29 Bcms Jobs

Business Continuity Management (BCM) Expert Position Overview We are seeking an experienced Business Continuity Management (BCM) Expert to join our Global Security & Resilience team. The role is critical in ensuring the organization can continue delivering essential services during disruptive events. The BCM Expert will design, implement, and maintain continuity frameworks, conduct impact analyses, and work closely with IT Service Continuity Management (ITSCM), Crisis Management, and business stakeholders to safeguard organizational resilience. Key Responsibilities Strategy & Governance Develop, implement, and maintain the organizations Business Continuity Management framework , policies, and procedures in line with global standards (ISO 22301, DORA, Allianz policies). Ensure BCM is embedded into enterprise governance and risk management practices. Risk & Impact Assessment Conduct Business Impact Analysis (BIA) to identify critical business functions, dependencies, and recovery priorities (RTOs/RPOs). Coordinate with ITSCM to align business requirements with technical recovery capabilities. Identify risks and vulnerabilities impacting business operations; recommend mitigations. Continuity Planning Develop and maintain Business Continuity Plans (BCPs) across business units, ensuring alignment with ITSCM, Incident, and Crisis Management. Guide business functions in designing recovery strategies and alternate processes during service disruptions. Testing & Exercising Plan, organize, and execute BCM exercises (table-top tests, functional tests, and simulations). Track results, document lessons learned, and ensure improvements are implemented. Incident & Crisis Support Act as a key member of the Crisis Management Team (CMT) during disruptions. Provide BCM expertise to support business recovery and decision-making during incidents. Stakeholder Management & Awareness Engage with senior leaders, business units, regulators, and auditors on BCM matters. Conduct awareness sessions and training for employees and managers to embed a culture of resilience. Continuous Improvement Monitor emerging threats, regulatory changes, and industry best practices. Continuously enhance BCM maturity through benchmarking, self-assessments, and audits. Required Qualifications & Experience Bachelors/Masters degree in Business, Risk Management, Information Security, or related field. 6+ years of experience in Business Continuity, Risk Management, or Organizational Resilience . Deep understanding of BCM standards (ISO 22301, BCI Good Practice Guidelines, ITIL, DORA). Experience conducting BIAs, developing BCPs, and coordinating with IT, Risk, and Crisis Management. Strong familiarity with operational processes in financial services or technology industries. Excellent facilitation, communication, and stakeholder management skills. Preferred Certifications ISO 22301 Lead Implementer/Auditor Certified Business Continuity Professional (CBCP) / MBCI (Member of the Business Continuity Institute) ITIL 4 (awareness of ITSM and ITSCM integration) Risk management certifications (e.g., ISO 31000) Other Perks and benefits are provided.

Job Purpose The Site IT Lead is accountable for strategic and operational IT management at the Vizag facility, ensuring seamless infrastructure, operations, and compliance. The role safeguards information security, supports GxP systems, drives business continuity, and delivers IT excellence in alignment with global standards of a Japanese parent organization in pharmaceutical manufacturing and R&D. Roles & Key Responsibilities IT Infrastructure & Operations Manage IT infrastructure, network, server, and data center operations at the Vizag site. Oversee day-to-day IT operations, helpdesk, and application support. Administer system backups, disaster recovery, and business continuity measures. Ensure compliance with corporate IT policies, security protocols, and audit standards. Manage vendors and service contracts for infrastructure and IT services. GxP & Enterprise Systems Ensure high availability and compliance of regulated systems (e.g., MES, LIMS, Empower, SAP ERP). Manage user access, validations, and periodic reviews for GxP systems. Support SAP operations including master data, system enhancements, and end-user support. Maintain audit readiness and regulatory documentation for all systems. Information Security & Compliance Implement and monitor ISMS policies aligned with ISO/IEC 27001 and corporate standards. Lead site-level incident response, risk assessments, and corrective actions. Develop and deliver security awareness programs for employees. Ensure business continuity systems conform to ISO/IEC 22301. Budget & Governance Create and manage the annual IT budget for Vizag site. Track IT investments, optimize costs, and ensure fiscal compliance. Coordinate IT and compliance audits, ensuring timely corrective actions. Maintain complete IT governance documentation and reporting. Qualification & Experience Bachelors/Masters degree in IT, Computer Science, or related field. Minimum 15 - 20 years of IT leadership experience in pharma manufacturing/R&D. Strong exposure to GxP-regulated environments and data integrity standards. Hands-on experience with SAP ERP, MES, LIMS, and data center operations. Knowledge of ISO/IEC 27001 and ISO/IEC 22301 compliance frameworks. Preferred certifications: ITIL, PMP, CISSP, or equivalent. Skills & Competencies Leadership and cross-functional team management. Expertise in IT infrastructure, enterprise systems, and cybersecurity. Strong compliance and regulatory understanding (GxP, cGMP, data integrity). Budgeting, vendor management, and IT procurement expertise. Strategic thinking, problem-solving, and stakeholder engagement. Ability to drive continuous improvement and technology excellence.

Role & responsibilities: Outline the day-to-day responsibilities for this role. Preferred candidate profile: Specify required role expertise, previous job experience, or relevant certifications.

Shift: UK Shift Experience: 3-6 years in information security, IT risk, audit, or compliance roles The Information Security Risk Analyst plays a critical role in identifying, evaluating, and mitigating risks that threaten the confidentiality, integrity, and availability of CGI information systems and data. This individual will contribute to the development of a mature risk management program that aligns with business goals, assurance requirements, and industry best practices. Working cross-functionally with IT, business stakeholders, compliance, legal, and external partners, the analyst will assess risks associated with new technologies, digital transformation efforts, regulatory changes, and evolving threat landscapes. This role ensures that security risk decisions are data-driven and documented, and that mitigation strategies are prioritized based on business impact and likelihood. Your future duties and responsibilities: Risk Identification & Assessment Conducting security related risk assessments within the organizational guidelines of Enterprise Risk Management. Perform in-depth risk assessments for internal systems, cloud services, third-party vendors, and emerging technologies. Conduct business impact analyses to evaluate the consequences of security incidents and define criticality levels for systems and data. Utilize industry-standard frameworks (NIST RMF, ISO 27005, FAIR, etc.) to quantify and communicate risk posture. Analyze threat intelligence feeds and integrate them into risk models to better anticipate and respond to future risks. Risk Mitigation & Treatment Planning Develop and maintain a formal risk register that tracks identified risks, treatment plans, and residual risk. Collaborate with asset owners and IT teams to recommend and validate risk mitigation measures. Support decision-making by preparing cost-benefit analyses of remediation strategies vs. accepted risk. Policy, Compliance/Assurance & Governance Support Ensure that internal policies and procedures reflect risk tolerance and evolving legal/regulatory obligations (e.g., GDPR, HIPAA, SOX, PCI DSS). Assist in conducting gap analyses against compliance standards and frameworks. Partner with audit teams to ensure security risks are tracked through issue management lifecycles. Third-Party & Vendor Risk Management Conduct due diligence on vendors and partners during onboarding and periodically thereafter. Leverage security questionnaires, SOC 2/ISO 27001 reports, and penetration test results to validate vendor risk posture. Track and report third-party risks and collaborate on vendor exit and contingency planning. Reporting & Metrics Create risk dashboards and executive-level reports showing trends, key risk indicators (KRIs), and remediation progress. Present findings to stakeholders, boards, or governance committees, translating technical risk into business context. Use GRC tools to automate risk scoring, control tracking, and evidence collection. Awareness & Training Collaborate with security awareness teams to align training programs with risk findings and trends. Educate internal stakeholders on security risk management practices, control expectations, and emerging threats. Required qualifications to be successful in this role: Education & Credentials Bachelor's degree in Information Security, Cybersecurity, Computer Science, Risk Management, or related field. Preferred certifications: - CRISC (Certified in Risk and Information Systems Control) - CISSP (Certified Information Systems Security Professional) - CISM (Certified Information Security Manager) - CISA (Certified Information Systems Auditor) Professional Experience 36 years in information security, IT risk, audit, or compliance roles. Proven experience conducting risk assessments and applying controls across complex technical environments (on-prem, cloud, hybrid). Exposure to security tools and platforms such as: - GRC suites (e.g., Archer, ServiceNow GRC, LogicManager) - SIEMs (e.g., Splunk, QRadar) - Vulnerability scanners (e.g., Qualys, Tenable) - Identity & Access Management platforms (e.g., Okta, Azure AD) Success Criteria & Soft Skills Analytical Thinking: Able to balance qualitative and quantitative risk approaches; excels in root cause analysis. Communication: Can convey risk issues in plain language to technical and non-technical audiences. Collaboration: Effectively builds relationships with cross-functional stakeholders. Adaptability: Thrives in a fast-paced, evolving regulatory and threat landscape. Integrity: Maintains impartiality and protects sensitive information with discretion. Optional/Preferred Experience Familiarity with: Data privacy laws and data protection impact assessments (DPIAs) Cloud security (e.g., AWS Well-Architected Framework, Azure security benchmarks) Emerging Technologies (Artificial Intelligence, Quantum Computing, etc.) Hands-on experience with quantitative risk analysis methodologies (e.g., FAIR)

At EY, you'll have the opportunity to craft a career path that aligns with your unique strengths, supported by a global network, inclusive environment, and cutting-edge technology to help you reach your full potential. Your individual voice and perspective are vital in driving EY towards continuous improvement. Join us in creating an exceptional journey for yourself while contributing to a more prosperous working world for all. As a Risk Advisory Senior, you will play a key role in Risk transformation client projects and internal initiatives at EY. Your technical contributions will be valuable as you identify business opportunities within existing engagements and communicate effectively with senior team members. Your ability to anticipate risks, address issues proactively, and collaborate within the team are crucial aspects of your responsibilities. **Client Responsibilities:** - Work collaboratively as part of a team in various phases of Archer implementation and managed services projects. - Take on the role of a team lead, providing support, maintaining communication, updating senior team members on progress, and mentoring the team effectively. - Assist in preparing responses to RFPs, develop POCs for client demonstrations, and establish productive relationships with client personnel. - Review, plan, and monitor project deliverables, ensuring tasks are completed on time and in adherence to quality processes. - Act as a liaison with clients or onsite representatives when necessary, demonstrating flexibility to travel as required. - Allocate tasks, update status reports, prepare project documentation, and ensure compliance with software development and defect life cycle processes. - Support in the development and testing of complex modules, ensuring the successful delivery of allocated tasks. **People Responsibilities:** - Conduct performance reviews, provide constructive feedback to team members, and foster a culture of teamwork and quality. - Uphold workplace policies and procedures, participate in training and mentoring initiatives for project resources, and engage in organization-wide people initiatives. **Mandatory Skills Requirements:** - Possess 3-6 years of experience in Archer implementation/Archer managed services within the GRC domain. - Demonstrated experience in configuring Archer applications, integrating with third-party applications, and troubleshooting Archer Control Panel. - Knowledge of GRC domain, information security, risk management, and experience in designing customized solutions in Archer. **Preferred Skills:** - Proven track record in consulting or client management roles, with a background in delivery management. - Educational background in Electronics, Telecommunications, Computer Science, or MBA with experience in Big3 or panelled SI/ITeS companies. - Familiarity with Archer APIs, SQL, .NET/C# programming, BCMS, Risk Management, RPA, data analytics, and reporting tools. **Certifications (Desirable):** - Archer 5.x/6.x Certified Security Professional. - Additional certifications in Information Security or Risk Management would be advantageous. Join EY in our mission to build a better working world, where our diverse teams across the globe leverage data, technology, and expertise to drive trust, growth, and transformation for our clients and society. Together, we seek innovative solutions to the complex challenges of today's world.,

Responsibilities: * Deliver risk assessments and advisory services. * Conduct ITGC audits and regulatory compliance checks. * Implement GRC frameworks and VAPT processes.

Key Responsibilities: Team Leadership: Lead a team of consultants and senior consultants on engaging client projects, providing guidance, mentorship, and support to foster team development. Client Advisory: Serve as a trusted advisor to clients, assisting in the transformation of their business continuity and disaster recovery frameworks to align with current threats and best practices. Solution Development: Develop tailored resilience solutions across industries, focusing on operational, technical, and cyber resilience technologies that enable timely business recovery. Business Impact Analysis (BIA) & Risk Assessment (RA): Conduct BIA and RA activities for client processes to identify vulnerabilities and create effective recovery plans. BCM Assessments: Engage in business continuity management assessments, resilient process design, and enhancements to operational and service delivery processes. Technical Architecture Consultation: Advise clients on technical architecture and data resilience strategies, including testing and failover automation activities. Business Development: Actively engage in business development and sales activities to promote KPMGs BCM offerings, identifying new opportunities and driving growth. Implementation of Frameworks: Oversee the implementation of Business Continuity Management (BCM) and IT Disaster Recovery (ITDR) frameworks, ensuring compliance with industry standards. Engagement Oversight: Manage and provide oversight to the entire engagement lifecycle, ensuring project delivery meets quality standards and client expectations. Building Eminence: Contribute to the eminence of KPMGs BCM team through thought leadership, innovation, and participation in industry discussions and forums. Talent Development: Support and promote team building and talent development activities to enhance the skills and competencies of team members. Experience eligibility 5+years of relevant experience Business Continuity Knowledge of implementing, managing, and auditing an ISO-22301 BCMS Develop the solution across industries and clients. Advising clients in transforming business continuity and disaster recovery solutions Performing BIA, RA for client processes Knowledge of IT DR & Cloud DR. Implement BCM, ITDR & Cyber Security framework. Designing & implementing BCM automation solutions Resilience Understanding of cyber resilience concepts. Good understanding of Cyber Threats and controls Understanding of operational, technical, and cyber resilience technology solutions. Advising clients on technical architecture, data resilience, testing and failover automation activities Business development Actively promoting and participating in business development and sales activities Engagement management Managing engagement lifecycle Team management Supporting and promoting team development Lead a team of consultants on engagements. Additional Qualifications Knowledge in implementing, managing, and auditing an ISO-22301 BCMS CBCP, CBCI, ISO22301 / ISO27001 Lead Implementer or Lead auditor certification considered a plus. Knowledge of IT Disaster Recovery concepts. Cloud knowledge would be advantageous. Appreciation and knowledge of cyber resilience concepts including network resilience, communication backup etc. Knowledge of basic data center architectures/designs/component Qualifications: Educational Background: Bachelors degree in computer science, Information Technology, Business Continuity, Disaster Recovery, or related field. A masters degree or MBA is a plus. Certifications: CBCP (Certified Business Continuity Professional), CBCI (Certified Business Continuity Institute), ISO 22301 / ISO 27001 Lead Implementer or Lead Auditor certification is considered an advantage. Experience: Minimum of 5-8 years of experience in business continuity and disaster recovery, preferably within a consulting environment. Technical Knowledge: Strong understanding of IT Disaster Recovery concepts, with cloud knowledge advantageous. Familiarity with cyber resilience concepts, including network resilience and communication backup protocols. Knowledge of basic data center architectures, designs, and components. Analytical Skills: Ability to perform in-depth analysis, critical thinking, and problem-solving with strong attention to detail. Soft Skills: Exceptional communication, collaboration, and interpersonal skills with the ability to engage and influence stakeholders. Project Management: Proven ability to manage multiple projects, meet deadlines, and work in a fast-paced environment.

Job Summary: We are seeking a motivated and experienced GRC Specialist to support and enhance our Governance, Risk, and Compliance framework. The ideal candidate will be responsible for implementing and maintaining standards such as ISO 27001 , ISMS , BCMS , and Third Party Risk Management (TPRM) across the organization. You will work closely with cross-functional teams to ensure regulatory compliance, risk mitigation, and business continuity. Key Responsibilities: Governance & Compliance: Develop, implement, and maintain the organizations Information Security Management System (ISMS) in accordance with ISO 27001 standards. Monitor compliance with internal security policies and regulatory requirements. Coordinate and conduct periodic internal audits, risk assessments, and compliance reviews. Risk Management: Identify, assess, and mitigate information security risks across the enterprise. Support development and execution of risk treatment plans and continuous monitoring processes. Manage and enhance the Third-Party Risk Management (TPRM) program, including onboarding, due diligence, and periodic assessments of vendors. Business Continuity: Implement and maintain the Business Continuity Management System (BCMS) in line with ISO 22301 standards. Support business units in developing and testing Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs). Conduct Business Impact Analysis (BIA) and ensure recovery strategies are up-to-date. Policy & Documentation: Develop and maintain security and compliance policies, procedures, and guidelines. Ensure proper documentation of controls, findings, and remediation efforts. Training & Awareness: Conduct GRC training sessions and awareness programs across the organization. Promote a culture of compliance and risk-aware behavior. Required Skills & Qualifications: Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field. 3–7 years of experience in GRC, information security, or risk management roles. Strong knowledge and hands-on experience with: ISMS (Information Security Management System) ISO 27001 implementation and audits BCMS (Business Continuity Management System) / ISO 22301 TPRM (Third-Party Risk Management) Familiarity with data protection regulations (e.g., GDPR, HIPAA, etc.) Certifications preferred: ISO 27001 Lead Implementer/Auditor , CRISC , CISA , CBCP , or similar. Excellent communication, documentation, and stakeholder management skills. Ability to work independently and manage multiple priorities.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: SAP Security. Experience3-5 Years.

The ideal candidate will be responsible for Business Continuity Management System (BCMS) & IT Disaster Recovery Management to ensure organizational resilience against disruptions. With over 5 years of relevant experience, you will lead the development of BCMS, conduct risk assessments, and manage crisis situations. Key Responsibilities: - Lead Business Continuity Planning to ensure the recovery of critical functions - Design and maintain the IT Disaster Recovery Plan - Regularly conduct risk assessments and Disaster Recovery drills - Ensure compliance with Industry Standards such as ISO 22301 and NIST - Act as a key member of the Crisis Management Team Skills & Experience: - Minimum 5 years of experience in BCMS & Disaster Recovery Management - Experience with BCMS, IT Disaster Recovery planning, and conducting Business Impact Analysis (BIA) - Strong understanding of IT infrastructure and cloud environments - Preferred certifications include CBCP, CISSP, ITDRP If you meet the above qualifications and are interested in this position, please share your resume at NGPGDCTA@perficient.com.,

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails

Supervise and manage all activities related to the company’s QHSE (Quality, Safety, Health , Environment ) under the guidance of reportee. Responsible for QHSE Governance with Production and Operations team, data related to QHSE/ Safety initiatives. Required Candidate profile Responsible for Internal audit & Compliances as per FSSAI, RFP, Client, Vendor and ISO. Support clients for their external 3rd party certifications like ISO22000, ISO 45001, BCMS, and ISO 14001

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: SAP Security. Experience3-5 Years.

Job description ISO Consultant Job Type: Full-time, Permanent, Freelance Remuneration :- 6,00,000 to 12,00,000 per year for ISO , 6,00,000 to 12,00,000 per year for ZED , 18,00,000 for each MCLS cluster of 10 clients for Intermediate and Advance level, which is done in 18 to 24 months. Total Remuneration 12,00,000 to 24,00,000 per year. Hybrid Working – Visit to the client’s factory is required at your & client’s mutual convenience. Schedule : Flexible shift Education: ( Any of the following) 1. Any Gradutate with knowledge of ISO consultancy/ISO Auditing/ Quality Related fields 2. Any Graduate with minimum 8 years industrial experience in manufacturing. 3. Diploma with 10 years industrial experience in manufacturing 4. BE/BTech with 8 years industrial experience in manufacturing 5. Knowledge of ISO &/or Lean tools implementation/Documentation/Consultancy/Systems/Quality related fields shall get additional weightage Place of Posting:- Shall be required to cover industries near your residence to provide onsite/ Offsite consultancy in factories. Roles and Responsibilities :- 1. To provide onsite and offsite consultancy to the MSME manufacturing clients for doing ISO 9001/14001/45001 consultancy at client’s site and offsite. 2. Same Consultants shall be trained to provide ZED consultancy of the Central government scheme of Zero Defect Zero Effect (ZED) promoted by Ministry of MSME. 3. Same consultants shall also be trained to provide consultancy for lean tools under MCLS MSME Competitive (Lean) Scheme promoted by government of India. Training :- 1. The candidate shall be trained by our company so that he can pass an online examination of Quality Council of India (QCI) to become a national level approved ZED certified consultant and subsequently trained to become national level approved MCLS certified consultant. 2. After clearing the online exam, the consultant shall be allotted MSME manufacturing clients by our company for implementation of ZED scheme. 3. ZED consultant shall be required to implement the ZED &/or lean techniques / modules to help the client obtain ZED/MCLS certification as per the guidance of our company. 4. Consultant shall be provided regular training, support and guidance from the head office so that the ZED/MCLS modules can be implemented properly at client’s factory and ZED &/or lean certificate is delivered in time. Perks and Benefits: 1. Performance incentives Like New Laptop, New Mobile, New Inverter for your residence after starting at least 3 projects as per company norms. 2. No outstation travel required 3. Cell phone reimbursement 4. Flexible schedule 5. Internet reimbursement ABOUT THE COMPANY – BMCPL Boon Management Consultants Pvt. Ltd. (BMCPL) is a consultancy organization (Incorporated in 2005) that specializes in providing services for improvement of systems including capacity building, implementation of lean tools, ZED Consultancy etc. BMCPL is providing consultancy and training services to it’s clients all over India through our consultants located pan India. Besides many private and services sector clients , we are providing services to government/semi-government organizations. Some of our government clients are 33 ZILLA PARISHADS, RURAL DEVELOPMENT DEPARTMENT- GOVERNMENT OF MAHARASHTRA, OFFICE OF GOVERNOR OF MAHARASHTRA, etc. For the ZILLA parishad project done by us, RURAL DEVELOPMENT DEPARTMENT (RDD) has won National Award. MoMSME has selected Quality Council of India (QCI) which is an autonomous body under Govt. of India for implementing and Monitoring ZED scheme across India. QCI has selected BMCPL as a ZED consulting organization and also for MCLS consulting organization for pan India operations. About the ZED Scheme: The Ministry of MSME has selected the Quality Council of India (QCI), an autonomous body under Govt. of India to implement and Monitor the ZED (Zero Defect Zero Effect ) scheme across India. QCI has selected BMCPL as a ZED consulting organization for pan-India operations. The majority of the fees for this project shall be paid by govt. (Ministry of MSME/QCI) and negligible cost shall be borne by the client.The details of the scheme can be seen on govt. website zed.msme.gov.in Till date Boon has trained 150+ ZED consultants and 40+ MCLS consultants from different parts of India Like Maharashtra, West Bengal , Gujrat, Telangana, Tamil Nadu, AP, Karnataka, etc. The consultants have passed the Quality Council of India Examination and have received ZED Consultant certificate. BMCPL has 700+ MSME clients who have taken Pledge to become a ZED certified organisation. Out of this 500+ MSME clients have already received ZED Bronze certification, 200+ clients have received ZED Silver certification and others are in process to get ZED Silver/Gold certification. BMCPL has 100+ MSME clients who have taken pledge to do MCLS and out of this more than 50 MSME clients have received MCLS BASIC level certificate.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Fortinet Firewall. Experience5-8 Years.

– SENIOR VICE PRESIDENT/ VICE PRESIDENT – IT/IS/TECHNOLOGY COMPLIANCE JOB TITLE Senior Vice President/ Vice President – IT/IS/Technology Compliance – M8/M7 DEPARTMENT Compliance REPORTING TO President & Chief Compliance Officer JOB PURPOSE Compliance Risk Assessment & Assurance MAJOR ACTIVITIES Ensuring compliance and governance is met with regulatory requirements and drive IT compliance agenda Assess the compliance risk and technical security controls for on-prem and cloud-based solutions and identify the associated cyber/information security risks and compliance requirements Recommend measures/controls to mitigate the information security risk and compliance to regulatory/statutory requirements Conducting a continuous assessment of current Technology and Security practices and systems in identifying continuous improvement areas Driving change projects and building new IT Compliance capabilities Managing numerous information sources and providing data analysis reports to senior management Supporting the CCO report to the Board and being an active member of the senior management team Flexible and adaptable capable of changing direction where required and showing flexibility to meet new demands Coordinating the Regulatory IT audits from a compliance perspective Building and maintaining relationship with regulators RELEVANTEXPERIENCE Should have Core IT Audit / IT Security Audit/ Technology and Infrastructure experience.Experience about banking regulations in these areas would be an advantage Familiarity with regulators and regulations Digital leadership skills capable of empowering and leading an IT enable team members to meet business and IT security goals A Chartered Accountant with relevant experience. Someone with Engineering and Technology/IT Services background will be an added advantage. Should have experience across(a) Internal Audit, (b) CISO, (c) IT Security, (d) Cyber Security (e) Banking Compliance Should have strong people and external stakeholder management skills. He/she should be a good coach and mentor to team members. Creative thinking able to look at alternatives and should be solution oriented Should have the ability to multitask and adhere to timelines. Should also bring good energy levels for change management and focus on new initiatives. PERSONAL CHARACTERISTICS & BEHAVIOURS Good oral and written communication skills Strong analytical and creative problem-solving skills Eye for detail and a quick learner Catching up with the Technology evolution – Categorization, Bucketing, Automation and Digitalization, from a Technology perspective

Dear All, We are presently looking for Auditor/Lead Auditor - IT for Hyderabad location. EXPERIENCE :- Min. 6-8 years out of which min. 2-4 years in the relevant scheme/industry sector. QUALIFICATION :- Graduate (Degree/Diploma) in Engineering (e.g. Electronics, IT, etc), Technology (e.g. Software, Hardware, Artificial Intelligence, etc) or equivalent. Minimum ISO 9001 LA training/qualification is required JOB RESPONSIBILITY :- Preparation of Audit Plan as per schedule Auditing as per applicable accreditation rules, scheme-owner requirements & KPIs (where applicable) and TUV India/TNCERT procedures (as relevant) Timely Audit Reporting, including closure of nonconformities within defined time frames Ensure audit workflow completion (incl. OPE workflow) within the specified timelines and within the Excellence tool. Address technical review comments on priority to facilitate efficient & timely certificate issuance to the clients. Attend Exchange of Experience/Calibration meet and ensure CPD compliance as required by the respective schemes, including ensuring the timely renewal of qualifications Develop and enhance competence over a period in various sectors. Support in Key Account Management for the clients assigned for value added services Support to Marketing team by generating business leads for new certifications, second party, training & sustainability schemes. Support on collections by coordinating with client representative. ATTRIBUTES :- Knowledge of Applicable regulatory framework and Statutory compliances. Good written and spoken English (knowledge of local language is advantageous). Excellent communication and presentation skills Flair for Client Relationship Management Good Listening ability Good Analytical skills Good Team Player If interested please share your updated profile on smayuri@tuv-nord.com.

Job Information Job Opening ID ZR_1945_JOB Date Opened 15/05/2023 Industry Technology Job Type Work Experience Fresher Job Title IS Group Convenor City Kochi Province Kerala Country India Postal Code 682037 Number of Positions 2 Convene the IS group meeting on a frequent basis Maintain minutes for all the IS group meetings and ensure the closure of action items Initiate and monitor the internal security audits on defined frequencies Analyze and verify findings and action plans of internal audit Present the findings and trend to top management Verify and analyze the information security incidents along with respective team and take appropriate action. Identify, measure, and analyze information security objectives of all the departments and projects Ensure information security risk assessment and action plan initiation are conducted on a regular basis for all the departments and projects. The critical information security risks and the status to be updated to top management Analyze and approve special permissions which are requested by the employees Ensure the regular reviewing of ISMS documents and make sure that the approved changes are updated in document. Monitor IT related events regularly and ensure that appropriate actions are taken. Ensure the network issues and glitches in the system are addressed on time by IT Monitor the Information security performance and execute the action plans where ever necessary and ensure that the proposed actions are taken care. Ensure the ISMS Awareness among employees are developed. Develop information security policy and get it approved by top management Develop a Business Continuity Plan along with the team members and get it approved by top management Frequently test the BCP and ensure appropriate actions are taken Ensure appropriate external Information Security communications are conducted by relevant team. Ensure applicable acts and policies of the organization are identified, detailed and appropriate actions taken to implement the same Ensure all department related security activities are taken care and support in case of any issues/ clarifications. check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#2B39C2;border-color:#2B39C2;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered=""> I'm interested

Key Responsibilities: Conduct ISMS (ISO 27001) follow-up audits to verify compliance and track remediation efforts. Perform Gap Assessments against ISO 27001 and other security standards to identify control deficiencies. Lead or support BCMS (ISO 22301) audits and assessments, providing clear insights and recommendations. Prepare and deliver professionally written reports with actionable findings and clear summaries. Collaborate with internal teams and stakeholders to communicate risks, gaps, and proposed improvements. Support the design and enhancement of security governance processes as required. Requirements Qualifications: Minimum 5 years of experience in Information Security, GRC, or Risk & Compliance roles. Proven expertise in ISO 27001, including implementation, audits, and compliance reporting. Good knowledge of ISO 22301 and BCMS frameworks. Familiarity with other standards such as NIST CSF, ISO 27005, or local regulatory frameworks is a plus. Strong analytical and documentation skills, with the ability to write professional audit/assessment reports. Excellent communication and stakeholder engagement skills. Relevant certifications such as ISO 27001 Lead Auditor, ISO 22301 Lead Auditor, CISA, or CISM are highly desirable.

Information Security Manager: Job Title: Information Security Manager Work from Office Location: Bangalore/Chennai/Hyderabad Experience:9 + years No.of Positions: #womenhiring #womenintech #womendiversity this role is exclusive for female candidates. Required Skills: Hands-on experience with security technologies Experience in Information security and business continuity internal audits Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2 Knowledgeable in security concepts, techniques, tools, methods, and practices Good technical in cyber security products Individually to perform the technical audits Roles and Responsibilities: Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Assist in testing and verification of all controls and formulating reports documenting findings. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans. Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR Analyse the potential impact of new threats and communicate risks to relevant business units Manage security operations, analyze security exceptions, gather necessary background information, document exceptions and ensurethat the risk is recognized and managed with compensating controls Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis Facilitate in preparation of a Business continuity plan for each project and functions Conduct internal ISMS and BCMS audits and identify potential gaps in the system Prepare detailed and summary reports of assessments, and remediation plans as needed and advise internal stakeholders Report the audit findings on the potential weakness in the system and areas of improvement

Role & responsibilities General description of the role: Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, or HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Assist in testing and verification of all controls and formulating reports documenting findings. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans. Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR Analyse potential impact of new threats and communicates risks to relevant business units Manage security operations, analyse security exceptions, gather necessary background information, document exceptions and ensure that the risk is recognized and managed with compensating controls Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis Facilitate in preparation of Business continuity plan for each project and functions Conduct internal ISMS and BCMS audits and identify potential gaps in the system Prepare detailed and summary reports of assessments, remediation plans as needed and advise internal stakeholders Report the audit findings on the potential weakness in the system and areas of improvement Preferred candidate profile Top 5 Skill Set Hands-on experience with security technologies Experience in Information security and business continuity internal audits Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2 Knowledgeable in security concepts, techniques, tools, methods, and practices Good technical in cyber security products Individually to perform the technical audits

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. As an IT Security Risk Manager, you would support information security policies, standards, and procedures to secure and protect data. Work directly with user departments to implement procedures and systems for the protection, conservation, and accountability of proprietary, personal, or privileged electronic data. Primary Responsibilities Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyse business requirements and ensure that solutions meet established security policies and controls Maintain metrics and report them. Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Bachelor's degree or higher level of education 4+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Proven auditing skills and the ability to manage risk assessments / projects independently Proven excellent communication skills both verbal and written Proven good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.

Purpose of the position To conduct on-site assessments against the requirements of relevant standards or specifications To provide expertise, produce surveillance and initial assessment reports and make recommendations for certification decisions. To promote the BSI product offering and solutions to our clients with the view of improving their business performance, managing risk and Making excellence a habit Key responsibilities & accountabilities Undertake management system assessments in accordance with BSI requirements. Prepare assessment reports and deliver findings to clients to ensure client understanding of the assessment decision and clear direction to particular items of corrective action where appropriate. Recommend the issue, re-issue or withdrawal of certificates, and report recommendations in accordance with BSI policy, procedures and prescribed time frame. Lead assessment teams as required ensuring that team members are adequately briefed so that quality of service is maintained and that effective working relationships are sustained both with Clients and within the team Establish and develop an effective partnership, which secures the commercial relationship and encourages opportunities for business development and increased client satisfaction with clients in your portfolio. Provide accurate and prompt information to support services, working closely with them to ensure that client records are up to date and complete and that all other internal information requirements are met. Plan/schedule workloads to make best use of own time and maximise revenue-earning activity. Coach colleagues as appropriate especially where those members are inexperienced assessors or unfamiliar with clients' business/technology and assist in the induction and coaching of new colleagues as requested. Maintain and develop assessment skills and technical and management system standards knowledge. Provide technical support to clients through business development, sales and customer service staff Act as a brand Ambassador for BSI. This means acting ethically, following company rules and promoting BSI services to clients so they are able to optimize business performance and Make Excellence a Habit. Candidate specifications Bachelor degree or above in Engeneering . Must be a Lead Auditor certified in 27001 Added advantage to have experince and certified for BCMS, SOC, PCI-DSS Minimum 4 years working experience in IT, with 2 years work experience in IT. Commercial understanding of compliance industry, minimum 2 years quality system management Knowledge of business processes and application of quality management standards Good verbal and written communication skills and an eye for detail Be self-motivated, flexible, and have excellent time management/planning skills Can work under pressure Willing to travel on business intensively An enthusiastic and committed team player Good public speaking and business development skill will be considered advantageous

Convene the IS group meeting on a frequent basis Maintain minutes for all the IS group meetings and ensure the closure of action items Initiate and monitor the internal security audits on defined frequencies Analyze and verify findings and action plans of internal audit Present the findings and trend to top management Verify and analyze the information security incidents along with respective team and take appropriate action. Identify, measure, and analyze information security objectives of all the departments and projects Ensure information security risk assessment and action plan initiation are conducted on a regular basis for all the departments and projects. The critical information security risks and the status to be updated to top management Analyze and approve special permissions which are requested by the employees Ensure the regular reviewing of ISMS documents and make sure that the approved changes are updated in document. Monitor IT related events regularly and ensure that appropriate actions are taken. Ensure the network issues and glitches in the system are addressed on time by IT Monitor the Information security performance and execute the action plans where ever necessary and ensure that the proposed actions are taken care. Ensure the ISMS Awareness among employees are developed. Develop information security policy and get it approved by top management Develop a Business Continuity Plan along with the team members and get it approved by top management Frequently test the BCP and ensure appropriate actions are taken Ensure appropriate external Information Security communications are conducted by relevant team. Ensure applicable acts and policies of the organization are identified, detailed and appropriate actions taken to implement the same Ensure all department related security activities are taken care and support in case of any issues/ clarifications.

Job description ISO Consultant Job Type: Full-time, Permanent, Freelance Remuneration :- 6,00,000 to 12,00,000 per year for ISO , 6,00,000 to 12,00,000 per year for ZED , 18,00,000 for each MCLS cluster of 10 clients for Intermediate and Advance level, which is done in 18 to 24 months. Total Remuneration 12,00,000 to 24,00,000 per year. Hybrid Working – Visit to the client’s factory is required at your & client’s mutual convenience. Schedule : Flexible shift Education: ( Any of the following) 1. Any Gradutate with knowledge of ISO consultancy/ISO Auditing/ Quality Related fields 2. Any Graduate with minimum 8 years industrial experience in manufacturing. 3. Diploma with 10 years industrial experience in manufacturing 4. BE/BTech with 8 years industrial experience in manufacturing 5. Knowledge of ISO &/or Lean tools implementation/Documentation/Consultancy/Systems/Quality related fields shall get additional weightage Place of Posting:- Shall be required to cover industries near your residence to provide onsite/ Offsite consultancy in factories. Roles and Responsibilities :- 1. To provide onsite and offsite consultancy to the MSME manufacturing clients for doing ISO 9001/14001/45001 consultancy at client’s site and offsite. 2. Same Consultants shall be trained to provide ZED consultancy of the Central government scheme of Zero Defect Zero Effect (ZED) promoted by Ministry of MSME. 3. Same consultants shall also be trained to provide consultancy for lean tools under MCLS MSME Competitive (Lean) Scheme promoted by government of India. Training :- 1. The candidate shall be trained by our company so that he can pass an online examination of Quality Council of India (QCI) to become a national level approved ZED certified consultant and subsequently trained to become national level approved MCLS certified consultant. 2. After clearing the online exam, the consultant shall be allotted MSME manufacturing clients by our company for implementation of ZED scheme. 3. ZED consultant shall be required to implement the ZED &/or lean techniques / modules to help the client obtain ZED/MCLS certification as per the guidance of our company. 4. Consultant shall be provided regular training, support and guidance from the head office so that the ZED/MCLS modules can be implemented properly at client’s factory and ZED &/or lean certificate is delivered in time. Perks and Benefits: 1. Performance incentives Like New Laptop, New Mobile, New Inverter for your residence after starting at least 3 projects as per company norms. 2. No outstation travel required 3. Cell phone reimbursement 4. Flexible schedule 5. Internet reimbursement ABOUT THE COMPANY – BMCPL Boon Management Consultants Pvt. Ltd. (BMCPL) is a consultancy organization (Incorporated in 2005) that specializes in providing services for improvement of systems including capacity building, implementation of lean tools, ZED Consultancy etc. BMCPL is providing consultancy and training services to it’s clients all over India through our consultants located pan India. Besides many private and services sector clients , we are providing services to government/semi-government organizations. Some of our government clients are 33 ZILLA PARISHADS, RURAL DEVELOPMENT DEPARTMENT- GOVERNMENT OF MAHARASHTRA, OFFICE OF GOVERNOR OF MAHARASHTRA, etc. For the ZILLA parishad project done by us, RURAL DEVELOPMENT DEPARTMENT (RDD) has won National Award. MoMSME has selected Quality Council of India (QCI) which is an autonomous body under Govt. of India for implementing and Monitoring ZED scheme across India. QCI has selected BMCPL as a ZED consulting organization and also for MCLS consulting organization for pan India operations. About the ZED Scheme: The Ministry of MSME has selected the Quality Council of India (QCI), an autonomous body under Govt. of India to implement and Monitor the ZED (Zero Defect Zero Effect ) scheme across India. QCI has selected BMCPL as a ZED consulting organization for pan-India operations. The majority of the fees for this project shall be paid by govt. (Ministry of MSME/QCI) and negligible cost shall be borne by the client.The details of the scheme can be seen on govt. website zed.msme.gov.in Till date Boon has trained 150+ ZED consultants and 40+ MCLS consultants from different parts of India Like Maharashtra, West Bengal , Gujrat, Telangana, Tamil Nadu, AP, Karnataka, etc. The consultants have passed the Quality Council of India Examination and have received ZED Consultant certificate. BMCPL has 700+ MSME clients who have taken Pledge to become a ZED certified organisation. Out of this 500+ MSME clients have already received ZED Bronze certification, 200+ clients have received ZED Silver certification and others are in process to get ZED Silver/Gold certification. BMCPL has 100+ MSME clients who have taken pledge to do MCLS and out of this more than 50 MSME clients have received MCLS BASIC level certificate.