46 Cybersecurity jobs in New York

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.
In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization's extensive global network. The Group's operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.
The anticipated salary range for this role is between $85,000.00 and $138,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.
**Overview**
SMBC is seeking an experienced Audit Associate with a minimum of 3 years' experience in the banking and finance/technology industry to conduct audit coverage for the firm's cybersecurity and other related technology controls. Reporting to the Cybersecurity Audit Team Head, the Audit Associate will be responsible for (i) conducting cybersecurity and other related technology audits, ensuring work is performed in accordance with IIA standards and Internal Audit Department (IAD) policies and procedures, and (ii) supporting the Cybersecurity Audit Team Head in the execution of their duties. In addition, they will (i) support IAD Management team in helping to identify areas of coverage for planning, development, implementation, and maintenance of an internal audit program covering cybersecurity and technology related areas across the Americas Division and (ii) conduct regular continuous monitoring activities covering cybersecurity and technology related risks and related processes and controls within a prescribed timeframe.
**Role Responsibilities**
+ Conduct regular audits of cybersecurity and technology related areas assessing adherence to firm and regulatory requirements and assessing design, operating effectiveness and sustainability of associated controls.
+ Create audit issues and reports that clearly articulate results, conclusions and recommendations for review with senior audit management and auditees.
+ Challenge the ongoing coverage of cybersecurity and technology related areas and present ideas for improvement.
+ Facilitate risk issue tracking to promote timely remediation.
+ Track and validate closure of issues raised by IAD, external auditors, regulators, and self-identified by stakeholders, including recommending additional actions when necessary.
+ Work collaboratively with colleagues and auditees to identify risk concerns and agree reasonable solutions.
+ Forge strong partnerships with colleagues in other technology and control functions including legal, compliance, data security and risk management to promote front-to-back collaboration across risk assessment and findings remediation.
+ Partner with audit colleagues in other business verticals and/or geographies to share best practices and drive greater consistency. Seek out opportunities to engage with stakeholders outside of formal audit periods to drive deeper relationships.
+ Stay up-to-date with evolving industry/regulatory changes impacting the business and participate in appropriate control forums.
+ Conduct regular Continuous Monitoring activities and auditable entity updates.
+ Recognize the confidential nature of IAD communications and access to information; exercise discipline in protecting the confidentiality and security of information in accordance with IAD policies and procedures.
**Qualifications and Skills**
+ Minimum of 3 years of Cybersecurity/audit experience in the banking and/or technology industry.
+ Knowledge and experience in various Technology and Cybersecurity domains, e.g., Identity and Access Management, Vulnerability Management, etc.
+ Knowledge of cybersecurity related risks (i.e., Governance, Identify, Protect, Detect, Respond, Recover, Supply Chain, and Demand Management).
+ Knowledge of industry relevant standards (e.g., NIST, CRI) and related regulatory expectations (e.g., NYS DFS 500, FFIEC).
+ Knowledge of audit techniques, risk and internal controls assessment, and workpaper standards. Ability to manage and execute audits, from planning to audit closing.
+ Strong strategic thinking skills including the ability to identify and assess technology related risks.
+ Excellent communication (both verbal and written), presentation and professional skills including the ability to interact effectively at all levels within the organization.
+ Enthusiastic and self-motivated, effective under pressure and willing to take personal responsibility/accountability.
+ Bachelor's Degree in Information Technology, MIS, Finance, or related field. Advanced degree is a plus.
+ Working knowledge of Microsoft Office Suite (Outlook, Excel, Word, PowerPoint).
SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.
SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at
EOE, including Disability/veterans

**Requisition:** 82810
**PSEG Company:** PSEG Services Corp.
**Salary Range:** $ 157,000 - $ 257,600
**Work Location Category:** Hybrid Flexible
We're one of the country's largest energy companies, with a vision of powering a future where people use less energy, and it's cleaner, safer and delivered more reliably than ever. We're also deeply connected to the communities we serve, with more than 13,000 employees working together to support our customers and make a difference every day.
Here, you'll have the stability and exciting opportunities that come with being a Fortune 500 company - along with a supportive, friendly work environment where your contributions are valued.
We know life isn't one-size-fits-all, and neither is work. That's why we offer flexible work options depending on the role.
In support of this model, roles have been categorized into one of three work location categories:
1. Onsite - roles where employees are expected to be onsite daily.
2. Hybrid fixed - roles that are a mix of remote work and onsite work fixed days each week
3. Hybrid flexible - roles that are a mix of remote work and onsite work, but the onsite requirements have greater flexibility. (i.e. 5-8 days a month vs. set days each week).
As an employee, if you are regularly scheduled to work 20 or more hours per week, you will have access to a wide range of comprehensive benefits from day one, designed to support your total well-being: medical, dental, vision, parental leave and family leave programs, behavioral health programs, 401(k) with company match, life insurance, tuition reimbursement, and generous paid time off.
More than 13,000 people already call PSEG their work home, taking pride in providing safe, reliable service to millions of customers. If you're looking for a place where you can build a meaningful career and help power and support our communities, we'd love to welcome you to the team.
PSEG is not offering visa sponsorship for this position.
**Job Summary**
The Director, Cybersecurity Operations leads the development, implementation, and ongoing coordination of enterprise-wide cybersecurity operations, including Threat Engineering, Threat Detection, Cybersecurity Industry Threats Coordination, Endpoint Security, Network Security, Email Security, the Security Operations Center (SOC), Threat Analysis and Incident Response, Cybersecurity Logging & Monitoring, Vulnerability Management, Application Security, Data Security, Insider Trust, Threat Intelligence, and Cyber Threat Hunting. (S)he coordinates across all business lines, service departments, and external risk organizations (e.g. Law Enforcement, cross-sector cyber industry trade organizations) and peer energy companies. As PSEG's senior leader responsible for cybersecurity operations, (s)he will also be responsible for defining and aligning cybersecurity policies, strategy, and standards, and for governing actual cybersecurity operations, including overseeing an internal SOC and managed service provider, and for maintaining an Incident Response program to ensure appropriate responses to cybersecurity incidents. During an incident, (s)he will be designed as lead cyber incident commander and will be responsible for the containment, eradication, and recovery, as applicable. (S)he will be responsible for multiple discrete projects/enhancements to build, maintain, and mature capabilities, including people, processes, and technologies. (S)he will engage across the entire IT, OT, and managed services landscapes, including leading a team across these environments.
(S)he will spend his/her time
+ Stopping/mitigating complex attacks, including making emergency decisions in response to active attacks outside of routine technology processes.
+ Executing on key operational decisions with potentially high impact affecting attacks and threats facing PSEG (e.g. spam/malware campaigns, criminal operations).
+ Ensuring the planning, development, implementation, and maintenance of our SOC, including partnering directly with stakeholders as a multi-disciplined team to design/deploy strategies and solutions across a variety of vendor platforms.
+ Acting as a SOC thought leader, consistently researching new ways to improve operations and strategy.
+ Ensuring adherence to cybersecurity controls, policies and standards with a focus on automation and control.
+ Assessing the current IT architecture, business needs, and future requirements as they relate to the SOC.
+ Determining cybersecurity requirements by evaluating business strategies and requirements, researching standards, conducting system security and vulnerability analyses and risk assessments, studying architectures/platforms, identifying integration issues, and preparing cost estimates.
+ Verifying that processes/systems comply with laws/regulatory requirements from local/national governments.
+ Preparing for, and potentially presenting at, Cyber Council, Senior Executive Team, and Board of Directors meetings.
+ Preparing senior-level technical reports for executive management.
+ Engaging in ongoing communications with peers in IT and business (e.g. Legal, HR, Security) to ensure enterprise wide understanding of cybersecurity goals, to solicit feedback and to foster cooperation.
+ Managing relationships with third party service providers, including contract language negotiations.
+ Maintaining up-to-date cybersecurity knowledge, including awareness of innovative solutions/processes, emerging standards, and new threat vectors by reading professional publications, maintaining personal networks, and participating in professional organizations.
**Job Responsibilities**
+ Directs, coaches, and counsels internal/external cyber resources on Cybersecurity technologies, including Threat Engineering, Threat Detection, Cybersecurity Industry Threats Coordination, Endpoint Security, Network Security, Email Security, the Security Operations Center (SOC), Threat Analysis and Incident Response, Cybersecurity Logging & Monitoring, Vulnerability Management, Application Security, Data Security, Insider Trust, Threat Intelligence, and Cyber Threat Hunting for all lines of business and service departments for both IT and OT landscapes.
+ Ensure that Cybersecurity Operations service delivery aligns with the corporate IT strategy, including development of Cybersecurity operations standards, capacity planning, lifecycle management plans, solution selection, and partner management. Ensure scalability of Cybersecurity Operations capabilities, including hardware and software, to meet business needs and risk tolerances.
+ Develops and implements best practices for PSEG Cybersecurity Operations capabilities. Participate in external risk organizations (including with peer groups) to learn from other organizations and to benchmark our program. Partner with professional Cybersecurity Operations associations, service providers, and to identify and implement best practices.
+ Partners with and advises various IT teams. Operationalizes threat models to protect against existing and emerging threats.
+ Builds relationships across PSEG business and technology teams. Interacts routinely with vendors, service providers, consultants/advisors, law enforcement agencies, and cross-sector cyber industry trade organizations. Ensures that cyber operations requirements are identified, well defined, properly documented, and approved by appropriate stakeholders.
+ Develops, manages, and pre-prioritizes Cybersecurity CAPEX and OPEX budgets based on business needs and cyber threats. Lead the identification of optimal OPEX and CAPEX allocations, including opportunities to reduce expenditures while transforming PSEG Cybersecurity Operations. Lead and advise on business case development.
+ Leads team, including performance evaluations, career development guidance, and other aspects to grow the talent pipeline and to mature our program.
**Job Specific Qualifications**
+ Bachelors degree and 10 years of relevant cybersecurity experience, including leadership experience
+ Demonstrated strong leadership and influence skills
+ Demonstrated strong presentation skills with the ability to present to all levels of management and executive leadership
+ Experience leading a 24x7x365 SOC/Cyber Fusion Center
+ Experience managing incident response processes for incidents of all sizes and impacts
+ Experience with Red Teams and with Table Top Exercises
+ Experience with Vulnerability Management
+ Strong knowledge of Application Security tools and concepts, including Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Penetration Testing
+ Proven working experience in Security Analysis, Threat Intelligence, Email Security, and/or Endpoint Security
+ Experience with Penetration Testing, including scoping, executing, reporting, and evaluating remediations
+ Executive teamwork, facilitation, relationship building, and negotiation skills
+ Ability to maintain positive working relationships both as a leader and as a team member
+ Effective time management and multitasking skills
+ Ability to communicate effectively with both technical and non-technical individuals
+ Strong interpersonal communication skills, analytical abilities, detail focused, quality focused, and problem-solving skills, as well as broad knowledge of business functions, information technologies, and cybersecurity and compliance practice on a global level
+ A demonstrated ability to integrate various cybersecurity, network and data protection technologies and controls into a cohesive solution that sufficiently mitigates risk
+ Demonstrated experience in enterprise solutions and implementation of technology and process solutions to reduce the potential risk of data compromise and network viability
+ Significant experience in cybersecurity, including hands on experience in SIEM, Email Security, and Endpoint Security tools, Threat Intelligence platforms, and potentially additional experience in forensics, offensive/defensive technologies, intelligence gathering, and/or reverse engineering
+ Demonstrated experience in delivering comprehensive solutions to complex cybersecurity issues on a global scale
+ Confidence in leading diverse matrix teams independently, making decisions daily as it relates to the successful delivery of the program
+ Ability and insight to know when critical decisions must be raised to senior level and/or business unit management quickly to ensure that the program remains on track
+ Strong knowledge of Threat Intelligence frameworks (e.g. MITRE ATT&CK)
+ Department of Energy's regulation 10 CFR 810 is required
**Desired**
+ Industry Cybersecurity certifications (e.g. CISSP, CEH, etc.)
+ Masters in Information Security, Computer Science, Business, Engineering, or related fields
+ Experience in Electric or Gas Utility or Power Generation industry, and/or experience in manufacturing
+ Broad knowledge of IT and related control environments
Some positions at PSEG require access to information covered by the Department of Energy's regulation 10 CFR 810 (Part 810). If applicable, the successful applicant must prove they are: (1) a citizen or national of the USA; OR (2) a lawful permanent resident of the United States (Non-Conditional Permanent I-551 / Green Card / Permanent Resident Card holder); OR (3) a citizen, national, or permanent resident of a "Generally Authorized" destination on the attached list ( At PSEG/AppendixAtoPart810_ Title10) not also a citizen, national, permanent resident of any country not listed; OR (4) a "Protected Individual" under the Immigration and Naturalization Act (8 U.S.C 1324b(a)(3)).
As an employee of PSEG, you should be aware that during storm restoration efforts, you may be required to perform functions outside of your routine duties and on a schedule that may be different from normal operations.
For all roles, PSEG's drug and alcohol testing program includes pre-employment testing, testing for cause, and post-incident/accident testing.
Employees who are hired or transfer into a federally regulated role (including positions covered by USDOT, PHMSA, or NRC regulations) are subject to random drug and alcohol testing, inclusive of marijuana. Although numerous states throughout the country have legalized marijuana/cannabis products recreationally and medically, the use of these products are prohibited for employees in federally regulated roles. Please note that the use of CBD products may result in a positive drug test for THC/Marijuana and such use is not a legitimate medical explanation for a positive result.
If you are a current PSEG Long Island (PSEGLI) employee and offered an opportunity with PSEG or any of its subsidiaries other than PSEGLI, you will be treated as a new hire. Please note that as a new hire to PSEG, your benefits will change and generally will be consistent with other similarly situated PSEG new hires. Similarly, for PSEG employees who accept job opportunities with PSEGLI, your benefits will change and generally be consistent with other similarly situated new hires of PSEGLI.
PSEG is an equal opportunity employer, dedicated to a policy of non-discrimination in employment, including the hiring process, based on any legally protected characteristic. Legally protected characteristics include race, color, religion, national origin, sex, age, marital status, sexual orientation, disability or veteran status or any other characteristic protected by federal, state, or local law in locations where PSEG employs individuals.
PSEG is committed to providing reasonable accommodations to individuals with disabilities. If you have a disability and need assistance applying for a position, please call or email
If you need to request a reasonable accommodation to perform the essential functions of the job, email Any information provided regarding a disability will be kept strictly confidential and will not be shared with anyone involved in making a hiring decision.
ADDITIONAL EEO INFORMATION (Click link below)
Know your Rights: Workplace Discrimination is Illegal

Join one of the world's most influential companies and leverage your skills in cybersecurity to have a real impact on the financial industry.

As a Lead Cybersecurity Architect at JPMorganChase within the Commercial & Investment Bank covering global Equities you are an integral part of a team that works to develop high-quality cybersecurity solutions for various software applications on modern cloud-based technologies. As a core technical contributor, you are responsible for carrying out critical cybersecurity architecture solutions by identifying, creating, and communicating risk, mitigation options, and solutions across multiple technical areas within various business functions in support of project goals.

Job responsibilities

• Engages technical teams and business stakeholders to discuss and propose technical approaches to meet current and future cybersecurity needs
• Defines the technical target state of their cybersecurity product and drives achievement of the strategy
• Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall cybersecurity of software applications and systems
• Leads evaluation sessions with external vendors, startups, and internal teams to drive continuous improvement and assess cybersecurity design and technical credentials for use in existing systems and architecture
• Leads communities of practice to drive awareness and use of new and leading-edge cybersecurity technologies
• Adds to team culture of diversity, opportunity, inclusion, and respect

Required qualifications, capabilities, and skills

• Formal Training or certification with 5 years of experience with security Architecture .
• Hands-on practical experience delivering enterprise-level cybersecurity solutions and controls
• Experience in complex network architectures
• Experience of threat modeling techniques & frameworks
• Proficiency in automation and continuous delivery methods
• Proficiency in all aspects of the Software Development Life Cycle
• Advanced understanding of agile methodologies such as continuous integration and delivery, application resiliency, and security
• Demonstrated proficiency in software applications and technical processes within a technical discipline (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
• In-depth knowledge of the financial services industry and their IT systems
• Practical cloud native experience
• Deep knowledge of one or more software and applications
• Ability to evaluate current and emerging technologies to recommend the best solutions for the future state architecture
• Experience effectively communicating with senior business leaders

Preferred qualifications, capabilities, and skills

• CISSP - Certified Information Systems Security Professional or equivalent
• AWS Certified Cloud Practitioner

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

Base Pay/Salary
Jersey City,NJ $152,000.00 - $15,000.00 / year New York,NY 152,000.00 - 215,000.00 / year

Join one of the world's most influential companies and leverage your skills in cybersecurity to have a real impact on the financial industry.

As a Lead Cybersecurity Architect at JPMorganChase within the Commercial & Investment Bank covering global Equities you are an integral part of a team that works to develop high-quality cybersecurity solutions for various software applications on modern cloud-based technologies. As a core technical contributor, you are responsible for carrying out critical cybersecurity architecture solutions by identifying, creating, and communicating risk, mitigation options, and solutions across multiple technical areas within various business functions in support of project goals.

Job responsibilities

• Engages technical teams and business stakeholders to discuss and propose technical approaches to meet current and future cybersecurity needs
• Defines the technical target state of their cybersecurity product and drives achievement of the strategy
• Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall cybersecurity of software applications and systems
• Leads evaluation sessions with external vendors, startups, and internal teams to drive continuous improvement and assess cybersecurity design and technical credentials for use in existing systems and architecture
• Leads communities of practice to drive awareness and use of new and leading-edge cybersecurity technologies
• Adds to team culture of diversity, opportunity, inclusion, and respect

Required qualifications, capabilities, and skills

• Formal Training or certification with 5 years of experience with security Architecture .
• Hands-on practical experience delivering enterprise-level cybersecurity solutions and controls
• Experience in complex network architectures
• Experience of threat modeling techniques & frameworks
• Proficiency in automation and continuous delivery methods
• Proficiency in all aspects of the Software Development Life Cycle
• Advanced understanding of agile methodologies such as continuous integration and delivery, application resiliency, and security
• Demonstrated proficiency in software applications and technical processes within a technical discipline (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
• In-depth knowledge of the financial services industry and their IT systems
• Practical cloud native experience
• Deep knowledge of one or more software and applications
• Ability to evaluate current and emerging technologies to recommend the best solutions for the future state architecture
• Experience effectively communicating with senior business leaders

Preferred qualifications, capabilities, and skills

• CISSP - Certified Information Systems Security Professional or equivalent
• AWS Certified Cloud Practitioner

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

Base Pay/Salary
Jersey City,NJ $152,000.00 - $15,000.00 / year; NY 152,000.00 - 215,000.00 / year

**Job Description**
The ideal candidate for this role will be an experienced incident response analyst with extensive detection development experience across various enterprise technologies. This individual will be responsible for designing, developing and enhancing threat detection capabilities across the organizations detection platforms while providing incident response experience during critical incidents, and providing mentorship to junior analysts. The primary focus for this role will be the creation and optimization of threat detection use cases, leveraging advanced tools and techniques to identify and mitigate cyber threats in real time through collaboration with cross-functional teams to ensure that the threat detection solutions align with the organization's security strategy. This position will consider remote work approval for the right candidate.
**Essential Responsibilities**
+ Design and implement advanced detection architectures across the organization's security landscape, utilizing SIEM, EDR, XDR and cloud security platforms.
+ Lead the development and refinement of complex, high-fidelity detection use cases, custom correlation rules, and detection models tailored to the organization's unique risk profile and threat landscape.
+ Continuously enhance and optimize detection techniques, reducing alert fatigue and improving detection accuracy.
+ Identify and develop improvement initiatives within the Detection and Response team, implementing best practices and optimizing processes to enhance security capabilities.
+ Lead investigations into critical incidents, coordinate containment and eradication activities, and ensure recovery aligns with NIST incident response framework principles.
+ Leverage SOAR platforms to automate triage, enrichment, and response workflows for improved Incident Response efficiency.
+ Utilize AI-based tools such as Agentic AI and Co-pilot to enhance investigation speed, threat hunting, and reporting accuracy.
+ Leverage MDR capabilities to enhance detection and response workflows and streamline investigation prioritization.
+ Use endpoint protection and diagnostic tools such as Microsoft Defender for Endpoint (MDE) and CrowdStrike to conduct forensic analysis and validate root causes.
+ Partner with internal stakeholders, leadership, and external partners to provide situational awareness and actionable recommendations.
+ Support junior analysts through coaching, technical guidance, and knowledge sharing to build overall Incident Response capability and mature the threat detection posture.
**Core Competencies**
+ Expert understanding of attack lifecycles, network telemetry, endpoint data, and adversarial tactics mapped to MITRE ATT&CK.
+ Proven ability to lead the full incident lifecycle, following NIST best practices from identification through post-incident recovery.
+ Ability to design and optimize automated response workflows in SOAR tools to reduce response time and analyst fatigue.
+ Comfortable integrating AI and machine learning tools into investigative processes to improve detection accuracy and reduce false positives.
+ Understands the business impact of identified threats and aligns response actions to minimize operational risk.
+ Proactively evaluates emerging technologies and integrates them into Incident Response operations.
**Technical Knowledge & Skills**
+ Experience with SIEM platforms such as Microsoft Sentinel for event correlation and detection engineering.
+ Strong knowledge of SOAR technologies for orchestration and response automation.
+ Familiarity with endpoint detection and response (EDR) tools such as MDE, CrowdStrike and Sysinternals.
+ Working knowledge of AI-powered analysis and automation tools including Agentic AI and Co-pilot.
+ Understanding of key cybersecurity frameworks and standards: NIST Incident Response Framework, MITRE ATT&CK, and ISO 27001.
+ Experience with scripting languages including python and PowerShell.
+ Strong knowledge of Windows Active Directory Environment and cloud computing architectures.
+ Experience conducting forensic analysis, log correlation, and root cause investigations.
+ Strong communication skills to convey findings to technical and non-technical audiences.
**Minimum Qualifications**
+ Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
+ 5+ years of experience in IR operations, intrusion detection, or incident response.
+ Experience developing detection rules, playbooks, and automation workflows.
+ Demonstrated experience leading complex investigations and coordinating cross-functional response efforts.
**Preferred Qualifications**
+ Advanced certifications: GIAC (GCIH, GCFA etc.).
+ 5+ years of experience in Detection Engineering roles for large organizations.
+ Hands-on experience with cloud-native security tooling and hybrid SOC environments.
**Leadership Expectations**
+ Ability to work collaboratively across teams; foster an environment where associates thrive and perform at their best.
+ Model ethical conduct, transparency, and accountability in every action; ensure compliance with cybersecurity and data privacy standards.
+ Demonstrate curiosity, adaptability, and a growth mindset. Encourage innovation, learning, and continuous improvement across IR operations.
**Required Skills:**
Adaptability, Adaptability, Analytical Thinking, Business Strategies, Coaching and Development, Cybersecurity Operations, Cyber Threat Intelligence, Data Loss Prevention (DLP), Decision Making, Detail-Oriented, Digital Forensics, Governance Management, Incident Response Management, Insider Threat Mitigation, Leadership, Log Analysis, Malware Analysis, Management Process, Penetration Testing, People Leadership, Risk Management, Security Information and Event Management (SIEM), Security Monitoring, Security Operations, SLA Management {+ 4 more}
**Preferred Skills:**
Incident Response
Current Employees apply HERE ( Contingent Workers apply HERE ( and Puerto Rico Residents Only:**
Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here ( if you need an accommodation during the application or hiring process.
As an Equal Employment Opportunity Employer, we provide equal opportunities to all employees and applicants for employment and prohibit discrimination on the basis of race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or other applicable legally protected characteristics. As a federal contractor, we comply with all affirmative action requirements for protected veterans and individuals with disabilities. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:
EEOC Know Your Rights ( GINA Supplement
We are proud to be a company that embraces the value of bringing together, talented, and committed people with diverse experiences, perspectives, skills and backgrounds. The fastest way to breakthrough innovation is when people with diverse ideas, broad experiences, backgrounds, and skills come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another's thinking and approach problems collectively.
Learn more about your rights, including under California, Colorado and other US State Acts ( Hybrid Work Model**
Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as "remote".
The salary range for this role is
$139,600.00 - $219,700.00
This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An employee's position within the salary range will be based on several factors including, but not limited to relevant education, qualifications, certifications, experience, skills, geographic location, government requirements, and business or organizational needs.
The successful candidate will be eligible for annual bonus and long-term incentive, if applicable.
We offer a comprehensive package of benefits. Available benefits include medical, dental, vision healthcare and other insurance benefits (for employee and family), retirement benefits, including 401(k), paid holidays, vacation, and compassionate and sick days. More information about benefits is available at .
You can apply for this role through (or via the Workday Jobs Hub if you are a current employee). The application deadline for this position is stated on this posting.
**San Francisco Residents Only:** We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance
**Los Angeles Residents Only:** We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance
**Search Firm Representatives Please Read Carefully**
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.
**Employee Status:**
Regular
**Relocation:**
No relocation
**VISA Sponsorship:**
No
**Travel Requirements:**
10%
**Flexible Work Arrangements:**
Hybrid
**Shift:**
1st - Day
**Valid Driving License:**
No
**Hazardous Material(s):**
N/a
**Job Posting End Date:**
10/31/2025
***A job posting is effective until 11:59:59PM on the day** **BEFORE** **the listed job posting end date. Please ensure you apply to a job posting no later than the day** **BEFORE** **the job posting end date.**
**Requisition ID:** R

Description
Director, Operational Risk Management Oversight - Cybersecurity Risk
Citizens is hiring a Director to join our Operational Risk Management Oversight team with a focus on cybersecurity risk. This leadership role provides independent oversight, review, and challenge of cybersecurity-related risks across the enterprise. You will collaborate with senior stakeholders to ensure material risks are well defined, effectively managed, and aligned with regulatory expectations. Strong knowledge of emerging technology risks, cybersecurity standards, best practices, and U.S. regulatory requirements is essential.
Key Responsibilities
- Lead a team of three providing independent oversight and challenge of cybersecurity risk management activities within the first line of defense. Evaluate formal risk program activities including Risk and Control Self-Assessments, issues management, controls management, and new business initiative risk assessments.
- Advise first line risk partners on complex risk issues while assessing aggregate enterprise-wide risks. Collaborate across all three lines of defense, escalate emerging risk issues requiring remediation, and drive accountability. Maintain strong relationships with internal stakeholders and regulatory agencies.
- Monitor external trends and regulatory priorities to assess impact on the enterprise risk profile. Partner with stakeholders to implement mitigation strategies.
- Participate in cybersecurity incident response activities to ensure real-time risk assessment and appropriate mitigation. Post-incident, lead or contribute to root cause analysis and recommend next steps.
- Conduct targeted risk assessments on emerging issues to provide independent opinions on enterprise impact.
- Operate within governance structures while identifying opportunities to improve efficiency and effectiveness. Manage policy and program governance and perform assurance activities to assess compliance.
- Engage with business areas to provide domain-relevant advice, monitoring, and credible challenge to ensure the Operational Risk Management Program is effectively implemented.
Required Experience
- 8+ years demonstrated cybersecurity domain expertise
- 4+ years risk management experience in financial services
- Expert knowledge of cybersecurity risks and controls
- Experience in a financial services organization under strong regulatory oversight
- Ability to build and maintain senior executive relationships
- Proven leadership experience managing teams
- Strong decision-making and judgment skills
- Ability to challenge status quo and influence outcomes
- Excellent business writing and communication skills
- Proficiency in MS Word, Excel, PowerPoint, and Visio
Education and Certifications
- Bachelor's degree required
- Preferred certifications: CISSP, CISM, CISA, CRISC, or other relevant risk certifications
Work Schedule and Location
- Hours per Week: 40
- Locations: Johnston RI, Boston MA, Westwood, MA, Iselin NJ
- Schedule: Monday-Friday
Pay Transparency
The salary range for this position is $175,500-$230,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.
We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens' paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit .
#LI-Citizens2
Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.
Equal Employment Opportunity
Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.
Why Work for Us
At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth
Background Check
Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.
11/21/2025

**Job Description**
**Job Description:**
We are seeking a motivated and skilled Zero Trust Security Engineer with a background in SASE solution with Zscaler. As a Zero Trust Security Engineer, you will assist in designing, implementing, and maintaining our SASE solution with Zscaler across our organization.
**Responsibilities** :
· Support the design, implementation, and maintenance of comprehensive Zscaler architecture and integration to enhance overall security.
· Assist in the implementation of Zero Trust strategies, including End point, Network security, cloud configuration, intrusion detection and prevention systems, and secure remote access.
· Collaborate with cross-functional teams to integrate Zero Trust principles and network security solutions into various infrastructure components, systems, and applications.
· Assist in the implementation and configuration of network security tools, ensuring proper monitoring, detection, and response capabilities.
· Stay up to date with the latest advancements and trends in Zero Trust, Cloud, network security, and related technologies, and assist in evaluating their applicability to the organization.
· Collaborate with external vendors, consultants, and internal stakeholders to evaluate, implement, and manage network security solutions.
· Provide support and assistance to IT and security teams for the successful implementation and operation of Zero Trust principles and network security solutions.
· Contribute to the documentation of the Zero Trust architecture, network security implementation, and maintenance processes.
**Requirements** :
· Advanced hands on experience and skills with Zscaler design and deployment
· Knowledge of Zero Trust principles, methodologies, and technologies, as well as a basic understanding of network security solutions and endpoint security
· Familiarity with network security tools and technologies, including firewalls, intrusion detection and prevention systems (IDPS), network segmentation, and secure remote access solutions.
· Strong problem-solving and analytical skills, with the ability to learn and apply new concepts quickly.
· Good communication and collaboration skills, with the ability to work effectively in a team environment.
· Bachelor's degree in computer science, information technology, or a related field.
· Relevant certifications, such as Zscaler, CISSP, CIAM, or similar certifications are a plus.
**Required Skills:**
Certificate Services, Certificate Services, Cloud Security, Computer Science, Cybersecurity, Cybersecurity Analytics, Cybersecurity Operations, Delivery of Security Applications, Design Applications, Endpoint Security, Firewall Security, Identity Access Management (IAM), Incident Response, Information Security, Intrusion Detection, Intrusion Prevention System (IPS), Management Process, Network Security, Network Security Management, Network Security Tools, Network Segmentation, Network Troubleshooting, Operational Technology (OT) Security, Program Implementation, Security Analytics {+ 5 more}
**Preferred Skills:**
Current Employees apply HERE ( Contingent Workers apply HERE ( and Puerto Rico Residents Only:**
Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here ( if you need an accommodation during the application or hiring process.
As an Equal Employment Opportunity Employer, we provide equal opportunities to all employees and applicants for employment and prohibit discrimination on the basis of race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or other applicable legally protected characteristics. As a federal contractor, we comply with all affirmative action requirements for protected veterans and individuals with disabilities. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:
EEOC Know Your Rights ( GINA Supplement
We are proud to be a company that embraces the value of bringing together, talented, and committed people with diverse experiences, perspectives, skills and backgrounds. The fastest way to breakthrough innovation is when people with diverse ideas, broad experiences, backgrounds, and skills come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another's thinking and approach problems collectively.
Learn more about your rights, including under California, Colorado and other US State Acts ( Hybrid Work Model**
Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as "remote".
The salary range for this role is
$114,700.00 - $180,500.00
This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An employee's position within the salary range will be based on several factors including, but not limited to relevant education, qualifications, certifications, experience, skills, geographic location, government requirements, and business or organizational needs.
The successful candidate will be eligible for annual bonus and long-term incentive, if applicable.
We offer a comprehensive package of benefits. Available benefits include medical, dental, vision healthcare and other insurance benefits (for employee and family), retirement benefits, including 401(k), paid holidays, vacation, and compassionate and sick days. More information about benefits is available at .
You can apply for this role through (or via the Workday Jobs Hub if you are a current employee). The application deadline for this position is stated on this posting.
**San Francisco Residents Only:** We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance
**Los Angeles Residents Only:** We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance
**Search Firm Representatives Please Read Carefully**
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.
**Employee Status:**
Regular
**Relocation:**
No relocation
**VISA Sponsorship:**
No
**Travel Requirements:**
10%
**Flexible Work Arrangements:**
Hybrid
**Shift:**
Not Indicated
**Valid Driving License:**
No
**Hazardous Material(s):**
n/a
**Job Posting End Date:**
10/27/2025
***A job posting is effective until 11:59:59PM on the day** **BEFORE** **the listed job posting end date. Please ensure you apply to a job posting no later than the day** **BEFORE** **the job posting end date.**
**Requisition ID:** R

**Calling all innovators - find your future at Fiserv.**
We're Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants and consumers to one another millions of times a day - quickly, reliably, and securely. Any time you swipe your credit card, pay through a mobile app, or withdraw money from the bank, we're involved. If you want to make an impact on a global scale, come make a difference at Fiserv.
**Job Title**
Cybersecurity & Technology Risk Officer
**What does a successful Cybersecurity & Technology Risk Officer (CTRO) do?**
You will serve as a critical link between our business unit leadership and the broader enterprise Cybersecurity organization. In this role, you will champion cybersecurity awareness and risk mitigation, advise executive stakeholders, and ensure alignment of business objectives with enterprise security and technology standards, and regulatory expectations. Your focus will be on embedding cybersecurity principles into the strategic operations of the business, ensuring data protection, resiliency, regulatory compliance, and enabling secure innovation.
**What you will do:**
+ Partner with CIOs, senior leadership, and technology stakeholders to assess and communicate cybersecurity risk in business terms and influence prioritization of security investments and drive remediation strategies that align with enterprise risk tolerance.
+ Serve as the primary cybersecurity advisor to the business, interpreting enterprise policies and providing actionable guidance.
+ Identify, assess, and document security risks across products, applications, and third-party relationships and collaborate with remediation owners to develop and track resolution plans based on risk severity and business impact.
+ Deliver executive-level risk dashboards and metrics that provide transparency into the business's security posture.
+ Promote awareness of regulatory and industry obligations through targeted training, awareness campaigns, and proactive engagement.
+ Ensure security risk and controls assessments are conducted at appropriate intervals with relevant depth based on evolving threats and business changes.
+ Stay current with the threat landscape, regulatory developments, and best practices.
+ And apply insights to anticipate future risks and inform business-specific security planning.
+ Guide technology teams in adopting enterprise cybersecurity tools, capabilities, and controls.
**What you will need to have:**
+ 10+ years of progressive experience in Information Security, Cyber Risk, or Technology Risk roles.
+ 5+ years of experience in the financial services or banking industry with working knowledge of relevant regulations (e.g., GLBA, FFIEC, PCI, SOX).
+ Experience with cybersecurity governance frameworks (e.g., NIST CSF, ISO/IEC 27001) and enterprise risk management practices.
+ Ability to operate with a sense of urgency in high-stakes, highly regulated environments.
+ Strategic mindset with the ability to execute operationally.
+ Bachelor's degree in Computer Science, Information Security, Information Technology, or related discipline and/or equivalent work experience.
**What would be great to have:**
+ Certifications such as CISSP (Certified Information Systems Security Professional), CRISC, CISM, or other risk-related certifications.
**Important info about this role:**
+ We're better together! This role is fully on-site.
+ This is a full-time, direct-hire position, and no contract options or unsolicited agency submissions will be considered.
+ You must currently possess valid and unrestricted U.S. work authorization to be considered for this role. Individuals with temporary visas including, but not limited to, F-1 (OPT, CPT, STEM), H-1B, H-2, or TN, or any candidate requiring sponsorship, now or in the future, will not be considered for this role.
#LI-RM-1
**Salary Range**
$168,500.00 - $271,200.00
_These pay ranges apply to employees in New Jersey and New York. Pay ranges for employees in other states may differ._
It is unlawful to discriminate against a prospective employee due to the individual's status as a veteran.
For incentive eligible associates, the successful candidate is eligible for an annual incentive opportunity which may be delivered as a mix of cash bonus and equity awards in the Company's sole discretion.
Thank you for considering employment with Fiserv. Please:
+ Apply using your legal name
+ Complete the step-by-step profile and attach your resume (either is acceptable, both are preferable).
**Our commitment to Equal Opportunity:**
Fiserv is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, gender identity, sexual orientation, age, disability, protected veteran status, or any other category protected by law.
If you have a disability and require a reasonable accommodation in completing a job application or otherwise participating in the overall hiring process, please contact . Please note our AskHR representatives do not have visibility to your application status. Current associates who require a workplace accommodation should refer to Fiserv's Disability Accommodation Policy for additional information.
**Note to agencies:**
Fiserv does not accept resume submissions from agencies outside of existing agreements. Please do not send resumes to Fiserv associates. Fiserv is not responsible for any fees associated with unsolicited resume submissions.
**Warning about fake job posts:**
Please be aware of fraudulent job postings that are not affiliated with Fiserv. Fraudulent job postings may be used by cyber criminals to target your personally identifiable information and/or to steal money or financial information. Any communications from a Fiserv representative will come from a legitimate Fiserv email address.

**Job Description Summary**
We are seeking an experienced and visionary AI/ML Security Lead to drive the secure design, development, and deployment of AI and machine learning systems across BD. This role will be responsible for identifying and mitigating AI-specific threats, ensuring compliance with emerging AI regulations, and embedding security into the AI/ML lifecycle. This role involves cross-functional coordination of AI/ML related cybersecurity deliverables, acting as a day-to-day point of contact for functional stakeholders and ensuring all AL/ML products are secure by design principles and are compliant with internal policies and regulatory requirements. The AI/ML cybersecurity lead will work closely with IT, R&D, and cybersecurity teams to implement cybersecurity capabilities and controls and processes across BD systems.
We encourage Candidates near any of our US - BD Locations to apply for this In Office role.
**Job Description**
We are **the makers of possible**
BD is one of the largest global medical technology companies in the world. Advancing the world of health is our Purpose, and it's no small feat. It takes the imagination and passion of all of us-from design and engineering to the manufacturing and marketing of our billions of MedTech products per year-to look at the impossible and find transformative solutions that turn dreams into possibilities.
We believe that the human element, across our global teams, is what allows us to continually evolve. Join us and discover an environment in which you'll be supported to learn, grow and become your best self. Become a **maker of possible** with us.
**Key Responsibilities include but are not limited to:**
**AI/ML Cybersecurity Management & Governance**
+ Support the development and implementation of AI security policies, standards, and frameworks.
+ Lead threat modeling and risk assessments for AI/ML systems.
+ Collaborate with legal and compliance teams to ensure adherence to AI-related regulations (e.g., EU AI Act, NIST AI RMF).
+ Secure AI Development
+ Partner with data science and engineering teams to embed security into the AI/ML development lifecycle (MLOps).
+ Define and enforce secure coding practices for AI models and pipelines.
+ Evaluate third-party AI tools and APIs for security and privacy risks
+ Support the design and implementation of monitoring strategies for AI model behavior and drift.
+ Support investigations into AI-related security incidents, including adversarial attacks and model inversion.
+ Co-Develop response playbooks for AI-specific threats.
**Innovation & Thought Leadership**
+ Stay current with emerging AI/ML security threats, tools, and research.
+ Represent the organization in external forums and contribute to industry standards.
+ Mentor and train internal teams on AI security best practices.
**Qualifications:**
+ Bachelor's or master's degree in computer science, Cybersecurity, Data Science, or related field.
+ 8+ years of experience in cybersecurity, with at least 2 years focused on AI/ML systems.
+ Strong understanding of AI/ML technologies, architecture, and threat landscapes.
+ Experience with secure MLOps, adversarial ML, and AI model governance.
+ Familiarity with regulatory frameworks (e.g., NIST AI RMF, ISO/IEC 42001, GDPR, EU AI Act).
+ Certifications such as CISSP, CCSP, or emerging AI security credentials are a plus.
+ Excellent communication, organization, critical thinking and problem-solving skills are essential.
**Preferred Skills:**
+ Hands-on experience with AI/ML platforms (e.g., TensorFlow, PyTorch, Azure ML, SageMaker etc.).
+ Knowledge of data privacy, model explainability, and fairness in AI.
+ Strong communication and stakeholder management skills.
At BD, we prioritize on-site collaboration because we believe it fosters creativity, innovation, and effective problem-solving, which are essential in the fast-paced healthcare industry. For most roles, we require a minimum of 4 days of in-office presence per week to maintain our culture of excellence and ensure smooth operations, while also recognizing the importance of flexibility and work-life balance. Remote or field-based positions will have different workplace arrangements which will be indicated in the job posting.
For certain roles at BD, employment is contingent upon the Company's receipt of sufficient proof that you are fully vaccinated against COVID-19. In some locations, testing for COVID-19 may be available and/or required. Consistent with BD's Workplace Accommodations Policy, requests for accommodation will be considered pursuant to applicable law.
**Why Join Us?**
A career at BD means being part of a team that values your opinions and contributions and that encourages you to bring your authentic self to work. It's also a place where we help each other be great, we do what's right, we hold each other accountable, and learn and improve every day.
To find purpose in the possibilities, we need people who can see the bigger picture, who understand the human story that underpins everything we do. We welcome people with the imagination and drive to help us reinvent the future of health. At BD, you'll discover a culture in which you can learn, grow, and thrive. And find satisfaction in doing your part to make the world a better place.
To learn more about BD visit  Dickinson, and Company is an Equal Opportunity Employer. We evaluate applicants without regard to race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, and other legally-protected characteristics.
Required Skills
Optional Skills
.
**Primary Work Location**
USA NJ - Franklin Lakes
**Additional Locations**
**Work Shift**
At BD, we are strongly committed to investing in our associates-their well-being and development, and in providing rewards and recognition opportunities that promote a performance-based culture. We demonstrate this commitment by offering a valuable, competitive package of compensation and benefits programs which you can learn more about on our Careers Site under Our Commitment to You ( .
Salary or hourly rate ranges have been implemented to reward associates fairly and competitively, as well as to support recognition of associates' progress, ranging from entry level to experts in their field, and talent mobility. There are many factors, such as location, that contribute to the range displayed. The salary or hourly rate offered to a successful candidate is based on experience, education, skills, and any step rate pay system of the actual work location, as applicable to the role or position. Salary or hourly pay ranges may vary for Field-based and Remote roles.
**Salary Range Information**
$143,300.00 - $236,500.00 USD Annual
Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, or any other protected status.