8 Cis Controls Jobs

Company Overview:? Leading with our core values of Quality, Integrity, and Opportunity, MedInsight is one of the healthcare industrys most trusted solutions for healthcare intelligence.?Our company purpose is to empower easy, data-driven decision-making on important healthcare questions. Through our products, education, and services, MedInsight is making an impact on healthcare by helping to drive better outcomes for patients while reducing waste. Over 300 leading healthcare organizations have come to rely on MedInsight analytic solutions for healthcare cost and care management. MedInsight has been ranked #1 for Payer Quality Analytics by clients for the last three years in the Best in KLAS report.?? MedInsight is a subsidiary of Milliman; a global, employee-owned consultancy providing actuarial consulting, retirement funding and healthcare financing, enterprise risk management and regulatory compliance, data analytics and business transformation as well as a range of other consulting and technology solutions.? Position Summary:? As a Penetration Tester, you will play a vital role in safeguarding our information systems by proactively identifying and mitigating security vulnerabilities. Working under the guidance of senior security professionals, you will assess the effectiveness of our cybersecurity infrastructure through simulated attacks and vulnerability assessments. This role offers the opportunity to build hands-on experience while contributing to the design and implementation of secure systems and processes. Key Responsibilities:? Conduct penetration tests on networks, web and mobile applications, APIs, and cloud environments to identify security vulnerabilities and risks. Support security architects in assessing potential weaknesses in system designs and contribute to defining secure architecture and infrastructure requirements. Identify and exploit vulnerabilities in applications and infrastructure to simulate real-world cyber threats. Facilitate and coordinate vulnerability assessments and scans, review assessment results, and oversee remediation activities for network and infrastructure devices. Document and communicate findings clearly, translating technical risk into business risk for non-technical stakeholders. Participate in educating users and new employees on security best practices, policies, and procedures. Research and stay current on emerging cybersecurity threats, attack methods, and industry best practices. Recommend improvements to enhance system security and align with internal standards and regulatory requirements. Ensure testing activities and remediation efforts align with compliance standards and privacy laws (e.g., OWASP, NIST, ISO 27001). Collaborate with senior team members to provide technical guidance and support for security initiatives. May assist in reviewing third-party security controls, especially for cloud services. Qualifications:? Minimum 4 years of experience in Application Security and Penetration Testing across networks, web/mobile apps, APIs, and cloud environments to identify vulnerabilities and risks. Familiarity with penetration testing methodologies, tools (e.g., Burp Suite, Nmap, Metasploit), and scripting languages (e.g., Python, Bash, PowerShell). Basic understanding of networking protocols, web technologies, and operating systems. Exposure to cybersecurity frameworks such as OWASP Top 10, NIST, or CIS Controls. Strong problem-solving skills, attention to detail, and ability to work as part of a team. Willingness to learn and grow within a structured, closely supervised environment. Preferred Experience:? Experience related to ethical hacking or vulnerability assessments. One (or more) relevant certifications, or ability to pass exam: GPEN, GWAPT, OSCP CTF experience (HackTheBox, VulnHub, OverTheWire, etc) Educational Requirements Bachelors degree in computer science, Information Security, or related field or equivalent work experience. What makes this a great opportunity? Join an innovative, high growth company with a solid industry track record Bring your expertise and ideas to directly impact and help build the next generation of MedInsight products and solutions Enjoy significant visibility in your work and be recognized for your wins Work for a company that values your wellbeing and professional growth, offering a flexible work environment, generous benefits package, and investment in the development of your career Milliman Benefits:? We offer competitive benefits which include the following based on plan eligibility: Supportive work culture focused on continuous learning, growth, and team collaboration Exposure to international teams and projects for broader professional experience Flexible working hours with hybrid/remote options to support work-life balance Annual health check-ups and employee wellness programs for a healthier lifestyle Employee Assistance Program (EAP) offering confidential mental health support Paid time off including vacation, sick leave, and recognized public holidays Show more Show less

As an experienced professional in Governance, Risk, and Compliance, you will be responsible for developing and maintaining information security policies in alignment with organizational goals and regulatory frameworks. Your role will involve coordinating annual reviews and obtaining executive approval to ensure policies remain relevant across various domains such as access control and secure software development. In this position, you will design and implement IT Service Management workflows and runbooks to enhance operational efficiency and promote cross-functional alignment. Additionally, you will conduct scheduled vulnerability scans and comprehensive risk assessments, leveraging AI-driven tools for automated documentation retrieval and issue tracking to support rapid response and proactive risk mitigation. Utilizing the FAIR (Factor Analysis of Information Risk) model, you will perform quantitative risk assessments and collaborate with managed advisory services to address complex governance and compliance challenges. Ensuring ongoing adherence to industry frameworks such as the NIST Cybersecurity Framework and CIS Controls will be a key aspect of your responsibilities, including implementing best practices in data encryption, business continuity, and disaster recovery planning. Furthermore, you will be involved in developing service-management metrics, continual improvement roadmaps, and establishing robust processes for production testing, release management, and lifecycle compliance. Your expertise will be crucial in advising on and implementing frameworks to strengthen corporate governance and provide effective compliance oversight across business units. To excel in this role, you should have a minimum of 10 years of experience in Governance, Risk, and Compliance roles, with proven expertise in policy development, control mapping, and executive communication. Strong cross-functional experience, especially in cybersecurity, automation, and cloud environments, will be essential. Demonstrated success in leading vulnerability scanning, enterprise risk assessments, and a deep understanding of FAIR risk management methodologies are required. You should possess in-depth knowledge of NIST CSF and CIS standards, as well as hands-on experience in data encryption, business continuity planning, and disaster recovery. Proficiency in designing service-management metrics, improvement roadmaps, and production/release processes is necessary. Excellent written and verbal communication skills, along with the ability to engage stakeholders at all organizational levels, are key qualities for this role. Please note that this position requires support in the US Eastern Time (ET) zone and does not involve rotational shifts.,

#Dear Associates, #Hope you are doing well & Safe! #Greetings from Rrootshell #We have URGENT & MULTIPLE Requirements and Hiring for #GRC Analyst Position. # Work Location: Bangalore (Hybrid) #This is for FULL -TIME role Required Skills: Role: GRC Analyst Must-Have Skills: Duties (Shortened): Conduct vendor risk and technical security assessments (API, SFTP, etc.) Validate secure third-party integrations Support customer security audits and assessments Maintain customer trust documentation Key Skills (Shortened): Strong knowledge of security frameworks : ISO 27001, NIST 800-53, CIS, SOC2, PCI DSS Expertise in vendor risk assessments , security architecture, and IT controls (COBIT) Hands-on with security domains : IAM, network security, data protection, SDLC, encryption Familiar with tools like OneTrust for audit and vendor risk management Certifications: CISSP, CISA, CISM, CEH , ISO 27001 (preferred Excellent communication, detail-oriented, and eager to learn #Preferring for IMMEDIATE JOINERS OR max 15 Days notice. If you are interested, kindly share your UPDATED resume with jobs@rrootshell.com LinkedIn ID : linkedin.com/in/sai-naveen-muntha-b4a608188 Regards Sai Naveen Muntha +91 8328316642

Job Title: Sr GRC Analyst Duration: Full time role Location: Bengaluru (Hybrid) Note: Looking for immediate joiners OR who can join in at least 20-30 days of notice. Job Description: Duties: Perform vendor risk assessments against all security domains Perform technical implementation assessments from a security perspective related to vendor integrations (i.e. API integrations, SFTP integrations, etc.) to validate the secure implementation of the third party service at the client Maintain and expand Customer Trust knowledge base Support customer security assessment requests Support customer audits Skills: Excellent understanding and practical application of industry security frameworks including SANS Critical Security Controls, CIS Controls, ISO 27001, NIST SP 800-53, PCI DSS, and SOC2. Great understanding of IT control frameworks (COBIT) and IT general controls Strong knowledge of information security concepts, risk and controls concepts Strong knowledge of standards such as ISO 27001/2, NIST CSF, NIST 800-53, TSC 2017 (SOC2), PCI DSS, etc. Strong knowledge of security control domains such as Asset Management, Configuration Management, SDLC, Logging and Monitoring, Data Security, Network Security, Security Governance, Identity Access Management, Vulnerability Management, etc. Proficiency in a wide spectrum of technical security controls encompassing logical access control, encryption , data loss prevention, secure coding practices, security architecture, vulnerability management, and network security technologies. Expert in conducting Vendor risk assessments and understand risk exposure of technology deficiencies and translating them to business impact Strong domain experience in security risk assessments Working knowledge of risk treatment and exception processes Strong knowledge of Security architecture design and review including key security controls related to authorization, authentication, and encryption of data in transit/at rest Ability to configure and/or maintain 3rd party customer audit management tools (such as OneTrust Compliance Automation or a similar tool) for automated evidence collection to support customer audits is a plus Ability to configure and/or maintain 3rd party vendor risk management tools (such as OneTrust vendor assessment or a similar tool) for third party risk assessments is a plus One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer Open to learning and working on new domains and technology Good written and spoken communications skills to explain and articulate technical concepts effectively to stakeholders including system engineers, and auditors Strong attention to detail and diligence

Job description The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level:8 + years. Location: Hyderabad / Bengaluru Required skills: 6 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA

Job description The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level:5 + years. Location: Hyderabad / Bengaluru Required skills: 4 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA

Job description The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level: 3+ years. Location: Hyderabad / Bengaluru Required skills: 3 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA

Job Summary: We are seeking an experienced Cybersecurity Strategy & Security Engineer to develop and implement security policies, frameworks, and architectures that align with organizational goals. This role is critical for defining security roadmaps, evaluating current capabilities, and ensuring robust protection across networks and cloud environments. We are looking for immediate joiners or a notice period less then a month is preferrable. Work from office and will have rotational shifts. Key Responsibilities: Develop and maintain IT security policies and standards for infrastructure components (firewalls, routers, VPNs, etc.) Design and implement cybersecurity strategies and roadmaps aligned with business objectives Conduct risk and maturity assessments and recommend security improvements Evaluate and integrate new security technologies and authentication protocols Provide expertise in network security architecture and cloud security across AWS, Azure, or GCP Collaborate with stakeholders to identify critical business functions and ensure alignment of security initiatives Reference and implement industry-standard frameworks like NIST 800-53, CIS Controls, ISO 27001, SOC 2 Mandatory Skills: Proven experience in security policy & standards development Deep understanding of security frameworks : NIST, CIS Controls, ISO 27001, SOC 2 Expertise in security strategy and roadmap development Strong background in network security architecture Cloud security knowledge in AWS, Azure (preferred), or GCP Familiarity with tools like Firewalls, WAF, VPN, EDR/XDR , and cloud-native tools (e.g., Prisma, Microsoft Defender for Cloud Apps, Azure Firewall ) Strong grasp of security reference architectures across domains like application, network, and data security Preferred Qualifications: Experience with security risk assessments, cost analysis, and security maturity evaluations Knowledge of security standards and compliance requirements (e.g., PCI-DSS)