• Provide technical support for activities, processes, and tools used to protect technology-based information.
• Support clients, management, security administrators, and network operations with security-related technical expertise.
• Review, develop, test, and implement security plans, products, and control techniques.
• Analyze circumstances surrounding data security incidents and design corrective actions.
• Document information security policies and procedures.
• Provide implementation support for risk assessments, data security procedures, and products.
• Confirm data quality analysis in collaboration with application teams.
• Coordinate and/or perform applicable Acquisition Environment (AE) security scans.
• Coordinate and monitor access management controls.
• Monitor the integrity of AE's minimum security requirements.
• Track and monitor adherence to company data governance standards.

Skills: Security Support, Incident Analysis, Policy Development, Risk Assessment, Data Governance, Access Control, Security Scanning, Documentation

• Perform continuous monitoring of the first line of defense by testing information security controls to ensure consistent and complete implementation.
• Collaborate with IT and business management to evaluate compliance with the Information Security Program.
• Liaise with IT and enterprise security functions to understand upcoming changes in the environment and ensure security program alignment.
• Access applications to collect, review, and analyze complex data.
• Compile and analyze data from IT and security tools for regular control metric reporting.
• Assist in presenting testing methodologies and results, providing insights, conclusions, and actionable recommendations.
• Track remediation efforts related to observations and self-identified issues.
• Contribute to the development, implementation, and enforcement of information security standards.
• Support enterprise risk management functions as an information security subject matter expert, including disaster recovery/business continuity (DR/BCP) and third-party risk management.

Skills: Security Monitoring, Compliance Evaluation, Security Alignment, Data Analysis, Metric Reporting, Testing & Reporting, Issue Remediation, Risk Management

• Review complex business processes and requirements with a governance mindset.
• Lead entitlement development, improvement, and engineering initiatives based on industry best practices and standards.
• Act as a thought leader with an innovative mindset, actively sharing ideas and visions with the team.
• Support continuous improvement efforts to ensure solutions deliver business value.
• Contribute as an experienced agile delivery squad member, collaborating directly with customers, development teams, product owners, and third-party vendors.
• Work closely with the developer and identity platform teams to ensure best practices are consistently deployed and aligned across all activities.
• Build and foster relationships across the business, within digital innovation and engineering functions, and with supplier and software vendors to bring best-in-class expertise to stakeholders.
• Embrace and integrate new technologies and innovative ways of working to drive efficiency and maintain leading-edge solutions.
• Adhere to organizational standards and compliance requirements to ensure applications remain protected at the highest level.

Skills: Process Governance, Entitlement Engineering, Thought Leadership, Continuous Improvement, Agile Collaboration, Best Practices, Relationship Building, Technology Innovation

• Work directly with customers, prospects, and internal teams to manage RFPs and due diligence requests.
• Handle customer inquiries, information requests, and conference calls with professionalism.
• Develop and maintain documentation to support due diligence efforts and improve process efficiency.
• Drive initiatives to enhance the customer experience throughout the due diligence process.
• Explain data protection practices clearly to assure prospects and customers of compliance.
• Apply sound judgment in negotiations, balancing business objectives with professionalism.
• Review, redline, and negotiate data protection clauses in customer contracts.
• Collaborate with senior management, sales, legal, and customer-facing teams on cybersecurity and privacy matters.
• Support compliance efforts by ensuring internal processes align with security requirements.
• Serve as a departmental specialist in the information security management system, providing support to the Corporate Information Security Manager.

Skills: RFP Management, Customer Support, Documentation Management, Customer Experience, Data Protection, Contract Negotiation, Cross-Functional Collaboration, Compliance Support

• Contact system owners to collect background information and schedule interviews for security assessments.
• Conduct remote and in-person interviews with system owners to capture necessary details and identify security gaps.
• Review technical documents such as specifications, diagrams, requirements, and test plans to verify adherence to security standards.
• Communicate assessment findings to system owners and Senior Security Architecture Analysts.
• Perform security assessments using available documentation.
• Prepare detailed security architecture assessment reports, outlining root causes and recommended remediation strategies.
• Contribute to the development and implementation of global security standards and processes.
• Evaluate new and emerging products or technologies and provide adoption recommendations.
• Carry out operational tasks related to the Information Security Management System (ISMS).
• Support the development of customer-facing digital solutions that comply with information security and quality system requirements.

Skills: Security Assessments, Interviewing Skills, Document Review, Findings Reporting, Assessment Reporting, Standards Development, Technology Evaluation, ISMS Support

• Enforce information security standards and procedures to ensure compliance with regulatory and industry requirements.
• Assist with fraud prevention, including the investigation of fraudulent, illegal, or improper activities.
• Perform scans and reviews, producing reports to ensure compliance with established security policies.
• Deliver security training sessions in support of the security awareness program.
• Serve as a resource for information security questions, guiding team members and staff.
• Participate in incident response and information security teams.
• Collaborate with internal departments to fulfill subpoenas related to security logs and internet access data.
• Communicate findings and activities to the AVP of Information Security (or equivalent leadership).
• Adhere to organizational policies, procedures, and applicable regulatory requirements.
• Participate in required training and development, including Bank Secrecy Act (BSA) training, and demonstrate application of acquired knowledge.
• Contribute to organizational teams, projects, and strategic initiatives as opportunities arise.

Skills: Security Compliance, Fraud Prevention, Policy Auditing, Security Training, Security Guidance, Incident Response, Legal Support, Team Collaboration

• Address top human risk factors within the organization and drive behavioral change in alignment with information security and management directives.
• Implement program elements that raise information security awareness in collaboration with subject matter experts and specialists.
• Contribute to the design of awareness campaigns and information processes that align with organizational communication strategies.
• Assist in executing multi-channel communication programs to effectively deliver security messages.
• Support awareness initiatives that foster positive behavioral change across the organization.
• Ensure consistent implementation of communication and awareness measures.
• Monitor and report on awareness program outcomes to measure effectiveness.
• Contribute to information security events, including roadshows, online sessions, and internal campaigns.
• Collaborate with application teams to remediate identified security vulnerabilities on time.
• Stay current on IT security trends, emerging solutions, standards, best practices, and offensive techniques.

Skills: Risk Awareness, Behavioral Change, Campaign Design, Communication Programs, Awareness Initiatives, Program Monitoring, Event Support, Vulnerability Remediation

• Support project processes to ensure information security is considered from the outset and throughout the project lifecycle.
• Take responsibility for the security of tested products within the project context.
• Conduct manual and automated source code reviews.
• Contribute to and apply security testing methodologies, creating and updating technical documentation.
• Perform security vulnerability analyses and assessments, actively participating in external audits.
• Develop an understanding of broader business operations to align security with organizational goals.
• Collaborate with software development teams to embed security throughout the development lifecycle.
• Identify security flaws in business software and manage remediation appropriately, including liaising with external bodies.
• Research, identify, and develop new tools to improve the security testing process.
• Stay current with emerging threats and evolving security practices.

Skills: Project Security, Product Security, Code Review, Security Testing, Vulnerability Analysis, Business Alignment, Secure Development, Tool Development

• Assess information security risks and provide control implementation guidance in IT projects and product management.
• Manage the cybersecurity program, maintaining a dashboard of key indicators and reporting regularly to the Corporate Information Security Committee.
• Oversee the information security framework by developing policies, standards, procedures, and guidelines.
• Lead and coordinate the cyber incident response process.
• Continuously analyze and scan the corporate digital architecture and software to identify vulnerabilities.
• Manage remediation plans and oversee the deployment of security patches.
• Develop and implement the security software development lifecycle (S-SDLC) methodology.
• Lead and coordinate S-SDLC projects.
• Develop the cloud security program, leading and coordinating cloud security assessments.
• Implement and maintain the cybersecurity awareness and training program, with a focus on IT and IS staff.
• Monitor regulatory compliance requirements and support IS/IT teams in implementing corrective and preventive actions to achieve compliance.
• Collaborate with the corporate legal team to meet regulatory obligations, formalize organizational procedures, and improve business processes.

Skills: Risk Assessment, Program Management, Policy Development, Incident Response, Vulnerability Management, Secure SDLC, Cloud Security, Compliance Oversight

• Work under the direction of the Head of Information Security Advisory and Advanced Threat Management (or delegate).
• Ensure strong security governance and advocate best practices across all digital projects and departments.
• Participate in the build, deployment, and management of digital products, infrastructure, and services to embed security by design.
• Use security tools to assess infrastructure for vulnerabilities and posture, enabling prioritization of remediation.
• Help design, develop, and operationalize monitoring, correlation, and alerting capabilities for networks, infrastructure, and applications to detect suspicious behavior or weak configurations.
• Contribute to the implementation and ongoing maintenance of security controls.
• Provide security response services by addressing security issues and proactively monitoring systems to prevent incidents.
• Review and approve (or reject) changes affecting security posture as a subject matter expert (SME).
• Assist with security compliance activities, including development and maintenance of logs, reviews, and registers.
• Create and maintain information security documentation.
• Contribute to and influence the direction of internal audits and related functions to elevate critical security issues for visibility.

Skills: Security Governance, Secure Design, Vulnerability Assessment, Threat Monitoring, Control Implementation, Incident Response, Compliance Support, Security Documentation

• Work with service provider project teams on application and infrastructure initiatives to define and design secure solutions that align with business needs.
• Engage with project stakeholders to promote a security-focused mindset and transfer knowledge of security standards and processes.
• Ensure service and system specifications and designs comply with organizational and applicable government security policies and standards.
• Conduct information security risk assessments and track remedial activities through to resolution to strengthen security performance.
• Prepare Risk Management and Accreditation Document Sets (RMADS) in alignment with standard templates.
• Deliver required security documentation at each checkpoint in the project delivery lifecycle.
• Specify cost-effective security controls and develop information assurance requirements to integrate into overall project specifications.
• Develop accreditation plans, security cases, and accreditation requirements in consultation with relevant stakeholders.
• Review logical and physical technology models, providing input and recommendations for security documentation, including enhancements or new technologies to meet requirements.
• Liaise with security stakeholders to obtain approval for security design elements and project deliverables.

Skills: Secure Solutions, Stakeholder Engagement, Standards Compliance, Risk Assessment, Security Documentation, Control Design, Accreditation Management, Security Consultation

• Develop and deliver weekly information system security briefings, recommending cost-effective solutions to mitigate risks and proposing improvements to security processes and procedures.
• Provide guidance and coordination to system developers, administrators, and IT specialists to ensure timely and verified implementation of IT security standards for both new and existing systems.
• Document, manage, and maintain the integrity of all security documentation, including standard operating procedures and user guides, ensuring alignment with IT security policies.
• Assist in selecting minimum security controls to establish a protective baseline, documenting them in the security plan, initial Risk Assessment Report (RAR), and continuous monitoring strategy.
• Record security control implementations in the security plan, providing functional descriptions of inputs, expected behaviors, and outputs.
• Conduct security testing to verify that controls are implemented correctly, operate as intended, and achieve desired outcomes in meeting security requirements.
• Perform remedial actions on deficient security controls based on Security Assessment Report findings and reassess remediated controls.
• Review vulnerability scans, ensure responsible parties address findings appropriately, and respond to incident reports by troubleshooting threats, isolating problem sources, and recommending corrective actions.
• Monitor and analyze system logs daily to identify security trends and evaluate the effectiveness of installed security measures.
• Participate in cross-functional teams and manage tasks using Jira.

Skills: Security Briefings, IT Guidance, Documentation Management, Security Controls, Security Testing, Remediation Actions, Log Monitoring, Cross-Functional Collaboration

• Understand product offerings from Azure partners and providers.
• Review and analyze current network designs, recommending changes and modifications to support Azure connectivity.
• Collaborate with project teams to understand application architectures and accommodate specific Azure networking requirements.
• Deploy Azure networking configurations, including ExpressRoute and network peerings, using PowerShell.
• Work with security teams to integrate network security requirements into application architectures.
• Support the network engineering team in building and troubleshooting Azure networks.
• Define and implement a network governance model within an infrastructure-as-code environment.
• Provide innovative, practical designs that deliver end-to-end solutions aligned with business objectives, including functional architecture across multiple enterprise functions.
• Analyze chosen technologies against target states, leveraging operational knowledge to identify technical and business gaps.
• Establish requirements and drive implementation of network monitoring and management infrastructure for availability and performance within the Azure environment.
• Design and support services including Azure Front Door, Traffic Manager, Service Bus, Application Gateways, and API Management.
• Apply both operational and design expertise to execute secure, maintainable architectures on the Azure platform.

Skills: Azure Networking, Network Design, Architecture Collaboration, Configuration Deployment, Network Security, Infrastructure as Code, Network Monitoring, Cloud Architecture

• Participate in the design, engineering, implementation, and operation of information security processes, policies, procedures, standards, systems, and controls based on business and technical requirements.
• Analyze data from information security technologies such as endpoint protection, intrusion detection, event monitoring, and secure proxies to identify and mitigate potential threats.
• Safeguard organizational information and systems by monitoring public and private information sources for emerging risks.
• Collaborate with security, technology, and business teams to remediate vulnerabilities and gaps in security controls, policies, procedures, and standards.
• Contribute to the design and implementation of automated security response capabilities.
• Communicate, share, and escalate technical issues effectively within the team.
• Assist with information security assessment activities in collaboration with technical and non-technical stakeholders.
• Participate in security work groups, contributing to project management tasks including scheduling, coordination, status reporting, and follow-ups.
• Support security-related investigations and requests across the organization.
• Update and maintain information security documentation.
• Promote security education and awareness by supporting related policies, procedures, standards, and controls in collaboration with stakeholders.
• Contribute to the design, build, and management of role-based access controls and support user access review processes.

Skills: Security Engineering, Threat Analysis, Risk Monitoring, Vulnerability Remediation, Automated Response, Security Assessment, Incident Support, Access Management

• Collaborate with information security personnel, database teams, and enterprise solution architects to define compliance and risk-related requirements (HIPAA, PCI, HITECH, Joint Commission) for current infrastructure and future architectures.
• Support the CISO with ad hoc security-related requests from clinical and corporate groups.
• Participate in the review, testing, and integration of security tools.
• Develop information security training materials for end users and ensure personnel understand their responsibilities and accountability as outlined in security policies.
• Perform technical security operations tasks, including vulnerability management assessments on a scheduled basis, and report findings to the Manager of Information Security using approved solutions and toolkits.
• Conduct supervised eDiscovery activities by collecting evidence and maintaining proper chain of custody for records.
• Support business continuity and change management teams by integrating information security standards into related processes.
• Perform risk analyses and assessments to support regulatory requirements in financial and healthcare industries, including HIPAA Security and Privacy Rules and accreditation frameworks.
• Facilitate the analysis of security issues related to interfaces, databases, and other system initiatives.
• Coordinate with internal audit and external audit management teams to oversee and track IS remediation plans addressing audit and compliance findings.
• Develop corrective action plans (CAPs) to remediate control deficiencies in areas such as information security, access control, and segregation of duties.

Skills: Compliance Management, Security Support, Tool Integration, Security Training, Vulnerability Management, eDiscovery Support, Risk Analysis, Audit Coordination

• Oversee the implementation and execution of the organizational information security program.
• Monitor compliance with federal and state regulations, review security standards and frameworks (e.g., NIST, CIS, HIPAA), and recommend policies, procedures, and checklists to enhance controls and reduce business risk.
• Track changes in the regulatory environment and advise on new requirements or expectations, recommending plans to maintain compliance.
• Develop, implement, and maintain physical and information security policies and procedures.
• Maintain and oversee administrative, technical, and physical safeguards and controls.
• Assess risk levels associated with sharing organizational data with third-party vendors and partners, applying appropriate safeguards.
• Conduct and evaluate information security risk assessments using various methodologies, providing risk response strategies.
• Design and deliver physical and information security awareness training and education programs.
• Create and maintain System Security Plans (SSPs).
• Assess and document facility and system role-based access, and enforce access policies through periodic audits.
• Create and maintain Plans of Action and Milestones (POA&Ms), tracking progress and assessing overall risk.
• Prepare responses to information security audits and Requests for Proposals/Information (RFP/RFI).

Skills: Program Oversight, Regulatory Compliance, Policy Development, Risk Assessment, Security Safeguards, Vendor Risk, Security Training, Audit Preparation

• General Training/Communication/Social Media/Awareness experience, with experience in Information Security Awareness.
• Experience in operating in an international environment (limited travel).
• Ability to plan desired deliverables with direct supervision and deliver on commitments within established timelines.
• General knowledge of relevant security policies such as ISO27002 and other relevant standards (NIST, ISO, COBIT).
• Efficient communication both within the IT environment and to the End Users.
• Successful implementation of relevant campaigns using LMS, webcasts, social media, and other technology.
• Basic experience with monitoring security alerts, triaging incidents, and escalating within a SOC or IT security function.
• Familiarity with firewalls, antivirus/EDR, email security, and endpoint hardening.
• Fluency in verbal English and good English writing skills.
• Exposure to working with developers, HR, and compliance teams to integrate security into their workflows.

Qualifications: BS in Information Technology with 3 years of Experience

• Good knowledge of Information Security and Cyber Risks.
• Deep knowledge of web and mobile security.
• Deep knowledge of cybersecurity practices, risk assessments, and compliance activities.
• In-depth knowledge of the risk assessment process.
• Multi-cycle knowledge in driving compliance.
• Hands-on experience in detecting, investigating, and mitigating security incidents, including familiarity with SIEM tools, forensic analysis, and SOC operations.
• Exposure to integrating security practices into CI/CD pipelines.
• Strong stakeholder management skills.
• Strong analytical, research, and recommendation skills.
• Good skills in preparing and presenting management reports and dashboards.

Qualifications: BS in Digital Forensics with 6 years of Experience

• Experience in cybersecurity, ideally in a similar role.
• Good knowledge of data management.
• Able to understand the human aspect of company processes and ensure security is delivered in this context.
• Strong communication skills, able to form relationships with all parts of the business.
• Excellent analytical problem-solving, communication, and work team skills.
• Strong background in information technology with a clear understanding of the challenges of information security.
• Demonstrated ability to build understanding and awareness of security issues throughout the organization.
• Experience in managing and interacting with outsourced services.
• Experience conducting business-focused risk assessments and applying results to recommend proportionate security controls.
• Hands-on experience with endpoint protection, DLP, SIEM, or other monitoring tools to detect and respond to threats.

Qualifications: BS in Cybersecurity with 5 years of Experience

• Experience in operational, regulatory, technology controls, audit, or risk management, preferably within the infrastructure domain.
• Experience working with Unix/Linux and Windows operating systems.
• Working knowledge of Distributed and Mainframe database technologies.
• Experience in Middleware technologies (e.g., EBX, WebSphere, MQ).
• Experience in Active Directory, Network Firewalls, Network Security, and Cisco Management Systems.
• Working experience with Monitoring, Logging, and Alerting tools.
• Experience with Patch Management for the workplace and server systems.
• Hands-on experience with audit, quality assurance/testing, IT risk management, and operational risk management.
• Familiarity with project management practices in IT service delivery.
• Knowledge of TDBG’s Operational and Technology Risk Frameworks or comparable frameworks.
• Strong understanding of regulatory requirements and standards, including PCI, SOX, Basel, OSFI, FRB, and other governing bodies.
• Professional certifications such as CISSP, CISA, PCI-P, or CISM.

Qualifications: BS in Information Systems with 9 years of Experience

• Experience working in information security management, security operations, and incident handling.
• Possess security certifications such as CISSP.
• Working knowledge of security standards such as NIST CSF, ISO 27001/02.
• Familiar with security technologies such as network firewall support/maintenance, IDS, endpoint security solutions, access control systems, data security protection, and other related security technologies within the IT/ICS environment
• Passion in the cybersecurity domain and a keen to learn attitude by staying up to date on cybersecurity technologies.
• Experience performing structured risk assessments and applying threat modeling techniques to applications, infrastructure, or business processes.
• Exposure to securing workloads on AWS, Azure, or GCP, including IAM, logging, and cloud-native security controls.
• Skills in collecting evidence, analyzing logs, and contributing to post-incident reviews.
• Ability to spot anomalies, inconsistencies, and subtle indicators of risk or threats.
• Can manage multiple incidents, tasks, or projects effectively under tight deadlines.

Qualifications: BS in Cloud Computing with 4 years of Experience

• Experience in one or more of the following security domains: access and identity management, asset management, human resource security, security governance, IT operational security, IT compliance & audits.
• Experience working with ISO/IEC 27001, PCI/DSS, NIST, GDPR, or other information security standards, regulations, and best practices.
• Experience and a firm understanding of the development and implementation of information security policies, standards, and related procedures.
• Experience in driving large-scale security projects, both technical and administrative, across a broad range of areas.
• Experience in a similar sector working as or with auditors.
• Hold certifications such as CISSP, CISM, CIA, CRISC, or CGEIT.
• Experience implementing technical and organizational measures for sensitive data handling, encryption, tokenization, DLP, and privacy-by-design.
• Experience building security into continuity planning, resilience testing, and recovery strategies to minimize business impact.
• Hands-on or governance-level understanding of securing new technologies beyond traditional IT.
• Ability to balance security needs with business objectives and gain buy-in from diverse stakeholders.
• Can stay effective under pressure, especially during incidents, audits, or regulatory changes.
• Able to coach junior staff, share knowledge, and foster a collaborative security culture.

Qualifications: BS in Network Engineering with 8 years of Experience

• Experience in delivering at least one of the following: RBAC/PBAC/ABAC concepts across multiple applications.
• Good working knowledge of Agile and Waterfall delivery methodologies, having worked to deliver across both methods.
• Competent in working across the complex Identify & Access Management process and designs.
• Deep entitlement-based security knowledge of any relevant applications.
• Knowledge of Identity Governance and Assurance solutions, e.g., SAP GRC, SNOW GRC, Saviynt, Sailpoint, etc.
• Understanding of working with Compliance and Audit controls, including SOX.
• Experience in medium/large-scale project implementation cycles.
• Team player who is willing to speak up and share what they have learnt.
• Excellent verbal and written communication skills.
• Positive interpersonal skills, including the ability to establish and maintain good working relationships with others.
• Strong in documentation, process analysis and design, requirement gathering, and impact analysis.

Qualifications: BS in Computer Science with 7 years of Experience

• Basic understanding of endpoint security, network security, application security, account security, information security compliance, or data security, and be proficient in one of them
• Experience in technology risk assessment with reference to internationally recognised standards(NIST, ISO27001)
• Good understanding of internationalised information security and privacy protection regulations, including GDPR, LGPD, PDPO, etc.
• Have CISSP, CISA, ISO27001, or other certifications.
• Hands-on experience in handling security incidents, performing root cause analysis, and documenting lessons learned.
• Understanding of securing cloud platforms (AWS, Azure, GCP), including IAM, encryption, and workload protection.
• Ability to help design or deliver internal security awareness programs.
• Practical skills in identifying, prioritizing, and remediating vulnerabilities (e.g., using Nessus, Qualys, or OpenVAS).
• Good communication in English and Mandarin.
• Self-motivated, strive for perfection, result-oriented.

Qualifications: BS in Data Science with 2 years of Experience

• Experience in a similar role or with a similar focus, in an organization with reasonably mature security practices.
• Experience in defining security policies, auditing them, developing remediation plans, and coordinating issue resolution.
• Experience in managing security incidents.
• Experience in the professional services industry.
• Experience in setting up an information security practice within an organization that did not have one before (e.g., a Startup company).
• Experience in the setup of a security incident and event management system.
• Able to drive long-term security roadmaps aligned with business strategy, budgeting for security initiatives, and managing cross-functional security programs at scale.
• Ability to represent the organization in regulatory discussions, industry working groups, or consortia to influence and stay ahead of evolving security requirements.
• Gained credibility within the firm on information security.
• Can be firm on decisions and identify and articulate security gaps/technology risks to members of the firm.
• Can properly articulate and garner buy-in from various stakeholders at different levels of the firm on the benefits of having security policies.
• Able to work well with third-party vendors, evaluate what is valuable vs. what is hype, and have the skills to influence vendors to improve product security.

Qualifications: BS in Software Engineering with 11 years of Experience

• Experience working with Information Security Management Systems (ISMS) & Risk Management.
• Experience with ISO/IEC 27001, PCI/DSS, or other information security standards.
• Experience implementing the EBA guidelines on outsourcing.
• Experience from working in a DevOps and cloud-only environment.
• Strong communication and collaboration skills.
• Have high ethical standards.
• Ability to see security as a business enabler, not as a step in the compliance process.
• Care about giving real, tangible advice/recommendations instead of fluffy, pompous, and pretentious InfoSec jargon when interacting with colleagues.
• Love to share and document thoughts and knowledge for others to benefit from.
• Methodical and diligent with outstanding planning and organisational skills.
• Flexibility and adaptability to changing needs and demands dictated by business and requirements.

Qualifications: BS in Computer Engineering with 5 years of Experience

• Experience in information security or a related field.
• Experience with computer network penetration testing and techniques.
• Working knowledge of Active Directory, firewalls (preferably Palo Alto), proxies, SIEM, antivirus, and IDPS concepts.
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
• Understanding of patch management with the ability to deploy patches on time while understanding business impact.
• Working knowledge of established security frameworks.
• Exposure to securing workloads and identities in AWS, Azure, or GCP environments.
• Hands-on experience with endpoint detection and response (EDR) solutions and mobile device management (MDM).
• Excellent organizational skills and ability to work under pressure in a fast-paced environment.
• Proficient verbal and written English language skills, and/or other languages.

Qualifications: BS in Software Development with 3 years of Experience

• Understanding of Security frameworks, such as ISO/IEC 27001.
• Knowledge on IT Operations, IT Network/Infrastructure, Information Security, Business Continuity Management, Vulnerability Management, Risk Management.
• Experience with various security tools and products (e.g., Encase, Qualys, SIEM, etc.).
• Experience in managing and leading IT Security Operations.
• Strong experience with security platforms for the analysis of incidents and events.
• Hands-on experience with securing cloud environments (AWS, Azure, GCP), including IAM, workload protection, and compliance frameworks like CSA CCM.
• Proven ability to conduct digital forensics, malware analysis, and coordinate structured incident response processes (containment, eradication, recovery, lessons learned).
• Familiarity with secure coding standards (OWASP Top 10, SANS 25) and DevSecOps integration for CI/CD pipelines.
• Ability to leverage threat intel feeds, conduct proactive threat hunting, and translate findings into actionable security improvements.
• Strong oral and written communication, analytical, and problem-solving skills.
• Highly self-motivated and directed professional with keen attention to detail.

Qualifications: BS in Information Technology with 7 years of Experience

• Solid experience working in the field of information security.
• Knowledge of ISO27001 and one or more well-known information security frameworks.
• Experience working in risk management.
• Good understanding of DevOps culture, Agile processes, and principles.
• Good understanding of Identity and Access management and Zero trust.
• Holistic view and capability to understand IT services in a business context.
• Experience with SIEM platforms, SOC operations, digital forensics, and structured incident handling (detection, containment, eradication, recovery).
• Practical experience in designing, testing, and maintaining BCP/DRP to ensure organizational resilience.
• Good communication and presentation skills.
• Proactive, self-starter, and able to manage multiple tasks effectively.
• A team mindset and an outgoing personality with the ability to guide and inspire others.

Qualifications: BS in Computer Science with 6 years of Experience

• General knowledge (or better) of Information Security and Information Security concepts and practices.
• Experience in working on multiple programs or projects with conflicting timelines.
• Knowledgeable and experienced in performing within a business team.
• Can work well in a fast-growing environment with the ability to deliver on time.
• Strong ability to handle multiple demands with a sense of urgency, drive, and energy.
• Familiarity or exposure to project management basics with a sensitivity towards organization, structure, and documentation.
• Ability to “think through” a problem and be "solution-driven".
• Must be self-directed, have excellent initiative, and organizational skills.
• Demonstrate excellent verbal and written communication skills.
• Proven track record of meeting commitments with the highest standards of ethics and integrity.
• Exposure to IT best practices.

Qualifications: BS in Cybersecurity with 4 years of Experience

• In-depth knowledge of Information Security fundamentals across multiple domains, including security management, application security, network security, access control, application development, operations security, and physical security.
• Knowledge of cloud computing environments, SaaS, PaaS, and IaaS, and experience evaluating the associated organisational risks.
• Knowledge of information security controls and frameworks, such as ISF SoGP, NIST, etc.
• Experience in creating and managing an ISMS.
• Experience in evaluating and reviewing third-party vendor documentation and processes.
• Experience in performing risk assessments of information security processes and identifying control gaps with a regulated financial services and digital organisation.
• Experience in monitoring and reporting on cybersecurity metrics and KPI’s.
• Knowledge of information risk and compliance principles.
• Broad knowledge of security technology and related risk and compliance issues.
• Able to review Risk Reports and carry out system administration on GRC and Training platforms (SureCloud, CybSafe, etc).
• Experience working with the ISF Standard of Good Practice (SoGP) or Information Risk Assessment Methodology (IRAM).
• Cyber Security-related certifications, including ISO27001 Lead Auditor, CISA, CISM, CIPP, and CISSP.

Qualifications: BS in Information Systems with 8 years of Experience

• Working knowledge of the Risk Management Framework (RMF) process.
• Prior experience with the Defense Information Assurance & Certification Accreditation Process (DIACAP).
• Familiarity with security policies, guidance documents, and compliance frameworks to support the preparation and maintenance of process artifacts, traceability documentation, and Authority to Operate (ATO) requirements.
• Extensive experience developing, reviewing, and maintaining RMF and DIACAP packages.
• DoD 8570 IAT Level II certification (e.g., Security+), Full Security Control Assessor qualification.
• Hands-on experience with DISA Enterprise Mission Assurance Support Service (eMASS) and the Assured Compliance Assessment Solution (ACAS).
• Proficiency in conducting and interpreting vulnerability assessments and compliance scans (e.g., Tenable Nessus or similar).
• Strong knowledge of network security principles, including firewalls, DMZs, encryption, vulnerability management, scanning, compliance reporting, and mitigation actions.
• Ability to implement and enforce security hardening measures on Windows and Server platforms.
• Experience with Windows 7 or later/Server 2008 R2 or later operating systems, including OS hardening.
• Proficiency in implementing STIG checklists for Windows servers and workstations.
• Knowledge of group policy configuration and enforcement, application hardening, and remote patch management.
• Familiarity with virtualization technologies (VMWare) for system administration, recovery, and security.
• Can use Microsoft server diagnostic tools for troubleshooting, monitoring, and fault identification.

Qualifications: BS in Network Engineering with 10 years of Experience