Fulltime Information Security Analyst openings in Boston on September 11, 2022

Senior Information Security Analyst at Wells Fargo

Location: Boston

About this role:

Wells Fargo is seeking a Senior Information Security Analyst. IAM Ops audit support team is currently heavily involved in the control testing and documentation of controls for Segregation of Duties. This team are also heavily engaged in source file validation testing which is an on-going effort in Certification Completeness and Accuracy Testing.

In this role, you will:
• Provide information security consultation to improve awareness and compliance with Enterprise Information Security policy, processes and standards
• Perform remediation of security assessment review issues, complex ad hoc data, and reporting to support information security risk management
• Provide guidance and direction in reviewing assessment findings and mitigating controls to optimize information security
• Identify and direct information asset portfolio reconciliations and certifications
• Provide advanced data aggregation and data of information security risk exposure
• Develop and deliver Information Security Education Awareness and Training in accordance with the Enterprise Information Security Program standards
• Review draft and proposed control standards for business impact and recommend modifications or clarifications as required
• Conduct security control testing and consultation with stakeholders
• Evaluate and interpret internal and Enterprise Information Security policies, processes and standards, and provide recommendations to improve them
• Collaborate and consult with peers, colleagues, and managers to resolve issues and achieve goals
• Interact with internal customers
• Serve as a mentor to less experienced staff

Required Qualifications, US:
• 4+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:
• Strong verbal, written, and interpersonal communication skills.
• 3+ years of IAM (Identity and Access Management) experience.
• Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
• Demonstrated ability to work in a fast-changing team environment
• 3+ years of experience working with database queries

Job Expectations:
• Ability to think both conceptually and detailed as needed.
• Ability to work independently.
• Ability to negotiate to achieve desired goals with a successful outcome for all parties.
• Ability to identify challenges, anticipate obstacles, influence and set direction, and resolve issues.
• Excellent documentation and communication skills (written and spoken) including Senior Management.

We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.

Company: WELLS FARGO BANK

Req Number: R-201418-1

Updated: Fri Sep 09 05:01:59 GMT 2022

Location: Boston,Massachusetts
Apply Here
For Remote Senior Information Security Analyst roles, visit Remote Senior Information Security Analyst Roles

********

Sr. Lead Information Security Analyst – File Integrity Monitoring at Wells Fargo

Location: Boston

At Wells Fargo, we are looking for talented people who will put our customers er of everything we do. We are seeking candidates who embrace diversity, equity and inclusion in a workplace where everyone feels valued and inspired. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

About this role:

Wells Fargo Information and Cyber Security (ICS) File Integrity Monitoring is looking for a Sr. Lead Information Security Analyst. Learn more about the career areas and lines of business .

Wells Fargo is seeking a Senior Lead Information Security Analyst that will be responsible for leading the design and adoption of File-Integrity Monitoring/Unauthorized Change Detection capabilities within the Information & Cyber Security organization. The individual will engage with teams across Technology to understand the requirements, identifying appropriate tooling, and define a roadmap for adoption. The individual will work to tailor engagement based on needs and measure and report adoption to senior management.

In this role, you will:
• Define a process to on-board ins-cope assets to File Integrity Monitoring/Unauthorized Change detection tool(s).
• Document requirements for asset owners to review and respond to unauthorized change alerts, including appropriate escalation procedures by risk
• Define requirements and work with metrics team to create meaningful metrics that measure the adoption/successful onboarding and alert resolution
• Define procedures for reporting and escalation of non-compliance to onboarding.
• Work with technical engineers to tune detection capabilities.
• Define communications plan to engage with application teams to support understanding of FIM and expectations for unauthorized change detection review.
• Develop roadmap for onboarding applications.
• Provide vision, direction, and expertise to senior leadership on implementing innovative ways to perform unauthorized file detection.
• Ensure impacted teams have the necessary training to be successful
• Serve as an advisor to senior leadership and professionals and managers at different levels of the organization.

Required Qualifications , US:
• 7+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years designing and implementing security controls
Desired

Qualifications:
• Certified Information Systems Security Professional (CISSP) certification
• Certified Information Security Manager (CISM) certification
• Prior experience implementing technical controls
• Demonstrated ability to influence key stakeholders
• Familiarity with technology used to perform File-integrity monitoring
• Familiarity with key technology platforms including Windows and Linux Operating Systems
• Clear, concise communicator
• Motivated, self-starter
• Ability to communicate technical concepts to individuals not as technical
• Experience in Financial Services sector preferred
Pay Range

$120,400.00 – $250,000.00 Annual

Benefits
• Information about Wells Fargo’s employee benefits
We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran r status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions.

There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US:
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Apply Here
For Remote Sr. Lead Information Security Analyst – File Integrity Monitoring roles, visit Remote Sr. Lead Information Security Analyst – File Integrity Monitoring Roles

********

INFO SECURITY ANALYST IV at Change Healthcare

Location: Boston

INFO SECURITY ANALYST IV

Change Healthcare is a leading healthcare technology company with a mission to inspire a better healthcare system. We deliver innovative solutions to patients, hospitals, and insurance companies to improve clinical decision making, simplify financial processes, and enable better patient experiences to improve lives and support healthier communities.

Overview of Position

Change Healthcare is looking for a Senior Information Security Analyst with a focus on Insider threats, for the Cyber Insider Threat Management team to assist with all aspects of the Insider Threat Program in order to protect Change Healthcares critical data and assets. The individual will have a solid understanding of the modern cyber security landscape with a strong background in intelligence gathering, data loss risks, and process documentation. Effectively defending Change Healthcare in this environment requires an in-depth knowledge of the tools, processes, and regulations surrounding investigations, forensics, data handling, and insider threat techniques.

What will be my duties and responsibilities in this job
• Identifying operational and technical gaps that may result in data loss or compromise.
• Develop playbooks and operational guidelines for CITM and Incident Response.
• Provide in-depth analysis of assigned investigations or investigative leads resulting from monitoring tools.
• Present investigation finds in a concise and easily understandable format
• Automate process to more efficiently determine insider threats
• Evaluate DLP alerts for potential insider threats and create policies and rules to identify potential threats.
• Support the overall operational effort for CITM and incident response.
• Provide expert in-depth knowledge in collecting, analyzing, and escalating security events; responding to insider incidents, and/or collecting, analyzing, and disseminating insider threat intelligenceWhat are the requirements needed for this position?
• Bachelors degree or equivalent working experience
• Minimum of six years relevant in cybersecurity and Insider Threats technologies
• Minimum of three years in use and system administration of insider threat tools such as Splunk, Tanium, McAfee DLP, ZScaler.
• Proficient with Splunk, Tanium, ZScaler, McAfee, Windows, MAC, Server environments, Network topology, or Palo Alto firewalls,
• Familiar with insider threat indicators and how to monitor for them
• Familiar with data classification and discovery tools
• Ability to qualify for DoD clearance

What other skills/experience would be helpful to have
• Ability to Interaction with all levels of leadership including C-level executives
• Familiarity with cloud technologies such as Microsoft Azure and Amazon Web Services, Google Cloud
• Proficient with Python or other relevant programing tools
• Proficient in Data Loss Prevention and DLP tools
• Proficient in dealing with ambiguity where all the pieces of an investigation are not revealed.
• Proficient with end point protection as it pertains to insider threats
• Ability to develop and track security metrics
• Proficient in handling highly sensitive situations with discretion and employ high ethical standards.
• Security Certifications a plus ( CISSP etc)
• Knowledge of other tools pertaining to Data Loss Prevention a plus.
• Hands on analysis for insider threat investigations to include evidence collection, forensics, evidence custody, leveraging DLP, UBA, SIEM, EDR and other tools.
• Self starter with the ability to work independently and interdependently with other team members or groups.
• Utilizing advanced knowledge of tools, techniques and the environment, represent CITM in incident response triage meetings.

li-remote

Diversity and Inclusion:

At Change Healthcare, we include all. We celebrate diversity and inclusivity, respect each other and value our unique experiences. By being our authentic selves, we bring different perspectives into our work and relationships.Business Resource Groups (BRGs) play a central role in advancing diversity and inclusion at Change Healthcare. They deepen our understanding of different cultures, people, and experiences, and help foster an inclusive workplace. Change offers eight (8) BRGs. Learn more at https://careers.changehealthcare.com/diversity Feeling Inspired? Ready to #MakeAChange? Apply today!

COVID Vaccination Requirements

We remain committed to doing our part to ensure the health, safety, and well-being of our team members and our communities. As such, we require all employees to disclose COVID-19 vaccination status prior to beginning employment and, when j ob-related and consistent with business necessity , we may require periodic testing for certain roles. Some roles require full COVID-19 vaccination as an essential job function. Change Healthcare adheres to COVID-19 vaccination regulations as well as all client COVID-19 vaccination requirements and will obtain the necessary information from candidates prior to employment to ensure compliance.

Equal Opportunity/Affirmative Action Statement

Change Healthcare is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, genetic information, national origin, disability, or veteran status. To read more about employment discrimination protections under federal law, read EEO is the Law at https://www.eeoc.gov/employers/eeo-law-poster and the supplemental information at https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf.

If you need a reasonable accommodation to assist with your application for employment, please contact us by sending an email to applyaccommodations@changehealthcare.com with “Applicant requesting reasonable accommodation” as the subject. Resumes or CVs submitted to this email box will not be accepted.

Click here https://www.dol.gov/ofccp/pdf/pay-transp_ English_formattedESQA508c.pdf to view our pay transparency nondiscrimination policy.

California (US) Residents: By submitting an application to Change Healthcare for consideration of any employment opportunity, you acknowledge that you have read and understood Change Healthcares Privacy Notice to California Job Applicants Regarding the Collection of Personal Information (https://www.changehealthcare.com/privacy-notice/privacy-notice-to-california-job-applicants) .

Change Healthcare maintains a drug free workplace and conducts pre-employment drug-testing, where applicable, in accordance with federal, state and local laws.

Change Healthcare is an equal opportunity employer. All qualified applicant will reveive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, genetic information, national origin, disability, or veteran status.
Apply Here
For Remote INFO SECURITY ANALYST IV roles, visit Remote INFO SECURITY ANALYST IV Roles

********

CMMC Information Security Analyst at Northeastern University

Location: Boston

About the Opportunity

The CMMC Information Security Analyst supports a key compliance program within the Office of Information Security to ensure Northeastern University’s compliance with established safeguards for the handling of Controlled unclassified information (CUI), in addition to certification of compliance with security standards established by the United States Department of Defense under the Cybersecurity Maturity Model (CMMC).

Compliance to security standards regarding the handling of CUI, and Cybersecurity Maturity Model certification (CMMC) demonstrates the University’s dedication to secure practices which protect information and data as well as maintaining continuity of Governmental-funded research opportunities.

The CMMC Information Security Analyst role bridges the gap between high-level security policies/requirements, and with direct collaboration across various units of the University, such as Human Resources, the (OGC) Office of General Counsel, and Northeastern University Research Enterprise Services (NU-RES), provides guidance regarding the implementation of technical, operational and procedural controls which support compliance to CUI Policies, and assurance of obtaining and maintaining Cybersecurity Maturity Model (CMMC) Certification.

This position will report to the CMMC Program Manager, and the right individual for this role will have the ability to build the required business partnerships and has had experience with a variety of compliance frameworks, proficiency in technical concepts, and a solid understanding of Information/Cyber Security principals as well as the ability to manage complex projects.

Responsibilities:
• Assist business units assess, design, and implement new cybersecurity controls, sustainable solutions (including applying knowledge of governance, risk and compliance tools), operating processes, and people models to address key and evolving risks and regulatory or policy requirements.
• Work with business partners to understand and analyze known IT control weaknesses, identify root causes, and assist with the development and tracking of detailed, robust remediation plans.
• Keep apprised on published changes to NIST standards, Risk Management Framework (RMF), or (CMMC) Cybersecurity Maturity Model requirements which would have direct impact to the University’s compliance and certification posture. Including the ability to assess, translate and communicate those impacts to Senior leadership and technical or business partners.
• Summarizing and communicating IT controls requirements and compliance assessment results to a variety of stakeholders, including senior leadership.
• identify gaps in design and execution, and communicate issues and recommendations to engagement leads and senior management
• Track and report on key compliance metrics.
• Work with senior leadership on various other cybersecurity liance

, your success matters as much as the mission. Learn more about our flexible, highly dynamic, and values-first culture at careers.its.northeastern.edu.

This position is eligible for remote work.

QUALIFICATIONS

Candidates should have in-depth understanding (SME) of the cybersecurity policies and procedures for information systems involved with handling Controlled Unclassified Information (CUI) along with sufficient technical knowledge/experience to implement them. This is a multi-tasking environment that demands customer service, communication, and organizational skills. A successful candidate will be motivated, results-oriented, and have a willingness to learn. The Information Security Analyst will maintain the operational security posture to ensure information systems (IS) security policies, standards, and procedures are established and followed.
• Bachelor’s degree in Computer Science or Information Systems
• Cybersecurity related certification (e.g., CISSP, CISM, CISA)
• 4+ years of experience in in the field of Cyber Security and Information Risk Management
• Strong familiarity with NIST and Risk Management Framework (RMF), including NIST SP800-53 and NIST 800-17, NIST CSF, FISMA, and the (CMMC) Cybersecurity Maturity Model.
• Experience with security monitoring, metrics, and logging solutions/strategies across applications, systems, and services where available.
• Strong understanding of vulnerability management and remediation processes, and fundamentals of continuous monitoring.
• Understanding of the concepts for Cloud Computing environments and Information Security controls within those Cloud environments inclusive of AWS, and Azure (Government).
• The person in this position frequently communicates with co-workers, management, and customers, which may involve delivering presentations.

Must be able to communicate technical and programmatic concepts effectively to a wide variety of audiences.

NICE TO HAVES
• Former Military s in the Supply or Cybersecurity spaces are highly encouraged to apply
• Previous experience in Information Security, Audit & Risk Assurance, or Information Assurance roles
• AWS, Azure,…
Apply Here
For Remote CMMC Information Security Analyst roles, visit Remote CMMC Information Security Analyst Roles

********

Information Security Analyst and Project Manager at Harvard University

Location: Boston

Basic Qualifications Minimum of five years’ experience post-secondary education or relevant work experienceAdditional Qualifications and SkillsThe following job-specific skills and competencies are preferred:
Experience with leading security mitigation and remediation effortsWorking knowledge of Linux, Windows, OS X, and mobile platforms administration and securityFamiliarity with Splunk for building dashboards, reports, and alertsExperience using penetration testing and vulnerability scanning toolsFamiliar with network security concepts and technologies, such as firewalls, IDS, NAC and the ability to analyze network traffic Experience with technical project managementExcellent time management, organization, and planning skillsExcellent oral and written communication skills, with the ability to share information effectively and confidently to internal and external audiences of varying levels of technical knowledgeManage multiple assigned tasks and projects under general supervisionExcellent interpersonal skills, including the ability to build and cultivate strong relationships and work effectively with diverse groups, including education and non-education personnel both internal and externalExperience functioning as a trusted advisor on all matters relative to information security and risk Experience teaching and collaborating with individuals of varying skill levels The following cultural competencies are also preferred:
Awareness of and aptitude to appropriately and effectively understand, respect, and adapt to cultural and identity-based difference within group environmentsKnowledge of and commitment to concepts and issues tied to social justice, diversity, equity, and inclusion Skills related to creating and supporting an environment that allows for inclusion, effective intercultural engagement, and personal humility and authenticityCertificates and Licenses Completion of Harvard IT Academy Information Security Foundations course (or external equivalent) preferred IT Security Certification preferred; e.g., CISSP, CISA/CISM, and/or GIAC Working Conditions Work is performed in an office setting Additional InformationPLEASE NOTE:
The role will have on-call responsibilities and potentially evening and weekend work.PLEASE NOTE:
PLEASE NOTE:
The primary work location for this position is Boston, MA and in order to be on Harvard payroll, you must reside in one of the following states – MA, NH, RI, ME, CT, VT, NY, MD, or CA.
Until our return to campus and full operational status, which is still to-be-determined, this interview process and position will take place in a slightly modified manner – including virtual interviews and a combination of remote and on-site onboarding and work.
On-campus/in-person work is expected, though, upon start date – in accordance with approved COVID-related guidelines and protocols.
Harvard University offers an outstanding benefits package including:
Time Off:
3-4 weeks paid vacation, paid holiday break, 12 paid sick days, 12+paid holidays, and 3 paid personal days per year.Medical/Dental/Vision:
Excellent and affordablemedical, dental & vision plans, with coverage beginningas of an employee’s start date.Retirement:
University-funded retirement planwith full vesting after 3 years of service.Tuition Assistance & Reimbursement Programs:
$40 per class at the Harvard Extension School, discounted options through participating Harvard graduate schools, and reimbursement options for accredited schools outside of Harvard.Transportation:
50% discount on MBTA passes, as well as additional options (rideshare, biking, etc.) to assist employees in their daily commute.Wellness & Professional Development:
Programs and classes at little or no cost, including stress management, hard & soft skills development, career planning, massages, nutrition, meditation, and complimentary health services.
Additionally, access to Harvard athletic facilities, libraries, campus eventsand many discounts for various cultural and leisure activities throughout metro Boston.Join the Harvard T.H.
Chan School of Public Health to support our mission of health research and education, and to be a part of the oldest institution of higher learning in the country!The Harvard T.H.
Chan School of Public Health does not provide visa sponsorship, now or in the future, for staff positions.Harvard University requires pre-employment reference checks and background screenings.This position has a 90day orientation and review period.The University requires all Harvard community members to be fully vaccinated against COVID-19 as detailed in Harvard’s Vaccine Requirements.Individuals may claim exemption from the vaccine requirement for medical or religious reasons.
More information regarding the University’s COVID vaccination requirement, exemptions, and verification of vaccination status may be found at the University’s “COVID-19 Vaccine Information” webpage.
Apply Here
For Remote Information Security Analyst and Project Manager roles, visit Remote Information Security Analyst and Project Manager Roles

********

Cyber Security Engineer at Experfy Inc

Location: Boston

Designs, deploys, and operates systems, networks, applications, and tools that underpin cyber security and cyber defense. Provides integration of hardware, software, and other components to solve operational challenges for cyber defenders. Performs data and systems engineering functions to support cyber operations activities and systems. Engineers and deploys security and defensive countermeasures and controls.

Ensures system security needed in operations are assessed, established, and included in design and development; executes security requirements definition, systems analysis, systems design, security hardening, security test and evaluation, and certification and accreditation.
Supports operational systems and performs activities such as vulnerability scanning, network, and system security configuration, etc.

Design and architecture of new approaches, methods and techniques for cyber defense and resiliency for information technology and operational technology systems and networks.
May interface with external entities including law enforcement, intelligence and other government organizations and agencies.

Perform supply chain integrity analyses and research

Test and explore hardware and/or software for integrity and correct function

Perform hardware or software reverse engineering

Write analytically and present the results of findings

Work well in a multidisciplinary team

Applies basic S&E theories to well defined tasks with minimal oversight.

Working locally as an individual contributor.

Receives instruction on required tasks and reports results on time and on budget, while working under guidance from experienced staff.
Work is conducted with a high standard of quality, safety, and security.

Contributes to technical products.

Qualifications:
Minimum Qualifications:
BS/BA with 0-1 years of experience

MS/MA with 0 years of experience

Preferred Qualifications:
Relevant experience is defined as:
Demonstrated ability to understand, deploy, and operate a range of cybersecurity tools

Intermediate level knowledge in computer science and cyber security, experience with programming languages, and knowledge of supply chain analyses including hardware, software, and corporate research.
Experience with hardware or software deconstruction, design, or reverse engineering

Must have demonstrated interpersonal skills and the ability to interface with clients and laboratory scientific staff and management

Strong analytic ability

Basic red team or blue team experience

Basic experience with operational technology (OT) or SCADA equipment

Basic understanding of IoT technology and devices

Wide understanding of current cybersecurity vulnerabilities and operational lansdscape
Apply Here
For Remote Cyber Security Engineer roles, visit Remote Cyber Security Engineer Roles

********

Information Security & Privacy Security Associate Analyst at Partners Healthcare System

Location: Somerville

About Us: As a not-for-profit organization, Mass General Brigham is committed to supporting patient care, research, teaching, and service to the community by leading innovation across our system. Founded by Brigham and Women’s Hospital and Massachusetts General Hospital, Mass General Brigham supports a complete continuum of care including community and specialty hospitals, a managed care organization, a physician network, community health centers, home care and other health-related entities.

Several of our hospitals are teaching affiliates of Harvard Medical School, and our system is a national leader in biomedical research. We’re focused on a people-first culture for our system’s patients and our professional family. That’s why we provide our employees with more ways to achieve their potential.

Mass General Brigham is committed to aligning our employees’ personal aspirations with projects that match their capabilities and creating a culture that empowers our managers to become trusted mentors. We support each member of our team to own their personal development-and we recognize success at every step. Our employees use the Mass General Brigham values to govern decisions, actions and behaviors.

These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration. General Summary/Overview: With guidance from senior members of the team, this individual assists with the Mass General Brigham information security risk management program through active engagement with business owners including information gathering, risk analysis, reporting and remediation compliance. This position will focus on driving compliance with identified cybersecurity risk remediation recommendations and plans.

This Information Security & Privacy Associate Risk Analyst is be responsible for coordinating, scheduling and successfully concluding follow- ups to cybersecurity risk assessments with business owners and external vendors/parties. Responsibilities will include working with team members that have conducted assessments to understand the substance and purpose of security recommendations, and following up with business owners on remediation plans. Principal Duties and Responsibilities: Develop an understanding of Mass General Brigham applications, information security & privacy concepts and best practices, and service management offerings Read, understand, and perform information system and third-party risk assessments, following a NIST-based methodology.

Document secure design and configuration requirements and standards for Mass General Brigham technical solutions to achieve acceptable risk level. Increase compliance with enterprise policies and standards understanding the Enterprise Information Security Policy portfolio and develop the skills needed to facilitate remediation or mitigation of non-compliant systems. Clearly document remediation plans and completed, pending and deferred remediations and mitigations in Archer and Service Now.

Maintain a current knowledge of applicable federal and state privacy laws and accreditation standards, and monitor advancements in information privacy and security technologies to ensure adaptation and compliance. Maintain awareness of new technologies and related opportunities for impact on system or application security. Conduct information security research in keeping abreast of latest security issues and keeps abreast of testing tools, techniques, and process improvements in support of security event detection and analysis.

Use/s the Mass General Brigham values to govern decisions, actions and behaviors. These values guide how we get our work done: Patients, Affordability, Accountability & Service Commitment, Decisiveness, Innovation & Thoughtful Risk; and how we treat each other: Diversity & Inclusion, Integrity & Respect, Learning, Continuous Improvement & Personal Growth, Teamwork & Collaboration Other duties as assigned Working Conditions: FTE Normal Office conditions in Hybrid Remote/Office Context Possible local travel to Mass General Brigham sites While performing the duties of this job, the employee is frequently required to sit; talk; or hear; use hands to finger; handle; or feel; reach with hands and arms. The employee is occasionally required to stand; walk; and stoop; kneel; or crouch.

The employee must frequently lift and/or move up to 5 pounds and occasionally lift and/or move up to 20 pounds. Specific vision abilities required by this job include close vision, distance vision and depth perception. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

Normal office working conditions. The noise level in the work environment is quiet to moderate. Bachelor’s degree (B.A./B.S.) or equivalent from an accredited college or university required.

1-3 years of experience in IT/IS. Some experience with information security risk analysis, security risk configuration development, or information security audit. Demonstrable natural aptitude with object relationship and cause/effect.

Familiarity with HIPAA, GDPR, HITECH, Mass ID Theft regulation 201 CMR 17, and other appropriate information security and information privacy regulatory requirements for healthcare entities a plus. Knowledge of NIST 800-53, ISO 27K, GDPR, PCI-DSS is desirable. Legal training/experience is desirable.

Any of the following certifications is a plus: ITIL, any of the following Information Security Certifications: CISSP, HCISSP, CISM, CISA, CIPP, CIPM, CIPT, CPHIMS, PCIP, GSEC, GCIH, GCFE, GCFA, CEH, GPEN, and PM A combination of education and analogous experience may be substituted for some requirements. Skills/Abilities/Competencies: Possess strong interpersonal skills to effectively communicate with cross functional teams including staff at all levels of the organization Outstanding time management and organizational skills required. An ability to work under the required guidelines and deliver on business/project requirements.

Ability to work with both team members and staff in a professional manner. Comfortable working in a dynamic environment with multiple work streams, goals, and objectives. Possess ability to recommend to ISPO leadership team to prioritize project related tasks.

Excellent vocabulary, written and verbal communication and effective interpersonal skills is critical. Understanding of Windows, Unix/Linux operating systems, security administration, virtualization, and TCP/IP networking concepts. Must know how to use common M365 Office Suite of products.

Ability to work independently with minimal supervision Ability to successfully negotiate and collaborate with others of different skill sets, backgrounds an levels within and external to the organization Strong problem solving and negotiation skills Ability to effectively conduct meetings, both formal and informal Requires minimal direction from leadership and possesses the ability to learn quickly.

To apply for this position you will complete an application form on another website provided by or on behalf of Partners Healthcare System. Please note ComputerJobs – NY Jobs is not responsible for the application process on any external website.
Apply Here
For Remote Information Security & Privacy Security Associate Analyst roles, visit Remote Information Security & Privacy Security Associate Analyst Roles

********

Cybersecurity Co-op at Liberty Mutual Insurance

Location: Boston

A career in finance at Liberty Mutual is more than just balancing assets and liabilities. You’ll be using innovative tools and problem-solving skills to fuel your growth and success—and ours.

We’re dedicated to helping industry-leading finance talent realize their dreams—straight out of college. Sound like you? Read on.

The details

Think co-ops just get coffee and answer phones? Think again.

As a Cybersecurity Co-op at Liberty Mutual, you’ll be part of the team responsible for auditing all of Liberty Mutual’s internal control systems.

You’ll work on your own and collaboratively on a variety of projects, including interviewing personnel, performing testwork, analyzing results, and communicating audit issues all while developing a broad knowledge base in cybersecurity and how it is used within the insurance industry.

This is robust on-the-job training that allows you to fine-tune your business acumen in the context of the insurance industry at a global Fortune 100 company.
Qualifications

What you’ve got

You have 0-2 years of professional experience.

You are currently pursuing a bachelor’s degree in Cybersecurity, Management Information Systems (MIS), Computer Science, or equivalent major with a minimum 3.0 cumulative GPA.
You are detail-oriented and thrive in a fast-paced work environment.

You possess strong interpersonal, communication, organizational, and leadership skills.

You possess a working knowledge of a combination of the following areas:

Cyber security principles and practices, strategies and methodologies

Network security engineering and administration concepts

Continuous Integration/Continuous Delivery process and tools, testing frameworks and practices

Cloud networking concepts and network security controls

You’ve had exposure to scripting automation and analytics using Python

You’ve had exposure to AWS, Azure or other public cloud environments

You must be able to work full-time from January – June 2023.

You must have permanent work authorization in the United States.

At Liberty Mutual, our purpose is to help people embrace today and confidently pursue tomorrow. That’s why we provide an environment focused on openness, inclusion, trust and respect.

Here, you’ll discover our expansive range of roles, and a workplace where we aim to help turn your passion into a rewarding profession.

We value your hard work, integrity and commitment to make things better, and we put people first by offering you benefits that support your life and well-being.
To learn more, please visit

Liberty Mutual has proudly been recognized as a “Great Place to Work” by Great Place to Work® US for the past several years.

We were also selected as one of the “100 Best Places to Work in IT” on IDG’s Insider Pro and Computerworld’s 2020 list.

We have been named by Forbes as one of America’s Best Employers for Women and one of America’s Best Employers for New Graduates—as well as one of America’s Best Employers for Diversity.
To learn more about our commitment to diversity and inclusion please visit:

Liberty Mutual is an equal opportunity employer.

We will not tolerate discrimination on the basis of race, color, national origin, sex, sexual orientation, gender identity, religion, age, disability, veteran’s status, pregnancy, genetic information or on any basis prohibited by federal, state or local law.
Bachelor’s Degree

40
Apply Here
For Remote Cybersecurity Co-op roles, visit Remote Cybersecurity Co-op Roles

********

Senior Cyber Security Ops Lead Remote WFH at Motion Recruitment

Location: Boston

Title:Sr Cyber Security Ops Lead
Location: Remote (US)
Email: stephen.calandra@motionrecruitment.com

Job Description

A top software company is looking for a Senior Cyber Ops Lead responsible for execution and operational tasks associated with cyber security within the organization. You will also be responsible for the vulnerability management process, incident response process, security reporting metrics, and network + server hardening. This position is fully remote.

This company is looking for a passionate cyber security professional who is ready for their next big challenge. This opportunity will allow you to take control of your day to day operations and focus on what you think can help the company. Looking for a candidate with a creative, open mind.
• Accountable for the creation, implementation, practice, and operational ownership for the overall cyber security operations for aPriori including threat hunting, vulnerability management, architectural consultation, monitoring / alerting and threat remediation.
• Participates in internal and third-party audits of the company’s information security policies, procedures, as well as operational duties while supporting any remediation efforts that may be identified as a result of an audit.
• Assist in achieving and maintaining required corporate cyber security and compliance related certifications based on business requirements.
• Accountable for the implementation and operational use of cyber security tools for detecting, reporting and remediating security threats.
• Accountable for developing a baseline cyber security reporting and metrics for monthly / quarterly updates to appropriate stakeholders.
• Assist in the creation, implementation, practice, and operational ownership of an overarching incident response plan.
• Work collaboratively across the organization to support aPriori’s enterprise cyber security and roadmaps by directly engaging with stakeholders.
• Assist in developing and maintaining the appropriate policies and procedures needed to align with business delivery and regulatory compliance needs.
• Work closely with Engineering, Customer Success and the IT Security team as needed to assist in the deployment and maintenance of software and hardware solutions to ensure integrity of corporate and customer assets.
• Establish and maintain network security architecture as it relates to enterprise, colocations and cloud. This may include both NGFW, WAF and cloud native firewalls.
• Responsible for hardening infrastructure using implementation checklists, such as DOD Security Technical Implementation Guides (STIGs) or Center for Internet Security (CIS) Benchmarks.
• Establish and maintain e-mail security and best practices implementation

Required Skills & Experience
• Degree in Cyber Security, IT, Computer Science or related field
• 7-10 years’ worth of experience within cyber security related roles
• Expert level knowledge of cyber security operations with a deep understanding of one or more of the standard security frameworks such as NIST.
• Significant experience with incident / outage response, threat detection and remediation, formal IT change management, project management (as a project team member)
• Familiarity with Security Frameworks (NIST, MITRE, Kill Chain etc.) with preference towards practical application at the operations and engineering level
• Has prior experience with EPM (End point Privilege Management), PAM (Privileged Access Management), DLP (Data Loss Prevention), NAC (Network Access Control)
• CISSP, CISM, CISA certification or equivalent.

What You Will Be Doing

Tech Breakdown
• AWS
• Scripting/Automation

Daily Responsibilities
• 40% Teamwork
• 40% Problem Solving/Creativity
• 20% Management Duties

The Offer You will receive the following benefits:
• Medical Insurance
• Dental Benefits
• Vision Benefits
• Paid Time Off (PTO)
• 401(k)

Applicants must be currently authorized to work in the US on a full-time basis now and in the future.
Apply Here
For Remote Senior Cyber Security Ops Lead Remote WFH roles, visit Remote Senior Cyber Security Ops Lead Remote WFH Roles

********

Digital Forensics Analyst at Oracle

Location: Boston

Job Description

Develops and executes programs and processes to reduce information security risk and strengthen Oracle’s security posture.

Supports the strengthening of Oracle’s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.

Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business-critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.

Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance.

Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required.

Incident Management and response: Brings advanced level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents.

Digital Forensics: Brings advanced level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required.

Other areas of focus may include duties providing advanced level skills and knowledge to manage Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies.

Mentors and trains other team members.

Compiles information and reports for management.

Minimum of 8 years experience in information systems, business operations, or related fields, at least 5 years of which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001, GDPR, HIPAA, FedRamp, etc.); threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc. required.

Strong knowledge of: Cloud architecture and security principles. Risk Management Frameworks. *nix and Windows system administration.

Experience with: Logging and log analysis. Identity management principles and technology.

Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. CISSP, CISM, CISA, CIPP or other equivalent certification. Comprehensive knowledge of security design for networks, databases, infrastructure, and cloud computing. Experience writing security incident and vulnerability reports for leadership and other stakeholders. Ability to effectively communicate and influence secure product and network design in a collaborative environment. Comprehensive knowledge of digital forensics. Strong knowledge of web technologies, middleware, database, OS, firewalls, network communication protocols and methods. Knowledge of encryption technologies and architectures. Expert level experience in evaluating and assessing security threats across a variety of environments and industries. Expert level understanding of secure networking principles, routers, switches and load balancers.

If you are a Colorado resident, Please Contact us or Email us at ~~~ to receive compensation and benefits information for this role. Please include this Job ID: 180694 in the subject line of the email.

Responsibilities

Key Responsibilities

• Perform hands-on activities including network, disk and memory forensics, log analysis, malware analysis and threat hunting.

• Assist with the development of processes and procedures to improve security operations functions, incident response times, analysis of incidents, and overall SOC functions.

• Develop scripts, processes and content to improve response capabilities.

• Chain of custody process and properly secure of evidence.

• Research industry trends, identify ongoing security threats, analyze new security testing tools, and provide recommendations on the need and usefulness of services and/or products.

• Evaluate and recommend new and emerging security solutions and technologies to issues.

• Effectively communicate security concepts with both technical and non-technical individuals.

• Provide information regarding intrusion events, security incidents, and other threat indications and warning information to teams and leadership as part of incident response.

• Deliver self-service security metric data of discovery, triage and trending analysis of team findings.

• Author post mortem reports to be provided to senior leadership following an intrusion or red team engagement.

• Participate in planning, designing, and executing tabletop exercises cross-functionally across Oracle for SaaS security incident planning.

• Help define Threat Hunting use cases.

• Participate in Red/Blue team activities.

Required Qualifications

• Bachelor’s Degree in Computer Science, Information Assurance, Security, Management Information Systems, Risk Management, or equivalent work experience acceptable.

• 4+ years of related cybersecurity architecture, engineering, SOC work experience (monitoring, incident response, forensics).

• Strong understanding of typical intrusion life cycle, including privilege escalation, persistence, and lateral movement techniques.

• Strong understanding of host and network Incident Response processes, tasks, tools, and industry operational best practices.

• Understanding of MITRE ATT&CK TM knowledge base.

• Strong and hands-on forensics experience/knowledge on Linux and Windows Operating Systems.

• Python scripting experience.

• Experience with problem solving and troubleshooting complex issues with an emphasis on root cause analysis.

• Understanding of traditional and microservice Application security architectures e.g. OWASP top 10 web application security risks, database security, authentication schemes.

• Excellent customer service skills required.

• Ability to both work independently with minimal direction and to collaborate effectively with local and remote teams with a strong customer focus.

• Excellent written and verbal communications, including presentation skills, are important to be successful in this role.

• Proven ability to effectively communicate with all levels of the organization, as well as with external parties.

Preferred Qualifications

• 2+ years of experience as a Digital Forensics Analyst.

• 2+ years of Python scripting experience.

• Advanced degree in computer science or related field.

• 8+ years of experience within the security department of a large cloud or Internet software company.

• Ideal candidate should possess at least two of the following certifications:
• SANS GIAC Cyber Threat Intelligence (GCTI)
• SANS GIAC Network Forensic Analyst (GNFA)
• SANS GIAC Certified Forensic Analyst (GCFA)
• SANS GIAC Certified Forensic Examiner (GCFE)
• SANS GIAC Certified Incident Handler (GCIH)
• SANS GIAC Certified Intrusion Analyst (GCIA)
• SANS GIAC Reverse Engineering Malware (GREM)
• Certified Information Systems Security Professional (CISSP)
• Offensive Security Certified Professional (OSCP)

Detailed Description and Job Requirements

• Strong understanding of typical intrusion life cycle, including privilege escalation, persistence, and lateral movement techniques.

• Strong understanding of host and network Incident Response processes, tasks, tools, and industry operational best practices.

• Understanding of MITRE ATT&CK TM knowledge base.

• Strong and hands-on forensics experience/knowledge on Linux and Windows Operating Systems.

• Python scripting experience.

• Experience with problem solving and troubleshooting complex issues with an emphasis on root cause analysis.

• Understanding of traditional and microservice Application security architectures e.g. OWASP top 10 web application security risks, database security, authentication schemes.

• Excellent customer service skills required.

• Ability to both work independently with minimal direction and to collaborate effectively with local and remote teams with a strong customer focus.

• Excellent written and verbal communications, including presentation skills, are important to be successful in this role.

• Proven ability to effectively communicate with all levels of the organization, as well as with external parties.

About Us

Diversity and Inclusion:

An Oracle career can span industries, roles, Countries and cultures, giving you the opportunity to flourish in new roles and innovate, while blending work life in. Oracle has thrived through 40+ years of change by innovating and operating with integrity while delivering for the top companies in almost every industry.

In order to nurture the talent that makes this happen, we are committed to an inclusive culture that celebrates and values diverse insights and perspectives, a workforce that inspires thought leadership and innovation. .

Oracle offers a highly competitive suite of Employee Benefits designed on the principles of parity, consistency, and affordability. The overall package includes certain core elements such as Medical, Life Insurance, access to Retirement Planning, and much more. We also encourage our employees to engage in the culture of giving back to the communities where we live and do business.

At Oracle, we believe that innovation starts with diversity and inclusion and to create the future we need talent from various backgrounds, perspectives, and abilities. We ensure that individuals with disabilities are provided reasonable accommodation to successfully participate in the job application, interview process, and in potential roles. to perform crucial job functions.

That’s why we’re committed to creating a workforce where all individuals can do their best work. It’s when everyone’s voice is heard and valued that we’re inspired to go beyond what’s been done before.

Disclaimer:

Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.

Oracle is an Equal Employment Opportunity Employer ***** . All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.
• ** Which includes being a United States Affirmative Action Employer**
Apply Here
For Remote Digital Forensics Analyst roles, visit Remote Digital Forensics Analyst Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo