Ec2 Security Group Cloudformation Jobs in Usa

Physical Security Consultant

Our firm is partnering with a leading multidisciplinary engineering and consulting organization to identify a Physical Security Consultant to support a diverse portfolio of clients across sectors including aviation, civic and cultural facilities, corporate environments, government, healthcare, higher education, science and technology, and sports venues.

This role can be based in Atlanta, GA; Jacksonville, FL; Raleigh, NC; or Charleston, SC.

Responsibilities

• Strategic Risk Analysis: Conduct threat, vulnerability, and asset analyses (security risk assessments) to identify security gaps and recommend mitigation strategies.
• Facility Hardening: Support and oversee site hardening initiatives including the use of vehicle barriers, ballistic-rated materials, and other protective infrastructure.
• Crime Prevention Through Environmental Design (CPTED): Apply CPTED principles to improve safety and deter criminal activity within facility and campus environments.
• Strategic Planning: Develop, implement, and maintain security policies, procedures, and system strategies for client organizations.
• Advisory Support: Provide expert recommendations to leadership and stakeholders on strengthening security posture and maintaining regulatory compliance.
• Technology Management: Lead evaluation, selection, and vendor coordination for security technologies ensuring compliance with project requirements and budgets.
• Incident Response: Investigate security incidents, evaluate current procedures and countermeasures, and help develop contingency and response plans.
• Compliance & Auditing: Conduct site audits and assessments to ensure adherence to applicable regulatory standards such as ISC and DHS guidelines.
• System Design & Integration: Design and architect physical security systems including access control, video surveillance (VMS), and intrusion detection solutions.
• Mentorship: Support the development of junior consultants and security professionals through technical guidance and knowledge sharing.

Knowledge, Skills, and Abilities

• Strong organizational skills with the ability to prioritize tasks and maintain high standards of quality control.
• Excellent written and verbal communication skills with the ability to engage technical and non-technical stakeholders.
• Demonstrated knowledge of access control system architecture, components, communication protocols, and credential technologies.
• Demonstrated knowledge of video surveillance systems, camera technologies, and recording platforms.
• Demonstrated knowledge of intrusion detection systems and associated technologies.
• Understanding of security communications systems including radio, intercom, public address systems, and network infrastructure.
• Familiarity with building design and construction processes is preferred.

Education and Experience

• Bachelor’s degree in Security Management, Criminal Justice, Emergency Management, or a related field preferred.
• CSC, PSP, or CPP certification required.
• 5–10 years of progressive experience in physical security consulting, security management, or integrated security system design.
• Experience conducting risk and vulnerability assessments required.
• Experience supporting network design for security systems is a plus.
• Ability to travel approximately 20% as needed.
• Valid driver’s license with acceptable driving record required.

Role: GRC Engineer (OneTrust / NIST) - Mid

Location: Plano, Texas (Hybrid)

Duration: Long Term Contract

Description

We are seeking a hands‑on GRC Engineer & Risk Analytics professional who will implement and scale a NIST‑aligned control and risk framework in OneTrust while also conducting targeted risk and control assessments to validate design and operating effectiveness. Reporting to the TFSB CISO, you will connect process, data, and automation so department leaders can see—and reduce—risk in near‑real time through role‑based dashboards and scorecards. You’ll partner with Security Engineering, IT, Audit, and business control owners to streamline assessments, evidence collection, POA&M tracking, and reporting.

Focus split: approximately 70% OneTrust configuration, integrations, data modeling, and dashboards; approximately 30% targeted assessments and facilitation.

Module ownership on Day 1: OneTrust Integrated Risk Management (IRM) and Third‑Party Risk Management (TPRM).

What you’ll be doing:

Model the control framework in OneTrust: map NIST CSF and NIST 800‑53 control families, control objectives, test procedures, evidence types, and ownership.

Configure assessment templates (application/infrastructure, inherent/residual risk, third‑party due diligence, control attestations) with automated workflows, notifications, and approvals.

Stand up a POA&M lifecycle (defect creation, risk acceptance, due dates, escalations, verifications) and connect to tickets for remediation traceability.

Build role‑based dashboards and departmental scorecards that surface KRIs/KPIs (e.g., control coverage, overdue actions, risk heatmaps, SLA adherence).

Establish data taxonomy and metadata (assets, business processes, data classifications) aligned to controls and obligations to support consistent analytics.

Own the end‑to‑end third‑party risk workflow in OneTrust: inherent risk profiling, tiering, questionnaire selection, and residual risk calculation.

Design and maintain due‑diligence questionnaires and control attestations; streamline evidence collection and follow‑ups via automated reminders and SLAs.

Track remediation and POA&Ms for vendors; manage risk acceptances, exceptions, and expirations with clear ownership and timelines.

Publish vendor scorecards and portfolio‑level insights for department leaders; highlight concentration risk, critical suppliers, and overdue actions.

Integrate TPRM data with IRM objects (assets, processes, controls) to show end‑to‑end exposure and dependencies.

Integrate OneTrust with CMDB, Risk reporting platforms to auto‑enrich risks, controls, and assets.

Define data quality rules and reconciliation checks; implement connectors or API jobs to keep dashboards near‑real‑time and reduce manual evidence collection.

Partner with Analytics to publish curated Power BI datasets for executives and technical teams.

Conduct spot assessments and control testing to validate design and operating effectiveness and calibrate automation.

Translate FFIEC/GLBA/SOX and policy requirements into measurable controls and department‑owned obligations; document rationales and residual risk.

Facilitate remediation planning with control owners; track POA&Ms and risk acceptances to closure with clear RACI and deadlines.

Create playbooks, test scripts, and user guides; run enablement sessions for control owners and assessors to drive adoption.

What you’ll deliver in the first 6–12 months:

A fully modeled NIST-aligned control catalog in OneTrust IRM and TPRM, complete with owners, testing procedures, evidence, and mapped obligations.

3–5 data integrations operational (for instance, CMDB, Archer, Posture Management) enabling automated evidence and asset-to-control mapping.

Departmental scorecards along with an executive dashboard (showing trendlines, heatmaps, top risks, overdue actions, and risk reduction by department).

Enhanced assessment throughput with a reduced cycle time (targeting a 30–40% improvement from baseline).

Improved on-time completion of POA&M (targeting an increase of 20–30%) with a decrease in repeat findings through structured root-cause identification.

Published and operational governance framework artifacts (including a governance calendar, defined roles, training materials, and standard operating procedures).

Requirements:

• 5+ years hands‑on experience implementing/administering GRC platforms (OneTrust preferred; Archer/ServiceNow GRC acceptable with commitment to OneTrust ramp‑up).

• Working knowledge of NIST CSF and NIST 800‑53 and how to translate obligations into measurable controls and tests.

• Experience configuring questionnaires, workflows, object models, APIs, and building role‑based dashboards.

• Data skills in Power BI, SQL, or Python for data prep/transformations that feed analytics.

• Ability to tell the risk story—translate technical signal into business‑relevant insights for department leaders.

• Bachelor’s degree or equivalent practical experience.

Added bonus if you have:

• OneTrust GRC/IRM certifications; CRISC, CISA, or CISSP.

• Prior integrations with ServiceNow, Jira, SailPoint/IDP, Qualys/Tenable, or cloud platforms (AWS/Azure).

• Experience setting up control attestation/evidence automation and KRI/KPI scorecards across business units.

• Background in financial services or familiarity with FFIEC/GLBA/SOX supervisory expectations.

Role: Security Architect / AI Security AppSec Architect

Location: Boston, MA - Hybrid 3 days per week

Duration: Long term Contract

JOB PURPOSE:

We are seeking a Security Architect / AI Security AppSec Architect to assist in the strategic evaluation and secure implementation of our AI Agent Framework. As AI adoption accelerates across our investment and research teams, this role will be pivotal in ensuring our systems remain secure, resilient, and compliant. You will combine high-level architectural oversight—specifically evaluating new and emerging AI technologies—with hands-on engineering.

Reporting to the Director of Security in Global Security organization, you will research security controls, validate emerging architectural patterns, and define the governance standards for M365 Copilot Agents and autonomous agents built on Azure AI Foundry.

Primary Responsibilities:

Technology Evaluation & Security Architecture

• Emerging Tech Research: Proactively evaluate new AI tools, frameworks, and LLM providers to assess their security posture and suitability for a highly regulated investment environment.
• Architectural Design: Design and validate secure architectural patterns for AI agent integration within the organization’s ecosystem, ensuring data privacy and IP protection.
• Threat Modeling: Conduct deep-dive analysis of AI-specific threats (prompt injection, model inversion, data poisoning) and architect systemic mitigations.
• Platform Assessment: Evaluate the security capabilities of Azure AI Foundry, M365 Copilot Studio, and the Microsoft Graph API against the organization’s compliance standards.
• MCP Specialization: Assess Model Context Protocol (MCP) security best practices, designing isolation strategies for context management.
• As a security architect, assist with evaluations of other technologies being evaluated with via our Enterprise Architecture Review Board

Technical Implementation & Validation

• Hardening & Standards: Create hardening checklists and configuration standards for AI platforms that bridge the gap between innovation and rigorous risk management.
• Identity & Integration: Test and document sophisticated integration approaches with Azure Key Vault, Entra ID, and Managed Identities.
• Security Telemetry: Implement advanced logging, auditing, and monitoring for AI agent telemetry to ensure visibility into autonomous actions.
• Governance & Standards Development
• Design Principles: Lead the creation of the organization’s AI Agent Security Design Principles document.
• Policy Authoring: Working with various teams assist in developing technical sections of governance policies that address the risks of emerging AI technologies and autonomous workflows.
• CI/CD Integration: Identify and bridge control gaps in existing CI/CD pipelines to support secure, automated AI deployments.
• Stakeholder Collaboration: Translate complex security architectures into actionable implementation guides for developers and investment tech teams.

Required Qualifications:

• Architectural & Technical Skills
• 5+ years in Cloud Security/Architecture with deep hands-on Azure platform experience.
• AI Specialization: Hands-on experience with Azure AI Services, Azure OpenAI, and Azure AI Foundry (or similar platforms like AWS SageMaker).
• Modern Identity: Expert-level understanding of Microsoft Entra ID, Service Principals, and Managed Identity in a complex enterprise environment.
• Emerging Protocols: Deep familiarity with Model Context Protocol (MCP) and its implications for data isolation and session security.
• GenAI/LLM Expertise: Strong grasp of RAG (Retrieval-Augmented Generation) patterns and vector database security.
• Security Implementation & Strategy
• Zero Trust: Proven track record of implementing Zero Trust controls in financial services or cloud-native environments.
• Automation: Experience with Infrastructure as Code (Terraform, Bicep) to codify security guardrails.
• Threat Assessment: Familiarity with the OWASP Top 10 for LLMs and AI-specific vulnerability scanning.

Preferred Qualifications:

• Certifications: Azure Security Engineer Associate, Azure AI Engineer Associate, or CISSP/CCSP.