Risk & Compliance Jobs


"Governance, risk and compliance (GRC) refers to a strategy for managing an organization's overall governance, enterprise risk management and compliance with regulations. Think of GRC as a structured approach to aligning IT with business objectives, while effectively managing risk and meeting compliance requirements."
- CIO.com

Optiv

Cyber Security Compliance Analyst

Denver, CO
Risk & Compliance
FULL-TIME
Nov 6
Premier

Company Description

At Optiv, we’re on a mission to help our clients make their businesses more secure. We’re one of the fastest growing companies in a truly essential industry.

In your role at Optiv, you’ll be inspired by a team of the brightest business and technical minds in cyber security. We are passionate champions for our clients, and know from experience that the best solutions for our clients’ needs come from working hard together. As part of our team, your voice matters, and you will do important work that has impact, on people, businesses and nations. Our industry and our company move fast, and you can be sure that you will always have room to learn and grow. We’re proud of our team and the important work we do to build confidence for a more connected world.

Job Description

Optiv is the leading security solutions integrator creating confidence for a more connected world. Optiv’s corporate security team is tasked with protecting company resources and client data in a dynamic industry with expanding threats. To meet the challenging needs of Optiv’s growing business, the corporate security team is expanding their information security governance and compliance program. The security compliance analyst will report directly to the Director of Governance and Compliance. This position is responsible for assisting with the collection and analysis of key performance metrics, conducting internal audits and assessments, assisting with third-party assessments and internal risk management reviews to help ensure the confidentiality, integrity, and availability of Optiv data and systems.  The security compliance analyst must possess strong analytical skills, research capabilities, and an attention to detail to ensure Optiv can efficiently and effectively handle its compliance requirements. This position is highly business-facing, with frequent collaboration and interaction with all Optiv business units.

PRIMARY DUTIES AND RESPONSIBILITIES

  • Participate in all phases of internal and external assessments and audits.
  • Respond to client third-party assessment requests to facilitate business transactions and maintain strategic business relationships.
  • Positively interact with multiple internal Optiv business units to develop standardized assessment responses for external clients.
  • Perform compliance assessments to determine if business systems are aligned with regulatory requirements, industry standards, best practices and all corporate information security policy, procedures, and standards.
  • Actively review, test, analyze and report on the effectiveness and state of all required controls.
  • Monitor and report on the status of compliance activities and remediation efforts escalating potentially risky situations as needed.
  • Provide recommendations to improve the effectiveness and efficiency of our risk-based audit program to ensure that it is repeatable, sustainable and cost effective.
  • Establish ongoing relationships with business managers and key functional stakeholders.
  • Stay informed of new compliance regulations, assist in the assessment of the impact to the organization, and collaborate to ensure compliance.
  • Share experience, knowledge, and ideas with management and co-workers to maintain a kind and respectful team-based environment.
  • Promote a corporate culture that is committed to Governance, Risk, and Compliance and information security best practices.

SUPERVISORY RESPONSIBILITIES

Will not have direct reports

Qualifications

Education and Experience

  • An undergraduate degree preferably in IT or STEM discipline.
  • Proficient working with a variety of technology platforms (Microsoft, Apple) and common business applications such as MS Office, Teams, Zoom and so forth.
  • Excellent interpersonal, verbal and written communication, presentation, and problem-solving skills.
  • Passionate about security, client satisfaction and process improvement.
  • Ability to balance being flexible and collaborative with following the rules.
  • Able to work with minimal supervision, take initiative and follow through on assignments.
  • Capable of working multiple tasks of varying priorities while maintaining tight deadlines.

Desired Qualifications:

  • A cybersecurity degree or graduate degree.
  • An additional 1-3 years of related work experience.
  • Any cybersecurity related certification such as A+, CISSP, CISA, SANS-GSEC or so forth.
  • Good understanding of security governance, compliance, and risk management principles.
  • Possesses and demonstrates a strong understanding of controls assessment techniques.
  • Solid business acumen and judgment to evaluate issues/problems of high complexity.
  • Able to function independently and perform routine task such as:
    • Facilitate meetings, organize conference calls, deliver presentations and so forth
  • Familiarity with common standards, frameworks and regulations such as:
    • NIST, ISO, COBIT, SIG, CCM, SOC-2, FAIR, HITRUST, PCI, GDPR.
  • Ability to travel (minimal travel anticipated).

#LI-CP1

Additional Information

Why you'll love it here:

If you are seeking a culture that supports growth, fosters success and moves the industry forward, find your place at Optiv! As a market-leading provider of cyber security solutions, Optiv has the most comprehensive ecosystem of security products and partners to deliver unparalleled services. Our rich and successful history with our clients is based on trust, serving more than 12,000 clients of varying sizes and industries, including commercial, government and education. We have the proven expertise to plan, build, and run successful security programs across Risk Management, Cyber Digital Transformation, Threat Management, Security Operations ? Managed Services and Identity and Data Management. Optiv remains committed to championing Diversity, Equality and Inclusion within our organization and throughout the industry.

With Optiv you can expect:

• Work/life balance. We offer "Recharge", a flexible, time-off program that encourages eligible employees to take the time they need to recharge

• Professional training resources, including tuition reimbursement

• Creative problem-solving and the ability to tackle unique, complex projects

• Volunteer Opportunities. "Optiv Chips In" encourages employees to volunteer and engage with their teams and communities.

• The ability and technology necessary to productively work remote/from home (where applicable).

Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
JPMorgan Chase

Cyber Risk Associate

Plano, TX
Risk & Compliance
FULL-TIME
Nov 2
Premier

Technology & Cybersecurity Operational Risk Management – Cybersecurity Engineer - Associate

 

The Cybersecurity Engineer within Operational Risk Management is responsible for the identification, monitoring, testing, and governance of cybersecurity processes and controls risks inherent in JPMorgan Chase technology environment. This position will be highly engaged with the firm-wide Cybersecurity team who provides high quality security solutions to detect and monitor for threats and vulnerabilities and manage security incidents to keep ahead of threats. 

 

We are looking for a multi-disciplined forward-looking technologist with diverse backgrounds and experiences including in areas such as cybersecurity, big data,  compliance and oversight, cloud security, cryptography, rights management, networking technologies (e.g Cisco, Bluecoat, Juniper), and data security architectures. Knowledge of emerging technical trends and cyber threats will be required.

 

The successful candidate will use experience and leadership skills to give guidance and best practice advice across the Cybersecurity discipline.  He/she will lead significant event reviews, risk assessments, and perform monitoring of cybersecurity controls. Written and verbal communication of results of risk assessments will be provided by the Cybersecurity Engineer to management, executive directors, managing directors and stakeholders.  The role requires a strong self-starter who can understand program objectives, understand mitigating cybersecurity controls using a logical to independently assess the control environment.  

 

Key responsibilities include:

·         Perform deep inspection of specific technologies in targeted processes or firm-wide evaluation.

·         Keep abreast of current cyber trends, vulnerabilities, and emerging technologies.

·         Engage with cyber teams to gain full understanding of cybersecurity and control environment.

·         Perform significant event reviews.

·         Independently assess technology risk management and controls across the bank 

·         Understand third party risks as related to specific technology area of expertise.

·         Risk assessment of the impact of threats and vulnerabilities on JPMC technology portfolio. 

·         Coordination and key participation in the development of the evolving risk position of new technology.  For each of the technology areas in focus, this person will be charged with escalating and tracking the individual risk items. 

·         Work with appropriate technology areas to identify potentially elevated risk concentrations globally and perform assessments of the corresponding inherent risks and mitigating controls. Recommend any adjustments required to meet JPMC policy, regulatory requirements, and industry best practices. 

·         Develop and perform ongoing analysis of Operational Risk loss, near miss and external events to inform RCSA results, technology assessments and scenario analysis.  Investigate Operational Risk events meeting selection criteria; assist LOB OROs in determining the appropriate consideration of technology risk management and risk events.

·         Participate in key portfolio governance forums.

·         Provide feedback and coordination with the application risk assessment process.

·         Identify risk measures and thresholds for monitoring key risk cybersecurity controls.

·         BS/BA degree in computer science or equivalent experience.

·         2+ years or more proven experience in technology development, engineering or technical architecture with financial services experience

·         Working knowledge and interest of current and emerging technologies

·         Knowledge of Cybersecurity organization practices, operations, risk management processes, principles, architectural requirements, engineering and threats and vulnerabilities, including incident response methodologies

·         Ability to collaborate with high-performing teams and individuals throughout the firm to accomplish common goals

·         Demonstrated verbal and written communication skills and excellent analytical skills

·         Ability to understand complex technical systems and the business processes they support and synthesize the corresponding risks and controls and recommend adjustments if required.

·         Track record of collaboration and relationship building

·         Proven ability to anticipate and identify risks and effective mitigants

·         Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices

·         Proven track record of taking ideas forward without supervision and challenging others, where appropriate

·         Adept at developing relationships with senior business executives with a reputation for partnering across organization lines to mitigate risks

·         Highly disciplined, able to work with limited supervision and make independent decisions

·         Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results

·         High level of professionalism, self-motivation, and sense of urgency

About Us

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.

Equal Opportunity Employer/Disability/Veterans

About the Team

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers and employees up for success.
 
Risk Management helps the firm understand, manage and anticipate risks in a constantly changing environment. The work covers areas such as evaluating country-specific risk, understanding regulatory changes and determining credit worthiness. Risk Management provides independent oversight and maintains an effective control environment.
Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
FireEye

Compliance Analyst Intern

Richmond, VA
Risk & Compliance
INTERN
Oct 31
Premier

Company Description

FireEye is the leader in intelligence-led security-as-a-service. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,500 customers across 67 countries, including more than 50 percent of the Forbes Global 2000.

Job Description

Compliance Analyst Intern - Summer 2021

The Governance and Compliance team is a critical part of the larger FireEye Security team. The team is responsible for performance of internal audits and assessments, external audit coordination, policy management, business continuity management and third-party management.

As a Compliance Analyst on the Governance and Compliance team, you will use your acumen, customer service skills, and cybersecurity knowledge to assess the internal control environments within FireEye and participate in vendor management due diligence activities. You will work with a great team of professionals who will provide you the guidance and support you will need to be successful in our shared goal of supporting our internal and external customers to meet today’s complex regulatory and security requirements.

What You Will Do:

·       Interact with our internal customers, internal and external auditors to identify, scope, and evaluate the effectiveness of internal controls

·       Conduct vendor risk assessments

·       Assist with business continuity and disaster recovery documentation and associated testing exercises

·       Be responsible for documenting and tracking your work within internal web-based tools

·       Develop a deep understanding of FireEye products and services

·       Exemplify industry-leading customer support skills and deliver positive customer experience

Qualifications

Requirements:

·       Bachelor’s degree in a technical field or working toward such degree, with at least 3 years of completed post-secondary education

·       Experience with cyber security tools, technology and best practices

·       Experience working in customer facing environment

·       Experience fielding questions and requests from customers, and providing timely and comprehensive responses

 

Additional Qualifications:

·       Demonstrated aptitude and desire to learn new technologies and services

·       Ability to ramp up quickly in learning the portfolio of FireEye services and products

·       Problem solver with keen attention to detail

·       Excellent written and verbal communication skills

Additional Information

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. Requests for accommodation due to disability can be sent directly to HR-Accommodations@FireEye.com.

Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
Boeing

Cyber Security Specialist

Los Angeles, CA
Risk & Compliance
FULL-TIME
Sep 28
Premier

Job Description

At Boeing, we innovate and collaborate to make the world a better place. From the seabed to outer space, you can contribute to work that matters with a company where diversity, equity and inclusion are shared values. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us.

Boeing Security is seeking a detail-oriented and self-motivated Mid-Level Cyber Security Specialist to support Department of Defense (DoD) and Special Access Program (SAP) activities. This position will be located in El Segundo, CA, Seal Beach, CA, or Huntington Beach, CA.

Position Responsibilities

  • Contributes to the development and deployment of program information security for assigned systems to meet the program and enterprise requirements, policies, standards, guidelines and procedures.
  • Implements Assessment and Authorization (A&A) processes under the Risk Management Framework (RMF), as well as product development and product maintenance for assigned systems.
  • Performs security compliance continuous monitoring (CONMON).
  • Participates in security assessments and audits.

Additional Responsibilities

  • Prepares and presents technical reports and briefings.
  • Contributes to the identification of root causes, the prioritization of threats, and recommends/ implements corrective action.
  • Provides mentoring and technical leadership within the information security program team.
  • Explores the enterprise and industry for the evolving state of industry knowledge and methods regarding information security best practices.
  • Supports development of enterprise-wide information security policies, standards, guidelines and procedures that may reach across multiple stakeholder organizations.

This position requires an active Secret U.S. Security Clearance. (A U.S. Security Clearance that has been active in the past 24 months is considered active.)

Basic Qualifications (Required Skills/Experience):

  • Current IAM Level 1 DoD 8140.01 (previously 8570.01) compliant certification or higher (i.e. CAP, GSLC, Security+ CE, CISSP, CASP, CISM, GSLC)
  • 1+ years of experience in utilizing security relevant tools, systems, and applications in support of Risk Management Framework (RMF) to include: NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, and HBSS

Preferred Qualifications (Desired Skills/Experience):

  • Experience working within the National Industrial Security Procedures and Operations Manual (NISPOM)
  • Experience in policies and implementation of Risk Management Framework (RMF)

Typical Education & Experience:

Education/experience typically acquired through advanced technical education (e.g. Bachelor) and typically 5 or more years' related work experience or an equivalent combination of technical education and experience (e.g. Masters with 3 years' related work experience, PhD with 1+ years' related work experience, etc.).

Relocation:

This position does not offer relocation.  Candidates must live in the immediate area or relocate at their own expense.

Employee Referral:

Referral to this job is eligible for bonus.

Drug Free Workplace:

Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.


Experience Level
Individual Contributor
Contingent Upon Program Award
No, this position is not contingent upon program award

Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
Church Mutual Insurance

Cybersecurity Intern

Merrill, WI
Risk & Compliance
INTERN
Aug 30
Premier

Overview

Church Mutual's Internship Program runs the day after Memorial Day through mid August, when students return to school. During the 12 week internship, the Cybersecurity Intern will have the opportunity to work on important assignments, gain insight into the business of Cybersecurity, and use your academic knowledge and match your interests to a job.  As an Cybersecurity intern at Church Mutual, you will work alongside our trained professionals, learning and applying valuable skills. 

 

Responsibilities

The typical Intern is an undergraduate who will handle projects normally performed by an entry-level, professional employee.  Assignments can include: identity governance, security risk analysis and assessment, network boundary defense and intrusion detection, security awareness campaigns, vulnerability assessment, process management, and security incident handling.  As an intern, you will have the opportunity to network with senior leaders and participate in a variety of training and development activities.  Interns are valued members of our team and will make immediate and lasting contributions to our company’s success

Qualifications

  • Working towards a Bachelor's Degree in Computer Science, Computer Engineering, Computer Information Systems, Management Information Systems, Information Technology, Mathematics, or other related technical programs
  • Strong technical, analytical, communication, and organizational skills
  • At least one course in, or equivalent knowledge of, the Java programming language
  • Minimum 3.0 cumulative GPA
  • Preferred candidates will be entering Junior or Senior year status in Fall of 2021
Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
FireEye

Compliance Analyst Intern

Reston, VA
Risk & Compliance
INTERN
Aug 29
Premier

Company Description

FireEye is the leader in intelligence-led security-as-a-service. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 7,500 customers across 67 countries, including more than 50 percent of the Forbes Global 2000.

Job Description

The Governance and Compliance team is a critical part of the larger FireEye Security team. The team is responsible for performance of internal audits and assessments, external audit coordination, policy management, business continuity management and third-party management.

As a Compliance Analyst on the Governance and Compliance team, you will use your acumen, customer service skills, and cybersecurity knowledge to assess the internal control environments within FireEye and participate in vendor management due diligence activities. You will work with a great team of professionals who will provide you the guidance and support you will need to be successful in our shared goal of supporting our internal and external customers to meet today’s complex regulatory and security requirements.

What You Will Do:

·       Interact with our internal customers, internal and external auditors to identify, scope, and evaluate the effectiveness of internal controls

·       Conduct vendor risk assessments

·       Assist with business continuity and disaster recovery documentation and associated testing exercises

·       Be responsible for documenting and tracking your work within internal web-based tools

·       Develop a deep understanding of FireEye products and services

·       Exemplify industry-leading customer support skills and deliver positive customer experience

Qualifications

Requirements:

·       Bachelor’s degree in a technical field or working toward such degree, with at least 3 years of completed post-secondary education

·       Experience with cyber security tools, technology and best practices

·       Experience working in customer facing environment

·       Experience fielding questions and requests from customers, and providing timely and comprehensive responses

 

Additional Qualifications:

·       Demonstrated aptitude and desire to learn new technologies and services

·       Ability to ramp up quickly in learning the portfolio of FireEye services and products

·       Problem solver with keen attention to detail

·       Excellent written and verbal communication skills

Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
Grant Thornton

IT Audit Associate

New York, NY
Risk & Compliance
FULL-TIME
Aug 23
Premier

Description

IT Audit Associate - NYC

Grant Thornton LLP (Grant Thornton) is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. We’ve never been a typical professional services firm. We put people first, and that is what sets us apart.

As one of the fastest-growing professional services firms in the world, Grant Thornton LLP is continuously seeking top talent. Discover a place where you’ll work with a team of professionals dedicated to providing bold leadership and distinctive client service. Spend each day engaged in meaningful and challenging work. Be supported in your professional growth and recognized for your contributions.


Position Summary

An IT Assurance Associate is responsible for delivering a full range of IT audit services to our clients. Responsibilities include testing and assessment of information systems control review engagements in support of financial statement audits.

Qualifications

 Essential Duties and Responsibilities

  • Evaluate and test IT controls and identify areas of risk.
  • Apply current knowledge of IT trends and systems processes to identify security and risk management issues, as well as other opportunities for overall process improvement.
  • Maintain professionalism and rapport with the client. Proactively interact with key client management to manage expectations, help ensure client satisfaction, meet client deadlines, and resolve any problems.
  • Gain a comprehensive understanding of assigned client operations, processes and business objectives, and then utilize that knowledge on assigned engagements.
  • Participate in recruiting efforts as needed.
  • Meet or exceed IT Assurance metrics (e.g. – billable hours, CPE, time delinquencies, etc…)
  • Participate in other business development activities as appropriate
  • Other duties as assigned.

Experience Requirements

  • Bachelor's degree in Accounting, Finance, Information Technology, MIS or related field. A Master’s degree is a plus.
  • Desire to pursue CPA, CISA, CISSP, CIA or CISM license/certification.
  • Some related work experience in public accounting or equivalent delivering controls based services, auditing Information Technology General Controls (ITGC’s.) in support of financial statement audits to cross-industry clients and technologies. An understanding of generally accepted practices for testing Key Reports, and Application Controls a plus.
  • Information Security experience or information security training is required.
  • Exceptional client service and communication skills.
  • Strong technical aptitude and problem solving skills
  • Excellent analytical, communication (written and verbal) and interpersonal skills.
  • Effective project and time management skills for handling multiple priorities and simultaneous projects
  • Enthusiasm to learn through a combination of structured, on-the-job and self-directed training
  • Ability to work efficiently and effectively in a complex team environment
  • Strong computer skills including proficiency in Microsoft Office suite applications.
  • Ability to work additional hours and/or travel as needed.
Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
Focal Point Data Risk LLC

IT Audit Intern

Orlando, FL
Risk & Compliance
INTERN
Aug 4
Premier

Overview

At Focal Point, we’re committed to ensuring the health and safety of our employees, clients, and communities. At the moment, our interview and employee onboarding processes are entirely virtual, as all of our offices are temporarily closed. As conditions change, we will update our process to ensure that our job candidates and employees can have a safe, productive, and mutually beneficial interview experience. To learn more about Focal Point’s response to the current public health crisis, please visit: https://focal-point.com/covid-19-response/.

 

Who We’re Searching For: 

The IT Audit Intern is responsible for the execution of field work on client engagements. Working within the practice office, the IT Audit Intern will collect data, test audit evidence and processes, and document the associated procedures according to Internal Audit guidance. This role interacts with various team members and requires attention to audit details and will work closely with Managers and Directors to keep projects focused and on schedule.

Responsibilities

What You’ll Get to Do:

  •  Assist team members in documenting IT processes, compliance with policies and procedures, and comparison to leading practices within IT departments
  • Perform specific audit procedures, tests and analyses, including those that support requirements regarding Sarbanes-Oxley (SOX) compliance
  • Assist in the execution of an audit program for the testing of IT controls across various platforms and application environments
  • Gain exposure to Internal Audit methodology and standards through participation at various project activities
  • Interacts effectively with co-workers at all levels, to foster and maintain strong working relationships
  • Gain exposure to compliance (Sarbanes-Oxley, PII, etc) and Information Technology technical and operational areas.

Qualifications

What You’ll Need to Succeed:

Minimum Qualifications:

  • Recently graduated with a degree in one of the following:
    • Information Technology
    • Accounting
    • Finance
    • Concentrations in Information Security, Data Analytics, Information Technology
  • Must be available during standard business hours, M-F

         

Preferred Qualifications

  • Holds, or working toward a related professional certification (CIA, CISA, Accounting Designations, etc.)
  • Intermediate to Advanced knowledge of Microsoft Office Suite
  • Strong written and oracle communication skills
  • Strong problem-solving and analytical skills
  • Previous experience as an audit intern, or related role
Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
RSM

2021 Security & Risk Intern

New York, NY
Risk & Compliance
INTERN
Jul 29
Premier

We are currently looking for Consultants for our Security, Privacy and Risk Consulting practice. The candidate will work with teams of security and privacy staff in a wide variety of systems environments.  Our Security, Privacy and Risk Consulting team serves the Information Security and Data Privacy related needs of our clients. This team assists clients with selecting, improving, controlling, securing, managing and monitoring the appropriate systems to address their information needs.  We serve a diverse base of clients in a variety of industries, and understanding how technology impacts the operation and growth of organizations is what we do best. 

As a Consulting Associate, you will jump start your career through a comprehensive training and development program where you will be exposed to all our Consulting Solution Practices. This training will include:  

Consulting process, tools and methods 
Client engagement economics 
Presentation and business writing skills 
Examples of candidate's responsibilities include: 
Assess security of client networks, hosts, and applications 
Determine technical, business impact and likelihood of identified security issues and provide remediation guidance to clients 
Perform analysis and testing to verify the strengths and weaknesses of mobile and web applications and web services (SOAP, WSDL, UDDI) 
Perform Internet penetration testing using blackbox and whitebox methodologies 
Review application code, system configurations and device configurations using manual and automated techniques 
Measure and report clients’ compliance with established industry or government requirements 
Work with RSM consulting professionals with a variety of credentials including Certified Ethical Hacker (CEH), Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®) and Certified Information Security Manager® (CISM®) 

Basic Qualifications: 

Minimum B.A. or B.S. degree or equivalent from an accredited university by the time employment commences with a major in Computer Science, Information Technology, Information Systems Management, Information Security or other similar degrees 
Technical background in computer science and related fields 
Strong knowledge  of computer network technologies, protocols and topologies 
Software development, programming and/or scripting experience (Perl, Python, C, Java, PHP, ASP, etc.) 
The ability to interpret and convey technical information through written and oral communications to all levels of technical aptitude, including senior management 
High degree of integrity and confidentiality, as well as ability to adhere to company policies and best practices 
Possess a strong internal drive and motivation for continuous improvement 
A minimum 3.0 GPA is preferred 

Preferred Qualifications: 

Practical hands-on or lab experience with IT infrastructure components such as servers, firewalls, IDS systems and other network infrastructure components 
Practical hands-on or lab experience  with security applications, such as a AppScan, Metasploit, BurbSuite, Nessus, Social Engineering Toolkit, Kali Linux, etc., or other commercial and public domain security tools 
Operating system configuration and security experience (HP-UX, Linux, Solaris, AIX, etc.) 
Configuration and security experience with web servers and web applications (Apache HTTP/Tomcat, Microsoft IIS, Sun One, Oracle iPlanet, IBM WebSphere, etc.) 
Database Configuration and Security experience (MySQL, Microsoft SQL, IBM DB2, Sybase, Oracle, etc.) 
Familiar with security testing techniques such as network discovery, port and service identification, vulnerability scanning, network sniffing, fuzzing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing and password cracking 

Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
Paypal

Risk Management Intern

New York, NY
Risk & Compliance
INTERN
Jul 29
Premier

Fueled by a fundamental belief that having access to financial services creates opportunity, PayPal (NASDAQ: PYPL) is committed to democratizing financial services and empowering people and businesses to join and thrive in the global economy. Our open digital payments platform gives PayPal’s 305 million active account holders the confidence to connect and transact in new and powerful ways, whether they are online, on a mobile device, in an app, or in person. Through a combination of technological innovation and strategic partnerships, PayPal creates better ways to manage and move money, and offers choice and flexibility when sending payments, paying or getting paid. Available in more than 200 markets around the world, the PayPal platform, including Braintree, Venmo and Xoom enables consumers and merchants to receive money in more than 100 currencies, withdraw funds in 56 currencies and hold balances in their PayPal accounts in 25 currencies.

At PayPal, we’re literally reinventing how the world pays and gets paid. We understand that it’s about people. We connect individuals to let them shop, get paid, donate, and send money using today’s technology with the confidence that comes from the security and control PayPal enables. Are you ready to help us change the world? The world’s leading payments company, PayPal, brings together a family of brands that are revolutionizing the way people move money. At PayPal, you will be immersed in an amazing community with a vibrant culture that thrives on innovation, collaboration, inclusion, and wellness. A successful candidate will join the world’s top risk talents in solving some of the most challenging problems in a collaborative global environment that promotes learning and rewards innovation.

Risk Management Professionals at PayPal are highly motivated team players who specialize in analyzing fraud patterns and creating and adapting advanced fraud prevention mechanisms while focusing on the customer’s experience. Our scientists overcome challenges presented by big data, evolving fraud techniques and new payment technologies, by leveraging deep expertise in data analysis, advanced algorithms and story-based analytics. Ideal candidates are problem solvers, equipped with strong analytical skills, suited to approach varied challenges in complex environments. Adept at creative and critical thinking, they can deconstruct problems and transform personal insights into large scale, state-of-the-art solutions.

We work in a space that looks deeply into emerging fraud trends and the facilitation of opportunities that help the business in fueling growth and strategic decisions. You will be able to do it all in a collaborative environment that values your insight, encourages you to take on new responsibility, promotes continuous learning, and rewards innovation. You will join a global team that is multi-disciplinary with a broad spectrum of industry experiences and deep analytical and quantitative expertise.

Key Responsibilities:

  • Provide analytical insights into emerging problems, trends and portfolios
  • Work closely with business partners and stakeholders to determine how to design analysis and measurement approaches that will significantly improve our ability to understand and address emerging business issues
  • Bring data to life making it actionable and relevant to stakeholders through exploratory analysis of internal and external data sources using advanced and innovative analytical techniques, algorithms, and tools
  • Provide regular updates to leadership, peers and other stakeholders that will simplify and clarify complex concepts and results of analyses with emphasis on actionable outcomes and impact on the business

Basic Requirements:

  • Must be pursuing a Bachelor’s or Master’s degree in Computer Science, Math or related field from an accredited college or university
  • Proven ability to work independently and make good decisions with minimal direction
  • Strong communication skills (both verbal and written)
  • Strong analytical skills – analyze complex data, draw accurate conclusions, and make business recommendations
  • Strong working knowledge of Microsoft applications, Excel, PowerPoint, Access and Word – familiarity working with SQL
  • Experience in at least one data visualization tool (Tableau, Qlikview) will be a plus
  •  Proven ability to lead project(s) to conclusion within assigned timelines
  • Ability to approach problems in a quantitative and qualitative manner, and partner with the business to understand their needs and drive solutions
Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
Rich Products Corporation

Cybersecurity Intern

Buffalo, NY
Risk & Compliance
INTERN
Jul 28
Premier

Rich’s, also known as Rich Products Corporation, is a family-owned food company dedicated to inspiring possibilities. From cakes and icings to pizza, appetizers and specialty toppings, our products are used in homes, restaurants and bakeries around the world. Beyond great food, our customers also gain insights to help them stay competitive, no matter their size. Our portfolio includes creative solutions geared at helping food industry professionals compete in foodservice, retail, in-store bakery, deli, and prepared foods, among others. Working in 100 locations globally, with annual sales exceeding $4 billion, Rich’s is a global leader with a focus on everything that family makes possible. Rich’s®—Infinite Possibilities. One Family.

PURPOSE STATEMENT

This Cybersecurity intern will work with the Global Digital Risk Management Team.  Objectives include documenting various business processes and data flows with a focus on identifying digital assets and intellectual property.

KEY ACCOUNTABILITIES/OUTCOMES
  • Additional responsibilities include; working with and supporting a variety of business application security assessments and reviews to support a variety of new, updated and cloud application requests.  
  • The intern will actively participate in the application security review process and support an initiative to improve automation of this process. 
  • Learning opportunities include business facing analysis, documenting process flows, and creating and presenting formal responses to key business partners. 
  • Identifying the controls and conditions required to mitigate digital risk.
  • As a secondary learning initiative, the intern may participate in a Policy & Standard initiative that involves creating, updating, standardizing, & publishing policies to support a ISO27001 standard. 
  • The Intern may participate in the creation of a structured Governance Risk and Compliance process.
KNOWLEDGE/SKILLS/EXPERIENCE
  • Must be enrolled in an accredited institution, pursuing a bachelor’s or Masters’ degree in Cybersecurity, Information security, Information Assurance, or related field
  • Proficiency in Microsoft Office 
  • Excellent communication and inter-personal skills
  • Ability to analyze and document data process flows and identify vulnerabilities and risk.
Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
Palo Alto Networks

Senior / Staff CyberSecurity Engineer

Santa Clara, CA
Risk & Compliance
FULL-TIME
Jul 22
Premier

Our Mission At Palo Alto Networks® everything starts and ends with our mission: protecting our way of life in the digital age.. We have the vision of a world where each day is safer and more secure than the one before. These aren’t easy goals to accomplish – but we’re not here for easy. We’re here for better. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are. Your Career Palo Alto Networks is looking for a talented Cybersecurity / Linux Engineer (PKI ) who will be responsible for maintainability of our customer facing PKI infrastructure. As senior technical staff, you will support Tier-3 engineering for PKI domain and related technologies. The ideal candidate enjoys working in a fast-paced environment with highly innovative technologies. You will make a big impact in this highly visible role by building PKI as a service offering for our customers! Your Impact • Implementing and supporting globally distributed customer-facing PKI infrastructure service, including scalability, capacity planning, redundancy, and resiliency. • Work on disruptive technologies creating PKI as a global service. • Provision, configure & support resilient hybrid cloud deployment architecture, while maintaining availability and performance SLAs based on business and product requirements. • Contribute to documentation related to Certificate Practice Statement (CPS), including areas of design, deployment, validation, operations and DR/BCP. • Design proactive service monitoring, alerting and trend analysis of underlying infrastructure, and support the operations team in implementation. • Collaborate and partner with cross-functional development teams to define technical requirements for implementation and adoption of X.509 certificate usage with Palo Alto Networks products and Cloud services and develop automation and integration methods with PKI solution. Your Experience • Design and performance tuning for Linux infrastructure and API in-depth knowledge of multi-tier web applications. • 5-10 years of hands-on Linux experience in managing and supporting Linux server infrastructure in CentOS/RHEL/Ubuntu. • Willing to learn about installation and management of OCSP and HSM solutions. • In-depth knowledge of Certificate Lifecycle Management • Must be able to collaborate between engineering and IT teams for our PKI services. • Strong technical writing skills to support required documentation. • Must be comfortable with Ansible, Chef or similar configuration management tool to manage infrastructure as code and source code control systems such a GIT or SVN. • Experience with Thales(SafeNet) HSMs is a plus. • Fluent in security & system hardening • Passion, drive, energy, a sense of humor and a great attitude! • BA/BS in Computer Science, Information Technology or the equivalent combination of work experience required. The Team Working at a high-tech cybersecurity company within Information Technology is a once in a lifetime opportunity. You’ll be joined with the brightest minds in technology, creating, building, and supporting tools that enable our global teams on the front line of defense against cyberattacks. We’re joined by one mission – but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving technical gaps that inhibit productivity. Our Commitment We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together. To learn more about our dedication to inclusion and innovation, visit our Life at Palo Alto Networks page and our diversity website. Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics. Additionally, we are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or an accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.

Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
Federal Reserve Bank of Minneapolis

IT/Audit Examiner

Minneapolis, MN
Risk & Compliance
FULL-TIME
Jul 22
Premier

The open role will have responsibility for supporting and executing the Reserve Bank’s supervisory plan of Ameriprise Financial, Inc. (Ameriprise). The successful candidate for this role will have the opportunity to actively participate in high profile inspection activities through assessment of the firm’s IT risks and risk management along with the firm’s internal audit program. This includes, for example, evaluating the effectiveness of the institution’s IT risk identification and control validation processes, governance and oversight, information/cyber security program, business continuity/resiliency, and the effectiveness of internal audit oversight and plan execution.

Ameriprise, headquartered in Minneapolis, Minnesota, is a holding company with $13 billion of annual revenue and $973 billion of assets under management and administration at year-end. Ameriprise offers a wide array of wealth management products and services for individuals including financial planning, managed accounts, life insurance, annuities, and estate planning. It also provides institutional asset management services, including a large family of mutual funds that it offers through affiliates and third parties.

Responsibilities:

  • Leads and manages supervisory events, including determining scope, rating, resource needs, and work assignments.
  • Drafts, reviews, organizes, verifies, and evaluates supervisory event documents prepared by self and others.
  • Communicates, describes, supports, and discusses findings of supervisory events with Reserve Bank and supervised institution management.
  • Analyzes supervised institution performance regarding laws, regulations, and regulatory policies and supports conclusions about overall status of supervised institution.
  • When in a leadership role on an examination, provides training, work direction, and feedback to assisting examiners.
  • Ensures effective supervision of a risk area(s) Ameriprise specific to Information Technology, cyber security, and/or internal audit. The supervision includes: preparing a comprehensive and independent risk assessment; developing, documenting and implementing a supervisory strategy; following up on examination findings and enforcement actions; and conducting ongoing monitoring.
  • Develops and maintains productive working relationships with management at Ameriprise through regular and in-depth discussions to understand changes in strategy, issues, and challenges facing the institution.
  • Maintains effective communication with Ameriprise, the Board of Governors, and Reserve Bank management related to various institution developments, examination findings, changes in major product lines and in risk characteristics.
  • Seeks out and participates in opportunities, including assisting with System or Reserve Bank special projects.
  • Safeguards equipment, sensitive data, and resources according to the SRC Information Security and Data Handling Handbook.
  • Handles records in accordance with the System Records Retention Manual compliance plan.
  • Performs other duties as assigned.

Qualifications:

  • Bachelor's degree in a related field.
  • Examiner credentials. In lieu of examiner credentials, specialized expertise in complex examinations areas as determined by SRC Management.
  • Examiner: At least 4 years of financial services, banking regulations, examinations, and/or expertise in a financial services or other relevant specialty.
  • Senior Examiner: Substantial related experience (6 years) in financial services, banking regulations, examinations, and/or a high level of expertise in a financial services or other relevant specialty.
  • Strong written, verbal, and interpersonal communication skills.
  • Strong analytical skills and detail-orientation.
  • Ability to travel up to 25%.
  • Valid driver’s license with acceptable driving record.
  • Eligible to obtain Examiner or Special Examiner credentials. An acceptable statement of financial interest is required.

Preferred Qualifications:

  • Strong IT experience in areas such as information/cyber security, vendor risk management and/or business continuity planning.
  • Audit or risk management experience in IT or related field.
  • CISA and/or CISSP certification.
Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.
Intercontinental Exchange

Information Security Analyst, GRC

Atlanta, GA
Risk & Compliance
FULL-TIME
Jul 20
Premier
The ICE Information Security Analyst is part of a team responsible for the global Information Security program. This position requires technical proficiency as well as an eager attitude, professionalism, and solid communication skills.
 
Responsibilities
  • Security Metrics – Uses automated and manual processes to produce regular reports communicating the status of the Information Security program
  • Policies and Standards – Maintains corporate Information Security policies and departmental standards and maps them to relevant control standards
  • Regulator, Audit, and Customer Inquiries – Organizes and updates departmental documentation and responds to inquiries in an organized and repeatable fashion
  • Re-certification – Operates periodic processes to ensure hire and termination protocols are complied with and regular access reviews are conducted 
  • Security Awareness – Builds and maintains company awareness and education programs
  • Risk Assessment – Builds and operates the company platform to document, measure, and report assessments, risks, controls, findings, and remediation activity
 
Knowledge and Experience
  • 0 – 3 years of relevant experience
  • University degree in Engineering, MIS, CIS, or related discipline
  • Hands-on experience with Systems Administration and/or IP Networking
  • Experience with Regulatory Compliance
  • Experience in an exchange, trading facility, or financial services
  • Advanced certifications including CISSP
  • Advanced technical writing and/or communication education and experience
Specific Technologies:
 
Excel, Workflow automation tools, Data collection, normalization, indexing, correlation, and visualization.  Scripting, regular expressions, string-parsing, light SDLC, and project management.  NIST Cyber Security Framework, CIS, Archer and competitive GRC Platforms.
Apply Here
After clicking on the button to apply above, you will leave Cyberlinx and go to the job application page (outside the site) for that company. Cyberlinx accepts no liability or responsibility as a consequence of any reliance upon information on their (external sites) or here.