Business Title Lead - Zero Trust and IAM Region APAC Country India What we look for 8+ years experience implementing enterprise Identity and Access Management (IAM), Privileged Access Management (PAM) solutions (e. g. Saviynt, Okta, SailPoint, Ping Identity, Omada, Microsoft Identity Manager, Beyond Trust, CyberArk or equivalent IAM solution) in client environments. Familiarity with Zero Trust Network Architecture is desirable Familiarity with service now Ticketing and CMDB is desirable Design, build, operate and automate security solutions and processes to protect the integrity of the organizations networks, systems, applications and data. Experience developing technical strategies, architectures, and roadmaps. Outstanding communication and presentation skills. Able to articulate complex, technical concepts to non-technical audiences. Respond to security incidents, including data breaches, and coordinate with other IT teams to mitigate the impact of any security breaches. Preferred Experience hardening security for Active Directory, Windows, *nix OS. Experience with IDaaS providers such as Microsoft, Okta, Ping Identity, Google Cloud Identity Experience with cloud architectures particularly Azure, AWS, GCP native IAM controls. Experience with Identity Governance processes and solutions such as Saviynt, SailPoint, Ping Identity or equivalent. Experience with Microsoft 365, Active Directory, SAML, OIDC Knowledge of Applied Cryptography and PKI Manage and network security infrastructure Firewall configuration and rule management Cloud proxies services Network Access control Employee and Partner remote access VPN services Cloud based Web application firewall Development knowledge e. g. Python, Java, C#, . NET, Web Services (SOAP/REST/RESTful, APIs), Shell programming/scripting Preferred Network Infrastructure Security background in both on prem physical security components (firewalls, IDS/IPS , remote access and internet proxies) as well as cloud security services (Zscaler , Azure, GCP). Strong experience of working on SIEM tools like Splunk to analyse logs and correlate events. Experience with User Behaviour Analytics Workday, SAP, Salesforce Experience with MDM capabilities such as Intune or AirWatch Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST, HIPPA-HITECH, HITRUST, PCI, GDPR) Certifications CISSP or SANS, GIAC, CIMP, CEH, CISM or CISA certifications is a plus OKTA - Professional or Consultant is a plus Google/AWS/Microsoft Professional Cloud Architect is a plus Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law . If you are an individual with a disability and you require an accommodation during the application process, please visit www. johnsoncontrols. com/careers .

Job Code Job Code Name Business Title Zero Trust and IAM Eng II Region APAC Country India Grade 172 What we look for 5+ years experience implementing enterprise Identity and Access Management (IAM), Privileged Access Management (PAM) solutions (e. g. Saviynt, Okta, SailPoint, Ping Identity, Omada, Microsoft Identity Manager, Beyond Trust, CyberArk or equivalent IAM solution) in client environments. Familiarity with Zero Trust Network Architecture is desirable Familiarity with service now Ticketing and CMDB is desirable Design, build, operate and automate security solutions and processes to protect the integrity of the organizations networks, systems, applications and data. Experience developing technical strategies, architectures, and roadmaps. Outstanding communication and presentation skills. Able to articulate complex, technical concepts to non-technical audiences. Respond to security incidents, including data breaches, and coordinate with other IT teams to mitigate the impact of any security breaches. Preferred Experience hardening security for Active Directory, Windows, *nix OS. Experience with IDaaS providers such as Microsoft, Okta, Ping Identity, Google Cloud Identity Experience with cloud architectures particularly Azure, AWS, GCP native IAM controls. Experience with Identity Governance processes and solutions such as Saviynt, SailPoint, Ping Identity or equivalent. Experience with Microsoft 365, Active Directory, SAML, OIDC Knowledge of Applied Cryptography and PKI Manage and network security infrastructure Firewall configuration and rule management Cloud proxies services Network Access control Employee and Partner remote access VPN services Cloud based Web application firewall Development knowledge e. g. Python, Java, C#, . NET, Web Services (SOAP/REST/RESTful, APIs), Shell programming/scripting Preferred Network Infrastructure Security background in both on prem physical security components (firewalls, IDS/IPS , remote access and internet proxies) as well as cloud security services (Zscaler , Azure, GCP). Strong experience of working on SIEM tools like Splunk to analyse logs and correlate events. Experience with User Behaviour Analytics Workday, SAP, Salesforce Experience with MDM capabilities such as Intune or AirWatch Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST, HIPPA-HITECH, HITRUST, PCI, GDPR) Certifications CISSP or SANS, GIAC, CIMP, CEH, CISM or CISA certifications is a plus OKTA - Professional or Consultant is a plus Google/AWS/Microsoft Professional Cloud Architect is a plus Johnson Controls International plc. is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law . If you are an individual with a disability and you require an accommodation during the application process, please visit www. johnsoncontrols. com/careers .

Some careers have more impact than others. If you re looking for a career where you can make a real impression, join HSBC and discover how valued you ll be. HSBC is one of the largest banking and financial services organizations in the world, with operations in 62 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realize their ambitions. We are currently seeking an experienced professional to join our team in the role of Manager Business Financial Crime Risk INTELLIGENCE Principal responsibilities Financial crime risk intelligence team will act as a central pivot coordinating with regions and Data Analytics Office, scoping / enhancing requirements, scoping reviews, maintain / further develop CIBs thematic review framework The role holder will develop thematic enquiries with stakeholders and then assess data outputs provided by DAO to perform deep dive thematic reviews targeted at specific Customer populations, across financial crime risk typologies or emerging risks covering Anti-money laundering Team will perform un-structured, data-led testing and analysis to identify new typologies and clusters of risk within the CIB portfolio. Across non-financial risk taxonomy, the role holder will seek to pre-emptively spot emerging risk to crystalize or identify control gaps/ risk in order to quickly remediate issues. Findings will be shared across the Business, to inform senior management of emerging issues and to support additional actions such as cultural assessments and / or control enhancements. Cross non-financial risk typologies / taxonomy would include financial crime risk (product, sector and Client risk), Fraud risk (cross typologies), Sustainability & Climate risk, Operational risk, including product and sector risk across Commercial and Global Banking businesses and Ops. resilience and information security risk (at user level) Facilitating the planning and execution of Business Risk assessment activity and recommending ways to enhance CIB s ability to recognize and manage Business Risks Oversight for the identification of financial crime risk, undertaking all actions necessary to mitigate potential risks via thematic / adhoc reviews Contribute to the strengthening of critical thinking by providing SME guidance to frontline colleagues to develop understanding and management of Non-Financial Risk exposure, through ongoing feedback from assessments Support CIB Senior Management on Business Risk management and generally assisting them with the resolution of compliance and operational risk problems in liaison with local risk stewards, FIU and other SMEs Provide guidance and support to CIB sites in conjunction with experts across the financial crime divisions, and other offices Collaborate with audit, compliance and Business risk counterparties in CIB sites to achieve objectives on a global level Develop and Execute detailed thematic testing plans in line with Thematic Review Operating Framework and LoBP. Maintain an in-depth understanding of at least 2/ 3 areas of cross risk typologies within CIB Business Risk Contribute towards meeting Key Risk Indicators (KRIs) so that the business effectively controls and mitigates risk The job holder exercises a high degree of autonomy to perform the responsibilities independently. He/she will operate under guidance from the Thematic Review Team to uphold and enhance the quality with which Business Risk is identified and mitigated by CIB FLOD (First Line of Defense) Requirements Experience of Business risk, Corporate & Institutional Banking. Solid knowledge and experience in processes, Bank systems and/or project management Experience in Anti-money laundering investigations Ability to manage a technical risk team Evidence of leading project implementation or performing a business analyst role for risk management in one or more risk typologies Experience and knowledge of of deep dive / risk investigation, assurance, compliance and forensic audit Ability to understand and interpret large set of risk data Certifications in one or more risk typologies CFE, ACAMS, FRM GARP, PRIMIA Ops. risk management, CIA, CISA etc. Experience in working with data tools analysis tools such as Python, SQL, SAS or similar essential Ability to apply judgement and critical through to identify risks and issues in customer profiles/ transactions/ financial statements Ability to communicate with senior members of frontline teams, Business Risk / Risk Stewards, Compliance and Audit Adequate understanding of risk and controls Strong verbal & written communication skills that translates to asking the right questions, understanding the tasks, and communicating ideas and actions clearly. Presentation skills: reporting progress, issues, dependencies, and risks to working groups and decision-making forums. Strong problem-solving & data proficiency skills with proven expertise in MS excel, PowerPoint, etc. You ll achieve more at HSBC HSBC is an equal opportunity employer committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and, opportunities to grow within an inclusive and diverse environment. We encourage applications from all suitably qualified persons irrespective of, but not limited to, their gender or genetic information, sexual orientation, ethnicity, religion, social status, medical care leave requirements, political affiliation, people with disabilities, color, national origin, veteran status, etc. , We consider all applications based on merit and suitability to the role. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

We seek a professional with 5-7 years of postgraduate experience in IT General Controls, SOX 404, GRC,SOC & ITAC, preferably CISA certified. Apply now at heena@yeslandmark.com or call 7019111984

The ideal candidate should be responsible for security analysis by connecting the loose ends using security information from various tools and processes to improve the cyber processes and for protecting the Bank from cyber-attacks. To manage Cybersecurity Incident response within the Bank To manage Red/ Blue Team exercises, VAPT of Applications and Infrastructure, review the reports and ensure closure. Creation/ Review of Information Systems Security Policies and procedures Periodic Review of security tools and processes like Firewall / IDS & IPS / WAF / DAM logs / PIM logs / System logs To understand, implement, monitor and review of various regulatory/ compliance frameworks like ISO 27001, PCI DSS, etc., on need basis. To ensure compliance with various Cybersecurity controls as per the regulatory framework. Vendor management periodic MIS & SLA reviews, payments & penalties, renewal of support contracts and licenses in timely manner. recognized university. Desirable: Certifications like: CISM / CISSP / CISA / CRISC / ISO 27001:2013 / PCI DSS / CEH / OSCP/ etc. 8+ years of Experience Knowledge of RBI Guidelines on IS/ Cybersecurity. Prior experience in IT Governance, Policy & procedures, Application security assessment / VAPT (preferably Hands On).

We are seeking an Identity & Access Management Analyst to join our IAM Governance Team. As an IAM Governance Analyst, you will be responsible for maintaining Prioritys secondary controls regarding access security. Duties include executing daily, weekly, and monthly reviews of user access across multiple applications, deploying and managing large scale review packages associated with semi annual SOX audits, and compiling and providing evidence to third-party auditors. You will also be expected to pull reports and provide data to stakeholders on a scheduled or ad-hoc basis. You will work with critical and sensitive information on a daily basis, and shall be relied upon to maintain user security safeguards. This position level works on technology and security administration issues of limited scope and complexity. The position requires a basic level systems administration proficiency and analytical capability to exercise judgment within defined procedures and practices to determine appropriate action. In order to be successful, you must have the ability to provide a broad level of support to relevant parties, both internal and external, to identify potential areas of risk in our current controls, and recommend improvements for efficiency and enhanced security in the IAM space. As a member of Prioritys Security and Compliance group, you will drive, develop, and maintain solutions for clients and colleagues. This is an exciting time of technology advancement and innovation across the organization, particularly within our technology teams. Responsibilities: Partnering with internal business units to address security and access control operational issues and requirements, including periodic reviews of access control lists for verification of users. Providing audit-related evidence on time. Coordinate with Internal Audit and Security teams to compile evidence packages for third party auditors. Build and maintain proficiency with applicable security and IT systems through a combination of on-the-job training, self-paced coursework, and formal training courses provided by the bank for ongoing professional development. Participate in other security support projects and duties as needed or requested. Requirements Minimum Requirements: Minimum of 2 years experience in IT system administration, application software support and basic operations. Demonstrated experience providing end-user support for large corporate applications in a networked environment. Strong knowledge of Windows server operating systems and environments, Working proficiency of Microsoft IIS and Microsoft Active Directory Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with internal clients. Strong commitment to working as a team and providing excellent customer service. Preferred Requirements: Exposure to the financial industry or equivalent highly controlled IT systems environment. Understanding of common security frameworks (NIST, CIS, ISO). Familiarity with the Sarbanes-Oxley (SOX) auditing standard Previous experience writing simple automation scripts using any language (VBScript, PowerShell, etc.). A Bachelor's degree in business or computer science is highly desired. Security certifications (CISSP, CISA, etc.) are highly desired. System administration certifications (CCNA, MCSA, etc.) highly desired.

Key Responsibilities: Participate in planning, execution, and reporting phases of technical cyber based audits in line with industry standards and best practices. Ensure the timely and effective execution of all planned cyber and tech risk audits. Majorly drive the execution of audits fieldwork to ensure thorough and effective assessments of IT and cybersecurity controls by utilizing appropriate audit methodologies and tools (e.g., risk-based auditing, data analytics). Follow up on Management Action Plans (MAPs) / audit findings to ensure timely and effective remediation of identified issues. Assist the leadership in Risk Assessment activities and collaborate with stakeholders to help identify and prioritize key IT and cyber risks. Use of Data Analytics to analyse artifacts and derive the audit findings. Stay updated on emerging IT risks and controls, including cloud computing, cybersecurity threats, and data privacy regulations. Help document audit findings, audit reports, and participate in stakeholder meetings. Required Technical Skills: Proficiency in Networking, DLP, Endpoint and Cloud technologies (AWS, Azure, Google Cloud). Knowledge of cybersecurity principles and practices as well as sound understanding of Artificial Intelligence and its applications. Proficiency in Vulnerability Assessment and Penetration Testing (VAPT) and Red-teaming exercises. Extensive experience with IT Infrastructure technologies as well as sound understanding of Disaster Recovery and Resiliency. Proficiency in using audit tools and techniques (e.g., data analytics, risk assessment software). Soft Skills: Excellent interpersonal and communication skills. Strong report writing and documentation abilities. Ability to multi-task and work collaboratively with cross-functional teams. Strong project management and organizational skills. Qualifications: Bachelor's or Master's degree in Computer Science, Engineering, Information Technology, or a related field. Relevant certifications such as CISA, CISSP, or equivalent are preferred. Minimum of 6 years of experience in a similar role. Experience in technology audits, added advantage with a background in Big4 audit firms. Proven track record of leading technology audit projects and teams. What we offer: High visibility to leadership and the opportunity to make a significant impact. A collaborative and innovative environment. The chance to work on state-of-the-art technologies and solutions. A role that combines strategic thinking with hands-on execution.

Information Security Risk Analyst - TDI CSO The Technology Data Innovation (TDI) Chief Security Office (CSO) comprises both Corporate Security and Information Security. We run security operations globally to protect the banks people, infrastructure, processes, and information. CSO Governance and Control conducts proactive Information Security (IS) controls assess ability and applicability reviews for the emerging technologies to design adaptable IS assessment framework to appropriately assess the security requirement for relevant applications and infrastructures. The role holder would mainly be working on assessments and remediation across the globe to ensure that the Information Securityrequirements for various assets within the Bank are safeguarded and mitigated from any potential risks which can include - Reputational, Financial & Regulatory. Your key responsibilities: Display strong knowledge of Information Security as this is an SME role for reviewing Risk & Control Assessments as per IS policy and ISO 27001. Work with governance, risk, and compliance (GRC) tools such as ServiceNow, should be familiar with national and international regulatory frameworks like NIST, ISO, SOX, EU DPD, PCI DSS, and GDPR and additional knowledge on Regulatory requirements/controls like MAS, CAM and PSDII to support stakeholder requirement. Display strong knowledge and understanding of Information security controls (ISO) and mitigation/remediation solutions. SME Knowledge on the BAU activities and have mentality to contribute for the daily BAU task as and when required. Take the responsibility/ownership to cover the portfolio end to end. Collaborate with process owners, internal auditors, external auditors, and other stakeholders to assist in reviewing, monitoring, and resolving findings. Ability to successfully manage third-party audits, compile evidence, and organize audit responses. Manage scope of deliverables and expectations and ensure clear and concise communication to onshore team members and other stakeholders. Provide process improvement inputs to various stakeholders. Build strong relationships with various stakeholders, including but not limited to: Portfolio Owners, Divisional ISOs, Business owners, Application & Technology owners, Risk Managers to complete Information Security Risk & Control Assessments and Remediation management. Design strategic programs and solutions to implement effective information security objectives throughout the organization. Proactively seek ways to improve upon existing practices and processes. Display insight and ability in identifying issues and develop successful solutions. Communicates openly with management and the internal stakeholders; keeps them informed of potential risk and escalate problems/delays accordingly to avoid / minimize the impact. Work with multiple, distributed teams (across different locations) Develop key operational procedures and policies where necessary and ensure adherence to all such defined policies. Represent the process in other forums, provide inputs for the monthly and quarterly dashboards with performance and with any challenges faced or suggestions to improve the quality. Proactively develop and maintain professional consultative working relationships with the CSO function, stakeholders and respective support areas and will use a range of approaches to collect relevant information to assess key risks. Your skills and experience: Significant work experience in the Information Technology / Information Security area Proven capabilities / competencies in mitigating the Information Security / Application Governance / IT Control etc. Clear understanding of the relationship between IS risk and how this applies to business processes. Professional / industry recognized certifications (e.g., CISA, CISM, CRISC etc.) are highly beneficial to cover a broad range of Information Security areas where relationship with the business or IT is required. Strong understanding of service delivery and relationship management Project management, Agile methodology, analytical and practical problem-solving skills. Ability to monitor, track and clearly communicate progress, escalate issues when appropriate. Good understanding of data and skillset to produce effective reports using Excel, Macro, or other reporting tools. Experience with data visualization tools like Tableau, Power BI, etc., Proficiency in Data Analytics Skills in Python, added advantage to languages such as SQL for data manipulation and analysis. Ability to understand the latest cybersecurity threats, attack vectors, attack techniques and emerging trends through threat intelligence sources and communities. Experience in global teams across different time zones and within a matrix environment. Professional and strong verbal and written communication skills and the ability to communicate on all hierarchy levels. Self-driven, eager to learn and well-organized team player.

Business Development will spearhead the efforts to establish and grow a network of business partners delivering cybersecurity training courses in Eastern and North-Eastern India Partnership Development, Building and Managing a Regional Team, Spreading Regional Awareness of Cybersecurity Certifications, Organising Webinars, Conferences, and Events, Strategic Market Engagement Ability to build and lead teams effectively in a dynamic and competitive environment. Strong event management and marketing acumen. Data-driven decision-making with excellent reporting and analysis capabilities. Readiness for extensive travel across Eastern and North-Eastern India. CISSP, CEH (Certified Ethical Hacker), and CISA, CompTIA Security+, strategic roadmap

Number of Openings 1 Offshore ECMS ID in sourcing stage Demand Id - 103863Y25 Assignment Duration 6+ months Total Yrs. of Experience 10+ Relevant Yrs. of experience 6+ Detailed JD (Roles and Responsibilities) ### **Job Overview:** We are seeking a highly skilled **CyberArk Implementation Specialist** to join our growing team. The ideal candidate will be responsible for implementing, configuring, and supporting the deployment of CyberArk Privileged Access Management (PAM) solutions. The candidate will work closely with IT teams and stakeholders to ensure that CyberArk solutions meet organizational security requirements and are properly integrated with existing systems. ### **Key Responsibilities:** - Lead the implementation and deployment of CyberArk solutions for Privileged Access Management (PAM). - Design, configure, and implement CyberArk components (including Vault, Central Policy Manager (CPM), and Password Vault Web Access (PVWA), PSM, CCP, CP, HTML5GW, PSMP, PTA etc.). - Integrate CyberArk with existing enterprise systems, including Active Directory, SIEM, and other IAM tools. - Familiarity with SIEM systems such as Splunk, ArcSight, or QRadar. - Provide guidance and best practices for the design and configuration of CyberArk components. - Conduct CyberArk security assessments and ensure the solution adheres to security best practices. - Troubleshoot and resolve issues related to CyberArk components, including Vault, CPM, PVWA, PSM, CCP, CP, HTML5GW, PSMP, PTA etc. - Knowledge on creating custom PSM web connectors using Auto IT and webforms. - Collaborate with database administrators and IT teams to integrate CyberArk CPM for managing privileged credentials across a wide range of database environments (e.g., Oracle, SQL Server, MySQL, PostgreSQL, MSSQL, MongoDB etc.). - Configure PSMs properly to work with different database environments (e.g., Oracle, SQL Server, MySQL, PostgreSQL, MSSQL, MongoDB etc.). - Develop and deliver training for internal teams on CyberArk use and security best practices. - Maintain detailed documentation for CyberArk implementations, configurations, and procedures. - Monitor and ensure the continuous health and performance of CyberArk systems. - Work with security and compliance teams to ensure that the solution is fully compliant with regulatory requirements (e.g., SOX, PCI, HIPAA). - Assist with CyberArk upgrades, patches, and version control. - Report Generation: Experience using CyberArks Client Reporter and Telemetry tools to generate and analyze operational reports. - Policy and Reporting: Experience in creating/modifying master policies, and generating reports on safes and user activity. - Health Checks & Monitoring: Performing health checks on CyberArk infrastructure and monitoring various components to ensure system integrity and uptime. - Change Management: Proven experience in managing change processes, including preparing and executing delivery plans during Change Advisory Board (CAB) reviews. - Incident Handling: Responsible for managing complex and escalated incidents and requests with a focus on resolving issues efficiently. - KPI Compliance: Ensuring adherence to KPI metrics for incident and service request resolution, including timely communication and escalation procedures. - Stakeholder Communication: Providing input and updates to stakeholders involved in critical incidents, particularly during outages or system failures. - Disaster Recovery & Failover: Solid knowledge of CyberArk disaster recovery, failover and failback mechanisms to ensure availability and business continuity. - Vault Data Backup: Experience in Vault Data Backup processes for ensuring critical data is securely backed up and protected. **Certifications:** - CyberArk Certified PAM-Defender - CyberArk Certified PAM-Sentry (preferred) - CyberArk Certified PAM-CDE (preferred) - Other relevant security certifications (CISSP, CISM, CISA) are a plus. Mandatory skills **Experience:** - Minimum 3-5 years of experience with CyberArk Privileged Access Management (PAM) solution implementations. - Strong understanding of CyberArk components such as Vault, CPM, PVWA, PSM, CCP, CP, HTML5GW, PSMP, PTA etc. - Experience integrating CyberArk with Active Directory, SIEM, and other enterprise security systems. - Familiarity with IT security best practices, especially around privileged access and identity management. - **Technical Skills:** - Strong knowledge of Windows and Linux operating systems. - Experience with scripting languages (PowerShell, Python, AutoIT etc.) for automation and customization. (Good to have) - Experience with various authentication protocols (LDAP, RADIUS, etc.). - Understanding of IAM (Identity and Access Management) concepts, including RBAC (Role-Based Access Control) and least privilege access. - Server Administration: Proficient in Linux Red Hat 7/8, Windows Server 2016/2019/2022 administration. Desired/ Secondary skills Soft Skills:** - Strong problem-solving and troubleshooting skills. - Excellent communication and collaboration skills. - Ability to work independently and as part of a team. - Detail-oriented with strong organizational skills. Domain Cyber Security Max Vendor Rate in Per Day (Currency in relevance to work location) 12000 INR / Day Work Location given in ECMS ID Hybrid WFO/WFH/Hybrid WFO Hybrid BG Check (Before OR After onboarding) Pre onboarding Is there any working in shifts from standard Daylight (to avoid confusions post onboarding) YES/ NO Yes

Key Responsibilities: Conduct ISMS (ISO 27001) follow-up audits to verify compliance and track remediation efforts. Perform Gap Assessments against ISO 27001 and other security standards to identify control deficiencies. Lead or support BCMS (ISO 22301) audits and assessments, providing clear insights and recommendations. Prepare and deliver professionally written reports with actionable findings and clear summaries. Collaborate with internal teams and stakeholders to communicate risks, gaps, and proposed improvements. Support the design and enhancement of security governance processes as required. Requirements Qualifications: Minimum 5 years of experience in Information Security, GRC, or Risk & Compliance roles. Proven expertise in ISO 27001, including implementation, audits, and compliance reporting. Good knowledge of ISO 22301 and BCMS frameworks. Familiarity with other standards such as NIST CSF, ISO 27005, or local regulatory frameworks is a plus. Strong analytical and documentation skills, with the ability to write professional audit/assessment reports. Excellent communication and stakeholder engagement skills. Relevant certifications such as ISO 27001 Lead Auditor, ISO 22301 Lead Auditor, CISA, or CISM are highly desirable.

Senior Internal Auditor - India, Chennai - Hybrid, Office-Based ICON plc is a world-leading healthcare intelligence and clinical research organization. We re proud to foster an inclusive environment driving innovation and excellence, and we welcome you to join us on our mission to shape the future of clinical development Reporting to the Senior Manager of Internal Audit, you will join a fast paced and dynamic internal audit team supporting ICONs mission - to help its clients accelerate the development of drugs and medical devices that save patient lives and improve their quality of life. As a key member of the ICON Group Internal Audit team, you will perform internal control, financial and operational audits for ICON plc, with emphasis on global project governance and risk assurance. What You Will Be Doing: Manage various Sarbanes-Oxley (Sox) testing and reporting requirements across ICONs Divisions globally. Lead walkthroughs and risk assessments with process owners Review documentation and assess results to ensure adequate control design and identification of key controls Serve as a main SOX contact for coordination with external auditors related to testing requirements/requests and issues Perform risk based internal audit assignments across ICONs Divisions globally. Consistently evaluate the adequacy and effectiveness of internal controls and compliance, relating to risks across all aspects of ICON. Co-ordinate & deliver quality audit reports containing realistic recommendations, agreed with Management ensuring they are achievable, cost effective and contribute to the business. Play an active role in ensuring any potential operational risk issues and matters, are monitored and communicated effectively. Collaborate with the Senior Manager of Internal Audit on relevant Audit Committee engagements. Analyse large amounts of data in an efficient and accurate manner, using your IT acumen. Familiarise yourself with the In-house SOX tool and look for ways of enhancing its use. Foster good working relationships with global cross-function teams in the business. Promote the Internal Audit brand internally and encourage stakeholders to engage with Internal Audit. Motivate, coach and develop more junior team members to excel in their roles and advance professionally. Your Profile: Bachelors degree in Accounting, Finance, or a related field (Relevant certifications such as CPA, CIA, or CISA are a plus). Must have extensive SOX experience to be considered for this role Big 4 trained preferred 3 years + Audit experience required Post qualification experience in industry preferred Strong Analytical Skills with Good IT Acumen. Strong report writing skills, excellent attention to detail and time management skills What ICON can offer you: Our success depends on the quality of our people. That s why we ve made it a priority to build a diverse culture that rewards high performance and nurtures talent. In addition to your competitive salary, ICON offers a range of additional benefits. Our benefits are designed to be competitive within each country and are focused on well-being and work life balance opportunities for you and your family. Our benefits examples include: Various annual leave entitlements A range of health insurance offerings to suit you and your family s needs. Competitive retirement planning offerings to maximize savings and plan with confidence for the years ahead. Global Employee Assistance Programme, TELUS Health, offering 24-hour access to a global network of over 80,000 independent specialised professionals who are there to support you and your family s well-being. Life assurance Flexible country-specific optional benefits, including childcare vouchers, bike purchase schemes, discounted gym memberships, subsidised travel passes, health assessments, among others. Visit our careers site to read more about the benefits ICON offers. At ICON, inclusion & belonging are fundamental to our culture and values. We re dedicated to providing an inclusive and accessible environment for all candidates. ICON is committed to providing a workplace free of discrimination and harassment. All qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application process, or in order to perform the essential functions of a position, please let us know or submit a request here . Interested in the role, but unsure if you meet all of the requirements? We would encourage you to apply regardless - there s every chance you re exactly what we re looking for here at ICON whether it is for this or other roles. Are you a current ICON Employee? Please click here to apply

Experience: Minimum of 2-4 years of experience in third-party risk management, information security, or audit programs. Experience with Venminder and other TPRM platforms. Preferred certifications include CISSP, CRISC, CISM, CISA, CTPRP, ISO, SSAE Degree in Management, Finance, Business, Computer Science, Information Systems, or a related field. Skills: Knowledge of industry regulations and compliance standards. Ability to conduct thorough risk assessments and develop mitigation strategies. Strong attention to detail and organizational skills. Strong data entry skills. Excellent communication, customer service and interpersonal abilities. Will be interacting with many areas of the business as well as Senior stakeholders. Proficiency in TPRM Platforms, Microsoft Office Suite and/or other systems. Ability to work independently and collaboratively in a team environment. Ability to work quickly and effectively under pressure and time constraints. Strong English communication skills (written and spoken) with ability to explain issues and remedies.

This job is responsible for performing moderately complex Issues QA reviews (control failures/control weaknesses) across the Global Technology organization. Key responsibilities include designing and executing reviews for multiple issues of any type severity within a technical domain / organization as identified by the Issues Lead. This issue reviewer may have one or more junior reviewers aligned to assist. In this role, it is expected the reviewer will already possess a rich Issues QA acumen and a thorough understanding of the assigned LOB/CIO. Also, deep knowledge of the industry is required. This resource will promote teamwork, diversity and share experiences. An awareness and application of operational excellence and an efficiency mindset will be developing. Responsibilities: To execute review activities according to the instructions given by the Issues Lead and follow issues review documentation requirements. Develop test approach to leverage during review of assigned Issues To interact with business lines, control, and governance groups in order to gain understanding of business processes and controls. To fully comply with corporate standards and regulatory requirements. Identifies deficiencies, discusses with line management, and initiates recommendations Establishes business partner relationships, primarily with line management, to develop business knowledge Executes QA strategy by executing sound QA practices, leveraging automation and innovative methods, and delivers in a timely and high-quality manner Exercises intellectual curiosity and judgment to effectively influence and challenge management to drive continuous improvements on QA Develops skills to use innovative tools to complete review activities more efficiently

Roles and Responsibilities Analyze data from various sources (e.g., logs, metrics) to identify trends and patterns that may impact product or service quality. Conduct quality assurance activities to ensure compliance with industry standards, regulations, and company policies. Identify areas for improvement and implement corrective actions to maintain high-quality products and services. Collaborate with cross-functional teams to develop test plans, test cases, and execute testing activities. Develop reports on quality metrics and provide recommendations for process improvements. Please share the resume to Gayathri.srinivas@wipro.com

Role & responsibilities Evaluate whether audited functions (e.g., HR, Finance, Admin, IT, Compliance) effectively support business scalability, operational continuity, and customer/field responsiveness. Identify areas for cost optimization, process simplification, and performance improvement through data-driven audit execution. Ensure timely and high-quality audits with comprehensive documentation, robust control testing, and actionable reporting aligned with RBI/internal policies. Detect and escalate systemic, cross-functional, or high-risk issues based on recurring control weaknesses or process gaps. Track and validate auditee responses, action plan closures, and improvements from prior audits. Contribute to checklist updates, risk coverage enhancement, and automation/digital tool adoption. Test compliance with internal policies, RBI/SEBI guidelines, and ensure accurate reporting of any deviations. Build strategic alignment with functional stakeholders through effective engagement, observation contextualization, and collaborative problem-solving. Demonstrate audit professionalism by adhering to IIA standards, upholding ethics, and maintaining a learning mindset. Adhere to internal audit methodology, documentation standards, and quality assurance processes. Participate in continuous improvement of audit tools, checklists, and scorecards. Draft audit observations, reports, and executive summaries. Present findings to process owners and senior management. Track closure of audit issues and validate corrective actions. Preferred candidate profile Strong understanding of internal controls, risk management, and governance frameworks. Sound analytical, problem-solving, and report-writing skills. Proficiency in MS Excel, Word, PowerPoint; familiarity with audit tools and ERPs is an advantage. Excellent interpersonal and communication skills. Ability to work independently and manage multiple assignments. Exposure to NBFCs/MFIs or regulated financial services or / CIA / CISA or other relevant certifications is highly desirable. Knowledge of core corporate processes and related regulatory requirements (especially RBI/SEBI/Companies Act).

Key Skills & Competencies: Strong interpersonal, communication and presentation skills across all levels of the organization. Strong understanding of IT systems architecture, enterprise applications, and infrastructure . In-depth knowledge of information security principles, frameworks, and technologies . Ability to manage multiple projects and teams simultaneously . Stay updated on industry trends, emerging technologies, and cybersecurity threats. Experience with risk assessment, security audits and regulatory compliance. Leadership in vendor management, IT budgeting and proc Mandatory Certification (Any one) • Certified Information Systems Auditor (CISA) or • Certified Chief Information Security Officer (CCISO) or Certified Information Systems Security Professional (CISSP) IT Management: Act as a Subject Matter Expert (SME) in IT projects and guide teams on application/system level impacts. Monitor daily IT operations, provide production support, and troubleshoot complex technical issues within TAT. Evaluate, procure, and manage cost-effective IT infrastructure, software, and technology services. Ensure effective IT asset lifecycle management. Analyse business requirements and assess technical solutions for stability, scalability, and integration. Information Security Establish and enforce information security policies, standards, and procedures. Proactively identify, assess, and mitigate cybersecurity risks. Monitor for internal and external security threats; respond to incidents effectively. Lead incident response planning, security breach drills, and cyber audits. Ensure compliance with regulatory standards (e.g., ISO 27001, GDPR) and ensure closure of critical findings. Oversee identity and access management, data loss prevention, and threat intelligence initiatives. Regularly report cybersecurity posture to senior management and the board. Vendor and Stakeholder Management: Work with external vendors and technical support teams to resolve issues and implement improvements. Select and negotiate with vendors for IT services, procurement, and security-related solutions. Manage vendor performance and ensure adherence to SLAs. If interested, please share your updated resume in strict confidence to pallavi@vertexcorp.com

Roles and Responsibilities : Conduct risk assessments and develop mitigation strategies to ensure compliance with regulatory requirements. Review and test software applications for defects, bugs, and vulnerabilities using Java-based tools. Collaborate with cross-functional teams to identify areas of improvement in cybersecurity posture. Develop and maintain documentation of testing procedures, results, and recommendations. Job Requirements : 7-12 years of experience in IT services & consulting industry. Strong understanding of CISA (Certified Information Systems Auditor) principles and practices. Proficiency in Java development language and its application in quality assurance processes.

Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills

Some careers open more doors than others. If you re looking for a career that will unlock new opportunities, join HSBC and experience the possibilities. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. Responsibilities: Deliver assigned work within the given timeframes, standards, methodology, budget, and where applicable, lead and deliver audits. Confirm that audit findings and recommendations are understood and with proposed mitigations. Demonstrate knowledge of the applicable Business, Functional, and Regulatory environment, including developing trends, risks, controls, and expectations. Support a strong risk and conduct culture across the Group and promote awareness and sound operational and strategic decision-making. Critically analyse and determine key drivers of change for area of coverage and assess how these will impact audits. Use insights, industry knowledge and current developments to assess areas of concern. Coherently articulate audit exceptions and findings to GIA team members and management, and as necessary to business and/or functional stakeholders. Effectively discuss potentially challenging matters and ability to communicate with impact and articulated in a meaningful way to wide and varied audiences. Be an analytical and critical thinker, who can effectively manage competing priorities and complex challenges to deliver positive outcomes. Apply qualitative and quantitative methods to analyze and investigate challenging scenarios and situations. Be a proactive team player, who leads by example and works constructively across GIA. Effective communication and ability to maintain constructive relationships with stakeholders, team members, and GIA Management. Actively promote collaboration and sharing of ideas across GIA Produce smart, simple, and pragmatic solutions. Requirements The ideal candidate for this role will have the below experience and qualifications: Minimum of 8 to 10 years internal or external audit, business, and/or accounting experience or equivalent, and external audit will be considered, but is not always essential. We also welcome exceptional talent with data analytics or data science background who are keen to work in a leading audit function. Minimum of a bachelor s degree in business, accounting, finance, related field or equivalent experience. Strong understanding of financial services business, risks (e. g. regulatory compliance) and related controls, with a specific focus on retail banking and wealth management. Good analytical skills in identifying risks and control implications. Good communication skills (written and verbal) for managing multiple stakeholders to drive consensus and influence the outcomes. Broad knowledge of the Company, Group and financial services industry, business supported and the regulatory framework they operate in. Knowledge of Data Analytics and ability to apply technology or expertise to business issues or operational problems is desirable, but not essential. Prior International work experience is a plus. Fluency in English. Mature team player who is highly professional. Willingness to travel (max 20%). Ideally hold role relevant qualifications, or pursuing professional qualification (e. g. , CISA, CPA, CFA, CIA, ACAMs etc. ). Useful Link Link to Careers Site: Click HERE

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organizations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realize their ambitions. We are currently seeking an experienced professional to join our team in the role of S enior Consultation Specialist In this role you will: Control Coordination & Support: Assist ITSOs in understanding and applying required technology controls. Participate in control owner forums and document key control expectations. Support ITSOs during internal and external audits by coordinating evidence collection and submission. Remediation Tracking: Work with ITSOs to capture and update remediation plans for control gaps. Track progress of remediation actions and escalate delays or risks as needed. Reporting & Documentation: Maintain up-to-date records of audit findings, KCI breaches, and control deficiencies. Assist in preparing regular dashboards and reports to highlight the risk/control status across CTO DT verticals. Solutioning & Risk Mitigation: Liaise with Control SMEs to align on expectations and tooling. Support the Senior Lead in identifying opportunities for automation or process improvements. Collaborate with control SMEs to recommend or build control solutions where standard tools or processes are lacking. Contribute to the continuous improvement of control frameworks and tooling. Requirements To be successful in this role, you should meet the following requirements: Bachelor s degree in Information Technology, Computer Science, Risk Management, or a related field. 10+ years of experience in IT Risk Management, Controls, Audit Support, or Technology Compliance roles. Familiarity with control frameworks (e. g. , NIST, ISO 27001) and risk management principles. Experience working with audits or control assurance activities is an advantage. Skills & Competencies: Strong attention to detail and ability to manage multiple tasks. Good verbal and written communication skills for cross-team collaboration. Basic understanding of GRC tools or platforms. Enthusiastic and willing to learn from senior team members and grow into a broader advisory role. Preferred Certifications (optional): ITIL Foundation CISA (in progress or interest in pursuing) CRISC or other relevant certifications

Pune Qualifications Any bachelor s degree. Information Security, Cybersecurity, or a related field. certifications CEH & Compliance related ISO 27001-2013 & 22301 Lead Auditor & Implementer are preferred. Minimum of 8-14 years of experience in IT industry with 4-5 years of experience in cybersecurity & at least 3 years in a managerial role within an MSSP or similar environment This is a client-focused technical Presales role to support sales team to identify the customer requirement and to provide a best fit solution as per customers expectation. Design and propose solution of Managed Security Services provided by the organization to end customers. Drive and influence change across a variety of business areas, technologies, and platforms. Understanding the end customers requirement and consulting them with right approach to enable with appropriate Security practices and solutions for securing their business needs and objectives. Work with Vendors, Cross functional teams, and partners to plan, design and deliver Cyber security solutions to our end clients. Identify opportunities for the use and development of Cyber security capabilities and products. Provide direction and guidance to Security Operations Centre for creating value and getting aligned with various market trends and deliverables. Deliver information and cyber security product and project support and review capability throughout the product development lifecycle for successful delivery of any product and project. Ensure all the Security related standards and compliances are meet for captive as well as external customers. Engaging and aligning the SOC team to ensure clients deliverables are met. Responsibilities Cybersecurity Management: Oversee the design, implementation, and management of security solutions for clients. Ensure that security measures are effective and aligned with industry standards and best practices. Client Relations: Serve as a key point of contact for client engagements related to cybersecurity services. Provide regular updates, insights, and recommendations to clients on their security posture. Strategy Development: Develop and execute cybersecurity strategies that align with client needs and organizational goals. Evaluate and enhance existing security frameworks and processes. Compliance and Reporting: Ensure that cybersecurity operations comply with relevant regulations and standards. Prepare and present comprehensive security reports to clients and internal stakeholders. Conduct IT Security audit an implementation for clients. Collaboration: Work closely with other departments, including IT, risk management, and compliance, to ensure a cohesive approach to security and risk management. Tool and Technology Management: Oversee the deployment and management of security tools and technologies. Assess and recommend new solutions to enhance security capabilities. The role of the Security Presales Manager is to take a primary role in the Solution and designing of the Security Solutions services. What will you be doing? Act independently as an information and cyber security authority for business and technology clients. Heading the security service portfolio for the organisation. Identifying the Service strategies along with Business teams. Influence the information and cyber security roadmaps and solutions for products, channels, programmes, and projects. Proactive delivery of an assignment including initiating contact with the Client, analysis of client objectives, identification of information and cyber security responses and requirements, taking responsibility for assignment planning, delivery management, through to gaining user acceptance and sign-off for MSSP outputs. Ensure the end-to-end information and cyber security integrity and quality of solutions and product releases. Own the delivery of Security Solutions services to customers, providing timely output to stakeholders. Undertake and facilitate information and cyber security assessments/workshops for solutions during various development phases to ensure security weaknesses are identified and correctly managed, proposing solutions as required. Work with stakeholders to ensure residual risks are adequately mitigated to the degree that meets the risk appetite of the business. Timely and accurate recording of client interaction using appropriate systems. Support for the wider delivery and success of Security Solutions services Requirements and Skills Demonstrable understanding of security solutions and designs from a people, process, and technology perspective; including security technologies, controls, and assessment methodologies Strong relationship, communication, and stakeholder management skills Knowledge of information security frameworks and standards such as ISO27001/2, NIST, PCI DSS etc. and their application into diverse environments Experience with a Consultancy practise Knowledgeable about existing best practices for integration of security controls Understands core development methodologies and their associated technologies. Security certifications such as CEH, CISA, ISO 27001-2013 & 22301 Lead Auditor & Implementer and others from professional security organisations. Training and experience delivering security solutions for cloud-based services such AWS, Azure etc. To be successful in this role, you must have: High degree of understanding of the evolving global and internal IT environments Knowledge of all Threat areas (deliberate, accidental, internal, external) Extensive experience of the ISO 27001 Information Security Management framework Understanding of Cyber Essential Plus and similar government security standards Excellent interpersonal skills: writing, speaking, listening, persuading, and influencing and collaborating. Ability to foster motivation and encourage meeting of tight deadlines Superior analytical, evaluative, and problem-solving abilities Ability to learn new things quickly, to thrive on change, navigate ambiguity, and to strive for continuous improvement Understand the importance of managing change and its impact on individuals and the business How to Apply ? Please read all job details clearly and apply exactly as mentioned below only if you meet eligibility criteria.

FS XSector Specialism Risk Management Level Senior Associate & Summary We are seeking a highly skilled Sailpoint Developer .If candidate has experience of 23 years, he/she must be Sailpoint Certified, above 3 years experience sailpoint certification is not mandatory but good to have. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purposeled and valuesdriven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . & Summary We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure . Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements , maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall , web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory skill sets Bachelor s degree ( minimum requirement). 2 8 years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite , Mimikatz , Cobalt Strike, PowerSploit , Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NYDFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred skill sets Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.) . Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years of experience required 2 12 + years Education qualification B.Tech Education Degrees/Field of Study required Bachelor of Engineering Degrees/Field of Study preferred Required Skills SoCs Optional Skills Accepting Feedback, Accepting Feedback, Access Control Models, Access Control System, Access Management, Active Listening, Analytical Thinking, Authorization Compliance, Authorization Management Systems, Azure Active Directory, Cloud Identity and Access Management (IAM), Communication, Creativity, CyberArk Management, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Federated Identity Management, ForgeRock Identity Platform, Identity and Access Management (IAM), IdentityBased Encryption, Identity Federation, Identity Governance Framework (IGF) {+ 22 more} No

Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable. . Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education Requirements CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by submitting their request through this form that must be downloaded:click here to access or download the form. Complete the form and then email it as an attachment toFTADAAA@conduent.com.You may alsoclick here to access Conduent's ADAAA Accommodation Policy. At Conduent we value the health and safety of our associates, their families and our community. For US applicants while we DO NOT require vaccination for most of our jobs, we DO require that you provide us with your vaccination status, where legally permissible. Providing this information is a requirement of your employment at Conduent.