14,290 Database Security jobs in the United States

Take the next step toward your new career today!
Become a part of the diverse and inclusive team within our nationally recognized award-winning Bank that is one of the strongest in the nation. Woodforest National Bank is privately owned, and our Employee Stock Ownership Plan is the largest shareholder. We focus on building relationships and discovering opportunities to better serve our communities and understand the financial needs of every customer we serve. At Woodforest we care and prove it by volunteering with local charities and foodbanks to give back to the communities we serve. By joining Woodforest you will become a part of one of the largest employee-owned banks in the country!
The Database Security Analyst is responsible for administering the Database Security Solution with the Cybersecurity Threat Intelligence Lead. The Database Security Analyst will be responsible for coordinating with internal teams to implement database security and monitoring solutions to meet goals and regulatory requirements. The Database Security Analyst will also perform maintenance, tuning, and optimization to the database security solution.
This position will work 'in-office' during an initial training period. Once the training period is successfully completed, this position, at the manager's discretion, is eligible for telecommuting and remote work, subject to Woodforest's Telecommuting and Remote Work Policy. For in-office and telecommuting requirements, Woodforest National Bank offices are in The Woodlands, Texas.
Remote work shall only be performed from states/areas in which WNB has an established footprint. These states are Alabama, Florida, Georgia, Illinois, Indiana, Kentucky, Louisiana, Maryland, Mississippi, New York, North Carolina, Ohio, Pennsylvania, South Carolina, Texas, Virginia, and West Virginia.
Key Responsibilities:
· Works closely with internal technology teams, business stakeholders, MSSP, and outside vendors to research, analyze and monitor security threats.
· Administers, monitors, and tunes the database security system compromising of on-prem and cloud databases.
· Assists in managing security solutions including logging, alerting, and threat analysis.
· Security system monitoring and alerting appropriate parties of vulnerabilities, attacks, and other security issues.
· Recommends and implements policies and procedures to ensure adherence to security standards and compliance.
Competencies Required:
· Demonstrated success in managing, analyzing, and solving complex network technical issues.
· Technical knowledge of security configurations, log analysis, intrusion detection and mitigation.
· Strong verbal communication and technical writing skills with an ability to effectively interact with and convey information to people who possess varying levels of understanding on applicable topics.
· Ability to work independently while supporting a team environment.
· Solid understanding of network security practices, systems, and standards.
· Strong technology skills, including intermediate proficiency with Microsoft Office (Word, Excel, Outlook, PowerPoint, Visio) and Database platforms.
· Customer service orientation with proven process and project management skills.
· Strategic and problem-solving mindset with developed analytical abilities and organizational skills.
Minimum Qualifications/Experience:
· 3 years of network or systems administration experience required.
· 2 years of SQL or Database Security administration experience required.
· Other beneficial experience (i.e., MS-SQL, Imperva Sonar, Cloud Security, SIEM, EDR, Vulnerability Management, Python, or Automation/Orchestration), preferred.
· Financial services or banking industry experience preferred.
Formal Education & Certification:
· IT related degree preferred.
Work Status:
· Full-Time.
Supervisory Responsibility:
· None.
Travel:
· Less than 10% travel expected.
Working Conditions:
· Conditions involve lifting no more than ten pounds, sitting most of the time, but may involve walking, moving, or standing for brief periods, and occasionally lifting and carrying articles like files, ledgers, folders, etc.
Disclaimer:
This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Nothing herein restricts management's right to assign or reassign duties and responsibilities to this job at any time.
Woodforest is an Equal Opportunity Employer, including Disability and Veterans.
**Job:** **Technology Services*
**Organization:** **Texas - Houston*
**Title:** *Database Security Analyst*
**Location:** *Texas-The Woodlands*
**Requisition ID:** *069062*

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Summary

The Database Security Engineer Lead is responsible for implementing and maintaining security systems that provide detection, prevention, containment and deterrence mechanisms to protect the integrity of relational database systems, AWS cloud native databases, NoSQL and big data platforms, and the data they contain. Using security principles and best practice, the engineer will work with a team of other security professionals to provide guidance and support to operational, business and regulatory teams and will perform expert level database security incident response and investigation.

The Database Security Engineer Lead is a key position for providing protection and assurance on the controls safeguarding the bank's information assets.

Major Responsibilities

• Designing, developing, testing, documenting, monitoring, and implementing information and database security solutions to enforce security strategies and support to new/existing systems in accordance with policies, standards, guidelines and procedures.

• Serve as a trusted partner to business, operations, development, risk and compliance teams providing database security subject matter expert (SME) guidance and analysis.

• Managing a database activity monitoring (DAM) platform for security and audit compliance, including policy creation, event and trend analysis, performance monitoring and infrastructure maintenance.

• Developing and maintaining database security standards, guidelines and procedures for hardening database configurations, users and roles, profiles, etc.

• Refining and enhancing existing controls, policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data.

• Evaluating updates to new/existing database security controls by determining the strengths/weaknesses and coordinate the testing and implementation of the new/enhanced controls with all business partners that are affected.

• Identifying weak links in information security products and determine how to mitigate the control deficiencies.

• Enhancing preventive systems used to stop and/or deter security breaches.

• Evaluating database security patches from vendors and assesses potential risk and work with stakeholders to address vulnerabilities.

• Respond to security Incidents and assist with Tier-1 and Tier-2 incident investigations.

• Performing root cause analysis of security violations to determine if they are the result of misconfiguration or malfunction or if they are malicious, and taking appropriate action depending on circumstances.

• Serve as technical lead on projects within area of responsibility.

• Working with database custodians at different levels of the organization to understand their respective security needs and assist with implementing practices and procedures consistent with the bank information security policy.

• Working with internal and external auditors to demonstrate and provide evidence of security controls are adherence to regulatory compliance.

• Executing and enhancing monitoring systems used to detect and report security violations.

• Identify weak links in information security products and determine how to mitigate the control deficiencies.

• Maintain familiarity with industry trends and current security practices.

• Demonstrate ability to manage complex projects in an effective manner. This includes the ability to prepare detailed task plans outlining all requirements to complete the given assignment.

• Evaluate business process and application software, which effect the integrity, functionality, and reliability of the Bank's network and systems.

Qualifications

• Degree or equivalent work experience equally preferable

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or Related Fields or relevant industry certifications and comparable experience

• Master's Degree (preferred)

• 5-7+ years of technical experience in cybersecurity, insider threat, incident response, security operations, or related information security field

• Experience in the banking or finance industries preferred

• Database security, monitoring and protection

• Database activity monitoring platforms such as Imperva Data Security and Data Risk Analytics (DRA) and Imperva Data Security Fabric (DSF / Sonar)

• Imperva Data Security Specialist (IDSS) certification strongly preferred

• In-depth working knowledge of databases and database technologies

• Familiarity with AWS technologies and methods including RDS (Relational Database Service)

• Data protection especially with regard to cybersecurity tools and methods

• Database Firewall, Data Classification

• Vulnerability detection and mitigation

• Cybersecurity experience in regulated banking or financial environment

• Penetration testing and attack forensics

• IS audit

• GRC Tools & Processes

• Ability to understand security risks and controls, to analyze various methods of controlling information security problems, determine the strengths and weaknesses of each method and implement the best cost-justified solution.

• Advanced experience with DAM, SIEM, UEBA and related tools.

• Detailed knowledge of major database platforms such as Oracle, SQLSERVER, MySQL, etc.

• Working knowledge of at least two or more operating systems and corresponding security systems (Linux, Unix, Windows, etc.)

• Proficient with development of documentation, presentations and architecture diagrams.

• Working knowledge of regulatory requirements affecting data integrity, protection and monitoring, such as GLBA, SOX, PCI, etc.

• These certification are a plus - Imperva Database Security Specialist (IDSS),Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified in Governance, Risk and Compliance (CGRC), formerly Certified Authorization Professional (CAP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)

The typical base pay range for this role is between $137K - $176K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary (

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.

At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!

Our Culture Principles

• Client Centric

• People Focused

• Listen Up. Speak Up.

• Innovate & Simplify

• Own & Execute

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Summary

The Database Security Engineer Lead is responsible for implementing and maintaining security systems that provide detection, prevention, containment and deterrence mechanisms to protect the integrity of relational database systems, AWS cloud native databases, NoSQL and big data platforms, and the data they contain. Using security principles and best practice, the engineer will work with a team of other security professionals to provide guidance and support to operational, business and regulatory teams and will perform expert level database security incident response and investigation.

The Database Security Engineer Lead is a key position for providing protection and assurance on the controls safeguarding the bank's information assets.

Major Responsibilities

• Designing, developing, testing, documenting, monitoring, and implementing information and database security solutions to enforce security strategies and support to new/existing systems in accordance with policies, standards, guidelines and procedures.

• Serve as a trusted partner to business, operations, development, risk and compliance teams providing database security subject matter expert (SME) guidance and analysis.

• Managing a database activity monitoring (DAM) platform for security and audit compliance, including policy creation, event and trend analysis, performance monitoring and infrastructure maintenance.

• Developing and maintaining database security standards, guidelines and procedures for hardening database configurations, users and roles, profiles, etc.

• Refining and enhancing existing controls, policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data.

• Evaluating updates to new/existing database security controls by determining the strengths/weaknesses and coordinate the testing and implementation of the new/enhanced controls with all business partners that are affected.

• Identifying weak links in information security products and determine how to mitigate the control deficiencies.

• Enhancing preventive systems used to stop and/or deter security breaches.

• Evaluating database security patches from vendors and assesses potential risk and work with stakeholders to address vulnerabilities.

• Respond to security Incidents and assist with Tier-1 and Tier-2 incident investigations.

• Performing root cause analysis of security violations to determine if they are the result of misconfiguration or malfunction or if they are malicious, and taking appropriate action depending on circumstances.

• Serve as technical lead on projects within area of responsibility.

• Working with database custodians at different levels of the organization to understand their respective security needs and assist with implementing practices and procedures consistent with the bank information security policy.

• Working with internal and external auditors to demonstrate and provide evidence of security controls are adherence to regulatory compliance.

• Executing and enhancing monitoring systems used to detect and report security violations.

• Identify weak links in information security products and determine how to mitigate the control deficiencies.

• Maintain familiarity with industry trends and current security practices.

• Demonstrate ability to manage complex projects in an effective manner. This includes the ability to prepare detailed task plans outlining all requirements to complete the given assignment.

• Evaluate business process and application software, which effect the integrity, functionality, and reliability of the Bank's network and systems.

Qualifications

• Degree or equivalent work experience equally preferable

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or Related Fields or relevant industry certifications and comparable experience

• Master's Degree (preferred)

• 5-7+ years of technical experience in cybersecurity, insider threat, incident response, security operations, or related information security field

• Experience in the banking or finance industries preferred

• Database security, monitoring and protection

• Database activity monitoring platforms such as Imperva Data Security and Data Risk Analytics (DRA) and Imperva Data Security Fabric (DSF / Sonar)

• Imperva Data Security Specialist (IDSS) certification strongly preferred

• In-depth working knowledge of databases and database technologies

• Familiarity with AWS technologies and methods including RDS (Relational Database Service)

• Data protection especially with regard to cybersecurity tools and methods

• Database Firewall, Data Classification

• Vulnerability detection and mitigation

• Cybersecurity experience in regulated banking or financial environment

• Penetration testing and attack forensics

• IS audit

• GRC Tools & Processes

• Ability to understand security risks and controls, to analyze various methods of controlling information security problems, determine the strengths and weaknesses of each method and implement the best cost-justified solution.

• Advanced experience with DAM, SIEM, UEBA and related tools.

• Detailed knowledge of major database platforms such as Oracle, SQLSERVER, MySQL, etc.

• Working knowledge of at least two or more operating systems and corresponding security systems (Linux, Unix, Windows, etc.)

• Proficient with development of documentation, presentations and architecture diagrams.

• Working knowledge of regulatory requirements affecting data integrity, protection and monitoring, such as GLBA, SOX, PCI, etc.

• These certification are a plus - Imperva Database Security Specialist (IDSS),Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified in Governance, Risk and Compliance (CGRC), formerly Certified Authorization Professional (CAP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)

The typical base pay range for this role is between $137K - $176K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary (

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.

At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!

Our Culture Principles

• Client Centric

• People Focused

• Listen Up. Speak Up.

• Innovate & Simplify

• Own & Execute

**Do you want your voice heard and your actions to count?**
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.
**Job Summary**
The Database Security Engineer Lead is responsible for implementing and maintaining security systems that provide detection, prevention, containment and deterrence mechanisms to protect the integrity of relational database systems, AWS cloud native databases, NoSQL and big data platforms, and the data they contain. Using security principles and best practice, the engineer will work with a team of other security professionals to provide guidance and support to operational, business and regulatory teams and will perform expert level database security incident response and investigation.
The Database Security Engineer Lead is a key position for providing protection and assurance on the controls safeguarding the bank's information assets.
**Major Responsibilities**
+ Designing, developing, testing, documenting, monitoring, and implementing information and database security solutions to enforce security strategies and support to new/existing systems in accordance with policies, standards, guidelines and procedures.
+ Serve as a trusted partner to business, operations, development, risk and compliance teams providing database security subject matter expert (SME) guidance and analysis.
+ Managing a database activity monitoring (DAM) platform for security and audit compliance, including policy creation, event and trend analysis, performance monitoring and infrastructure maintenance.
+ Developing and maintaining database security standards, guidelines and procedures for hardening database configurations, users and roles, profiles, etc.
+ Refining and enhancing existing controls, policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data.
+ Evaluating updates to new/existing database security controls by determining the strengths/weaknesses and coordinate the testing and implementation of the new/enhanced controls with all business partners that are affected.
+ Identifying weak links in information security products and determine how to mitigate the control deficiencies.
+ Enhancing preventive systems used to stop and/or deter security breaches.
+ Evaluating database security patches from vendors and assesses potential risk and work with stakeholders to address vulnerabilities.
+ Respond to security Incidents and assist with Tier-1 and Tier-2 incident investigations.
+ Performing root cause analysis of security violations to determine if they are the result of misconfiguration or malfunction or if they are malicious, and taking appropriate action depending on circumstances.
+ Serve as technical lead on projects within area of responsibility.
+ Working with database custodians at different levels of the organization to understand their respective security needs and assist with implementing practices and procedures consistent with the bank information security policy.
+ Working with internal and external auditors to demonstrate and provide evidence of security controls are adherence to regulatory compliance.
+ Executing and enhancing monitoring systems used to detect and report security violations.
+ Identify weak links in information security products and determine how to mitigate the control deficiencies.
+ Maintain familiarity with industry trends and current security practices.
+ Demonstrate ability to manage complex projects in an effective manner. This includes the ability to prepare detailed task plans outlining all requirements to complete the given assignment.
+ Evaluate business process and application software, which effect the integrity, functionality, and reliability of the Bank's network and systems.
**Qualifications**
+ Degree or equivalent work experience equally preferable
+ Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or Related Fields or relevant industry certifications and comparable experience
+ Master's Degree (preferred)
+ 5-7+ years of technical experience in cybersecurity, insider threat, incident response, security operations, or related information security field
+ Experience in the banking or finance industries preferred
+ Database security, monitoring and protection
+ Database activity monitoring platforms such as Imperva Data Security and Data Risk Analytics (DRA) and Imperva Data Security Fabric (DSF / Sonar)
+ Imperva Data Security Specialist (IDSS) certification strongly preferred
+ In-depth working knowledge of databases and database technologies
+ Familiarity with AWS technologies and methods including RDS (Relational Database Service)
+ Data protection especially with regard to cybersecurity tools and methods
+ Database Firewall, Data Classification
+ Vulnerability detection and mitigation
+ Cybersecurity experience in regulated banking or financial environment
+ Penetration testing and attack forensics
+ IS audit
+ GRC Tools & Processes
+ Ability to understand security risks and controls, to analyze various methods of controlling information security problems, determine the strengths and weaknesses of each method and implement the best cost-justified solution.
+ Advanced experience with DAM, SIEM, UEBA and related tools.
+ Detailed knowledge of major database platforms such as Oracle, SQLSERVER, MySQL, etc.
+ Working knowledge of at least two or more operating systems and corresponding security systems (Linux, Unix, Windows, etc.)
+ Proficient with development of documentation, presentations and architecture diagrams.
+ Working knowledge of regulatory requirements affecting data integrity, protection and monitoring, such as GLBA, SOX, PCI, etc.
+ These certification are a plus - Imperva Database Security Specialist (IDSS),Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified in Governance, Risk and Compliance (CGRC), formerly Certified Authorization Professional (CAP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
The typical base pay range for this role is between $137K - $176K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.
MUFG Benefits Summary ( will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.
We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.
At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!
**Our Culture Principles**
+ Client Centric
+ People Focused
+ Listen Up. Speak Up.
+ Innovate & Simplify
+ Own & Execute

**Do you want your voice heard and your actions to count?**
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.
**Job Summary**
The Database Security Engineer Lead is responsible for implementing and maintaining security systems that provide detection, prevention, containment and deterrence mechanisms to protect the integrity of relational database systems, AWS cloud native databases, NoSQL and big data platforms, and the data they contain. Using security principles and best practice, the engineer will work with a team of other security professionals to provide guidance and support to operational, business and regulatory teams and will perform expert level database security incident response and investigation.
The Database Security Engineer Lead is a key position for providing protection and assurance on the controls safeguarding the bank's information assets.
**Major Responsibilities**
+ Designing, developing, testing, documenting, monitoring, and implementing information and database security solutions to enforce security strategies and support to new/existing systems in accordance with policies, standards, guidelines and procedures.
+ Serve as a trusted partner to business, operations, development, risk and compliance teams providing database security subject matter expert (SME) guidance and analysis.
+ Managing a database activity monitoring (DAM) platform for security and audit compliance, including policy creation, event and trend analysis, performance monitoring and infrastructure maintenance.
+ Developing and maintaining database security standards, guidelines and procedures for hardening database configurations, users and roles, profiles, etc.
+ Refining and enhancing existing controls, policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data.
+ Evaluating updates to new/existing database security controls by determining the strengths/weaknesses and coordinate the testing and implementation of the new/enhanced controls with all business partners that are affected.
+ Identifying weak links in information security products and determine how to mitigate the control deficiencies.
+ Enhancing preventive systems used to stop and/or deter security breaches.
+ Evaluating database security patches from vendors and assesses potential risk and work with stakeholders to address vulnerabilities.
+ Respond to security Incidents and assist with Tier-1 and Tier-2 incident investigations.
+ Performing root cause analysis of security violations to determine if they are the result of misconfiguration or malfunction or if they are malicious, and taking appropriate action depending on circumstances.
+ Serve as technical lead on projects within area of responsibility.
+ Working with database custodians at different levels of the organization to understand their respective security needs and assist with implementing practices and procedures consistent with the bank information security policy.
+ Working with internal and external auditors to demonstrate and provide evidence of security controls are adherence to regulatory compliance.
+ Executing and enhancing monitoring systems used to detect and report security violations.
+ Identify weak links in information security products and determine how to mitigate the control deficiencies.
+ Maintain familiarity with industry trends and current security practices.
+ Demonstrate ability to manage complex projects in an effective manner. This includes the ability to prepare detailed task plans outlining all requirements to complete the given assignment.
+ Evaluate business process and application software, which effect the integrity, functionality, and reliability of the Bank's network and systems.
**Qualifications**
+ Degree or equivalent work experience equally preferable
+ Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or Related Fields or relevant industry certifications and comparable experience
+ Master's Degree (preferred)
+ 5-7+ years of technical experience in cybersecurity, insider threat, incident response, security operations, or related information security field
+ Experience in the banking or finance industries preferred
+ Database security, monitoring and protection
+ Database activity monitoring platforms such as Imperva Data Security and Data Risk Analytics (DRA) and Imperva Data Security Fabric (DSF / Sonar)
+ Imperva Data Security Specialist (IDSS) certification strongly preferred
+ In-depth working knowledge of databases and database technologies
+ Familiarity with AWS technologies and methods including RDS (Relational Database Service)
+ Data protection especially with regard to cybersecurity tools and methods
+ Database Firewall, Data Classification
+ Vulnerability detection and mitigation
+ Cybersecurity experience in regulated banking or financial environment
+ Penetration testing and attack forensics
+ IS audit
+ GRC Tools & Processes
+ Ability to understand security risks and controls, to analyze various methods of controlling information security problems, determine the strengths and weaknesses of each method and implement the best cost-justified solution.
+ Advanced experience with DAM, SIEM, UEBA and related tools.
+ Detailed knowledge of major database platforms such as Oracle, SQLSERVER, MySQL, etc.
+ Working knowledge of at least two or more operating systems and corresponding security systems (Linux, Unix, Windows, etc.)
+ Proficient with development of documentation, presentations and architecture diagrams.
+ Working knowledge of regulatory requirements affecting data integrity, protection and monitoring, such as GLBA, SOX, PCI, etc.
+ These certification are a plus - Imperva Database Security Specialist (IDSS),Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified in Governance, Risk and Compliance (CGRC), formerly Certified Authorization Professional (CAP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
The typical base pay range for this role is between $137K - $176K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.
MUFG Benefits Summary ( will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.
We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.
At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!
**Our Culture Principles**
+ Client Centric
+ People Focused
+ Listen Up. Speak Up.
+ Innovate & Simplify
+ Own & Execute

Take your engineering expertise to new heights by joining a team of exceptionally talented professionals and solidify your place among top performers in the industry.
As a Principal Cybersecurity Architect at JPMorganChase within the Cybersecurity and Technology Controls line of business, you provide expertise to enhance and develop architecture platforms based on modern cloud-based technologies as well as support the adoption of strategic global solutions. Leverage your advanced architecture capabilities to identify, communicate, and mitigate risk, and collaborate with colleagues across the organization to drive best-in-class outcomes.
This role serves as a Product Security Lead (PSL) for the database product line, you will work proactively with your technology and business colleagues to identify and quantify security issues within their products and empower them to take decisive risk decisions at speed and scale. You are a security expert with a strong mix of database technology and communication skills and are passionate about enabling safe and secure innovation to make database products secure. You will work with some of the best and brightest cybersecurity and technology engineers to solve complex problems which will both challenge you and help you develop your skills in one of the most innovative and respected companies in the world.
**Job responsibilities**
+ Cultivate security culture. Products that have the right security culture will strive to prioritize sustainable controls and driving real risk reduction outcomes.
+ Embed threat modeling, security architecture, secure code review into product and application teams so they adopt our control products and create products that are secure from the start.
+ Know database products across their breadth and depth. Be fluent in your product's strategy and roadmap as well as its key investment programs.
+ Be your product's security thought leader. Learn from your product and cybersecurity teams and share best practice in both directions. Be recognized in your product as the clear point of escalation and subject matter expert for IT Risk and Cyber domains.
+ Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution, and identifying the root cause
+ Work collaboratively with product, technology, and business colleagues on an on-going basis for business-as-usual audit and regulatory engagements, risk activities and project initiatives.
+ Advises cross-functional teams on technology selections and decisions to achieve target state cybersecurity on improvements to current cybersecurity parameters
+ Develops multi-year roadmaps aligned with business and architecture strategy and priorities
+ Serves as the function's go-to subject matter expert and drives thought leadership within the product line
+ Contributes to the development of technical methods in cybersecurity in line with the latest product development methodologies
+ Participates in the firm's culture of diversity, opportunity, inclusion, and respect
**Required qualifications, capabilities, and skills**
+ Formal training or certification on cybersecurity architecture concepts and 10+ years applied experience
+ Experience in a successful security and risk organization with strong security and technical skills. Experience of operating in a regulated organization with a 3LoD (Line of defense) model is also needed
+ Delivery excellence mixed with strategic vision.
+ Able to communicate effectively and authoritatively with technical and non-technical stakeholders at all levels of the organization.and clearly explain complex technical concepts in simple terms.
+ Demonstrated success in influencing peers inside and outside your department.
+ Ability to drive change across organizations, collaborating with partners across Global Tech and other Lines of Business,identify challenges and engage resources across all roles and levels to identify and implement innovative solutions, and quickly digest new information/technologies and apply diverse experience and principles to be able to quickly come up to speed and add value in product security discussions.
+ Demonstrated experience / understanding with platform technologies including but not limited to: 1) A detailed, technical understanding of Public Cloud computing (GCP/AWS). Especially how Public Cloud services are hardened, and controls are applied to secure data, ensure resiliency/availability as well as prevent unauthorized access. 2) APIs/ micro-services 3) Database Technology 4) Identity & Access Management as well as Secrets Management, 5) Securing Software as a Service (SaaS) tool, 6) Securing Containerized workloads at build and runtime
+ Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
+ Experience applying expertise and new methods to determine solutions for complex architecture problems in one or more technical disciplines
+ Ability to present and effectively communicate with senior leaders and executives
+ Understanding of the business and knowledgeable of latest risk trends in the internal and external environments
**Preferred qualifications, capabilities, and skills**
+ Demonstrated ability to collaborate on, and/or lead, ad hoc teams for control architecture and design.
+ Experience within Line of Business teams with ability to leverage business perspectives when solving technology challenges
+ Experience fulfilling audit requests, challenging observations/findings and driving successful outcomes in technology audits
+ Proven ability to drive change in policy and control requirements at a firmwide level
+ Experience translating firmwide policy or regulatory requirements into control design and definition for Software Engineers and Solutions Architects
+ Experience in financial services consumer businesses (i.e., Mortgages, Cards or Digital) preferred but not required
+ Thinks in terms of risks and outcomes, and able to translate those into actions required to achieve business and technology goals. Proven experience of upskilling and learning modern technologies.
JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

Take your engineering expertise to new heights by joining a team of exceptionally talented professionals and solidify your place among top performers in the industry.

As a Principal Cybersecurity Architect at JPMorganChase within the Cybersecurity and Technology Controls line of business, you provide expertise to enhance and develop architecture platforms based on modern cloud-based technologies as well as support the adoption of strategic global solutions. Leverage your advanced architecture capabilities to identify, communicate, and mitigate risk, and collaborate with colleagues across the organization to drive best-in-class outcomes.

This role serves as a Product Security Lead (PSL) for the database product line, you will work proactively with your technology and business colleagues to identify and quantify security issues within their products and empower them to take decisive risk decisions at speed and scale. You are a security expert with a strong mix of database technology and communication skills and are passionate about enabling safe and secure innovation to make database products secure. You will work with some of the best and brightest cybersecurity and technology engineers to solve complex problems which will both challenge you and help you develop your skills in one of the most innovative and respected companies in the world.

Job responsibilities

• Cultivate security culture. Products that have the right security culture will strive to prioritize sustainable controls and driving real risk reduction outcomes.
• Embed threat modeling, security architecture, secure code review into product and application teams so they adopt our control products and create products that are secure from the start.
• Know database products across their breadth and depth. Be fluent in your product's strategy and roadmap as well as its key investment programs.
• Be your product's security thought leader. Learn from your product and cybersecurity teams and share best practice in both directions. Be recognized in your product as the clear point of escalation and subject matter expert for IT Risk and Cyber domains.
• Proactively monitor Key Risk Indicators to ensure issues are identified, quantified, communicated, and managed in a timely manner, including recommendations for resolution, and identifying the root cause
• Work collaboratively with product, technology, and business colleagues on an on-going basis for business-as-usual audit and regulatory engagements, risk activities and project initiatives.
• Advises cross-functional teams on technology selections and decisions to achieve target state cybersecurity on improvements to current cybersecurity parameters
• Develops multi-year roadmaps aligned with business and architecture strategy and priorities
• Serves as the function's go-to subject matter expert and drives thought leadership within the product line
• Contributes to the development of technical methods in cybersecurity in line with the latest product development methodologies
• Participates in the firm's culture of diversity, opportunity, inclusion, and respect

Required qualifications, capabilities, and skills

• Formal training or certification on cybersecurity architecture concepts and 10+ years applied experience
• Experience in a successful security and risk organization with strong security and technical skills. Experience of operating in a regulated organization with a 3LoD (Line of defense) model is also needed
• Delivery excellence mixed with strategic vision.
• Able to communicate effectively and authoritatively with technical and non-technical stakeholders at all levels of the organization.and clearly explain complex technical concepts in simple terms.
• Demonstrated success in influencing peers inside and outside your department.
• Ability to drive change across organizations, collaborating with partners across Global Tech and other Lines of Business,identify challenges and engage resources across all roles and levels to identify and implement innovative solutions, and quickly digest new information/technologies and apply diverse experience and principles to be able to quickly come up to speed and add value in product security discussions.
• Demonstrated experience / understanding with platform technologies including but not limited to: 1) A detailed, technical understanding of Public Cloud computing (GCP/AWS). Especially how Public Cloud services are hardened, and controls are applied to secure data, ensure resiliency/availability as well as prevent unauthorized access. 2) APIs/ micro-services 3) Database Technology 4) Identity & Access Management as well as Secrets Management, 5) Securing Software as a Service (SaaS) tool, 6) Securing Containerized workloads at build and runtime
• Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
• Experience applying expertise and new methods to determine solutions for complex architecture problems in one or more technical disciplines
• Ability to present and effectively communicate with senior leaders and executives
• Understanding of the business and knowledgeable of latest risk trends in the internal and external environments

Preferred qualifications, capabilities, and skills

• Demonstrated ability to collaborate on, and/or lead, ad hoc teams for control architecture and design.
• Experience within Line of Business teams with ability to leverage business perspectives when solving technology challenges
• Experience fulfilling audit requests, challenging observations/findings and driving successful outcomes in technology audits
• Proven ability to drive change in policy and control requirements at a firmwide level
• Experience translating firmwide policy or regulatory requirements into control design and definition for Software Engineers and Solutions Architects
• Experience in financial services consumer businesses (i.e., Mortgages, Cards or Digital) preferred but not required
• Thinks in terms of risks and outcomes, and able to translate those into actions required to achieve business and technology goals. Proven experience of upskilling and learning modern technologies.

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

Job Summary

Candidates residing within 50 miles of Pittsburgh, Mechanicsburg, or Buffalo are required to work in the office on Tuesdays, Wednesdays, and Thursdays. Candidate must be a US Citizen (due to contractual/access requirements). This job works with others to plan, research, evaluate, design and develop Information Security and Risk Management (ISRM) Infrastructure systems by applying engineering, hardware and software design theories and principles to develop a compatible system infrastructure in line with organizational strategies. Assists with the design, development, and implementation of ISRM Infrastructure components such as operating systems, software tools, and utilities. Supports studies of ISRM Infrastructure performance and traffic analysis. Determines systems design requirements and ensures that system improvements are successfully implemented and monitored to increase efficiency. Assists with the development of ISRM Infrastructure engineering policies, standards, and procedures.

Essential Responsibilities

• Serve on or may lead teams in clearly defining requirements, deliverables and timeframes. Escalate issues and make recommendations to resolve them to the appropriate audience.
• Conduct root cause analysis to identify and resolve complex problems impacting ISRM Infrastructure.
• Develop and/or deliver technical training in complex technical areas. Mentor less senior staff in the execution of their duties.
• Complete project tasks to enable the on time, within budget and scope delivery of ISRM Infrastructure projects.
• Implement, monitor, configure, and maintain security systems.
• Assure compliance to required standards, procedures, guidelines, and processes.
• Other duties as assigned or requested.

Required Education

Bachelor's Degree in Computer science, information systems, or closely related field.

Experience

Minimum: 3 - 5 years' experience with information security and systems analysis 3 - 5 years' with information security and/or information risk management and/or information technology 3 - 5 years' with operating systems and software administration 3 - 5 years' developing, communicating and presenting information security and risk management concepts to varying audiences 3 - 5 years' with technologies such as Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms

Preferred Experience

5 - 7 years' experience with information security and systems analysis 1 - 3 years' experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework 3 - 5 years' IT/information security risk advisory experience 3 - 5 years' In-depth understanding of network security architecture, network and networking protocols 3 - 5 years' database management, system administration and software development lifecycle

Skills

Knowledge of HITRUST CSF, NIST 800-83 cyber security framework, PCI, HIPAA, HITECH, COBIT, ISO 27001/2, and ITIL 3 Familiarity with secure SDLC best practices Knowledge of Microsoft Apps and Suites, Windows Server, SharePoint, etc. Strong teamwork and inter-personal skills

Required Licensure

None

Preferred Licensure

Certified Information Systems Security Professional (CISSP), Security

Travel Requirement

0% - 25%

Language Requirement (Other than English)

None

Physical, Mental Demands and Working Conditions

The physical, mental demands and working conditions described here are representative of those that must be met by an employee to successfully perform the essential function of their job. Reasonable accommodations will be made when necessary to enable individuals with disabilities to perform the essential duties of the position, to the extent that they do not cause undue hardship. Position Type: Office-Based An employee in this position works in an office environment. The position frequently requires the employee to communicate effectively with others both inside and outside the workplace (e.g., in person, via telephone, via email). The employee must be able to understand, interpret and analyze data, solve problems, concentrate, and research, use available technological resources and systems (e.g., computers and computer programs), multi-task, prioritize, and meet multiple deadlines to complete essential tasks. The employee generally works in a fast-paced and frequently stressful environment, must attend work on a regular and reliable basis as well as adhere to all workplace policies, and may be called upon to work outside regular business hours. Teaches/Trains others regularly Occasionally Travels regularly from the office to various work sites or from site-to-site Occasionally Works primarily out-of-the office selling products/services (Sales employees) Does Not Apply Physical Work Site Required Yes

Additional Information

Changes Approved By: Kathleen Thompson Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job. Compliance Requirement: This position adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company's Handbook of Privacy Policies and Practices and Information Security Policy. Furthermore, it is every employee's responsibility to comply with the company's Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Pay Range Minimum: $67,500.00 Pay Range Maximum: $126,000.00 Base pay is determined by a variety of factors including a candidate's qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations. The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets.

Information Security And Risk Management Infrastructure Systems Job

Company: enGen

Job Summary: Candidates residing within 50 miles of Pittsburgh, Mechanicsburg, or Buffalo are required to work in the office on Tuesdays, Wednesdays, and Thursdays. Candidate must be a US Citizen (due to contractual/access requirements). This job works with others to plan, research, evaluate, design and develop Information Security and Risk Management (ISRM) Infrastructure systems by applying engineering, hardware and software design theories and principles to develop a compatible system infrastructure in line with organizational strategies. Assists with the design, development, and implementation of ISRM Infrastructure components such as operating systems, software tools, and utilities. Supports studies of ISRM Infrastructure performance and traffic analysis. Determines systems design requirements and ensures that system improvements are successfully implemented and monitored to increase efficiency. Assists with the development of ISRM Infrastructure engineering policies, standards and procedures.

Essential Responsibilities:

• Serve on or may lead teams in clearly defining requirements, deliverables and timeframes. Escalate issues and make recommendations to resolve them to the appropriate audience.
• Conduct root cause analysis to identify and resolve complex problems impacting ISRM Infrastructure.
• Develop and/or deliver technical training in complex technical areas. Mentor less senior staff in the execution of their duties.
• Complete project tasks to enable the on time, within budget and scope delivery of ISRM Infrastructure projects.
• Implement, monitor, configure, and maintain security systems.
• Assure compliance to required standards, procedures, guidelines and processes.

Required Education: Bachelor's Degree in Computer science, information systems, or closely related field

Experience:

• Minimum: 3 - 5 years' experience with information security and systems analysis
• Minimum: 3 - 5 years' with information security and/or information risk management and/or information technology
• Minimum: 3 - 5 years' with operating systems and software administration
• Minimum: 3 - 5 years' developing, communicating and presenting information security and risk management concepts to varying audiences
• Minimum: 3 - 5 years' with technologies such as Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms
• Preferred: 5 - 7 years' experience with information security and systems analysis
• Preferred: 1 - 3 years' experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework
• Preferred: 3 - 5 years' IT/information security risk advisory experience
• Preferred: 3 - 5 years' In-depth understanding of network security architecture, network and networking protocols
• Preferred: 3 - 5 years' database management, system administration and software development lifecycle

Skills:

• Knowledge of HITRUST CSF, NIST 800-83 cyber security framework, PCI, HIPAA, HITECH, COBIT, ISO 27001/2, and ITIL 3
• Familiarity with secure SDLC best practices
• Knowledge of Microsoft Apps and Suites, Windows Server, SharePoint, etc.
• Strong teamwork and inter-personal skills

Required Licensure: None

Preferred Licensure: Certified Information Systems Security Professional (CISSP), Security

Travel Requirement: 0% - 25%

Language Requirement (other than English)? None

Physical, Mental Demands and Working Conditions:

The physical, mental demands and working conditions described here are representative of those that must be met by an employee to successfully perform the essential function of their job. Reasonable accommodations will be made when necessary to enable individuals with disabilities to perform the essential duties of the position, to the extent that they do not cause undue hardship.

Position Type: Office-Based

An employee in this position works in an office environment. The position frequently requires the employee to communicate effectively with others both inside and outside the workplace (e.g., in person, via telephone, via email). The employee must be able to understand, interpret and analyze data, solve problems, concentrate, and research, use available technological resources and systems (e.g., computers and computer programs), multi-task, prioritize, and meet multiple deadlines to complete essential tasks. The employee generally works in a fast-paced and frequently stressful environment, must attend work on a regular and reliable basis as well as adhere to all workplace policies, and may be called upon to work outside regular business hours.

Pay Range Minimum: $67,500.00

Pay Range Maximum: $126,000.00

Base pay is determined by a variety of factors including a candidate's qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations. The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets.