The Cyber Security Engineering Manager will lead and manage a team that partners with NBCU business areas and the Cyber Security organization to ensure technology is securely designed and deployed in alignment with enterprise strategies. The candidate will orchestrate team operations, ensuring high-quality security engineering services, and collaborate to drive continuous improvement.
Safeguard digital assets, ensure compliance with industry standards, and provide guidance on secure processes to the system team. Reconcile findings from system assessments, audits, and vulnerability scans. Implement RMF steps throughout the system lifecycle and maintain its Authority to Operate (ATO). Develop and maintain ATO plans, policies, and procedures including artifacts that demonstrate security compliance.
Acquire and manage all necessary documentation/artifacts to support IT cybersecurity goals and objectives from a risk management perspective. Advise senior management on system risk levels and cybersecurity posture for cloud-based environments. Assist in the deployment, architecture and configuration of security controls of deployed systems with Cloud Architects. Ensure developed systems align with DHS cybersecurity policies. Perform A&A reviews, identify gaps, and support risk management plans.
Provide Cyber Security advice and guidance for clients in βbusiness as usualβ, technical refresh and new project environments. Apply technical knowledge, with creative and innovative thinking in a broad range of complex and non-routine contexts. Identify and establish good security governance to meet client business requirements. Perform Cyber Security risk assessments and determine the most cost-effective deployment of security controls and solutions.
Perform ISSO tasks in accordance with NIST SP 800-37 Rev. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (RMF). Ensure that the appropriate operational cybersecurity posture is maintained for assigned IT systems. Develop, update and maintain the System Security and Privacy Plan (SSPP) and all associated documents for assigned systems.
As a Senior Information Systems Security Officer, you will be the principal advisor on security and privacy for NREL information systems. You will assess information systems and develop system security plans to ensure NREL is appropriately protected from risk, partnering with operational units to identify, analyze, and mitigate security risks using IT controls and facilitating compliance with the NIST framework.
Join UChicago Medicine as a Payment Card Industry Data Security Standards (PCI DSS) Risk Analyst on the Information Security and Privacy GRC team. This remote role will ensure PCI DSS compliance across business units by understanding payment processes, maintaining documentation, and communicating PCI requirements. The position acts as a subject matter expert for Payment Card Industry Data Security Standards, overseeing the implementation of PCI controls.
As a Cloud Engineer at Cresteo, you'll be part of transforming the tech industry through our honest, transparent, and people-centric approach. Your role will be diverse and dynamic and you'll be instrumental in developing and maintaining our software solutions, working with a varied technology stack, and ensuring that our products are functional, efficient, reliable, and scalable.
Serve as a cybersecurity Subject Matter Expert (SME) supporting the Assessment and Authorization (A&A) of DoD information systems. Perform DOD cybersecurity processes for authorizing information systems or advising on systems undergoing authorization. Apply knowledge of NIST 800-53 security controls to assess and authorize large-scale IT infrastructures. Determine the severity of identified vulnerabilities and assess potential impacts on system authorization.
The Cloud Security Consultant will be responsible for ensuring the security and compliance of Azure-based systems and infrastructure. They will implement and manage security controls, monitor for threats and vulnerabilities, and respond to security incidents in Azure cloud environments.