744 Cism Jobs

Work with MCX to enhance your career growth and excel in the field of Information Security. MCX values its employees" domain expertise and commitment, which have been pivotal in the company's success. If you are an ambitious and result-oriented professional, MCX offers exciting career opportunities for you to realize your potential in the cybersecurity domain. As a Manager - Information Security at MCX based in Mumbai, you will play a crucial role in ensuring the optimal performance of security technologies through operational oversight. With a Bachelor's degree in Cybersecurity, Information Technology, or related fields, along with 8-10 years of experience in cybersecurity (including 3+ years in managerial roles), you will be responsible for managing L2 activities and listed technologies hands-on. Your key responsibilities will include overseeing L2 activities, incident response, audits, and reviews of security operations. You will also be involved in developing and maintaining comprehensive documentation and SOPs for security technologies and processes, ensuring compliance and standardization. Additionally, you will configure, optimize, and maintain various security tools while evaluating their effectiveness and ensuring integration with the organization's IT infrastructure. In this role, you will lead threat hunting efforts, collaborate with stakeholders for risk mitigation, and manage security incidents promptly. You will generate security reports, communicate with stakeholders, and mentor junior team members to enhance their skills in security tools and best practices. If you are ready to climb the career ladder with MCX and have the necessary qualifications and experience in cybersecurity, this role offers you a platform to grow and excel in the dynamic field of Information Security. For further assistance or inquiries about this opportunity, please contact us at 022-67318888 / 66494000 or careers@mcxindia.com.,

As the Lead, Technology Risk Analyst at Mastercard, you will play a crucial role in ensuring the company's safety and security from cyber and physical threats. Your primary responsibility will be to drive readiness and compliance on security aspects related to evolving regulatory and statutory needs across global markets. Your passion for information security and cybersecurity, along with your analytical skills and exposure to the regulatory environment, will be instrumental in this role. Your key responsibilities will include monitoring and assessing security obligations stemming from new and changing regulations worldwide. You will collaborate with various teams across Corporate Security to advise and ensure compliance with region-specific regulatory requirements within Information Security and Cyber Security domains. Engaging with partner teams on supporting Regulatory audits and obligations, you will lead and monitor remediation efforts in the realm of Security. Moreover, you will be tasked with developing and implementing governance processes to manage regulatory risks effectively, ensuring the sustainability of controls and measures implemented for compliance. Managing documentation, tracking, and reporting of security requirements and ongoing compliance efforts will also fall under your purview. Additionally, you will represent the company on Risk & Governance Committees and internal forums, providing regular reports to senior leadership. To excel in this role, you should possess a strong understanding of information and cyber security domains, governance, and risk management practices. Your experience in handling security audits, conducting assessments, and managing senior stakeholders will be invaluable. Demonstrated leadership abilities in leading cross-functional teams and managing complex projects are essential. A solid grasp of security frameworks such as NIST, ISO 27001, and PCI-DSS, as well as familiarity with regulatory standards, will be advantageous. Holding a preferred security certification like CISSP, CISM, or CISA is a plus. Excellent written and verbal communication skills are a must, enabling you to effectively interact with stakeholders. You should be viewed as a trusted advisor who comprehends business processes and can offer security consultation and advisory services. Your confidence, analytical mindset, and ability to drive security discussions with stakeholders will set you up for success in this role. In line with Mastercard's commitment to information security, it is expected that you adhere to the company's security policies and practices diligently. Safeguarding the confidentiality and integrity of accessed information, promptly reporting any suspected security violations or breaches, and completing all mandatory security trainings are integral parts of your responsibilities as a member of the Corporate Security team.,

You have 8 to 12 years of experience in the field of Identity and Access Management. As an IAM Architect, your responsibilities include having hands-on experience with various IAM tools such as Azure, Okta, ForgeRock, PingFederate, SailPoint, Saviynt, CyberArk, Delinea, Beyond Trust, and One Identity. You should have a good understanding of concepts like CIAM, Identity Governance, Privileged Access Management, and Enterprise SSO. Your role involves integrating IAM solutions with in-house and third-party applications for Single Sign-On (SSO), Federation, provisioning, deprovisioning, and custom workflows. You will work on enabling legacy and modern identity providers like AD, ADFS, Azure AD, certificates, and PKI for management by IAM tools. Furthermore, you will oversee the development and lifecycle management of services related to Identity Governance Administration services. It is essential to support the business in ensuring IDAM control outcomes are met for IT Assets/Services and provide expertise on group control operation to manage residual risk effectively. Your responsibilities also include executing the IDAM Control Exceptions (ICE) process and tooling, monitoring and managing the operating effectiveness and residual risk of IT Assets/Services, and implementing enhancements to control processes by collaborating with key stakeholders. Additionally, you will support the business in using control tools, troubleshoot issues, and provide training. Seeking opportunities to enhance, streamline, and automate processes is crucial. Communication with stakeholders throughout the process is necessary. The ideal candidate should have experience in Cyber Security and IAM controls, technical and architectural skills, and the ability to make timely decisions based on relevant information. Role-relevant qualifications such as CISSP, CISM, or CISA are desirable. You should have a proven track record of delivering within schedule, working with auditors and regulators, strong data analytical skills, process mapping skills, and be accountable for deliverables. If you meet these requirements and are interested in this position, please share your CV at Puja.Singh@ltimindtree.com.,

This position is responsible for performing vendor security assessments, analyzing risks, and processing exceptions to security standards and PEEP requests. The increasing regulatory and audit oversight of these critical activities emphasizes the importance of continued execution of these tasks. The key responsibilities of this role include conducting risk analysis, reporting metrics, and providing business support. This entails collaborating with business partners, leadership, vendor management, IT leaders, and staff. The position plays a crucial role in ensuring that vendor security assessments are conducted as required, meeting Ameriprise's regulatory obligations, capturing necessary requirements, ensuring timely responses, escalating issues as necessary, and reporting risks and security results to leaders. It also involves integrating these processes with CTI and managing the workload effectively. Additionally, the position is responsible for ensuring that exceptions are reported, escalated, addressed promptly, and consistently to reflect risks accurately, prevent them from becoming idle, and meet regulatory obligations. The candidate must be willing to work in the evening shift from 4:45 pm to 1:15 am and demonstrate the ability to work under pressure and coordinate with offshore/onshore teams. Required qualifications for this role include a degree in computer science, engineering, IT, or an equivalent technical field. Preferred certifications include ISO-27001, CISA, and CISM. Preferred qualifications entail in-depth knowledge and 2-4 years of experience working in the Global Risk and Compliance domain. Strong communication skills are essential for interacting with users globally on Information Security best practices, exceptions, assessments, and audit modules. Additional certifications such as ISO-27001, CISA, and CISM are considered advantageous. Ameriprise India LLP has been offering client-based financial solutions for 125 years, helping clients plan and achieve their financial objectives. As a U.S.-based financial planning company headquartered in Minneapolis with a global presence, the firm focuses on Asset Management and Advice, Retirement Planning, and Insurance Protection. Join a collaborative and inclusive culture that values your contributions and offers opportunities to work with talented individuals who share your dedication to excellence. This is an opportunity to make a difference both in the office and the community while working for an ethical company that cares. This is a full-time position with working hours from 4:45 pm to 1:15 am in the India Business Unit under the AWMP&S President's Office. The job family group is Technology.,

Vestas is well-known in wind technology and actively contributes to its development. Vestas core business comprises the development, manufacture, sale, marketing, and maintenance of Wind Turbines. Come and join us at Vestas! Vestas Technology & Operations > Frontend Engineering & Technology > Global Power Plant Solutions Vestas Technology & Operations (VTO) is where new product solutions envisioned, developed, improved, and verified before we in Front-end Engineering & Technology take full technical accountability of deployment in customer projects. Within VTO and Front-end Engineering & Technology, you will find our Global Power Plant Solutions team. A team that enables our regional colleagues with Technical- and Functional Excellence. Responsibilities Maintain up-to-date knowledge of key CS standards & frameworks including ISA/IEC 62443, ISO 27000 Series, C2M2 Framework, NIST CSF, AESCSF, NERC-CIP, EU NIS2 Directive, EU Cyber Resilience Act and Country-specific Critical Infrastructure cybersecurity legislation Identify and mitigate contractual risks in alignment with Vestas internal guidance Review the Cyber security contract language in alignment with Vestas business units with stakeholder engagement Customer negotiations to enable the regions to close technical deals on cyber security offerings Collaborate closely with teams across Vestas business units, Cyber community in the organization to ensure cybersecurity commitments are realistic and deliverable Translate identified cybersecurity gaps from customer contracts into clear, structured requirements to product teams Follow up on mitigation plans, timelines, and implementation feasibility with product and engineering teams Conduct gap analysis between contractual cybersecurity commitments and actual capabilities delivered Monitor evolving global cybersecurity legislation relevant to OT and industrial control systems (ICS) Analyze and interpret evolving cyber security legislation requirements impact on Vestas offerings Initiate cross-functional alignment and implementation where necessary Prepare and deliver training material related to all the above Qualifications Masters / Bachelors in Cybersecurity / Computer Science / Similar engineering specialization Cyber security models, frameworks, systems, principles, concepts, designs & architectures for IT & OT systems International and National Legislation & Standards related to OT Safety & Cyber security Extensive knowledge of cybersecurity standards (e.g., IEC 62443, NIST, ISO 27001) Good exposure to industrial control system Effective communication, negotiation, and presentation skills in English Experience working in a global, cross-functional, and matrix organization Acumen with Industry certifications such as IEC 62443, GICSP, CISSP, CISM, or similar are preferred Familiarity with energy or renewables industry and operational environments Competencies OT systems development, design, architecture, and deployment in the electric utility industry Technical and organizational cyber security implementation projects Sales contract reviews, revisions, and customer negotiations Product stakeholder management What We Offer In this position, you will be able to put your competencies and experience to the test in a modern and growing company. You will have the opportunity to help improve the position of Vestas in key markets while being part of a company with rapid growth. Join Vestas and you will cultivate your career in an inspiring environment at a renowned wind turbine and power plant OEM, which has an ongoing dedication to sustainability. We value individual initiative, the willingness to take initiative, and the right balance between creativity and quality in all solutions. We offer you an exciting and inspiring job with great opportunities for professional and personal development within the major player in wind energy. In this position, you will be at the heart of the action of the wind industry. Despite being the largest presence in the industry, Vestas is responsive, giving you the freedom to act creatively in a truly global environment, within a highly diverse, skilled, and knowledgeable team. Team members with experience working in Regional Engineering & Technology are highly valued across multiple functions in Vestas - working within Power Plant Solutions opens career paths in Engineering and Project-facing roles within Vestas. Additional Information Your primary workplace will be Vestas India, Chennai. Please note: We do amend or withdraw our jobs and reserve the right to do so at any time, including before the advertised closing date. Please be advised to apply on or before 31st August 2025. Our commitment to a fair hiring At Vestas, we evaluate all candidates solely on professional experience, education, and relevant skills. To support a fair recruitment process, please remove any photos, dates of birth or graduation dates, gender pronouns, marital status, or other personal details not relevant to the role, before submitting your CV. Please keep your CV focused on work and educational details, and the necessary information that we contact you (email and phone number). We train our hiring teams in inclusive evaluation and regularly review process outcomes to ensure fairness. DEIB Statement At Vestas, we recognise the value of diversity, equity, and inclusion in driving innovation and success. We strongly encourage individuals from all backgrounds to apply, particularly those who may hesitate due to their identity or feel they do not meet every criterion. As our CEO states, "Expertise and talent come in many forms, and a diverse workforce enhances our ability to think differently and solve the complex challenges of our industry". Your unique perspective is what will help us powering the solution for a sustainable, green energy future. BEWARE RECRUITMENT FRAUD It has come to our attention that there are a number of fraudulent emails from people pretending to work for Vestas. Read more via this link, https: / / www.vestas.com / en / careers / our-recruitment-process About Vestas Across the globe, we have installed more wind power than anyone else. We consider ourselves pioneers within the industry, as we continuously aim to design new solutions and technologies to create a more sustainable future for all of us. With more than 185 GW of wind power installed worldwide and 40+ years of experience in wind energy, we have an unmatched track record demonstrating our expertise within the field. With 30,000 employees globally, we are a diverse team united by a common goal: to power the solution today, tomorrow, and far into the future. Vestas promotes a diverse workforce which embraces all social identities and is free of any discrimination. We commit to create and sustain an environment that acknowledges and harvests different experiences, skills, and perspectives.

Role & responsibilities 5 to 7 years of work experience in cyber security /Information security project, with security posture. Assessment At least one technical certification required (CEH, CompTIA Security+, CBCA, CSA etc.) Should have at least one cyber security certification (CISM, CCIR, ECSA, GCIH etc.) Lead and manage advanced threat detection and response efforts using carbon black EDR across our clients endpoints. Investigate and analyze sophisticated security alerts and events to determine root cause, scope and impact of security incidents. Provide technical expertise and guidance to junior analysts (L1, L2s), assisting with incident investigations, analysis and resolution Develop and implement advanced detection and response strategies using Carbon Black EDR to enhance our overall security posture. Lead incident response efforts, including coordination with cross-functional teams and external stakeholders. Conduct in-depth analysis of endpoint data and logs to identify indicators of compromise (IOC) and advanced attack techniques. Collaborate with threat intelligence teams to stay updated on emerging threats and tactics used by threat actors. Develop and maintain security playbooks, procedures and response plans for incident response and threat hunting. Assist in the tuning and optimization of Carbon Black EDR policies, SIEM rules and custom queries to improve detection efficacy. Contact Person: Ackshaya Email ID: ackshaya@gojobs.biz

Key Responsibilities • Lead and deliver cybersecurity risk assessments, security architecture reviews, and threat modeling for client engagements across multiple industries. • Develop and implement cybersecurity governance frameworks, including policies, controls, and compliance programs (ISO 27001, NIST, CIS, etc.). • Advise clients on cloud and application security strategies with a focus on secure design and regulatory compliance. • Oversee and mentor junior consultants in cyber risk assessment methodologies and best practices. • Interface with senior client stakeholders, providing consulting-level insights and recommendations to manage risks effectively. • Support business growth through solution development, proposal support, and client relationship management. • Stay abreast of emerging threats, security technologies, and regulatory requirements to provide forward-looking advisory services. Required Skills & Experience • 810 years of experience in cybersecurity consulting, risk management, and security architecture. • Strong track record in security architecture reviews, threat modeling, and risk assessments. • Solid knowledge of cloud security (AWS, Azure, GCP) and enterprise environments. • Hands-on experience in building or assessing governance, risk, and compliance (GRC) programs. • Strong understanding of industry frameworks and standards (NIST CSF, ISO 27001, PCI DSS, etc.). • Ability to engage with senior leadership and C-level executives with strong communication and presentation skills. Certifications • Mandatory: CISSP and/or CCSP (both preferred). • Additional preferred certifications: CISM, SABSA, AWS/Azure Security Specialty, or equivalent. Preferred Attributes • Prior experience with a Big 4 or top-tier consulting firm or equivalent consulting background. • Strong problem-solving, stakeholder management, and project delivery skills. • Ability to work across diverse clients, geographies, and industri

IT Compliance & Audit Lead ZS Governance, Risk & Compliance (GRC) Team Location: Pune, India Function: ZS (IT) Governance, Risk & Compliance (GRC) Level: Lead / Specialist / Consultant Experience Required: 4+ years in technical Information Security and Compliance roles About ZS ZS is a global professional services firm that works shoulder-to-shoulder with companies to help them deliver products and solutions that drive customer value and business impact. With expertise spanning healthcare, life sciences, high-tech, and beyond, we apply cutting-edge analytics, strategy, operations, and digital technologies to real-world challenges. Our Governance, Risk & Compliance (GRC) team is instrumental in preserving ZSs reputation, enabling innovation, and ensuring we remain compliant with global regulatory, privacy, and security standards. The GRC team leads our operational risk management, manages certifications (ISO 27001, SOC 2, ESG, etc.), and champions continuous improvement in internal controls, privacy, and quality frameworks. Role Overview We are seeking a dynamic IT Compliance & Audit Lead to join our Governance, Risk & Compliance (GRC) team in Pune. This role will be pivotal in driving the implementation and evolution of ZSs Continuous Compliance Monitoring (CCM) program. The ideal candidate will bring hands-on technical security expertise, a strong audit and risk management mindset, and the ability to collaborate across technical and business stakeholders. Responsibilities Lead the development and execution of ZSs Continuous Compliance Monitoring (CCM) program across infrastructure, applications, and third-party vendors Collaborate cross-functionally with internal security, privacy, engineering, and operations teams to drive remediation and maturity of compliance gaps Serve as SME for security audits, helping interpret and implement compliance controls (e.g., ISO 27001, SOC 2 Type 2, NIST CSF, HIPAA, ESG reporting frameworks) Design and implement automated compliance checks and control testing routines aligned with risk appetite and audit requirements Conduct and support internal and external audits, including pre-audit readiness assessments, evidence collection, and issue remediation oversight Contribute to enterprise risk assessments, security profiling, and threat modeling to improve ZSs security posture Drive security incident post-mortems and track audit findings to closure with technical leads and business owners Assist in the maintenance and enhancement of security policies, procedures, and standards to reflect evolving risk and regulatory requirements Create training and awareness content related to policy adoption, audit preparedness, and security control responsibilities Provide metrics and executive-level reporting on compliance posture, audit outcomes, and CCM maturity Serve as a technical consultant in areas such as SIEM tuning, bounty hunting initiatives, and threat intelligence integration Qualifications Bachelor's degree in Computer Science, Information Systems, or a related field 4+ years of hands-on experience in Information Security, Audit, Compliance, or GRC roles with technical depth Proven experience implementing or maturing compliance frameworks like ISO 27001, SOC 2 Type 2, HIPAA, NIST CSF, etc. Strong understanding of security tooling and architecture, including: SIEM platforms (e.g., Splunk, Sentinel, QRadar) Threat modeling and profiling tools Vulnerability management platforms Cloud security configurations (AWS, Azure, GCP) Experience with bug bounty programs or threat hunting initiatives is a plus Excellent communication skills; ability to articulate risk and compliance requirements to technical and non-technical stakeholders Certifications preferred: CISA, CISSP, CRISC, CISM, ISO Lead Auditor/Implementer, CEH ZS is a global consulting firm; fluency in English is required. Candidates must possess work authorization for their intended country of employment. An on-line application, including a cover letter expressing interest and a full set of transcripts (official or unofficial), is required to be considered. ZS offers a competitive compensation package with salary and bonus incentives, plus an attractive benefits package. NO AGENCY CALLS, PLEASE. Connect with ZS in India on social media: Like ZS in India on Facebook Follow ZS in India on Twitter and Instagram Follow ZS on LinkedIn for more job opportunities Subscribe to the ZS in India YouTube channel Explore the Life at ZS blog ZS has been recognized globally for its expertise in consulting and its flexible work environment. View ZSs accolades .

about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Information Security Project Specialist ZSs India Capability & Expertise Center (CEC) houses more than 60% of ZS people across three offices in New Delhi, Pune and Bengaluru. Our teams work with colleagues across North America, Europe and East Asia to create and deliver real world solutions to the clients who drive our business. The CEC maintains standards of analytical, operational and technological excellence across our capability groups. Together, our collective knowledge enables each ZS team to deliver superior results to our clients. What Youll Do: Executes the end-to-end management of security projects: including resource management, communications, training requirements, change management and budget (if applicable). Estimate the resources and participants needed to achieve project goals. Reviews and recommends changes, reductions or additions to the overall project Acts as the liaison between InfoSec and end-users when applicable Maintains the efficiency of the project management process such as planning, scheduling, and budget and risk assessment. Identifies and mitigates potential risks Work with cross-functional teams and staff of all levels, including assisting in the development, training and assignment of work/projects to team members reporting to others; Works well within a structured environment in which team members can work together as an efficient team. What Youll Bring: Bachelors Degree required. 7 - 10 years of relevant work experience, including Information Security, project management (5+ years), and team management. PMP-PMI certification desired, or completion within a year of assuming the position. Agile certification desired, or completion within a year of assuming the position. Security+ or equivalent certification desired, or completion within a year of assuming the position. (CISM- Certified Information Security Manager, CompTIA Security+, Etc ) Project plan development experience, including charter, scope, project management approach, management plans, statement of work, cost estimates, schedule. Excellent communication (written and oral) and interpersonal skills; ability to interface and influence all levels within the organization, including facilitation, consulting, negotiation, and presentation. Excellent project management and coordination skills working with multiple stakeholders across several technology platforms and business areas Strong technical skills and experience. The ideal candidate has lead projects relating to Information Security deliveries or migrations (Vulnerability Management, Identity and access management, Cloud Strategy & Governance, Data Security, Enterprise Risk Management, Asset Management, Security awareness & training) Project plan and budget management. Knowledge of project management best practices, Experience identifying and mediating risk.

Essential Services : Role & Location fungibility At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team. To achieve this, employees at ICICI Bank are expected to be role and loc ation-fungible with the understanding that Banking is an essential service .The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the role We are looking for a skilled professional to join our Information Security Team as an Infrastructure Cloud Risk Assessment Manager. The candidate is expected to have a solid understanding and experience of major cloud-native architectures, expertise in identity and access management, familiarity with various data encryption methods, and knowledge of cloud compliance regulations. Key Responsibilities Identifying Vulnerabilities: Understanding of cloud architecture review, and virtualization. Conduct cloud security assessments, across but not limited to the following domains: * Network and Perimeter Security *Data Protection and Backup Management * Identity and Access Management * Log Management and Monitoring Analysis Identify and analyse the risks associated. Provide recommendations for the identified findings and develop the road-map. Implement Security Measures Develop and implement robust security measures for cloud environments, ensuring the confidentiality, integrity, and availability of data. Contribute in creating and enforcing security policies, procedures, and best practices across the organization. Reporting Contribute in creating and enforcing security policies, procedures, and best practices across the organization. Collaborate Work closely with cross-functional teams to integrate security controls seamlessly into cloud-based architectures and applications. Collaborate with other IT professionals, including network engineers, developers, and system administrators, to integrate cloud security measures into existing systems and processes. Qualifications & Skills Educational Qualification: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent. Certifications Relevant certifications such as CISSP, CISM, AWS Certified Security, etc. Compliance Assist in securing the IT landscape/ecosystem built on-premises and multi-cloud environment. As an enterprise Network Security architect in the security domain crafted to ensure availability, reliability, security and performance and resilient architecture to address customers/client business challenges and accelerate technology adoption to improve the product services. AWS/Azure cloud security architecture, design, operations and service orchestration, including application security, architectural concepts, compliance requirements, data security, design requirements, infrastructure security, legal requirements, process and platform. Technical Skills Proficient in cloud security assessment, across all the deployment and service models IaaS, PaaS, SaaS. Experience with the cloud-native services across major cloud service providers (AWS, GCP, Azure, OCI). Control on security by design principle of applications hosted in public cloud (Azure, AWS, GCP, OCI). Technical understanding on zero-trust architecture and micro segmentation. Hands-on experience with SIEM (Security Information and Event Management) tools to proactively monitor, analyse, and respond to security incidents. Communication skills Outstanding communication abilities. Ability to effectively communicate the required recommendations. About the Business Group ICICI Banks Information Security Group believes in providing services to its customers in the safest and secure manner keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. The CIA triad of Confidentiality, Integrity, and Availability is at the heart of building a comprehensive information security framework. The Bank also lays emphasis on customer elements like protection from phishing, adaptive authentication, awareness initiatives, and provide easy to use protection and risk configuration ability in the hands of customers. The Bank also undertakes campaigns to create awareness among customers on security aspects while banking through digital channels.

Essential Services : Role & Location fungibility At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team . To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service . The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the role We are looking for a skilled professional to join our Information Security Team as a DevSecOps Manager. As a DevSecOps Manager, you will be responsible for implementation of Security tools in DevOps CI/CD (Continuous integration/Continuous Delivery) pipeline and publish security standards and best practices for Developers teams. Key Responsibilities Identifying Vulnerabilities: Enable automated security scanning process to identify the known vulnerabilities in source code, Open-source library, and configuration. Provide technical leadership and direction in the DevSecOps domain. Analysis: Troubleshoot DevSecOps pipeline implementation issue and support for successful deployment. Implement DevSecOps with multiple agile teams across various platforms, environments, and instances. Implement Automated DevSecOps template-based solutions for cloud environments. Implement Security Measures: Understand the Security Requirements & Implement the new DevSecOps process. Integrate, Monitor and Improve Cloud Security controls via DevSecOps process in existing DevOps process. Perform assessment and help to mitigate Security findings and implement improvement Security measures. Configure Cloud Security Tools/Systems in a CI/CD Pipelines. Implementing Security scanning into Jenkins, Code Pipeline, and DevOps workflows. Define gating process metrics for security and implement in DevSecOps. Employ infrastructure as code to increase automation, scalability, and reliability. Reporting: Prepare and provide necessary metrics, detailed reports, artifacts, executive summary and dashboard to leadership on a regular frequency. Build and maintain a set of tools that enable developers to self-serve for remediation. Monthly Dashboard Reporting for Leadership. Collaborate: Capable of working in a dynamic environment, multi-department coordination and attaining the target. Qualifications & Skills Educational Qualification: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent. Certifications: CSSLP, CISSP, GPEN, ECSA, CEH, CISM, CISA, or equivalent. Compliance: Good understanding of cyber security trends & hacking techniques. Experience in analysing threats of cloud and application components. Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance. Ability to review assessment reports to provide risk mitigation & recommendations on that basis. Technical Skills: Experience with various application security tools including SAST, DAST, Software composition analysis and application Penetration testing. Experience with Automation in testing or orchestration Selenium, Maven, Ant, Msbuild, Npm, Yarn, Jenkins, Gitlab, Bitbucket, etc. Knowledge of Agile and Scrum processes. Understanding of virtualization and container technologies (Docker, Kubernetes, etc). Communication Skills: Outstanding communication abilities. Ability to effectively communicate the required recommendations. About the Business Group ICICI Banks Information Security Group believes in providing services to its customers in the safest and secured manner, keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. The CIA triad of Confidentiality, Integrity, and Availability is built on the vision of creating a comprehensive information security framework. The Bank also lays emphasis on customer elements like protection from phishing, adaptive authentication, awareness initiatives, and provide easy to use protection and risk configuration ability in the hands of customers. With this core responsibly, ICICI administer and promotes on going campaigns to create awareness among customers on security aspects while banking through digital channels.

Key Responsibilities Incident Response and Management: Lead the incident response process, including identification, containment, eradication, and recovery. Analyze and respond to complex security incidents and breaches. Conduct post-incident analysis and develop reports with recommendations to prevent future incidents. Security Monitoring and Analysis: Oversee the continuous monitoring of security alerts and events. Analyze logs and data from various sources (e.g., SIEM, firewalls, EDR, IDS/IPS) to identify suspicious activity. Perform advanced threat hunting and forensic analysis. Vulnerability Management: Conduct regular vulnerability assessments. Identify, prioritize, and remediate security vulnerabilities in systems and applications. Collaborate with IT and development teams to implement security patches and updates. Security Architecture and Engineering: Design and implement security solutions to protect the organization's networks, systems, and data. Develop and maintain security policies, standards, and procedures. Evaluate and recommend new security technologies and tools. Compliance and Risk Management: Ensure compliance with relevant regulatory requirements and industry standards (e.g., ISO 27001, NIST). Perform risk assessments and develop mitigation strategies. Document and maintain security controls and frameworks.Required Skills and Qualifications Technical Expertise: Advanced knowledge of cybersecurity principles, techniques, and technologies. Proficiency in using security tools such as SIEM, IDS/IPS, firewalls, and endpoint protection solutions. Experience with vulnerability management, penetration testing, and forensic analysis. Experience: Minimum of 7-10 years of experience in cybersecurity, with at least 2-3 years in an L3 or senior role. Proven track record of handling complex security incidents and leading incident response efforts. Experience in designing and implementing security architectures and solutions. Certifications: Relevant certifications such as CISSP, CISM, CEH, GIAC, or equivalent are highly desirable. Analytical and Problem-Solving Skills: Strong analytical skills with the ability to identify and mitigate security threats. Excellent problem-solving skills and the ability to think critically under pressure. Communication and Collaboration: Strong communication skills, both written and verbal. Ability to collaborate effectively with cross-functional teams and stakeholders.Preferred Skills and Qualifications Experience with cloud security (e.g., AWS, Azure, Google Cloud). Knowledge of scripting and automation tools (e.g., Python, PowerShell). Familiarity with regulatory requirements and standards (e.g., GDPR, HIPAA).

As a Tech Delivery & Op Excellence Practitioner, you understand how to deliver value to clients and apply methods or certifications appropriately. Your attention to detail and deep expertise allow you to see inherent risks or improvement opportunities that others may not. You work directly with client teams to ensure a high standard of delivery and operational excellence is met. Key responsibility: - Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help: - Perform audits/reviews to assess risks in Application development and maintenance service environment - Manage risk in Application development and maintenance service to an acceptable level - Increase awareness of and compliance with policy and process-related matters - Support successful completion of various external compliance certification programs and internal compliance assessments - Introduce continual improvement including lessons learned from matters requiring intervention - The successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, performing audit-style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice. Must-Have Skills/Qualifications: - Minimum of 1-year experience in Auditing principles and practices (sample qualifications*: CISA, ISO 27001 Lead Auditor) - Minimum of 1-year experience in Application security/audit roles in Application development & maintenance service industry (sample qualifications*: EC-Councils CASE, CEH, Agile Methodology, DevOps Certification, CMMI for Development) - Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST, DAST, single sign-on, Encryption - Minimum of 1-year experience in Operational compliance requirements - Contract Management/Service Reporting (including Service Level Agreements and Operational Level Agreements) - Risk management or assessment (sample qualification*: CRISC) - Knowledge of cloud environment and services (sample qualification*: Microsoft Azure/AWS/Google Certifications) - Team and stakeholder management Nice-to-Have Skills/Qualifications: - Data privacy and protection (sample qualifications*: CIPM, CIPT, CIPP) - CISSP, CISM, CISA, CCSK, CCSP - SOC1 and SOC2 (SSAE16/ISAE3402) awareness - Business Continuity and Disaster Recovery awareness (ISO 22301) Professional Attributes: 1. Good communication 2. Teamwork 3. Problem-solving capabilities 4. Work planning and management 5. Quick learner 6. Eager to take on responsible tasks 7. Dedicated and focused Educational Qualification: 1. MBA-Information Security/IT 2. BE/B-Tech with CS/IT/related domain 3. BSc-IT Additional Information: - Occasional within-country travel - Flexibility in working hours - 15 years full-time education,

As the Lead (BISO) Business Information Security Officer at Computacenter, you will have a unique opportunity to join the Cybersecurity leadership team reporting directly to the Group CISO. Your primary role will involve partnering with senior security professionals to protect Computacenter and its customers from Cyber threats. By ensuring security risk awareness, mitigation, and alignment with the strategic objectives of the business, you will play a crucial role in safeguarding the organization. In this hybrid working role, you will spend two to three days a week in Bangalore, following Computacenter's Strategic Business Partner model. Your responsibilities will include owning the Cybersecurity lens for supporting and guiding the protection of the business from Cyber threats and risks. You will work closely with the broader Group Information Systems and Cybersecurity team to drive the implementation of the evolving Security Strategy under the guidance of the CISO. Your key responsibilities will be divided into four main areas: 1. **Functional Management (40%):** - Develop and implement the business unit security approach in alignment with business goals and objectives. - Define roles and responsibilities of the Lead BISO to meet Strategic Partner and CISO responsibilities. - Establish proactive initiatives to support market trends, business strategies, and compliance requirements. - Build and maintain relationships with senior management for Business Units and regional executives. 2. **CISO deputy (30%):** - Act as a security ambassador and deputize in the region on cybersecurity matters. - Oversee legal Security Compliance requirements within the region. - Support local MDs in adapting business strategy on information and cybersecurity. - Advise on information security, initiate security-related improvements, and support crisis management activities. 3. **Management responsibility (20%):** - Manage, develop, and coach security managers and staff to achieve goals. - Set objectives at individual and team levels and manage performance. - Represent the cybersecurity team on Computacenter topics and projects within the region. 4. **Financial Management (10%):** - Contribute to annual budget planning and manage spend in the budget. - Prepare business cases and controlling mechanisms for major expenditures. - Develop business cases to support investments in Information Security. To be successful in this role, you should possess a completed university degree, preferably a Master's, or comparable cybersecurity education. You should have 5-8 years of professional experience in Information Security/Cyber Security, including experience in Information Security Management Systems. Holding professional certifications such as CISM, CISSP, or CRISC is desirable. Strong knowledge of Information Security frameworks and standards, as well as legislative and regulatory Security compliance requirements, is essential. At Computacenter, with over 20,000 employees globally, we are at the forefront of digitization, advising organizations on IT strategy and implementing technology solutions across 70 countries. We offer leadership training, coaching, mentoring, and international opportunities to support your professional development and personal growth. Join us in driving digital transformation and making a difference in the world of technology. If you are ready to take on a challenging yet rewarding role as a Lead (BISO) Business Information Security Officer and contribute to the cybersecurity initiatives at Computacenter, we welcome your application. Your dedication and expertise will play a vital role in protecting our business and customers from Cyber threats.,

As the Cyber Security Manager, you will be responsible for protecting the company's digital landscape by designing and implementing comprehensive security programs and cybersecurity strategies. Your role will include securing cloud environments, conducting vulnerability assessments, and managing endpoint security solutions to ensure optimal performance of security tools. Staying updated on the latest security threats and best practices will be crucial to continuously improving the security posture of the organization. Furthermore, you will play a key role in building a culture of security awareness by developing security policies, procedures, and training programs to educate employees. Collaborating with stakeholders and other teams to define and implement effective security measures aligned with industry standards and regulations will be essential in maintaining a secure environment. In addition, you will lead incident response activities, perform risk assessments, and drive root cause analysis to address underlying causes of security incidents. Managing compliance with standards such as ISO 27001 and conducting regular audits to assess the effectiveness of information security management systems (ISMS) will be part of your responsibilities. To be successful in this role, you should have a Bachelor's degree in computer science, Information Security, or a related field, along with a minimum of 10+ years of experience in Information and Cybersecurity. A deep understanding of cybersecurity frameworks and standards, as well as knowledge of cybersecurity technologies and relevant VAPT tools, is required. Strong problem-solving, decision-making, and communication skills are essential, along with the ability to communicate complex technical information to both technical and non-technical audiences. Professional certifications such as CEH, ISO27001, ISMS, CISM, or related certifications are preferred for this position. If you are looking for a challenging opportunity to make a significant impact in the field of cybersecurity, this role could be the perfect fit for you.,

The role you are applying for will involve coordinating with Group CISO & the Asia Pacific Region (APR) Risk Management team to implement central directives regarding cybersecurity governance, conducting analysis, and organizing committees within APR. This position will report directly to the Regional Head of Risk Management, Asia Pacific Region (APR). The ideal candidate for this role should have experience working as a Chief Information Security Officer (CISO) with a background in Cyber Security, Cyber Risk Management, and Risk Management. You will be responsible for managing the APR region (Asia Pacific/Europe) and should have prior experience working with APR countries or other Asian countries, primarily Europe. It is essential to have expertise in developing and executing security strategies. Candidates with a history of frequent job changes (e.g., almost every year) will not be considered. Knowledge of EU regulations, such as DORA, is advantageous. Certifications such as CISSP, CISM, or CISA are required for this position. Your main responsibilities will include adapting Group documents to enhance local cyber resilience, organizing quarterly regional ISS Committees, cascading risk mapping to the local level, supporting the assessment of local third parties" security, advising on local/regional IT and Cyber Projects, and overseeing cybersecurity regulations in Asia Pacific. You will also be involved in conducting Cyber Risk assessments at a regional level and other risk management activities as needed. Candidates should hold a bachelor's degree in information technology, computer science, or a related field. Professional qualifications such as CISSP, CISM, or CISA are necessary. A minimum of 10 years of experience in IT management/cybersecurity governance or related fields, preferably in financial institutions, is required. You should have a strong understanding of security principles, standards, and technologies, including access control, network security, identity management, and cyber incident management. The candidate should possess strong communication and interpersonal skills to collaborate effectively with stakeholders at all levels. Being well-organized, detail-oriented, a good team player, and capable of establishing and maintaining effective working relationships with internal stakeholders are essential attributes for this role. Additionally, you should be able to work independently and demonstrate strong self-motivation.,

The IT Security Manager is a key role within our IT Infrastructure department at Emkay. As the IT Security Manager, you will be responsible for implementing security measures to safeguard our systems and networks. Your main objective will be to identify and mitigate security risks, ensure compliance with industry standards, and develop strategies to protect sensitive information. Your primary responsibilities will include: 1) Implementation of Security Strategy: - Develop and execute the IT security strategy in alignment with organizational goals. - Conduct risk assessments and provide recommendations to enhance our security posture. - Collaborate with key stakeholders to implement security policies, standards, and procedures. - Enhance IT Infrastructure change management practices following ITIL processes. - Maintain a strong focus on vulnerability and patch management for the entire IT infrastructure. 2) Focus on Infrastructure Security: - Oversee the implementation of security measures for networks, systems, and applications. - Ensure data integrity and confidentiality through access controls and encryption. - Monitor and respond to security incidents, including assisting with forensic investigations. 3) Ensuring Security Compliance: - Ensure compliance with relevant regulatory requirements and industry standards. - Conduct regular assessments of the infrastructure and implement corrective actions as needed. - Stay informed about emerging security threats, vulnerabilities, and technologies. 4) Security Awareness: - Create and promote security awareness initiatives to educate the Infra team on the importance of cybersecurity. - Provide guidance to staff on security best practices and procedures. 5) Incident Response and Management: - Develop and maintain an incident response plan to address security breaches. - Lead and coordinate the response to security incidents, collaborating with internal teams and external partners as required. Qualifications required for this role include: - Bachelor's degree in computer science, Information Technology, or a related field. - Certified ITIL Practice Manager. - 4-5 years of experience in IT security roles focusing on managing security programs. - Industry certifications such as CISSP, CISM, ISO27001, or equivalent are highly desirable. - Strong knowledge of security frameworks, standards, and best practices. - Excellent communication and interpersonal skills. Additional requirements for the role include a strong ITIL background, the ability to keep up with industry trends and emerging technologies, proficient problem-solving and analytical skills with a focus on Cyber Security, demonstrated leadership and team management experience, good communication and interpersonal skills to build relationships with internal stakeholders, and the ability to work independently or as part of a team with a high level of self-motivation and initiative.,

Job Description: Job Title: Divisional Risk and Control Analyst TDI Controls Testing & Assurance, AS Location: Pune, India Role Description Infrastructure Chief Operating Office (COO) is responsible for the effective operation of the infrastructure functions, driving operational efficiency whilst supporting the effective delivery of infrastructure services in line with business objectives and control requirements. It also includes oversight of Infrastructure Divisional Control Office (DCO) and Trade Settlement and Confirmations Operations (TSCO). Infrastructure Divisional Control Office (IDCO) as part of Infrastructure COO, provides services to multiple functions in infrastructure. The IDCO function is a dedicated risk, control, and regulatory oversight function, with prime responsibility for managing and proactively mitigating risk across the full breadth of the Technology and Infrastructure organization. Function also provides a consolidated view and central coordination of (non-financial) risks, as well as effective, efficient, and consistent standards and policies. (Technology Data & Innovation) TDI Control Testing & Assurance team part of IDCO identifies, tracks and reports control testing & assurance activities, conducts independent controls testing (design and operating effectiveness) on different risk types in line with the Control Testing Standards. The team also focuses on regulatory and risk-based assurance requirements. This role is within TDI Control Testing & Assurance team. What we ll offer you As part of our flexible scheme, here are just some of the benefits that you ll enjoy, Best in class leave policy. Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Perform Control Testing in line with Control Testing methodology/minimum standard Identify control deficiencies (findings), risks related to elements of controls, participate in findings agreement with stakeholders, escalate potential issues and exception items noted during the testing to senior management for discussion and further investigation, if deemed necessary Prepare Control Testing workpapers for senior management detailing testing results, document findings with highest quality Track Control Testing identified findings, perform required follow-up on open findings Consider regulatory and internal firm policy requirements as well as established best practices for control assurance. Support controls assurance activities Support in monitoring Control testing teams adherence to Control Testing methodology/minimum standards Support, contribute in managing Control Testing vendor resources, where applicable Track testing related effort/budget Plan Vs. Actuals throughout the testing lifecycle Build and maintain solid working relationships with key stakeholders such as within the DCO, IDCO, TSCO, GTI and other Testing Teams including Divisions/sub-divisions, 2 LoD and Group Audit (GA) Your skills and experience University degree preferably in Computer Science, Mathematics, Engineering or a related subject or equivalent qualification in the areas of information security. Professional/industry recognized qualifications e. g. , CISA, CISSP, CISM, CRISC are beneficial. Experience in Cloud Security audit/testing, GCP (Google Cloud Platforms) or Professional/industry recognized qualifications e. g. , CCSP, CCSK will be an advantage Good knowledge of auditing IT application controls, e. g. , from IT audits or IT risk management. Understanding of the relationship between IT risk and underlying business process risk. Knowledge of regulations governing financial institutions is beneficial. Strong written and verbal communication skills and the ability to communicate effectively in conflict situations. Strong organizational skills and attention to detail. Ability to work under pressure, multi-task and prioritize workload. Strong analytical skills and structured thought process with the ability to clearly articulate control deficiencies and related risk Flexible, proactive, and innovative mind set with strong organizational skills to take ownership and responsibility for agreed targets and to meet them within budget to enable a timely and efficient completion of projects. This is an IC (individual contributor) role. How we ll support you Training and development to help you excel in your career. Coaching and support from experts in your team. A culture of continuous learning to aid progression. A range of flexible benefits that you can tailor to suit your needs. https://www. db. com/company/company. htm Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

If you are a strategic thinker passionate about driving solutions and mitigating risk; you have found the right team. The Testing CoE (Center of Excellence) team is responsible for ensuring a strong and consistent control environment across the firm. This role is a great opportunity to be working with a large Controls Testing team and help establish a newly formed organization which provides the potential hire a good starting point within the firm. Job Summary As an Associate within the Testing Center of Excellence, you will be responsible for the execution of independent risk-based, point-in-time evaluations of the control design adequacy and execution effectiveness, to mitigate compliance, conduct and operational risks. The role requires overseeing the performance of complex evaluations of business processes through a comparison of actual processes against expected practices (policies, standards, procedures, laws, rules and regulations). Testing activities often include sophisticated data analytics on large datasets and regular engagement with senior stakeholders across the firm. This is an exciting opportunity to work on key risk initiatives as they become the focus of the firm and across the financial services industry. You will excel at creative thinking and problem solving; be self-motivated, confident and ready to work in a fast-paced, energetic environment. Through collaboration and analytical skills, you will contribute to the Testing CoE s overall success and strengthen the firm s compliance with regulatory obligations and industry standards. Job responsibilities Lead comprehensive control evaluations and substantive testing to independently assess the design and effectiveness of controls Ensure compliance with internal policies, procedures, and external laws, rules, and regulations, while identifying necessary remediation actions. This includes developing and executing testing procedures, meticulously documenting results, drawing informed conclusions, making actionable recommendations, and distributing detailed compliance testing review reports. Foster collaboration with Compliance and Operational Risk Officers on various engagements. This includes developing detailed test scripts, facilitating issue discussions, participating in business meetings, and drafting comprehensive final reports to ensure alignment and clarity. Utilize advanced critical thinking skills to apply substantive testing techniques, thoroughly evaluating the effectiveness of high-risk business processes and identifying potential areas for improvement. Proactively assess and monitor risks, ensuring adherence to firm standards, regulatory requirements, and industry best practices. Implement strategies to mitigate identified risks effectively. Collaborate with cross-functional teams and stakeholders to support the design and effectiveness of controls. Drive initiatives that enhance the business control environment through recommended updates to the Compliance and Operational Risk Evaluation (CORE) application. Develop and execute robust control test scripts aimed at identifying control weaknesses, determining root causes, and recommending practical solutions to enhance operational efficiency and control effectiveness. Document test steps and results in a comprehensive and organized manner, ensuring sufficient support and justification for testing conclusions. Maintain a high standard of documentation to facilitate transparency and accountability. Lead meetings with business owners at various management levels, delivering testing results and supporting sustainable control enhancements. Identify and capitalize on opportunities to strengthen controls and improve operational efficiency. Required qualifications, capabilities, and skills 3+ years of experience or equivalent expertise in risk management, assessment, control evaluations, or a related field, within the financial services industry. Possess a strong understanding of industry standards and regulatory requirements. Demonstrated ability to analyze complex issues, develop and implement effective risk mitigation strategies, and communicate insights and recommendations clearly to senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices. Ability to stay updated with evolving regulatory landscapes and adapt strategies accordingly. Exceptional ability to develop and communicate well-founded recommendations based on regulatory guidance and standards, ensuring alignment with organizational goals and compliance requirements. Highly organized and detail-oriented, with a proven track record of managing multiple priorities and delivering results in a fast-paced environment. Strong analytical and communication skills, with the ability to convey complex information in a clear and concise manner to diverse audiences. Preferred qualifications, capabilities, and skills CISM, CRISC, CISSP, CISA, CCEP, CRCM, CRCMP, GRCP, or other industry-recognized risk and risk certifications preferred. A background in auditing and the ability to understand of internal controls is beneficial. Proficiency in MS (Microsoft Suite) Office - Microsoft Word, Excel, Access, and PowerPoint.

Job Description: Job Title: Technical Information Security Officer Location: Pune, India Corporate Title: AVP Role Description The TISO acts based on the direction of and the tasks assigned by the Divisional TISO. The TISO is typically assigned a set of Application Software Assets and associated Databases (IT aspects only), Infrastructure Software Assets, IT Services, Hardware Assets or IT Assets associated with Building / Facilities. Therefore, the TISO assumes ownership for these assets from an IT Security perspective. The TISO executes all tasks that are assigned to this role based on defined and approved rules and processes. The Technical Information Security Officer (TISO) is 1st Line of Defence official of Deutsche Bank who is accountable for the security of enterprise information. What we ll offer you As part of our flexible scheme, here are just some of the benefits that you ll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities The TISO s responsibilities within the assigned CIO unit(s) comprise: To accept the ownership and responsibility for assigned IT assets. To carry out the Information Security Risk and Compliance Assessments for the assigned IT assets and processes. To remain fully trained and skilled by completing the required Information Security training provided by CSO or as requested by the Principal TISO or the Divisional TISO. To support key role holders such as ITAOs and ISOs to develop a secure environment by evaluating the IT Security requirements as early as possible in the system development life cycle to select the applicable information security controls for implementation. To guide ITAOs on the implementation of compensating controls in case of deviations from the applicable information security controls. To approve the access control and user authorization approach of the assigned IT Assets. To execute and document periodical recertification of Access Rights in compliance with the DB Group Identity and Access Processes. To cooperate with key role holders such as ITAOs and Information Security Officers to put monitoring capabilities for IT Assets in place. To review the output of the monitoring jointly with the key role holders such as ITAOs, Information Security Offices and CSOs to avoid degradation of the required security level. To analyse and review the configuration of IT Assets and remediate gaps according to the applicable Information Security policies. To contribute to the Information Security Incident Management Process in the case of a security breach for their IT-Assets, if requested. To maintain the Information Security related documentation of assigned IT Assets in the DB Group IT Asset inventory. Your skills and experience Industry experience of 6-10 years. Rounded knowledge and experience of all the following Information Security processes; Application and Infrastructure Security Identity and Access management Information Security Incident and Problem Management Information Security Governance for business and technology Information Security Risk Management Expert knowledge of DB Information Security Principles, Policies, and Procedures Profound experience in business and IT processes and respective Information Security requirements. Extensive experience with financial markets and institutions. Excellent analytical skills, flexibility regarding problem solving. Excellent communication skills, fluent in English and local language (written/verbal) as appropriate. Ability to work in fast paced environment and keep pace with technical/ operational innovation. Open minded, able to share information, transfer knowledge and expertise to team members. Keeps pace with technical/operational innovation & maintains understanding of the CIO technologies, as well as CISO service and technology offerings. Education/Certification Degree in Information Security or a comparable education In addition, the following education/certification attainment will be beneficial: CISSP (Certified Information Systems Security Professional) or equivalent. ISSMP (Information Systems Security Management Professional). CISM (Certified Information Security Manager) or equivalent. How we ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs

India s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organisations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Risk Advisory is about much more than just the numbers. It s about attesting to accomplishments and challenges and helping to assure strong foundations for future aspirations. Deloitte exemplifies the what, how, and why of change so you re always ready to act ahead. Your work profile As a Manager in our Cyber - Extended Enterprise team you ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You will: Role Description Lead ISMS or Third-Party Risk Assessments Lead engagement team in delivering client engagements Support Managers/AD/D in assessment/ audit execution, reporting, quality review and tracking Support Managers/AD/D in responding to RFP, proposals, new opportunities Lead discussions with client teams from various depts. Such as compliance teams, auditing and regulators to identify and document various requirements/obligations Flexible to step-in and perform work on ground such as conducting risk assessments and audits with respect to people, process and technology Act as subject matter expert (SME) for providing guidance and share knowledge with team members. Assist team members during engagements Should be able to work as independently on short term engagements Perform quality reviews of work performed by team members Desired qualifications 8+ Relevant years of experience in Third party risk management Relevant years of experience in IT Audits and Cloud security Experience with ISO22301 implementation and audits Preferred certifications CBCI / CBCP / ISO22301 LI or LA Offensive Security Certified Professional, CISA to work in a cross-functional, cross-cultural matrix environment\ Understanding of Third party/vendor/supplier risk management considerations Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant control frameworks for Third party risk management Excellent written/verbal communication Excellent documentation and presentation skills Highly motivated and willing to work in local and global environments Security certifications like CISSP, CISA, CISM, CEH, ISO27001 Work experience in Infrastructure / Application Security Work experience in IT Audit Work experience in Information Risk Management Location and way of working Base location: Pune This profile involves frequent / occasional travelling to client locations OR this profile does not involve extensive travel for work. Hybrid is our default way of working. Each domain has customized the hybrid approach to their unique needs. Your role as a Manager We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Manager across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte Empathetic leadership and inclusivity - creating a safe and thriving environment where everyones valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive.

India s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organisations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As an Manager in our Cyber Team you ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Role Description ISMS or Third-Party Risk Assessments Ability to effectively liaise with clients and manage stakeholder expectations Work with client teams from various departments such as compliance teams, auditing and regulators to identify and document various requirements/obligations Conducting risk assessments and audits with respect to people, process and technology Identification of gaps/observations, risks, opportunities and improvement of policies, processes, procedures and standards Documenting information security risk, recommendation and compensating controls in the form of assessment/audit reports Collaborate with other members of the engagement team to plan and develop relevant work papers/deliverables for vendor information security reviews, define approach for vendor assessment and develop vendor evaluation model Handle key activities of assessment/ audit life cycle: planning, execution, reporting, quality review and tracking Provide guidance and share knowledge with team members and participate in performing procedures especially focusing on complex, judgmental and/or specialized issues Desired qualifications 8+ Relevant years of experience in Third party risk management Relevant years of experience in IT Audits, Cloud security Experience with ISO22301 implementation and audits Preferred certifications CBCI / CBCP / ISO22301 LI or LA Offensive Security Certified Professional, CISA to work in a cross-functional, cross-cultural matrix environment\ Understanding of Third party/vendor/supplier risk management considerations Knowledge of Data Protection & Privacy related risks associated with Third-Party and relevant control frameworks for Third party risk management Excellent written/verbal communication Excellent documentation and presentation skills Highly motivated and willing to work in local and global environments Security certifications like CISSP, CISA, CISM, CEH, ISO27001 Work experience in Infrastructure / Application Security Work experience in IT Audit Work experience in Information Risk Management Location and way of working Base location: Bangalore Professional is required to work from office Your role as an Manager We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Manager across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte Empathetic leadership and inclusivity - creating a safe and thriving environment where everyones valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive.

About The Role : Job Title: Technical Information Security Officer LocationPune, India Corporate TitleAVP Role Description The TISO acts based on the direction of and the tasks assigned by the Divisional TISO. The TISO is typically assigned a set of Application Software Assets and associated Databases (IT aspects only), Infrastructure Software Assets, IT Services, Hardware Assets or IT Assets associated with Building / Facilities. Therefore, the TISO assumes ownership for these assets from an IT Security perspective. The TISO executes all tasks that are assigned to this role based on defined and approved rules and processes. The Technical Information Security Officer (TISO) is 1st Line of Defence official of Deutsche Bank who is accountable for the security of enterprise information. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities The TISOs responsibilities within the assigned CIO unit(s) comprise To accept the ownership and responsibility for assigned IT assets. To carry out the Information Security Risk and Compliance Assessments for the assigned IT assets and processes. To remain fully trained and skilled by completing the required Information Security training provided by CSO or as requested by the Principal TISO or the Divisional TISO. To support key role holders such as ITAOs and ISOs to develop a secure environment by evaluating the IT Security requirements as early as possible in the system development life cycle to select the applicable information security controls for implementation. To guide ITAOs on the implementation of compensating controls in case of deviations from the applicable information security controls. To approve the access control and user authorization approach of the assigned IT Assets. To execute and document periodical recertification of Access Rights in compliance with the DB Group Identity and Access Processes. To cooperate with key role holders such as ITAOs and Information Security Officers to put monitoring capabilities for IT Assets in place. To review the output of the monitoring jointly with the key role holders such as ITAOs, Information Security Offices and CSOs to avoid degradation of the required security level. To analyse and review the configuration of IT Assets and remediate gaps according to the applicable Information Security policies. To contribute to the Information Security Incident Management Process in the case of a security breach for their IT-Assets, if requested. To maintain the Information Security related documentation of assigned IT Assets in the DB Group IT Asset inventory. Your skills and experience Industry experience of 6-10 years. Rounded knowledge and experience of all the following Information Security processes; Application and Infrastructure Security Identity and Access management Information Security Incident and Problem Management Information Security Governance for business and technology Information Security Risk Management Expert knowledge of DB Information Security Principles, Policies, and Procedures Profound experience in business and IT processes and respective Information Security requirements. Extensive experience with financial markets and institutions. Excellent analytical skills, flexibility regarding problem solving. Excellent communication skills, fluent in English and local language (written/verbal) as appropriate. Ability to work in fast paced environment and keep pace with technical/ operational innovation. Open minded, able to share information, transfer knowledge and expertise to team members. Keeps pace with technical/operational innovation & maintains understanding of the CIO technologies, as well as CISO service and technology offerings. Education/Certification Degree in Information Security or a comparable education In addition, the following education/certification attainment will be beneficial: CISSP (Certified Information Systems Security Professional) or equivalent. ISSMP (Information Systems Security Management Professional). CISM (Certified Information Security Manager) or equivalent. How well support you

About The Role : Job Title: Information Security Officer (ISO) LocationBangalore, India Corporate TitleAS Role Description The role of an Information Security Officer (ISO) is of a role holder aligned to a portfolio of applications (Application ISO). The ISO has the responsibility for the operational aspects of ensuring compliance with the Information Security Principles. The ISO is the primary contact for information security relevant matters within their area of responsibility. The ISO has a disciplinary reporting line into their Line Manager and a functional reporting line into the Divisional CISO. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities To assume the ownership and responsibility for the assigned IT assets, in line with the DB Group Information Security management processes and the Divisional ISMS. To support the development and maintenance of Information Security policies and procedures pertaining to the Unit in accordance with the Information Security policies and procedures of DB Group. To support the management of IS Risks within the Risk Appetite defined by the ISR. To execute the IS Risk assessments and compliance evaluations for assigned IT assets To ensure the execution of information security risk management requirements in their area of responsibility as additionally defined by the Divisional ISO (e.g., conducting risk assessments on an organizational basis, preparing and implementing management action plans to mitigate identified risks) To ensure the implementation of Identity and Access Management Processes and the execution of a periodic recertification of User Access Rights in their area of responsibility To provide timely updates to the Divisional ISO regarding the aforementioned information security management tasks To ensure that application entries regarding information security (e.g., Data Protection and Data Privacy fields) in the Groups inventory of applications are accurate and up to date To implement Segregation of Duty (SoD) rules for the assigned IT assets To contribute to the Information Security incident management process in the case of a security breach Keep oneself informed of the Information Security Principles and its subordinate documents and liaise with any other necessary parties to accomplish their tasks. These resources may be e.g., the TISO, ITAO or any other subject matter experts To ensure appropriate documentation of information security risk management in area of responsibility. This includes major decisions including identified and assessed risks as well as risk mitigation measures To deliver all items requested during regulatory and internal Information Security related audits Your skills and experience Essential Candidate should have a minimum of 8 years of business experience in an operation management / risk management capacity, working knowledge in various banking products with strong communications skills Knowledge on Information Security Controls, Data Protection Policy, Information classification principles and segregation of duties requirements within Banking Operations Good understanding of Regulatory, Compliance, Risk & Control Knowledge Have sound knowledge of Identity and Access Management Process Ability to multitask and manage multiple deliverables / projects that are highly visible and of strategic importance to our clients Ability to effectively communicate with clients internally and externally Must be a team player and facilitator Desirable Solid technical understanding of the business (CB Operations) including strong knowledge of application security related processes. Knowledge of electronic banking products and flow of instructions Computer proficiency in MS Office and ability to utilize IT initiatives to achieve a high degree of operational efficiency, optimize costs and add value to the service provided Innovative approach to work and continuously identify and implement process improvements Seek opportunities to improve service processes, minimize operational risk and reduce costs Strong analytical skills, detail orientation, service commitment and solid people management skills Strong awareness of risk control Education / Certification Graduation degree CRISC DesiredCISA/CISM/CISSP How well support you

Join us as a Security Consultant This key role will see you working with the domain lead to define the product backlog and analyse a broad range of security information As our Security Consultant, you ll be providing advice and guidance on the best course of action needed to manage and solve security risks As well as the opportunity to enhance your security knowledge, you ll also be exposed to a wide range of stakeholders across the wider bank Were offering this role at associate level What youll do Using your broad knowledge of security specialisms together with an appreciation of franchise strategies and objectives, you ll be helping the wider bank to ensure a robust security environment across our centres of excellence and domains. We ll look to you to develop appropriate security strategies by understanding the needs and demands of the customer and business, while making sure that organisational system health and security are maintained and, improved where possible. You ll also be: Acting as the interface with security experts when needed Enabling a culture of continuous improvement, promoting the benefits of security and working closely with teams to reinforce the robustness of the domain Analysing business requirements, technical solutions or processes to identify security related risks and providing guidance on how they can be managed effectively Making sure that decisions made are based on robust data, return on investment and value measures that demonstrate thoughtful and intelligent cost management Building relationships with colleagues across the bank to ensure decisions are commercially focused and create long term value for the organisation The skills youll need To be successful in this role, you ll need knowledge of one or more security subject areas and experience of setting risk appetites. You ll also demonstrate experience of, or a willingness to learn risk management frameworks. Additionally, you ll need: A background of at least 4 years in security assessment in information system An understanding in Cloud environment like AWS, Azure, Google Cloud, Web/API Security, Network protocols, Encryption technologies, Intrusion detection/prevention systems, Firewall etc Industry certification such as CISSP, CISM, CISA Experience in c onducting risk assessments of AI systems, identifying potential vulnerabilities, threats within AI models and data pipelines S trong knowledge of vulnerability assessment tools such as GitLab, SAST, Qualys, and CSPM solutions Hours 45 Job Posting Closing Date: 01/08/2025