and the board. • Oversee security monitoring, threat intelligence, vulnerability management, and incident response programs. • Lead penetration testing initiatives and remediation efforts across systems and platforms. • Conduct digital risk assessments for critical enterprise systems including ERP, quality management systems, and distribution platforms. • Ensure compliance with applicable regulatory and security standards including FDA, HIPAA, SOC-2, GDPR, and CCPA where applicable. • Partner with quality and regulatory teams to maintain data integrity in GMP-regulated environments . • Lead enterprise risk management initiatives related to technology and cybersecurity. • Oversee business continuity and disaster recovery planning. • Build, mentor, and manage the information security team. • Manage vendor security programs, third-party risk assessments, and external security audits. Requirements • 10+ years of experience in cybersecurity , including 5+ years in leadership roles . • Experience working within regulated industries such as healthcare, pharmaceutical, biotechnology, or financial services. • Proven experience designing and implementing enterprise cybersecurity programs . • Experience securing cloud environments (Azure, AWS, or GCP) . • Strong understanding of cybersecurity risk management and regulatory frameworks. • Bachelor's degree in Computer Science, Cybersecurity, IT, Engineering, or related field . Preferred Qualifications • Advanced degree such as MS or MBA . • Professional cybersecurity certifications such as CISSP, CISM, CEH, CRISC, CCSFP, or ISO 27001 Lead Auditor . • Experience building cybersecurity programs from the ground up. • Ability to translate complex technical risks into business-focused communication for executive stakeholders. • Experience integrating security across IT, OT, and ERP systems , particularly in manufacturing environments. • Experience supporting FDA data integrity, 21 CFR Part 11, or HIPAA compliance . • Demonstrated leadership during cybersecurity incidents and crisis response situations. Benefits Available • Benefits are available to full-time employees after 90 days of employment. • A 401(k) with a company match is available for full-time employees with 1 year of service on our eligibility dates. If you are interested in this Chief Information Security Officer (CISO) position, APPLY , or contact . Reporting for information security activities Meet strategic information security objectives Manage security initiatives to support information security strategy and plan Address any information security related issues Implement the security controls specified in the security plan Conduct the information security risk assessment program Targeted security assessments to ensure appropriate level of security controls Maintain knowledge of general security administration programs and one or more security specialties (e. g. sensitive compartmented information, personnel security, technical security, operations security) Provide an interface to client information security audits Protect corporate cyber security information day to day Perform information security risk assessments and serves as an internal auditor for security issues Oversee the risk assessment and information security awareness Train all employees in effective information security measures Provide ad hoc information security and privacy assistance to projects and regional leaders and information security officers Reporting on business security incidents Create enterprise information security education and awareness platforms Escalate security project issues to management Provide periodic reporting on information security issues to the VC/VPIT Ensure all employees receive mandatory training in information security awareness and information security policies, guidelines and procedures Achieving security and privacy certifications

Job Summary We are seeking a strategic, detail oriented, and execution focused Data Security & Governance Team Lead to join our Information Technology - Data & Analytics organization. This is a critical role responsible for establishing, operating, and continuously improving enterprise wide data security, access governance, and compliance controls across data platforms, data products, and analytics solutions. This role ensures end to end protection of data assets while enabling scalable self service analytics. The ideal candidate is a techno functional leader with strong experience in data security, governance, and compliance within modern cloud analytics environments, and the ability to balance strong controls with business agility. Job Description Data Security & Access Governance Define and maintain the enterprise data security governance framework, including policies, standards, and control requirements. Own data classification, labeling, retention, and protection standards across structured and unstructured data. Ensure consistent application of governance controls across cloud, on prem, and SaaS platforms. Risk, Compliance & Privacy Ensure compliance with applicable regulations (e.g., GDPR, CCPA, SOX, HIPAA where applicable). Partner with Legal, Privacy, and Risk teams on data protection assessments and audits. Identify data security risks and drive mitigation plans with clear ownership and timelines. Operating Model & Execution Build and run a scalable governance operating model, including intake, exception handling, and enforcement. Develop metrics and reporting to measure data security posture, control effectiveness, and compliance status. Lead incident governance support for data related security events. Stakeholder Engagement Act as the primary point of accountability for data security governance across the enterprise. Influence senior leaders and application owners to adopt secure-by-design data practices. Provide guidance, training, and awareness on data security requirements. Qualifications Required Bachelor's degree in Computer Science, Information Technology, Data Management, Cybersecurity, or a related field 8+ years of experience in IT, with significant experience in data security, governance, or risk/compliance roles Proven experience designing and operating data access controls and governance frameworks in large, complex organizations Strong hands on experience with Microsoft Azure data and security services Experience implementing and operating SOX controls, audit processes, and access reviews for data platforms Strong communication, stakeholder management, and leadership skills Preferred / Nice to Have Experience with Microsoft Fabric (OneLake, Lakehouse, Data Engineering, Power BI) security and governance models Experience with Azure data services such as ADLS, Azure SQL, Synapse, and Azure Data Factory Hands on experience securing Power BI workspaces, datasets, semantic models, and reports Experience with SAP HANA and analytics data sourced from SAP ERP systems Familiarity with Tableau and SAP BusinessObjects Experience with data cataloging, lineage, and governance tools Relevant certifications in Azure Security, Data Governance, Privacy, or Compliance (AZ-500, SC-400) Medline Industries, LP, and its subsidiaries, offer a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization. The anticipated salary range for this position: $101,000.00 - $152,000.00 Annual The actual salary will vary based on applicant's location, education, experience, skills, and abilities. This role is bonus and/or incentive eligible. Medline will not pay less than the applicable minimum wage or salary threshold. Our benefit package includes health insurance, life and disability, 401(k) contributions, paid time off, etc., for employees working 30 or more hours per week on average. For a more comprehensive list of our benefits please click here . For roles where employees work less than 30 hours per week, benefits include 401(k) contributions as well as access to the Employee Assistance Program, Employee Resource Groups and the Employee Service Corp. We're dedicated to creating a Medline where everyone feels they belong and can grow their career. We strive to do this by seeking diversity in all forms, acting inclusively, and ensuring that people have tools and resources to perform at their best. Explore our Belonging page here . Medline Industries, LP is an equal opportunity employer. Medline evaluates qualified individuals without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, age, disability, neurodivergence, protected veteran status, marital or family status, caregiver responsibilities, genetic information, or any other characteristic protected by applicable federal, state, or local laws.

DCS has an exciting opportunity for a Cybersecurity support to ensure that all system and application deliverables meet the requirements of all DoD and Air Force cybersecurity policies as identified in the following paragraphs. The applicant shall ensure that all system deliverables comply with DoD and Air Force cybersecurity policy, specifically DoDI 8500.01, Cybersecurity, and that application deliverables are complaint with Public Law 111-383, which states the general need for software assurance. Essential Job Functions: To ensure that cybersecurity policy is implemented correctly on systems, the applicant shall ensure compliance with DoD and Air Force certification and accreditation policies, specifically Department of Defense Instruction (DoDI) 8510.01, Risk Management Framework (RMF) for DoD Information Technology. The applicant shall ensure that all application deliverables comply with DISA Application Security Development Security Technical Implementation Guide (STIG), which includes the need for source code scanning to mitigate vulnerabilities associated with SQL injections, cross-site scripting and buffer overflows. The applicant shall support activities and meet the requirements of DoDI 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling, in order to achieve standardized, PKI- supported capabilities for biometrics, digital signatures, encryption, identification and authentication. The applicant shall be able to perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. The applicant shall travel as required to support cybersecurity assessments or cybersecurity incidents. The applicant shall ensure personnel performing cybersecurity activities obtain and remain current with technical and/or management certifications to ensure compliance as directed by DoD 8140.02, Identification, Tracking, and Reporting of Cyberspace Workforce Requirements, and outlined in DoD 8570.01-M, Department of Defense Computer Network Defense (CND) Service Provider Certification and Accreditation Program, Appendix 3, Table 1. Responsibilities may include but are not limited to: Assist with development of System Security Management Plans, Program Protection Plans, Security Risk Analyses, OPSEC Plans, Computer Certification and Accreditation, Security Vulnerability and Countermeasures Analyses, Security Concepts of Operations, and other system security engineering-related documents identified in MIL-STD 1785, DoDI 5000.02, Operation of the Adaptive Acquisition Framework, and DoDI 8510.01. Support the system/application Authorization and Accreditation (A&A) effort to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and Air Force policies (i.e., Risk Management Framework (RMF). Update, monitor, and manage information in systems for the program office. Process and manage system user account requests and process tools. Process and manage system port/protocol and access control list requirements. Process and manage system Public Key Infrastructure (PKI) identification and authorization requirements. Manage the distribution, implementation, remediation, and tracking of system security updates and configurations as required by the DoD. Recommend policies and procedures to ensure information systems reliability and accessibility to prevent and defend against unauthorized access to systems, networks, and data. Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risk, and protection needs. Promote awareness of security issues among management and ensuring sound security principles are reflected in organizations' vision and goals. Conduct systems security evaluations, audits and reviews. Recommend systems security contingency plans and disaster recovery procedures. Recommend and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures. Participate in network and systems design to ensure implementation of appropriate systems security policies. Recommend initial, or updates to, software and configurations to new or existing system security mechanisms. Obtain waivers to mandated security mechanisms/policies which would be detrimental to system performance and impact the system's mission. Facilitate the gathering, analysis and preservation of evidence used in the prosecution of computer. Provide leadership assistance in the analysis of the design, development, integration, implementation and testing of cybersecurity requirements. Develop risk-based strategies to address identified gaps. Review, analysize, and assess implementations of cybersecurity (i.e. RMF security controls) throughout the open systems architecture and associated services, derived requirements specifications, design documents & design implementation. Collaborate with stakeholders (Government and commercial) to ensure the system is approved by all Authorizing Officials via the RMF A&A process. Provide technical advice in the area of systems security across all systems and supports. Develop recommendations for the Government regarding how well designs satisfy current requirements and business goals. Maintain databases that reflect receipt, storage, inventory, and disposition of classified information to include data entry, updates, and generation of reports. Support Government program office in audits of Government classified holdings to ensure proper accountability. Maintain databases of classified visits and clearance levels. Perform inspection, inventory, logging, storage, documentation, transmittal and internal distribution of classified information received. Evaluate applicant classified data submittals for compliance with the appropriate System Security Classification Guide (SSCG). Provide security inspection and protection to areas where classified information is being stored, and develop and establish security procedures and policies IAW DOD, USAF, AFMC, and local directives. Required Skills: Due to the sensitivity of customer related requirements, U.S. Citizenship is required. A High School Diploma plus 20 years of experience, an Associate plus 14 years, a bachelor's degree plus 512years or a master's degree plus 10 years of experience. An adjudicated DoD Secret Security clearance on the First Day of employment. CISSP Certification required. Understanding of cybersecurity in DoD cloud infrastructure. Understanding of Agile methods, including CI/CD, DevSecOps, and DevOps. Possess the ability to effectively communicate in both written and verbal forms on highly technical topics. Salary Range: $87,934-$120,000 At DCS, we pride ourselves on providing flexibility that allows employees to balance meaningful work with their personal lives. We offer competitive compensation, benefits, and opportunities for learning and development. Our broad and competitive mix of benefits is designed to support and protect employees and their families. Our robust benefit offerings include medical, dental, 401k, ESOP, PTO, education reimbursement, work/life balance, parental and other leave programs. Learn more about our benefits here: DCS Corp Benefits

Generic Position Summary As a member of the professional staff, contributes general knowledge and skill in a discipline area (e.g., Accounting, Finance, Human Resources, Information Resources, Operations Planning & Support, Sales & Marketing) to support team and/or department objectives. Generally, works under limited supervision, but within established guidelines, producing and analyzing more complex business information to assist in the decision-making process. Specific Job Summary The Sr. Manager, Security Risk Analyst IV is responsible for developing and implementing strategies to ensure the security of the organization's information systems and technology assets. The role focuses on safeguarding our organization's digital assets and maintaining a strong security posture. The ideal candidate will provide thought leadership in identifying, analyzing, and addressing security risks, contributing to a comprehensive risk management strategy. In addition to executing risk assessments, this role involves managing the risk register, supporting the risk exception process, and developing key metrics to communicate the organization's risk posture effectively. The individual will collaborate with cross-functional teams to integrate risk management practices into business and technology processes while driving continuous improvement of GRC programs. Key responsibilities include: Collaborate with IT leadership to align security strategies with business goals and objectives. Lead and perform risk assessments across internal systems, third-party relationships, and technology initiatives to identify, evaluate, and mitigate security risks. Provide guidance and oversight on security risk assessment projects, ensuring alignment with industry best practices and company policies. Utilize software applications and tools that facilitate governance, risk assessment, and compliance management. These solutions may include risk assessment systems, compliance tracking platforms, and reporting dashboards. Results Comprehensive risk assessments are conducted efficiently and consistently across the organization. Risks are documented, prioritized, and addressed in alignment with organizational risk tolerance. Automation and process improvements enhance the scalability and efficiency of GRC workflows. Clear and actionable KPIs and metrics effectively communicate the organization's risk posture to stakeholders. Working Relationships Technology Infrastructure and Applications Leadership Global Information Security Procurement and Vendor Management Privacy and Compliance Teams Business stakeholders Law Internal Audit Generic Expected Contributions Performs more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones. Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk. Specific Expected Contributions Collaborates with IT leadership to align security strategies with business goals and objectives. Provides guidance and oversight on security risk assessment projects, ensuring alignment with industry best practices and company policies. Continuously evaluates cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation efforts. Develops and manages the organization's risk register, ensuring risks are tracked, categorized, and addressed appropriately. Contributes to the design and implementation of GRC tools and processes to enhance the automation and scalability of risk management workflows. Provides strategic guidance and thought leadership on risk management best practices, ensuring alignment with frameworks such as NIST, ISO 27001, and CIS. Develop sand monitors KPIs and metrics to report the organization's risk posture to stakeholders, including senior leadership. Works closely with legal, compliance, and regulatory teams to ensure adherence to relevant industry standards, regulations, and data protection requirements. Develops and maintains technical security configuration standards. Develops and communicates security policies, standards, and procedures to ensure consistent security practices throughout the organization. Stays up to date with relevant regulations, standards, and industry best practices. Develops and mentors more junior staff on technical skills and risk assessments to constantly improve performance of the team. Coordinates and participates in security audits and assessments and manage responses to findings. Generic Candidate Profile Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows: Generally, a professional position with specific knowledge in a discipline (e.g., Accounting, Human Resources, Information Resources). College degree and/or relevant experience typically required. Specific Candidate Profile Education Bachelor's degree in IT field preferred, or related field or equivalent work experience. Preferred Certifications Advanced security certification preferred. Examples include CISSP, CISM, CRISC, CISA, CGEIT. Experience At least 6 years of progressive experience in relevant information security positions. Five years in a technical audit, security compliance, or equivalent role. Skills/Attributes In-depth understanding of security frameworks (NIST, ISO 27001, CIS), regulatory requirements, and industry standards. In-depth understanding of security risk assessment methodologies, vulnerability management, and threat modeling. Familiarity with database management systems (SQL, NoSQL) and data modeling. Familiarity with workflow design, basic development, and API integration functionality. Experience with GRC tools Knowledge of networking concepts, major operating systems, and cloud computing environments. General working understanding of web application and network technologies, programming languages, databases, Linux, Unix, Mac OSX, and Windows operating systems. Advanced understanding and knowledge of security principles, standards, and processes, such as authentication and access control, secure configuration, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc. Ability to work effectively, independent of assistance or supervision. Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.

Job Title: Cybersecurity Lead Analyst (Hybrid) Locations: Chicago, IL; Iselin, NJ; New York, NY; Portland, OR Leadership & Strategy Lead the cybersecurity team, providing mentorship, guidance, and performance management. Develop and execute the organization's cybersecurity strategy aligned with business goals. Collaborate with IT leadership and stakeholders to assess risk and define security priorities. Microsoft Security Operations Administer and optimize Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365. Manage and monitor Microsoft Sentinel for threat detection, incident response, and log analytics. Implement and maintain Microsoft Purview for data governance, compliance, and information protection. Oversee Entra ID (Azure AD) identity and access management, including Conditional Access and Privileged Identity Management (PIM). Conduct regular reviews of security configurations and policies across Microsoft 365 and Azure environments. Conduct monthly Attack Simulations Threat Management & Incident Response Lead threat hunting and incident response activities using Microsoft XDR and SIEM tools. Develop and maintain playbooks for automated response in Sentinel and Defender. Coordinate with internal teams and external partners during security incidents and investigations. Governance, Risk & Compliance Ensure compliance with industry standards (e.g., NIST, GDPR, LGPD, DORA, other local data privacy laws). Conduct risk assessments and vulnerability scans; manage remediation efforts. Maintain documentation for security policies, procedures, and audit readiness. Training & Awareness Promote security awareness across the organization through training and communication. Stay current with emerging threats, vulnerabilities, and Microsoft security innovations.

About Bering Straits Professional Services, LLC Bering Straits Professional Services (BSPS) is committed to world-class management of global logistics, training and procurement services for U.S. Government agencies. BSPS is certified by the . In February 2022, BSPS became an International Organization for Standardization (ISO) 9001 certified company. BSPS received the ISO 9001 quality standard certification through the Performance Review Institute (PRI). PRI recognized BSPS for having met the stringent requirements of international standards, ongoing commitment to satisfying stakeholders and a dedication to continual improvement of their management systems. Through this certification, BSPS has joined an elite number of organizations worldwide who have achieved certification to this globally recognized ISO 9001 quality standard. About this position: Network Manager Location - Aberdeen, MD The Essential Duties and Responsibilities are intended to present a descriptive list of the range of duties performed for this position and are not intended to reflect all duties performed within the job. Other duties may be assigned. To perform this job successfully, an individual must be able to satisfactorily perform each essential duty. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions of the position. Wage/Salary Range: $175k Applicants will be notified via phone or email within ten (10) business days of submittal. Essential Duties & Responsibilities • Manage daily network operations, including monitoring, performance optimization, and resolving network faults supporting all contract personnel. • Provide Tier II/Tier III network support in coordination with the SATCOM Help Desk SME. • Conduct troubleshooting for routing, switching, VPN, firewall, wireless access, and GC (Government Computer) network connectivity issues. • Support NIPR, SIPR, and specialized SATCOM network segments as defined by the contract. • Ensure compliance with DoD, Army, and APG network security and authorization requirements. • Maintain and update network diagrams, documentation, SOPs, and configuration baselines. • Oversee patching, security hardening, and software updates in accordance with cybersecurity guidance. • Manage user access, permissions, group policies, and account requests in coordination with security personnel. • Coordinate with the Global Logistics Manager and Warehouse Manager to support network-enabled inventory systems, asset tracking software, and ERP tools. • Provide direct support to the Senior Program Manager in technical planning, network risk identification, and mitigation strategies. • Manage network equipment lifecycle including installation, replacement, RMA processing, and configuration control. • Support deployment, setup, testing, and sustainment of VSAT, SATCOM, and baseband devices requiring network integration. • Track network incidents, produce reports, and recommend improvements to enhance stability and security. • Supervise junior network technicians as required, providing technical guidance and ensuring adherence to established processes. Required (Minimum Necessary) Qualifications • Education Requirements: High school diploma or GED equivalent • Level of Experience Requirements: • 5+ years of professional network administration or network operations experience in a DoD or enterprise environment. • Experience supporting troubleshooting for government networks, GC systems, or tactical communications networks. • Experience coordinating with help desk operations and technical teams. • Strong understanding of network fundamentals: routing, switching, TCP/IP, DNS, DHCP, VLANs, VPNs, firewalls. • Experience troubleshooting GC connectivity, NIPR/SIPR networks, or similar secure environments. • Ability to produce accurate and clear technical documentation, network diagrams, and SOPs. • Strong interpersonal skills to work with Help Desk SME, logisticians, warehouse managers, and program leadership. • Ability to diagnose and resolve network issues under time-sensitive or mission-critical conditions. • Familiarity with DoD cybersecurity policies, IA controls, and related compliance requirements. Knowledge, Skills, Abilities, and Other Characteristics • Knowledge of enterprise network hardware (switches, routers, access points, firewalls). • Understanding of SATCOM/baseband integration requirements as they relate to network connectivity. • Strong organizational skills with the ability to manage multiple tasks and priorities simultaneously. • Ability to work independently, make informed decisions, and escalate issues appropriately. • Ability to collaborate effectively across multiple technical and non-technical teams. • Strong analytical and problem-solving skills for diagnosing complex network issues. • Ability to maintain meticulous documentation and configuration control. Preferred • N/A Supervisory Responsibilities • This position will have supervisory responsibilities. You may delete this line if it does not apply to the job. DOT Covered/Safety-Sensitive Role Requirements • This position is not subject to federal requirements regarding Department of Transportation "safety-sensitive" functions. You may delete this line if it does not apply to the job. Necessary Physical Requirements The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this role. Employees must always maintain a constant state of mental alertness. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. • Must be able to lift up to 35 pounds for network hardware such as switches, servers, and racks (occasionally). • Must be able to work in server rooms, communications closets, and warehouse environments (occasionally). • Must be able to sit, stand, or walk for extended periods when conducting troubleshooting or network assessments. • Must be able to climb short ladders or access raised floors/rack systems occasionally. Work Environment The work environmental characteristics described here are representative of those that must be borne by an employee to successfully perform the essential functions of the role. Employees must always maintain a constant state of situational awareness. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. Physical Setting: • Standard full-time schedule with availability for occasional after-hours or emergency network support. • Must be able to support mission-critical deadlines tied to logistics, SATCOM systems, and technical operations. • Schedule and Flexibility: • Standard full-time schedule; mission requirements may require occasional after-hours support. • Must be flexible and responsive to high-priority or urgent tickets. Additional Qualifying Factors As a condition of employment, you will be required to pass a pre-employment drug screening and have acceptable background check results. If applicable to the contract, you must also obtain and maintain the appropriate clearance levels required and must also be able to obtain access to military installations. • Must meet APG access requirements, including background screening or security badges. • May require a security clearance depending on contract requirements. • This position directly supports a multi-functional technical team and interfaces frequently with Government personnel. Shareholder Preference BSNC gives hiring, promotion, training, and retention preference to BSNC shareholders, shareholder descendants and shareholder spouses who meet the minimum qualifications for the job. Bering Straits Native Corporation is an equal opportunity employer. All applicants will receive consideration for employment without regard to any status protected by state or federal law, or any other basis prohibited by law.

Company / Location Information A.O. Smith is a global leader applying innovative technologies and energy-efficient solutions to products manufactured and marketed worldwide. The company is one of the world's leading manufacturers of residential and commercial water heating equipment and boilers, as well as a manufacturer of water treatment products for residential and light commercial applications. A. O. Smith is headquartered in Milwaukee, Wisconsin, with approximately 12,000 employees at operations in the United States, Canada, China, India, Mexico, the Netherlands, and the United Kingdom. Please Note : At this time, we are unable to provide visa sponsorship for this role. Candidates must be authorized to work in the United States without sponsorship now or in the future. Primary Function As a Senior Manager, IT Regulatory Compliance, you will be a member of the Business Technology Solutions (IT) leadership team, reporting directly to the CISO. The team is responsible for proactively planning and executing focused strategies to establish and maintain operational, financial, and regulatory controls globally. The Senior Manager, IT Regulatory Compliance leads the company's second-line oversight of technology risk, controls, and regulatory compliance. This role has primary accountability for SOX IT compliance (ITGCs/ITACs/SoD), global IT control standardization/governance, and enterprise alignment with industry cybersecurity frameworks (e.g., NIST, COSO). In addition, this position helps shape and drive the technology and security aspects of global privacy and data protection compliance programs (e.g., GDPR, India's DPDP Act, China's PIPL, CCPA/CPRA, and other applicable regional regulations), partnering closely with Legal/Privacy, Information Security, IT, Finance/Controllership, Internal Audit, and global business leaders. Success in the role means ensuring technology and data risks are appropriately identified, controlled, and monitored across the enterprise-covering ERP platforms (SAP), supporting financial applications, infrastructure, hosted/cloud environments, third parties, and new system implementations-while enabling compliant handling of personal data. As Senior Manager, you will set the vision and roadmap for scalable controls and governance, drive audit and regulatory readiness, and act as a thought leader who influences stakeholders and delivers measurable program outcomes. Responsibilities SPECIFIC DUTIES/ACCOUNTABILITIES Thought Leadership and Executive Influence - Serve as a visible thought leader for technology risk and regulatory compliance, translating evolving requirements into practical strategy, roadmaps, and decisions. Communicate risk posture, control health, key issues, and program outcomes to the CISO and senior leadership with clear, business-focused insights. Program Governance, Metrics, and Continuous Improvement - Promote a culture of accountability, transparency, and continuous improvement. Define and monitor program KPIs/KRIs (e.g., control effectiveness, remediation aging, regulatory obligations tracking), identify trends and emerging risks, and drive control optimization and automation initiatives. Lead 2nd-Line SOX IT Compliance Oversight - Own governance and oversight of SOX, ensuring compliance with ICFR requirements and consistent execution across ERPs and supporting technologies (e.g., ITGCs, ITACs, SoD), including control design standards, evidence quality, and remediation governance. Establish and Maintain Global Technology and Privacy Control Standards - Design, standardize, and maintain global control frameworks and evidence standards spanning IT controls (SOX/ICFR) and technology-enabled privacy requirements (e.g., access, logging, encryption, retention/deletion, third-party controls) to drive consistency, scalability, and audit/regulatory readiness across regions and systems. Align Controls with Leading Frameworks and Regulatory Requirements - Partner closely with Information Security and Legal/Privacy leadership to ensure alignment with applicable frameworks and regulations (e.g., NIST, COSO, ISO 27001/27701 as applicable, GDPR, India DPDP, China PIPL, CCPA/CPRA), and translate obligations into clear, testable control requirements. Security-by-Design Oversight across SDLC and Implementations - Provide 2nd line oversight across SDLC phases and major system implementations ensuring controls are designed and executed to appropriately mitigate risk, procedures are executed in alignment with internal policies, and security and privacy requirements are appropriately embedded. Serve as Primary Audit and Regulatory Liaison (Technology Controls) - Serve as a key technology risk and compliance contact for Internal Audit, external auditors, and (as applicable) regulatory inquiries related to technology controls and technology-enabled privacy requirements. Partner with Internal Audit to ensure audits and SOX procedures are planned, performed, and executed timely. Support consistent effective control execution and provide ongoing training to foster an effective environment and enhance efficiency. Drive Issue Management and Remediation - Assess control deficiencies and compliance findings, govern and drive the identification, root cause analysis, risk acceptance/escalation, and remediation action plan development by partnering with control owners and operations teams. Global Regulatory Compliance Enablement (Privacy and Technology) - Partner with Legal/Privacy, PMOs, IT Infrastructure, Security and IT leadership to drive compliance with internal policies, technology standards, and applicable privacy regulations. Enable consistent operational execution of privacy requirements through governance mechanisms (e.g., records of processing support, data retention/deletion controls, DSAR enablement inputs, vendor/third-party privacy risk oversight, and incident/breach response coordination inputs), and develop assurance procedures to validate ongoing compliance. Qualifications Bachelor's degree in Business Administration, Management Information Systems, Computer Science, Cybersecurity, Accounting or a related field; MS or MBA is preferred. CISA or the ability to obtain within a year is required; additional professional certifications are preferred, such as CISM, CISSP, CIA, CPA, and privacy certifications (e.g., IAPP CIPP/E, CIPP/US, CIPM) 8-12+ years of progressive experience in technology risk, IT audit, IT compliance, technology controls, and/or privacy risk and regulatory compliance within complex, global organizations (public accounting and/or global manufacturing preferred) Deep expertise in COSO and NIST frameworks (and familiarity with privacy/security standards such as ISO 27001/27701 and common privacy control concepts), including performing audit procedures against standards or assessing and implementing controls Strong knowledge of IT general and automated controls, ICFR concepts, and control design/testing, plus the ability to translate privacy regulatory obligations (e.g., GDPR, DPDP, PIPL, CCPA/CPRA) into practical, testable technology and process controls Prior experience with SAP (ECC, BW, GRC, ECP, S/4HANA) and understanding configuration and best practices Demonstrated experience supporting or overseeing SDLC activities and system implementations Experience evaluating third-party service providers SOC reports Experience with control automation, continuous controls monitoring, and continuous improvement Proven ability to operate effectively in a global, matrixed organization Effective and impactful executive-level communication and presentation skills; able to influence outcomes and drive decisions across IT, Security, Legal/Privacy, Finance, and the business Strong judgment and risk prioritization capabilities Ability to influence without authority Pragmatic, business-oriented approach to compliance Continuous improvement mindset ADDITIONAL QUALIFICIATIONS: Exposure to hosted environments, cloud platforms, and experience assessing cloud migration risks (including privacy, residency, and third-party data processing considerations) is a plus Exposure to GRC applications, IAM solutions and Audit tools is preferred Experience building or operating elements of a privacy compliance program (e.g., privacy risk assessments/DPIAs, records of processing, vendor/third-party risk, data retention/deletion governance, and support for DSAR processes) is a plus Proven management experience leading high-performing teams with global responsibilities Experience presenting to executive leadership and audit committees is a plus We Offer Competitive compensation package and comprehensive benefits plans which include medical and dental insurance, company-sponsored life insurance, retirement security savings plan, short- and long-term disability programs and tuition assistance. ADA Statement & EEO Statement In developing this job description care was taken to include all competencies needed to successfully perform in this position. However, for Americans with Disabilities Act (ADA) purposes, the essential functions of the job may or may not have been described for purposes of ADA reasonable accommodation. All reasonable accommodation requests will be reviewed and evaluated on a case-by-case basis. . click apply for full job details

Wellestablished $500M private company growing new service lines. This is a real opportunity to build, grow, and scale revenue with the support of deep resources and the strong organizational backing of a company committed to longterm expansion. Office Location: Westshore business district Schedule: Hybrid (engaging clients onsite, from the office and WFH) Base Salary: $75K$125K+ (commensurate with experience and achievements) Variable Compensation: $25K$125K Primary Role Identify, qualify, and develop IT service opportunities. Manage and grow an SMB and MidMarket client portfolio. Drive new revenue through consultative sales and structured account management. Key Responsibilities Conduct initial needs assessments to uncover operational, security, and compliance gaps. Transition qualified opportunities to Sales Engineering for technical discovery, assessments, scoping, and proposal creation. Present and position IT service offerings, including: Managed IT Services: monitoring, backup/recovery, disaster recovery Cybersecurity Services: endpoint protection, SIEM/SOC, penetration testing, security awareness training, phishing simulation, dark web monitoring Cloud Productivity & Collaboration: Microsoft 365, hosted email, mobile device management Data Protection & Compliance: policy development, cybersecurity insurance consulting IT Projects & Hardware: deployments, upgrades, infrastructure implementation Partner with internal teams to ensure accurate onboarding and service delivery. Generate qualified leads through targeted outreach and social networking. Retain customers through proactive engagement and followup. Manage CRM activities and maintain pipeline accuracy. Deliver tailored proposals and address client challenges (with technical support from Sales Engineering). Advise clients on compliance, risk management, cybersecurity trends, and IT best practices. Required Skills & Experience Demonstrated success in customer retention and account growth. B2B sales experience with SMB and MidMarket accounts. Proven outbound lead generation and pipeline management. Processoriented approach to sales and account management. Creative problemsolving abilities. Collaborative work style with crossfunctional teams. Professional stability and consistent career track record.

This Engineer role, part of GSOC's Security Operations department, is responsible for protecting the cyber assets that support GSOC and GTC's digital operations. The position focuses on conducting cyber asset assessments, ensuring accurate identification and documentation of assets subject to NERC CIP requirements, and supporting a secure and reliable Bulk Electric System across Georgia. The Engineer will help maintain compliance, assist with mitigation strategies, and support audits and evidence collection. Ideal candidates will bring a strong background in power engineering and substation design including protective relaying and control systems along with experience in cybersecurity and NERC CIP compliance. Performs duties related to ensuring that the systems and networks used for operations are managed securely and in compliance with NERC Critical Infrastructure Protection (CIP) standards. Supports and implements GSOC's physical and cyber security programs including projects related to the security of the digital operations infrastructure and NERC CIP Compliance. Identifies, designs, and implements innovative solutions and uses of security technologies that enable smooth business and operations activities. Responsible for compliance with all applicable laws, regulations, industry standards, corporate policies, guidelines and procedures, including but not limited to, RUS, OSHA, NERC, FERC and ITS requirements. Promotes an environment of compliance and continuous improvement to meet the Corporation's goals and objectives. Job Duties: Engineer III Develops and maintains components of GSOC's physical and cyber security programs. Leads major Power Technology projects associated with new standards or significant program development initiatives. Documents process changes across departments and works with cross-functional teams to implement new systems, infrastructure, and approved operational changes. Identifies, documents, and implements approved improvements to existing technical and operational processes. Develops, documents, and implements NERC CIP related policies, processes, and procedures. Collaborate with internal and external compliance and audit teams to ensure adherence to regulatory standards, including NERC CIP requirements. Develop and implement policies, processes, and procedures to support compliance efforts. Contributes to corporate efforts in identifying, studying, and implementing new technologies to secure GSOC and GTC's digital operations infrastructure and security posture. Collaborates with other functional departments including GTC's System Protection & Control, Electronic Maintenance, Relay Maintenance, Procurement, Human Resources, and GSOC's Power Technology, Human Resources and SSIT leading efforts to ensure that the systems, networks, and infrastructure are being designed, built, and maintained in compliance with NERC CIP standards and GSOC's cyber security policies and procedures. Engineer IV - V Develops and maintains components of GSOC's physical and cyber security programs. Serves as Lead Engineer or Architect of major Power Technology enterprise-level projects associated with initiatives with significant impact to GSOC operations and security. Recommends and approves process changes across departments and works with cross-functional teams to implement new systems, infrastructure, and operational changes. Leads initiatives that identify improvements to existing technical and operational processes. Develops, documents, and implements NERC CIP related policies, processes, and procedures. Leads corporate efforts in identifying, studying, and implementing technologies to secure GSOC and GTC's digital operations infrastructure and enhance security posture. Works with internal and industry peers to explore innovative solutions and evaluate emerging technologies. Collaborate with internal and external compliance and audit teams to ensure adherence to regulatory standards, including NERC CIP requirements. Develop and implement policies, processes, and procedures to support compliance efforts. Leads corporate efforts in identifying, studying, and implementing new technologies to secure GSOC and GTC's digital operations infrastructure and security posture. Collaborates with other functional departments including GTC's System Protection & Control, Electronic Maintenance, Relay Maintenance, Procurement, Human Resources, and GSOC's Power Technology, Human Resources and SSIT leading strategic initiatives and projects that ensure systems, networks, and infrastructure are being designed, built, and maintained in compliance with NERC CIP standards and GSOC's cyber security policies and procedures. Required Qualifications: Education: Bachelor's degree in Electrical Engineering, Computer Engineering, Information Systems/Technology, or a related field. Experience: Engineer III Minimum of 6 years of experience in areas above in a cyber security, information assurance, or related positions Engineer IV - V Minimum of 10 years of experience in areas above in a cyber security, information assurance, or related positions Additional Required Experience: Experience configuring, and analyzing local and wide area networks, intranets, extranets, and IP addressing Experience performing system hardening, patch management, and configuration management. Experience designing, programming, or analyzing computer architectures and operating systems. Experience in Security Patch Management, Configuration Management, Firewall Management, Disaster Recovery, Incident Management, and Information Management desired Experience in providing 24x7 support for real-time data communications systems and troubleshooting system problems involving real-time data communications systems desired Experience with virtual environments, VMWare ESXi desired Experience with Physical Access Control Systems (PACS), Honeywell, Genetec desired Experience with ITIL-based Asset and Change Management systems desired Experience with Windows Server/Workstation administration, SQL Server administration, Linux administration desired Experience working in regulated environments such as NERC CIP or others is highly desired Equivalent Experience: Engineer III Associates degree in related field or a Bachelor's Degree in an unrelated field with 10+ years of experience with significant responsibilities related to security operations, such as Security Patch Management, Configuration Management, Firewall Management, Disaster Recovery, Incident Management, and Information Management, OR High school diploma with 12+ years of experience with significant responsibilities related to security operations, such as Security Patch Management, Configuration Management, Firewall Management, Disaster Recovery, Incident Management, and Information Management. Engineer IV - V Associates degree in related field or a Bachelor's Degree in an unrelated field with 13+ years of experience with significant responsibilities related to security operations, such as Security Patch Management, Configuration Management, Firewall Management, Disaster Recovery, Incident Management, and Information Management, OR High school diploma with 16+ years of experience with significant responsibilities related to security operations, such as Security Patch Management, Configuration Management, Firewall Management, Disaster Recovery, Incident Management, and Information Management. Licenses, Certifications, and/or Registrations: Certifications related to Critical Infrastructure, NERC CIP, Cyber Security or Information Systems are a plus. Specialized Skills: Requires strong technical skills and understanding of various security events across multiple operating system and appliance platforms. Ability to learn and adapt quickly to changes in technologies, processes, and compliance standards. Strong customer service attitude. Strong analytical skills. Ability to document resolutions to customer issues and security alerts. Capability to provide leadership over implementation of processes. Resolve issues amongst a diverse group of stakeholders. Must be able to pass a NERC CIP personnel risk assessment screening. Travel: Less than 10%. Unusual Hours: Occasional evening and weekend work may be required, to support operations and security event response. Supports customers, incident response processes, and systems after hours, as needed. On-site support for system installs, upgrades, assessments as required by CIP compliance activities. Georgia System Operations Corporation is an Equal Employment Opportunity Employer, including veterans and disabled. We are a drug-free workplace. All applicants are subject to substance abuse testing.