Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityIQ Good to have skills : SailPoint IdentityNow Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud technologies and security threats. Roles & Responsibilities: Expected to be an SME. Collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Facilitate training sessions to enhance team knowledge and skills. Monitor and evaluate the effectiveness of implemented security measures. Professional & Technical Skills: Must To Have Skills: Proficiency in SailPoint IdentityIQ. Good To Have Skills: Experience with SailPoint IdentityNow. Strong understanding of cloud security principles and best practices. Experience in designing and implementing security frameworks. Familiarity with compliance standards such as ISO 27001 and NIST. Additional Information: The candidate should have minimum 5 years of experience in SailPoint IdentityIQ. This position is based at our Jaipur office. A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : One Identity Manager Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud technologies and security threats. Roles & Responsibilities: Expected to be an SME. Collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Facilitate training sessions to enhance team knowledge and skills. Monitor and evaluate the effectiveness of implemented security measures. Professional & Technical Skills: Must To Have Skills: Proficiency in One Identity Manager. Strong understanding of cloud security principles and practices. Experience with identity and access management solutions. Familiarity with compliance frameworks such as ISO 27001 or NIST. Ability to analyze security incidents and develop mitigation strategies. Additional Information: The candidate should have minimum 5 years of experience in One Identity Manager. This position is based at our Jaipur office. A 15 years full time education is required. Qualification 15 years full time education

Job Title: Senior GRC Specialist Location: Bangalore (On-site; full-time) About Locus : At Locus , we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastog i and Geet Garg , Locus has evolved from a women s safety geo-tracking app into a globally recognized logistics optimization platform . Our technology has empowered enterprises such as Unilever and Nestl to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers . Join us at Locus and be part of a team shaping the future of global logistics. About the role As a Senior GRC Specialist at Locus, you ll play a pivotal role in safeguarding the company s data and systems while enabling global logistics innovation. This role involves leading the implementation of robust security and privacy frameworks like ISO27001, ISO 27701, NIST, SOC2 Type II, etc., driving risk assessments, managing audits, and ensuring compliance across jurisdictions. Youll work closely with cross-functional teams to embed security into every layer of the organization people, processes, and technology. If youre passionate about security, privacy, and scalable compliance in a fast-paced tech environment, this is your opportunity to make a real impact. Key Responsibilities: Design, implement, and maintain the organization s Information Security Management System (ISMS) and Privacy Information Management System (PIMS) in alignment with ISO 27001, ISO 27701, and SOC2 Type II Drive end-to-end security and privacy compliance programs independently, ensuring alignment with business objectives and customer/regulatory expectations. Conduct periodic risk assessments , develop risk treatment plans, and work closely with business and technical stakeholders to ensure timely mitigation. Develop, review, and improve information security and privacy policies, processes, and controls based on changes in the business environment, emerging threats, and applicable legal and regulatory requirements. Ensure client contractual obligations (MSAs) and legal requirements (e.g., GDPR, CCPA) are consistently met. Track and report compliance status and risks through metrics, dashboards, and management reviews . Lead and coordinate internal and external audits (ISO 27001, SOC 2, etc.), including remediation and continual improvement efforts. Assess and onboard critical third-party vendors through structured third-party risk assessments . Coordinate and execute Business Continuity Planning (BCP) and Disaster Recovery (DR) tests. Set guidelines and review adherence to secure development practices , including secure coding standards . Champion and conduct employee awareness and training programs for security and privacy during onboarding and ongoing learning cycles. Oversee the incident response process , ensuring effective triage, containment, root cause analysis, and reporting of security and privacy incidents. Work closely with engineering/product teams to embed privacy and security-by-design principles into the product lifecycle. Liaise with vendors and partners to evaluate and deploy relevant security tools and solutions . Automate repetitive or redundant GRC tasks using scripting or low-code tools to improve efficiency. Key Requirements: 5-7 years of relevant experience in Governance, Risk & Compliance (GRC) roles in a product-based or technology-driven organization . Deep understanding of compliance frameworks : ISO 27001, SOC 2, CSA STAR, BS 10012, ISO 27701. Solid knowledge of global privacy regulations : GDPR, CCPA, and others. Proven experience leading audits and regulatory assessments , including stakeholder management and remediation. Hands-on experience implementing security/privacy controls in cloud environments (AWS preferred). Ability to translate compliance requirements into actionable security measures across tech, product, and operations. Ability to work independently and manage compliance responsibilities across multiple functions and geographies. Good to Have Certifications (At least one certification in GRC is mandatory): CISA/CISM (recommended) CISSP CIPM/CIPP-E ISO 27001 Lead Auditor (recommended) CRISC , CCSK , or other GRC/privacy-focused credentials What We Offer Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization. Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.

1.Conduct information security management reviews and information security management system (ISMS) assessments 2.Must have knowledge of various compliances like ISO 27001, SOC 2, PCI DSS, GDPR etc. 3.Ensure technical implementation and business processes are aligned 4.Lead the design, implementation, operation and maintenance security management systems 4.Participate in the creation, review and update of information security policies 5.Provide complex technical advice, recommendations and consultancy on networks, infrastructure, products and services supplied 6.Provide or assist with implementation documentation Ongoing project management 7. Must be ISO 27001 LA certified.

To act as the SPOC for all third-party audits, especially from BFSI clients & create Network Infrastructure. JD: https://www.pinnacle.in/career/security-manager JD:https://www.pinnacle.in/career/network-manager To work purely from HO Nagpur

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Are you passionate about security architecture and driven to protect against the latest threats? We are seeking a Security Lead who will join our team and take the lead on developing, implementing, and maintaining our security strategy within our Service Provider organization. As our Security Lead, you will work closely with our leadership team to design and implement effective security solutions that not only protect our business objectives and regulatory requirements, but also provide innovative solutions to stay ahead of emerging threats. You will conduct risk assessments and threat modeling to identify and prioritize risks to our business and IT assets, using your extensive experience in security architecture design and implementation within a Service Provider environment to create a cutting-edge security architecture framework. You will also work to maintain policies, standards, and guidelines related to information security within our organization, collaborating with cross-functional teams to implement security controls and technologies such as encryption, authentication, and authorization solutions. Your role will also involve conducting security reviews of vendors and third-party partners to ensure they meet our rigorous security standards, as well as performing regular security and risk reviews of our Service Provider environment to identify vulnerabilities and recommend remediation activities. At the forefront of security trends and technologies, you will advise our senior leadership team on the latest security best practices, and stay ahead of emerging security threats, always keeping our organization one step ahead. Join us on this exciting journey of securing our Service Provider organization and protecting our customer’s assets. Your Future at Kyndryl Every position at Kyndryl offers a way forward to grow your career, from a Junior Architect to Principal Architect – we have opportunities for that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Expertise •Minimum of 8 years of experience in security architecture design and implementation within a Service Provider organization •Experience with security frameworks such as NIST CSF, ISO 27001, or CIS Controls. . Exp in Fortigate Firewall, WAF or Zscaler(Mandatory) •Deep understanding of security technologies, such as firewalls, intrusion detection and prevention systems, vulnerability scanners, and endpoint protection •Strong knowledge of cloud security concepts and technologies, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) Preferred Technical and Professional Experience •Relevant industry certifications such as CISSP, CISM, or CCSP •Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations. Responsible and accountable for driving and maintaining the Compliance Program Which Includes: I. Defining and implementing controls as per Customer defined Security and Privacy policies II. Ensuring measurement and compliance to the policies. III. Drives Internal and External Audits IV. Participate and advise on Security Incident Investigation V. Training and awareness of Employees on Security Policies Well versed and hands-on experience for establishing processes, controls and audits of compliances like ISO 27001, ISO 15408. SOX ITGCs, SSAE 18 SOC 1 & SOC 2, PCIDSS,HIPAA, Data Privacy Standards (GDPR/Schrems) Frameworks. Documentation of IT & risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations Work with the client & technical teams for change request on any risk or control implementation as well as governance process Participate in internal as well as external regulatory audits as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security Point of contact for the client compliance & IT audit team for provisioning audit evidences within the SLAs defined. Provide strategic guidance & consulting support on implementation of IT controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Work with the client & team in identifying any process/ control gaps and suggesting the remediation plan& tracking the plan progress till closure. Liaison with Audit Firms and Client for all types of External audits like (ISO 27001, SSAE 16 SOC 1/ SOC 2 etc)

Technical Consultant OneTrust Privacy Platform Description Governance, Risk & Compliance consulting team is looking for OneTrust certified technical Privacy SMEs to be part of our consulting/professional services division. The candidate must be highly experienced in providing implementation of OneTrust platform inclusive of integration with 3rd party tools and also should have the knowhow of functional aspects of the tool. The OneTrust data privacy consultant will be required to work on global/international consulting as well as technology implementation projects Qualification, Work Experience & Certifications Bachelors/Masters degree or higher in Computer Science, Information Systems or a related field. ONETRUST Privacy Product Certification (Mandatory) Overall IT professional with experience of8+ year At least 6+ yearsof Information Security, Risk Management, Compliance Management and delivery experience. Experience in handling global client stakeholders Excellent Communications & Presentation skills CISA, CISM, CIPM/CIPT, CIPP/E, CIPP/US (at least one certification preferred) Responsibilities Implementation of data privacy requirements using OneTrust platform Build forms, events, workflows, integration with 3rd party products, reports on the OneTrust platform. Oversee the functional and technical implementation and platform adoption for all customer proof of concept projects from start to finish. Technical understanding and experience working with the following concepts: (HTML, CSS, JS • REST APIs • JSON • Scripting :Python, Powershell, Bash, etc) Understanding data privacy stature in client organization Custom make and implement privacy compliance program in client organization Execute data discovery & privacy impact assessment manually as well as using ONETRUST technology platforms. Execute project which involve advise, create & documentation of policies and procedures to help organizations protect their data (e.g. PII, Sensitive data, Financial data etc.) Research and analyze new data privacy regulations evolving across the globe Define technical and business requirements for data privacy and information governance solutions Implement data privacy, information governance, IT and information security related technology products. Perform basic supervisory duties to mentor and coach junior staff. Develop people through effective trainings and certification guidance.

Skill required.. •Accomplish ITQM objectives in the assigned project by planning, executing and evaluating quality activities (as per service description). Accountable that assigned projects implement security and compliance with applicable laws/regulations like CSV, NVS Standards, the IMF, and project methodology Hands-on experience in Regulatory Compliance (UK DPA, SOX, PII, Data Privacy & Security etc.). Should be able to liaison with the client information security, compliance & legal teams on regulatory requirements & facilitate evidence provisioning during audits • Experience in implementation of at least 2 complete cycles of Information Security Management Systems. Good understanding of domains such as Network security, Firewall audits, VA/PT, Access Management etc. Should have experience in domains such as ISAE3402 • Strong knowledge of Qualification and Validation project development/implementation processes. • Excellent FDA GxP understanding. • Knowledge of SoX, cGMPs, FDA and EMA guidelines. • Preferred Certifications: ISO 27000 LA, CISA, CISM, CISSP, ISO 9000 • Experience in planning & conducting & leading internal audits on information security, pharma quality & compliance • Experience in audits of ITSM processes (Change Mgmt, Incident/Problem Mgmt). ITIL V3 foundation must. • Good Program/Project management skills along analytics & reporting skills with strong communication & presentation. • Ability to work with all level of clients & internal resources • Knowledgeable about Business Continuity Management & Disaster Recovery. ISO 22301 experience preferred. JD • Point of contact for client stakeholders as well as HCL Operations team for guidance & support regarding compliance control requirements and implementation into service operations • Create & Document the control compliance plans for all services in scope • Lead Compliance processes for large Pharmaceutical Client for specific geography • Manages the infrastructure Qualification of hardware/Servers. • Maintains categorization of Off-the-shelf validation categories. • Ensure that the operations run-books & SOPs are inline & map with Policies, Standards, and Guidelines relating to security, privacy, and confidentiality for the Client IT Environment. Development of Security plan & ensuring adherence for all security domains relevant for in-scope services • Develop & Plan internal audit calendar aligned to clients internal as well as external audit schedule • Execute Security audits as per the agreed upon plan with client stakeholders and work with operations teams for remediation of any gaps and non-compliances • Provide agreed upon and ad-hoc reports for audits & compliance operations. • Facilitate in-time evidence provisioning to client audit, risk & compliance teams at time of external audits • Conduct process audits for ITSM as per agreed upon process controls • Participate in client meetings and committees that investigate compliance needs and develop new and modified Policies, Standards, and Guidelines We are looking for functional consultants have extensive experience in GxP related policies & process definitions and enforcements.

Client interface for understanding the SOX IT General Controls as applicable to Application &Infrastructure operations Conducting assessment of existing processes and align them to COBiT 2018 standard. Conducting TOE and TOD for ITGCs Documentation of as-is SOX 404 IT General Controls as they are currently being executed in client environment. Identify process exceptions and risk with respect to materiality defined by the SOX controller. Evaluating 3rd parties and their ITGC environments by assessment of SSAE18 reports Create Process Summaries, Compliance runbooks and RCMs. Define RACI for Control owners, executioners etc. Work with Senior Management of the organization and business teams in getting assertions. Point of contact for the client compliance & IT audit team for provisioning SOX audit evidence within the SLAs defined. Provide strategic guidance& consulting support on implementation of SOX controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Identify technical remediations for SOX 404 ITGC and create short term and long term roadmap for remediation Conducting regular training for technical teams for SOX control implementation & audits Should have worked on consulting/implementation & audit of SOX IT General Controls associated with IT Operations (Mandatory) CGEIT, COBiT Experience & COSO ERM execution (preferred) Excellent understand & experience in IT applications &infrastructure management which includes SDLC, App Security, DevOps, Networks, Data Centre Operations, Service Management/Service Desk, Server Management etc. Excellent understanding of IT Service Management processes. ITIL certified. Should be able to identify & report risks related to SOX ITGC design effectiveness & operational effectiveness gaps Should have experience in executing end-to-end SOX ITGC audit life cycle Exposure to other regulatory compliances such as Data Protection Act Candidate should have client facing experience B.E/B.Tech with MBA preferred. Candidates with following Certifications will be preferred: CISA/CGEIT/CISM/CISSP ISO 27001 Implementer, Lead Auditor ITIL V3.0

As part of the Enterprise Security team, the Security Technology Operations (STO) Manager will help secure Arm s digital infrastructure. This includes managing and optimizing security technologies, implementing Zero Trust and network segmentation, and enhancing threat detection and response. The role requires strong cloud and network security knowledge, hands-on experience with security tools, and the ability to lead strategic initiatives while coordinating with partners, vendors, and internal teams. Responsibilities Implement network segmentation and Zero Trust to reduce attack surfaces, enforce least-privilege access, and isolate systems across enterprise and cloud environments. Lead the deployment, optimization, and upkeep of tools like EDR, AV, DLP, VPN, and firewalls to improve Arm s security posture. Promote Zero Trust principles identity-based access control, continuous verification, micro-segmentation, and clear trust boundaries to limit lateral movement and protect key assets. Collaborate with architects and infrastructure teams to define segmentation policies that align with Arm s threat model. Drive enhancements to security technologies, ensuring compliance with standards like NIST, CIS, and ISO 27001. Partner with IT and security teams to roll out new technologies and extend Zero Trust and segmentation across environments. Mentor analysts and engineers, promoting a culture of proactive defense and secure-by-design practices. Required Skills and Experience Demonstrated ability in security operations, infrastructure security, or network security roles. Strong expertise in network security technologies, including VPN, firewalls, IDS/IPS, Zero Trust Network Access (ZTNA) , and segmentation strategy and implementation . Technical proficiency in security solutions, including EDR, DLP, AV, email security, and cloud-native security controls. Experience implementing Zero Trust frameworks and network segmentation architectures in hybrid or multi-cloud environments. Understanding of Identity and Access Management (IAM) systems, including least-privilege access models, directory services, and policy-based access control. Familiarity with ITIL processes, security governance, and risk management, with experience tracking SLAs and compliance objectives. Nice to Have Skills & Certifications Security certifications such as CISSP, CISM, CCSP, AWS Certified Security, or Cisco Certified CyberOps Professional. Experience with scripting and automation for operational efficiency (e.g., Python, PowerShell, Terraform), as well as modern Infrastructure-as-Code and Policy-as-Code frameworks. Familiarity with Zero Trust security models, segmentation technologies (e.g., SDN, NGFWs, NAC) , and continuous risk assessment techniques.

If you are a strategic thinker passionate about driving solutions and mitigating risk; you have found the right team. The Testing CoE (Center of Excellence) team is responsible for ensuring a strong and consistent control environment across the firm. This role is a great opportunity to be working with a large Controls Testing team and help establish a newly formed organization which provides the potential hire a good starting point within the firm. Job Summary As a Risk and Controls Testing Associate within the Testing Center of Excellence, you will be responsible for the execution of independent risk-based, point-in-time evaluations of the control design adequacy and execution effectiveness, to mitigate compliance, conduct and operational risks. The role requires overseeing the performance of complex evaluations of business processes through a comparison of actual processes against expected practices (policies, standards, procedures, laws, rules and regulations). Testing activities often include sophisticated data analytics on large datasets and regular engagement with senior stakeholders across the firm. This is an exciting opportunity to work on key risk initiatives as they become the focus of the firm and across the financial services industry. You will excel at creative thinking and problem solving; be self-motivated, confident and ready to work in a fast-paced, energetic environment. Through collaboration and analytical skills, you will contribute to the Testing CoE s overall success and strengthen the firm s compliance with regulatory obligations and industry standards. Job responsibilities Lead comprehensive control evaluations and substantive testing to independently assess the design and effectiveness of controls Ensure compliance with internal policies, procedures, and external laws, rules, and regulations, while identifying necessary remediation actions. This includes developing and executing testing procedures, meticulously documenting results, drawing informed conclusions, making actionable recommendations, and distributing detailed compliance testing review reports. Foster collaboration with Compliance and Operational Risk Officers on various engagements. This includes developing detailed test scripts, facilitating issue discussions, participating in business meetings, and drafting comprehensive final reports to ensure alignment and clarity. Utilize advanced critical thinking skills to apply substantive testing techniques, thoroughly evaluating the effectiveness of high-risk business processes and identifying potential areas for improvement. Proactively assess and monitor risks, ensuring adherence to firm standards, regulatory requirements, and industry best practices. Implement strategies to mitigate identified risks effectively. Collaborate with cross-functional teams and stakeholders to support the design and effectiveness of controls. Drive initiatives that enhance the business control environment through recommended updates to the Compliance and Operational Risk Evaluation (CORE) application. Develop and execute robust control test scripts aimed at identifying control weaknesses, determining root causes, and recommending practical solutions to enhance operational efficiency and control effectiveness. Document test steps and results in a comprehensive and organized manner, ensuring sufficient support and justification for testing conclusions. Maintain a high standard of documentation to facilitate transparency and accountability. Lead meetings with business owners at various management levels, delivering testing results and supporting sustainable control enhancements. Identify and capitalize on opportunities to strengthen controls and improve operational efficiency. Required qualifications, capabilities, and skills 3+ years of experience or equivalent expertise in risk management, assessment, control evaluations, or a related field, within the financial services industry. Possess a strong understanding of industry standards and regulatory requirements. Demonstrated ability to analyze complex issues, develop and implement effective risk mitigation strategies, and communicate insights and recommendations clearly to senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices. Ability to stay updated with evolving regulatory landscapes and adapt strategies accordingly. Exceptional ability to develop and communicate well-founded recommendations based on regulatory guidance and standards, ensuring alignment with organizational goals and compliance requirements. Highly organized and detail-oriented, with a proven track record of managing multiple priorities and delivering results in a fast-paced environment. Strong analytical and communication skills, with the ability to convey complex information in a clear and concise manner to diverse audiences. Preferred qualifications, capabilities, and skills CISM, CRISC, CISSP, CISA, CCEP, CRCM, CRCMP, GRCP, or other industry-recognized risk and risk certifications preferred. A background in auditing and the ability to understand of internal controls is beneficial. Proficiency in MS (Microsoft Suite) Office - Microsoft Word, Excel, Access, and PowerPoint.

ASSOCIATE CONSULTANT Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced Conduct audits to verify the compliance to organizations security standards Assist in Business Continuity Planning and Implementation. Metrics collection & reporting Must Have Skills Excellent communication and presentation skills. Able to effectively interact with various functions. Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security #eviden

ASSOCIATE CONSULTANT Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced Conduct audits to verify the compliance to organizations security standards Assist in Business Continuity Planning and Implementation. Metrics collection & reporting Must Have Skills Excellent communication and presentation skills. Able to effectively interact with various functions. Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security #eviden

L1/L2/L3 Must-Have Skills: 4+years in SOC 2-3 years as L3 level Team Lead Valid-Active CISM/CISSP certification Expertise in EDR, Incident Response, Threat Hunting Proficiency in Splunk for security monitoring Good-to-Have Skills: CEH, OSCP, GIAC certifications Cloud Security expertise in AWS, Azure, or GCP Scripting with Python, PowerShell Familiarity with MITRE ATT&CK Knowledge of ISO 27001, NIST, GDPR, RBI guidelines Digital Forensics & Malware Analysis Strong stakeholder management skills Academic Qualifications: Valid-Active CISM/CISSP certification Requirements: Location: Mumbai (Kurla) Client Site Job Type: Hybrid Shift Timings: General shift (5 days/week, 2 working Saturdays) Key Performance Indicators: Timely incident resolution Regular metrics and report presentation SIEM efficiency and compliance Integration of SIEM with other solutions Stakeholder collaboration effectiveness kumari nanhi 7505229019 kumari@zyvka.com

Job Summary :- We are seeking a detail-oriented and proactive Employee Monitoring Specialist to oversee and manage employee activity monitoring systems to ensure compliance with company policies, enhance productivity, and protect sensitive information. The ideal candidate will have experience with monitoring tools (e.g., Teramind, ActivTrak, or similar platforms), data analysis, and compliance management. Key Responsibilities :- Administer and manage employee monitoring software (e.g., Teramind, ActivTrak, etc.) to track user activity, system access, and data handling. Monitor, review, and analyze employee activity reports to identify anomalies, suspicious behaviors, or policy violations. Work closely with compliance, HR, and IT departments to investigate incidents, prepare reports, and recommend corrective actions. Ensure that monitoring activities comply with company policies, data privacy regulations, and legal standards. Develop and maintain monitoring dashboards, alerts, and reporting mechanisms for leadership. Assist in drafting and updating company policies related to acceptable use, data handling, and system access. Conduct audits and periodic reviews of employee system usage, application access, and document handling. Train relevant stakeholders on monitoring systems, security best practices, and compliance requirements. Maintain accurate and secure records of monitoring activities, incidents, and resolutions. Stay current on best practices, industry trends, and evolving regulations related to employee monitoring and data protection. Required Qualifications :- Bachelors degree in Information Technology, Cybersecurity, Business Administration, or a related field. 2+ years of experience in employee monitoring, IT compliance, or cybersecurity. Hands-on experience with monitoring platforms like Teramind, ActivTrak, Veriato, or similar. Strong understanding of data privacy laws, including GDPR, HIPAA, or other relevant regulations. Excellent analytical, problem-solving, and communication skills. Ability to handle sensitive and confidential information with discretion and integrity. Preferred Qualifications :- Certifications in IT security, compliance, or data privacy (e.g., CIPP, CISSP, CISM, CompTIA Security+). Experience working in a regulated industry (e.g., finance, healthcare, or SaaS). Familiarity with incident response and investigation processes.

Job Description :- We are seeking a highly skilled Teramind Monitoring Expert with hands-on experience in compliance, monitoring, and system surveillance. The ideal candidate will be responsible for the effective implementation and management of Teramind monitoring solutions to ensure adherence to regulatory requirements and optimal system performance. Key Responsibilities :- Implementation & Configuration :- Install, configure, and manage Teramind monitoring software across the organization. Monitoring & Surveillance :- Continuously monitor system activities, user behaviors, and network traffic to detect and prevent security breaches. Compliance Management :- Ensure all monitoring activities comply with relevant regulatory standards and organizational policies. Incident Response :- Quickly respond to security incidents and anomalies detected by the Teramind system. Reporting & Analysis :- Generate detailed reports and analysis of monitoring data for management review and compliance audits. Policy Development :- Develop and update security policies and procedures related to system monitoring and data protection. Training & Support :- Provide training and support to staff on the use of Teramind tools and best practices for system monitoring. System Optimization :- Continuously evaluate and enhance the performance of the Teramind system to ensure optimal efficiency and security. Collaboration :- Work closely with IT, security, and compliance teams to integrate monitoring solutions with other security measures. Qualifications :- Education :- Bachelor's degree in Computer Science, Information Technology, or a related field. Experience :- Minimum of 3-5 years of hands-on experience with Teramind or similar monitoring software. Technical Skills :- Proficiency in system monitoring, network security, and compliance standards (e.g., GDPR, HIPAA). Analytical Skills :- Strong analytical and problem-solving skills with the ability to interpret complex monitoring data. Communication Skills :- Excellent verbal and written communication skills for effective reporting and collaboration. Certifications :- Relevant certifications such as CISSP, CISM, or equivalent are a plus. Preferred Attributes :- Detail-oriented with a proactive approach to identifying and mitigating security risks. Ability to work independently and as part of a team in a fast-paced environment. Strong ethical standards and commitment to maintaining confidentiality and data integrity.

Conduct vulnerability assessments using industry-leading tools (e.g., Nessus, Tenable, Qualys). Develop and maintain vulnerability management processes, Analyze assessment results to identify and prioritize risks. Perform penetration testing.

We are looking for experienced TPRM (Third-Party Risk Management) Consultants with a strong background in the Life Sciences domain. The role involves conducting internal audits and third-party risk assessments focused on cybersecurity, compliance, operational, and fraud risks within pharmaceutical or healthcare settings. Candidates should be skilled in evaluating vendor risks, drafting SOPs and policies, performing gap analyses, and ensuring regulatory alignment. Relevant certifications like CISM, CISA, or CISSP are a plus. Location : - India(Remote) Preferably Hyderabad

primary Skills: Security Architect Bachelor's degree in information technology, security, or similar Experience in providing security architecture support to a large development organisation Information security credentials such as IGP, CISSP or similar Well versed in cloud security on a generic level as well as AWS Job Description: The candidate will primary work with security assessments and as part of that also be able to provide guidance on how to close security gaps The candidate will also be part of "shift left" for assessments to automate and minimize the manual work involved It is also expected that the candidate will assist in creating an assessment " factory" with a streamlined process for approaching assessments Apply here: https://career.infosys.com/jobdesc?jobReferenceCode=INFSYS-EXTERNAL- 210430

GRC Lead will manage and strengthen our Governance, Risk, and Compliance (GRC) initiatives for Managed Security Services (MSS) within the Telecom sector. The GRC Lead will be responsible for ensuring that the services we provide to our telecom clients adhere to industry standards, regulatory requirements, and robust risk management practices. This individual will play a key role in aligning our security services with client business objectives, improving our security posture, and ensuring compliance with telecom-specific regulations and frameworks. You have: 7+ years of experience in Governance, Risk, and Compliance (GRC), with at least 3 years in telecom or Managed Security Services (MSS) with a degree in Telecommunication Engineering, Computer Science, Information Security, or a related field (B.E/B.Tech/M.E/M.Tech/MCA). Expertise in telecom-specific security technologiesFirewalls, IDS/IPS, SIEM, encryption, access management, and incident response platforms. Experience working with security and compliance frameworksISO 27001, NIST CSF, PCI-DSS, GDPR, NIST SP 800-53, ETSI EN 303 645, also telecom infrastructure, including MPLS, 5G, IoT, and SDN/NFV. Familiarity with GRC tools such as RSA Archer, ServiceNow GRC, or MetricStream. Experience in telecom risk management processes, regulatory assessments, and vendor risk governance. It would be nice if you also had: Industry certifications such as CISM, CISA, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer, TOGAF, or ITIL. Experience in stakeholder management, including executive communication, regulatory liaison, and conflict resolution with auditors or vendors. Strong analytical, negotiation, and project management skills in a cross-functional, multicultural telecom environment. Provide security governance leadership tailored to telecom networks, including mobile, 5G, SDN/NFV, and MPLS environments. Lead risk assessment, threat modeling, and management activities for telecom networks and emerging technologies like IoT and cloud. Ensure compliance with global and local telecom regulatory requirements (e.g., TRAI, DoT, GDPR, FCC, ETSI) through audits, reviews, and reporting. Manage and maintain telecom-specific security policies, technical and administrative controls, and compliance frameworks (ISO 27001, NIST, PCI-DSS). Act as the prime security and compliance interface towards customers, internal teams, auditors, subcontractors, and third-party suppliers. Develop and maintain a risk register, tracking treatment plans and mitigation strategies across client environments. Provide proactive consultation and guidance to customers regarding security best practices and compliance requirements. Oversee incident and crisis response activities to minimize business impact and regulatory exposure, ensuring adherence to notification guidelines. Ensure vendor security due diligence, contract compliance, and ongoing third-party risk monitoring within the telecom supply chain.

Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk Required education Bachelor's Degree Preferred education Doctorate Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge 10+ years of security compliance audit experience would be important Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as SOC2, FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats. s Strong communication, presentation skills with stakeholder management Good Information Security background both technical and functional. Technical background managing network security, endpoint security, threat intelligence, and risk and incident management. Experience with compliance frameworks and standards, such as PCI DSS, NIST, ISO27001, etc Prior IT risk management experience a must Have experience with ISO 27001 implementation engagements. Experience with NIST CSF NIST CSF 2.0 assessments. Exposure to data privacy assessments Plan, evaluate, and direct complex security programs covering multiple and inparallel projects. Understand key Cyber Security considerations including key Cyber Security Risks and projects and innovations Track projects/remediation activities Work independently and prioritize multiple tasks and adapt to needed changes Handle and track remediation of open findings/action items with relevant teams Prior Big4 experience a plus Certifications such as CISSP, CISM,CISA, ISO 27001, a plus Good to have requirements Prior Big4 experience a plus Certifications such as CISSP, CISM,CISA, ISO 27001, a plus Mandatory Skill Sets Good Information Security background both technical and functional. Technical background managing network security, endpoint security, threat intelligence, and risk and incident management. Experience with compliance frameworks and standards, such as PCI DSS, NIST, ISO27001, etc Have experience with ISO 27001 implementation engagements. Experience with NIST CSF NIST CSF 2.0 assessments. Preferred Skill Sets Prior Big4 experience a plus Certifications such as CISSP, CISM,CISA, ISO 27001, a plus Years of Experience 6+ Years

As a Cybersecurity Engineer, you will be responsible for designing, implementing, and maintaining security measures to protect the organizations computer systems, networks, and data from cyber threats. This role will involve a combination of technologies, processes, and practices designed to safeguard data, applications, and networks from threats like malware, phishing, and data breaches. You will be tasked with identifying vulnerabilities , supporting the response to incidents , and ensuring that security protocols and controls are adhered to. Your role is vital in safeguarding critical assets and ensuring compliance with legal and regulatory standards. What will you do in this role: Contribute to the development of enhanced cloud and application security control integrations and architectural best practices. Contribute to the development and implementation of product security policies and standards to ensure that application, cloud services and infrastructure meet organizational security requirements. Help maintain and monitor security tools and dashboards, ensuring that applications deployed in our environments adhere to organizational security standards and compliance requirements. Identify and prioritize adoption of our security tools within other teams ensuring the inputs and outputs are fully integrated enabling a complete security function. Follow standard approaches and established design patterns to create new designs for systems or system components. Identify and resolve minor design issues. A ssist in implement ing and maintaining specific security controls as required by organisational policy and local risk assessments and contribute to identifying risks that arise from potential technical solution architectures. Monitor and log the actual service provided, compared to that required by service level agreements. Undertake low-complexity routine vulnerability assessments using automated and semi-automated tools and contribute to evaluating and document ing the scope of results. Design, implement, test, document, and support integration of security tools and technologies in pipelines, Also, assist the product teams in related activities . Assist in maintaining security infrastructure and performing system updates . Investigate minor security breaches in accordance with established procedures. Assist users in defining their access rights and privileges and perform non-standard operational security tasks. Resolve security events and operational security issues. Work closely with cross-functional Infrastructure teams on Automation and Orchestration. Create and document detailed designs for simple software applications or components. Apply agreed modelling techniques, standards, patterns , and tools. Work within a matrix organizational structure, reporting to both the functional manager and the project manager. What should you have: Bachelors degree in Information Technology , Computer Science or any Technology stream. Working experience in cloud environments AWS must have and good to have Azure, or GCP. Understanding of OWASP Top 10 security risks and mitigation strategies, relevant NIST standards, and Zero Trust principles. Familiarity with programming/scripting languages like Python, Bash, Terraform, Ansible, JSON, PowerShell, or JavaScript for automating tasks. Familiarity with software development/delivery lifecycle and related technologies 3+ years of hands-on experience working with network protocols, firewalls, intrusion detection systems, encryption technologies, and endpoint security solutions. Proficiency in security tools in the areas of cloud, application, endpoint, network or identity, vulnerability scanners, and malware analysis platforms.. Knowledge of authentication methods, identity management, and security access protocols (e.g., SSO, MFA, LDAP). Ideally AWS certified. Good interpersonal and communication skills (verbal and written). Relevant certifications (e.g., CISSP, CISM, CEH, CompTIA Security+) are often required or highly desirable. Proven record of delivering high-quality results. Product and customer-centric approach. Innovative thinking, experimental mindset.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityNow Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities: Configure, manage, and support SailPoint IdentityNow (IDN) for provisioning, de-provisioning, role management, and access governance across the enterprise.Maintain and troubleshoot SailPoint IDN connectors for integration with various on-premise and cloud-based systems, such as Active Directory, SAP, Office 365, and AWS.Identity Lifecycle Management:Manage the entire identity lifecycle process, including user provisioning, role-based access control (RBAC), access reviews, and compliance reporting.Automate identity-related processes using SailPoint's workflows and policies to enhance operational efficiency.Access Request and Approval Workflow:Design, configure, and maintain user access request workflows, approval processes, and access certification campaigns in IdentityNow.Work closely with stakeholders to define and enforce role-based access policies, ensuring compliance with security best practices.Integration and API Management:Integrate SailPoint IdentityNow with enterprise applications and third-party tools using connectors, APIs, and out-of-the-box integrations.Collaborate with IT teams to integrate IAM solutions into the broader enterprise architecture and security ecosystem.Security & Compliance:Implement role mining, entitlement management, and access certification processes to maintain compliance with internal and external regulatory requirements.Generate reports and dashboards to track access violations, security events, and audit findings.Troubleshooting & Support:Provide support for any issues related to SailPoint IdentityNow, including troubleshooting and resolving user access, workflows, and integration problems.Participate in system upgrades, patches, and testing to ensure continuous functionality and security of the identity management system.Collaboration & Documentation:Work closely with stakeholders to gather requirements and design solutions that meet business needs.Document processes, configurations, and best practices related to SailPoint IDN administration and configuration.Training & Awareness:Provide training and knowledge transfer to the internal teams on how to effectively use SailPoint IdentityNow.Educate users on identity governance processes, including access requests, role management, and compliance. Professional & Technical Skills: Must To Have Skills: Proficiency in SailPoint IdentityNow. Strong understanding of cloud security principles. Experience with security tools and technologies. Knowledge of regulatory compliance requirements. Hands-on experience in implementing security controls. Good To Have Skills: CISSP certification. Additional Information: The candidate should have a minimum of 3 years of experience in SailPoint IdentityNow. This position is based at our Bengaluru office. A 15 years full time education is required. Qualification 15 years full time education