752 Cism Jobs - Page 17

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Are you passionate about cybersecurity and looking for an exciting role where you can make a difference? If so, we have an opportunity for you! As a Security Specialist at Kyndryl, you will play a crucial role in enabling and securing our customer organizations, cultures, and ecosystems. Your responsibilities will be varied and dynamic, spanning asset classification models, risk assessment reports, information security policies, security solution scenarios, implementation plans, organization models, procedures, security services, security effectiveness evaluation reports, and security awareness workshops. You will be tasked with configuring, monitoring, and managing the performance of networks to maintain the quality of services, while also protecting organizational infrastructure from malicious cyber-attacks. As a key member of our team, you will assess, predict, prevent, and manage the risk of IT infrastructure and data, helping our customers stay ahead of the curve and ensure their systems are secure. You will develop and implement security policies and procedures, working closely with other departments to ensure that all security measures are in place and operating effectively. But that is not all – at Kyndryl you will have the opportunity to explore innovation in CyberSecurity data science – taking information that has been gathered and looking for areas to have that “Ah Ha” moment. Drawing conclusions and patterns from the data across single and multiple clients. Creating new ideas in the area of risk management and risk quantification. In addition to your technical responsibilities, you will also play a key role in raising awareness of potential security threats through technical security training on best practices. This is an exciting opportunity to help shape the culture of our clients' organizations and make a tangible impact on their security posture. If you have a passion for cybersecurity – governance, risk and compliance, are looking for a challenging and dynamic role, and want to work with a team of like-minded individuals, then we want to hear from you! Join us as a Security Specialist and help us secure the future of our clients' organizations. Your Future at Kyndryl Every position at Kyndryl offers a way forward to grow your career. We have opportunities that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are Required Technical and Professional Experience 5+ years in IT security profile. Education : MCA / B.E. / B. Tech Project Experience : Minimum of 3+ years in security requirements, cyber security, IT security audits, certifications, etc., in at least 2 IT projects Certifications : ISO 27001 & CISSP (Certified Information Systems Security Professional) Responsibilities Facilitate review of the data security architecture as per the requirements. Facilitate review of the configuration of the required IT security infrastructure as per the law or as requested by the client against the acceptance criteria. Monitor activities related to periodic security testing/audits as per client requirements. Implement any new or existing guidelines/policies/acts issued by the Government of India on IT Security. Location : Requires working from Client location in Delhi Preferred Technical and Professional Experience CISSP (Certified Information Systems Security Professional) certification. ISO 27001 Certification. Other relevant certifications like CISM (Certified Information Security Manager) or CEH (Certified Ethical Hacker) can be beneficial. Excellent communication skills to effectively interact with stakeholders and educate employees on security best practices. Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

We are looking for someone who has good hands on experience in VAPT. This role is with one of the government department of Maharashtra. Education: B.E/B. Tech / M.Sc. (Comp. Sci) / MCA / MBA/ M. Tech degree or equivalent. Should be a certified auditor. 6 or more years of overall experience with at least 6 years of relevant experience in Vulnerability Analysis, Penetration Testing and/or forensics. Must have experience in managing at least 3 projects for large, enterprise scale Clients. should have at least two industry certifications as mentioned below: 1. Licensed Penetration Tester (LPT) 2. Certified Penetration Testing Professional (CPENT) 3. Certified Expert Penetration Tester (CEPT) 4. GIAC Penetration Tester (GPEN) 5. CompTIA PenTest+ 6. Certified Ethical Hacker (CEH) 7. Certified Mobile and Web App Penetration Tester (CMWAPT) 8. Computer Hacking Forensic Investigator (CHFI) 9. Certified Information System Auditor (CISA) 10. Certified Information Security Manager (CISM) 11. Other acceptable industry related certification in VAPT. 12. OSCP

Internal Audit:Auditor - Information System INTERNAL USAGE No. of Vacancies Reports to IS Audit Head Is a Team leader? No Team Size Grade Manager Business Corporate Centre Department Internal Audit Sub - Department Location Corporate Office , Worli Mumbai About Department Internal Audit function of the Bank, operates independently under the supervision of the Audit Committee of the Board and is responsible for providing an independent view to the Board of Directors and Senior Management on the quality and efficacy of the internal controls, risk management systems, governance systems and processes in place on an on-going basis. This is provided to primarily ensure that the business and support functions are in compliance with both internal and regulatory guidelines About the Role To conduct Information Systems Audit for the Bank. Key Responsibilities Planning the audit, developing clear and concise risk/control matrices and audit programs, and reporting Demonstrate professionalism, competence and clarity of communication when dealing with the IT stakeholders Demonstrate reasonable knowledge of the industry or sector and be aware of technical issues or audit risks Qualifications Graduates/CAs/MBA with relevant certification such as CISA / CISM / CISSP / CIA 4+ years of work experience with prior experience in Internal or Statutory Audit / Risk Management / Regulatory / Compliance roles in the financial services (Banking, NBFC) industry Role Proficiencies Experience in conducting Information Systems and Security audits, application control reviews and application functionality reviews - Strong knowledge of regulations and circulars released by regulatory bodies (RBI, SEBI etc.) - Practical experience of audit methodology - Good written and oral communication skills - Good logical and reasoning skills - The ability to work effectively in team Technical skill set for Information systems auditor should have Solid base of computer skills in hardware and software Knowledge of various operating systems Knowledge of Databases Hands on experience on Network Architecture Knowledge of other IT infrastructure Application controls and Interfaces Knowledge on Computer Assisted Audit Techniques (CAATs) Knowledge on Information security governance Knowledge on Business Continuity and Disaster Recovery framework Professional Certifications: CISA, CISM, CISSP, CEH, ISO 27001, ISO22301

Job Summary: We are seeking an experienced and strategic Chief Information Security Officer (CISO) with expertise in service delivery, solution architecture, and security operations. The ideal candidate will have a strong background in SIEM and SOAR tools, along with a proven track record of designing and implementing robust security solutions. This role will play a critical role in shaping our cybersecurity strategy and ensuring the protection of our digital assets. Key Responsibilities Cybersecurity Strategy: Develop and implement a comprehensive cybersecurity strategy that aligns with business goals and objectives. Service Delivery: Oversee the delivery of security services, ensuring they meet or exceed industry standards and regulatory requirements. Solution Architecture: Lead the design and implementation of security solutions, including SIEM, SOAR tools, and other cutting-edge technologies. Security Operations: Manage and optimize security operations, including incident response, threat hunting, and vulnerability management. Risk Management: Identify, assess, and mitigate cybersecurity risks, working closely with cross-functional teams to implement effective risk mitigation measures. Compliance: Ensure compliance with relevant cybersecurity regulations, standards, and frameworks (e.g., ISO 27001, NIST, GDPR). Team Leadership: Build and lead a high-performing cybersecurity team, fostering a culture of continuous learning and development. Vendor Management: Collaborate with third-party vendors and partners to evaluate, select, and implement security solutions and services. Incident Response: Develop and oversee an effective incident response plan, including tabletop exercises and post-incident analysis. Security Awareness: Promote cybersecurity awareness and education among employees, contractors, and other stakeholders. Budget Management: Manage the cybersecurity budget effectively, ensuring optimal resource allocation. Qualifications: Bachelors degree in Computer Science, Information Security, or a related field (Masters degree preferred). A minimum of [X] years of experience in information security, with a focus on service delivery, solution architecture, and security operations. Proven expertise in SIEM and SOAR tools, with a deep understanding of their implementation and management. Industry certifications such as CISSP, CISM, or CISA preferred. Strong leadership and team management skills. Excellent communication and interpersonal abilities. Ability to collaborate with cross-functional teams and communicate complex technical issues to non-technical stakeholders. In-depth knowledge of cybersecurity regulations, standards, and best practices. Competitive salary and performance-based bonuses. Comprehensive health, dental, and vision insurance. Retirement savings plan with company matching. Professional development and training opportunities. Flexible work arrangements. Employee wellness programs. Exciting opportunities for career advancement.

About Us Our purpose at Avient Corporation is to be an innovator of materials solutions that help our customers succeed, while enabling a sustainable world. Innovation goes far beyond materials science; its powered by the passion, creativity, and diverse expertise of 9,000 professionals worldwide. Whether youre a finance wizard, a tech enthusiast, an operational powerhouse, an HR changemaker, or a trailblazer in materials development, youll find your place at Avient. Join our global team and help shape the future with sustainable solutions that transform possibilities into realities. Your unique perspective could be the key to our next breakthrough! Job Summary The Senior Manager of Security Operations and Identity Management is responsible for 24x7 security monitoring and the administration of identity management processes. This role includes overseeing the architectural design, deployment, execution, and optimization of solutions in alignment with risk requirements and compliance obligations. Essential Functions Ensure that SIEM and SOAR environments are “fit for purpose” and continually enhanced to cover known and emerging MITRE ATT&CK techniques Manage the global SOC team responsible for 24x7 alerting, triage, investigation and Incident Response. Monitor and improve Key Performance Indicators (KPIs) Track SOC Maturity and partner with CISO to establish road map for growing SOC capabilities and automation Manage the Cyber Threat Intelligence program Oversee forensics, litigation support, and e-discovery capabilities in support of requests from Legal Lead the team responsible for identity lifecycle functions, identifying and implementing best practices to automate repetitive processes Oversee IAM architecture design, deployment and delivery of capabilities to achieve target levels of cyber maturity and efficiency, working with vendors, partners and other 3rd parties Ensure compliance with required regulations and frameworks across all divisions and markets, driving timely remediation of any IAM deficiencies Other duties as assigned Education and Experience Qualifications Bachelor’s degree in information technology, engineering, business management, operations management, or related field or discipline 10+ years' experience in cyber security with 3+ years in a management role Solid understanding of IAM principles, design and engineering, including Single sign-on (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM) Working knowledge of multiple IAM systems (traditional and cloud) Experience implementing Zero Trust capabilities in complex operating environments Additional Qualifications Security certifications (CISSP, CISM, GCIH, GSEC, etc) Experience with modern cloud detection and response tools and processes Operational Technology (OT) experience

Job Description Security testing consultant Job Title: Application security testing consultant (Assistant Manager) Job Summary We are seeking an engineer with 3-5 yrs of experience and highly motivated senior security testing consultant to join our team in a dynamic industrial environment. The Application Security testing Engineer will be responsible for ensuring the security of our applications throughout the software development lifecycle. This role involves collaborating with development teams to integrate security best practices, conducting security assessments, and implementing measures to protect against threats and vulnerabilities. This role demands a blend of technical expertise, problem-solving skills, and knowledge of industry-specific challenges. Key Responsibilities Conduct security assessments, penetration testing, and code reviews on applications to identify vulnerabilities. Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC). Design and implement security measures, such as encryption, authentication, and intrusion detection systems. Develop and maintain security-related documentation, including policies, procedures, and guidelines. Monitor application security alerts and respond to incidents to mitigate risks promptly. Stay updated with the latest security threats, trends, and technologies to ensure proactive defense strategies. Provide training and support to development teams on secure coding practices. Conduct risk assessments and threat modeling to anticipate potential security issues. Work with cross-functional teams to remediate identified security vulnerabilities. Participate in security audits and compliance activities to meet regulatory requirements. Evaluate and recommend security tools and technologies tailored to industry-specific needs. Manage contracts with security vendors and service providers. Work closely with engineering, production, and IT teams to integrate security into new projects and upgrades. Participate in strategic planning for long-term security infrastructure improvements. Provide input for disaster recovery (DR) and business continuity planning (BCP) strategies Minimum Qualifications Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related fields. Professional Certifications (preferable): Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) CompTIA Security+ Certified Information Security Manager (CISM) GIAC Certified Incident Handler (GCIH) Experience: 3-5 years of experience as an Security Engineer or in a similar role., including 3 years in industrial environments such as steel, power, renewable energy, or cement. Strong understanding of application security principles and secure coding practices. Technical Skills: Experience with security tools such as SAST, DAST, and vulnerability scanners. Familiarity with common security frameworks and standards (e.g., OWASP, NIST). Proficiency in at least one programming language (e.g., Java, C#, Python). Knowledge of encryption techniques, PKI, and secure authentication mechanisms. Familiarity with cloud security tools (e.g., AWS, Azure, GCP). Soft Skills: Strong analytical and problem-solving abilities. Excellent communication and interpersonal skills. Ability to work collaboratively across teams and departments. Adaptability to evolving technology landscapes and security challenges.

In our Assurance (A&A) Team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Leading / execution of Internal Audit / Advisory engagements Ability to effectively perform the technical components of risk assessments to provide an accurate view of the clients current risk state Ability to perform end-to-end business process analyses and design Ability to gather, synthesize, and analyze data using appropriate tools and technologies Ability to assess and design internal controls by applying an understanding of internal control design frameworks and regulatory requirements Ability to understand the client’s business, interpret sector trends, and learn leading practices Ability to effectively interact with colleagues and clients of varying backgrounds to effectively serve clients Ability to enhance quality and efficiency of recommended conduct risk solutions by applying relevant frameworks, conducting research, and performing analyses Ability to conduct internal audits by leveraging approved processes and methodologies Ability to set the stage for a successful assessment of client’s internal audit processes and controls by collecting and organizing data Ability to enhance quality of assurance engagements by identifying risks, performing testing, researching governing regulations, and developing reports Ability to leverage industry leading frameworks, methods, and tools to increase effectiveness of technology and data risk solutions Desired qualifications Must have 5 – 7 years’ experience post qualification experience in Internal Audit CA/MBA/CIA/CISA Certifications/Qualifications Project Management • Decision making with engagement management and seek to understand the broader impact of current decisions • Lead engagement planning. economics, and billing • Generate innovative ideas and challenge the status quo • Participate in proposal development efforts Audit & Assurance/Assurance (A&A) Assurance (A&A) • Assist in pre-sales activities • Manage relationships with clients with the intention to exceed client expectations Well versed with Internal Audit requirement Managed end-to-end engagements for support on Internal Audit from planning to conclusion. Managed engagements with a team size of 6-10 members Experience in preparation of Business Development presentations, proposals Must be open to travel Location and way of working. • Base location: Chennai • Must have 5 – 7 years’ experience post qualification experience in Internal Audit • Well versed with Internal Audit requirement • This profile involves frequent travelling to client locations. • Hybrid is our default way of working. Each domain has customized the hybrid approach to their unique needs.

SYX Services Pvt ltd SYX Services Private Limited is a subsidiary of a US based company called Company (NYSE: GIC). We are registered under the Companies Act, 1956, and provide information technology services solely to Company and its subsidiaries located in the United States and Canada. Our operations started in July, 2011 and we are now a 70-member team comprised of Java developers, SAP professionals, .net developers, Oracle developers, a creative team and a Web Chat team. For over 70 years Company through its operating subsidiaries has been an industry leader providing private label and brand name industrial equipment and supplies to businesses throughout North America Key Responsibilities Work with the IA manager to plan IT audits and develop work programs, timelines, risk assessments, and other planning documents. Work with IT leadership to document the IT processes and identify and test controls. Participate in recurring SOX testing activities and Internal Audit programs. Serve as a fieldwork leader by directing daily progress of IT fieldwork, informing the Management of audit status and issues. Demonstrate and apply a thorough understanding of complex information systems. Use knowledge of the current IT environment and IT risks, identifying potential audit issues and communicating this information to management through written correspondence and verbal presentations. Maintain through a continuing commitment to personal development, including an understanding of technology trends as well as statutory and legislative changes impacting IT throughout North America and Europe. To demonstrate and apply strong project management skills, collaborate with other audit team members, and use current technology and tools to enhance the effectiveness of deliverables. Competencies and skills Audit / risk experience in a $1B+ business. Experience with PCI-DSS Proficiency with ERP controls and security preferably SAP Knowledge and experience of COBIT and Sarbanes-Oxley One or more of the following certifications: CPA, CA, CISA, CISSP, CISM, CBCP, CIA or CFE Qualifications A degree in business, accounting, finance, computer science, information systems, engineering, or a related discipline. Two to five years experience working as an auditor or risk adviser for a public accounting firm, professional services firm or within industry. Strong understanding of IT processes, risks, technologies and controls. Strong presentation abilities underpinned by effective verbal communication and report writing skills. Solid project management, teamwork and relationship skills. Important Facts Job Segment: Systems Engineer, Engineer, Engineering

Network Risk and Compliance Analyst:This role is positioned as a Network Risk and Compliance within the Production Assurance-Risk and Compliance Team. The Risk and Compliance team is responsible for proactively identifying and managing risks and to ensure oversight and accuracy of our audit and regulatory responses and remediation plans. Primary responsibilities will include:Develop and manage monitoring activities to ensure compliance with Information Security and Technology regulatory requirements and internal policies and standardsIdentify, develop and maintain key risk indicators to track and ensure compliance with established policies and standardsConduct targeted reviews to identify risks, opportunities, and areas for improvementProactively identify and report Information Security and Technology compliance risksEnsure risks are effectively identified, quantified, prioritized, communicated, and managed, including recommendations for risk mitigation, and identifying the root cause/key themesEffectively communicate findings and recommendations to management in detailed and organized format/process via presentations to stakeholders and senior managementAudit, Regulatory and Third-Part audits/risk assessmentsDevelopment of formal responses to Audit and Regulatory inquiries or assessments. This may be comprised of documentation gathering, drafting of documents, and researching past activity and reportsCentralize compliance responses/data to improve audit response time and create consistent responses across teamsInteract with Auditors and Regulators as neededDevelop and conduct ongoing risk and compliance training and education Role Requirements:Bachelor s degree in Computer Science, Cyber Security, Information Security, Information Systems Management, Information Technology Auditing or related relevant fieldStrong technical background in order to communicate effectively with Network EngineersExperience in leading projects, preferably global projectsExperience with audits and/or compliance assessments/monitoringPMI, CISSP, CISM, CISA a plusAbility to operate in a fast-paced global environmentAbility to work under pressure, meet tight deadlines and embrace changeAbility to communicate clearly to various levels of management (including executive management), across various business functions (including engineering) More about the OpportunityThe Risk and Compliance Analyst is an excellent opportunity, and CACI Services India reward their staff well with a competitive salary and impressive benefits package which includes: Learning: Budget for conferences, training courses and other materials Health Benefits: Family plan with 4 children and parents covered Future You: Matched pension and health care packageWe understand the importance of getting to know your colleagues. Company meetings are held every quarter, and a training/work brief weekend is held once a year, amongst many other social events. CACI is an equal opportunities employer. Therefore, we embrace diversity and are committed to a working environment where no one will be treated less favourably on the grounds of their sex, race, disability, sexual orientation religion, belief or age. We have a Diversity & Inclusion Steering Group and we always welcome new people with fresh perspectives from any background to join the group

Colt provides network, voice and data centre services to thousands of businesses around the world, allowing them to focus on delivering their business goals instead of the underlying infrastructure. Job ID- 35584 Job Title - Senior Engineer/Technical Lead, Security Operations Location- Gurgaon/ Bangalore Reports To - Customer Security Operations Centre Manager Why we need this role The Customer Security Operations Centre (CSOC) is responsible for operation, maintenance, and monitoring of Colts Managed Security product portfolio. As an engineer in Security operations, primary responsibilities are to provide support for Colt Customer security services, with expert level knowledge on Firewall, DDoS and Zscaler technology and operations skills. Responsible for 24/7 security operations, managing and implementing advanced customer trouble and change requests for DDoS mitigation and managed firewall services, as well as active monitoring and response to security alerts and events| What you will do Typical tasks and responsibilities will include: Monitor and react to all Customer security alerts / events Manage customer faults, service outages, and service impairments to resolution, on Managed Security products Provide regular and accurate customer updates Implement changes within customers managed security environment and for Managed Security products Escalate customer incidents to other support teams, vendors, management as per escalations policies and procedures Participate in preventative maintenance, technical training, process improvement, and information sharing activities to improve the team Participate in 24/7 shift rota Possess exceptional customer service skills Multi-task during events Communicate effectively with managers, customers and vendors Maintain effective working relationships with peers Maintain relationships with other support teams both within and outside of Security Strong written and verbal communication skills Analytical and problem-solving skills Attention to detail with good organizational capabilities Prioritize with good time management skills What were looking for Self-driven individuals with 5 to 8 years of relevant information/network security experience Worked under high pressure situations. Good Incident and Problem Management skills Essential Requirements: Experience in a security operations environment Experience and certifications in specific security technologies such as Fortinet, Arbor, Radware, Palo Alto, Cisco, Checkpoint, Zscaler, Cloud Security (SSE/SASE, CASB, ZTNA, DLP, SWG) Security industry certifications (examples): CISSP CRISC CISM Understanding of Denial of Service concepts and attack vectors, mitigation options Experienced working on security technologies like Juniper, Checkpoint, Cisco); IPS; Web Proxy, Application Firewalls; Load Balancers; DDoS mitigation platform; Vulnerability scanners What we offer you: Looking to make a mark? At Colt, you ll make a difference. Because around here, we empower people. We don t tell you what to do. Instead, we employ people we trust, who come together across the globe to create intelligent solutions. Our global teams are full of ambitious, driven people, all working together towards one shared purpose: to put the power of the digital universe in the hands of our customers wherever, whenever and however they want. We give our people the opportunity to inspire and lead teams, and work on projects that connect people, cities, businesses, and ideas. We want you to help us change the world, for the better. Diversity and inclusion Inclusion and valuing diversity of thought and experience are at the heart of our culture here at Colt. From day one, you ll be encouraged to be yourself because we believe that s what helps our people to thrive. We welcome people with diverse backgrounds and experiences, regardless of their gender identity or expression, sexual orientation, race, religion, disability, neurodiversity, age, marital status, pregnancy status, or place of birth. Most recently we have: Signed the UN Women Empowerment Principles which guide our Gender Action Plan Trained 60 (and growing) Colties to be Mental Health First Aiders Please speak with a member of our recruitment team if you require adjustments to our recruitment process to support you. For more information about our Inclusion and Diversity agenda, visit our DEI pages . Benefits Our benefits support you through all parts of life, for both physical and mental health. Flexible working hours and the option to work from home. Extensive induction program with experienced mentors and buddies. Opportunities for further development and educational opportunities. Global Family Leave Policy. Employee Assistance Program. Internal inclusion & diversity employee networks. A global network When you join Colt you become part of our global network. We are proud of our colleagues and the stories and experience they bring - take a look at Our People site including our Empowered Women in Tech.

Job Title: Principal Information Security Specialist Job Code: 7924 Country: IN City: Mumbai Skill Category: IT\Technology Description: Overview Nomura has a robust global Information Security department, members of which are located in all of its major regions, namely Japan, Americas, India, Asia Excluding Japan (AeJ) and EMEA. This role will report directly to the Global Head of the Information Security Architecture and Engineering (SAE) located in London and will be a member of the Information Security Architecture and Engineering (SAE) Leadership team. Key objectives critical to success We are looking for a talented and experienced professional to join our team as the regional Head of Information Security Engineering in India. In this role, you will lead the engineering, development, and implementation of a robust and scalable information security solutions to protect Nomura s critical assets and infrastructure on a global scale. This role is handson as the security architecture and engineering strategy and roadmap are being developed. You will lead team of security engineers in India. It requires the development and implementation of people processes, policies, standards, and solutions in collaboration with the Global Heads of Information Security and key stakeholders (e.g., IT, business, legal, HR, compliance). You will play a key role in shaping our information security strategy and ensuring the resilience and effectiveness of our security solutions. Key Responsibilities Develop and execute the cyber security engineering strategy that aligns with the business objectives and the Security Risks and Controls Framework. Build, mentor, and manage a team of cyber security engineers. Foster a culture of continuous improvement, innovation, and collaboration within the team Develop and maintain the security solutions and products for the information security team and ensure it is fully aligned with the enterprise reference architecture developed by Security Architecture. Define and implement security standards, best practices, and guidelines for technology infrastructure, applications, and systems. Lead the engineering and implementation of secure network solutions, cloud security solutions, and endpoint protection mechanisms, including security tooling (change management, patching, upgrades etc.). Collaborate with crossfunctional teams to evaluate and select security technologies and tools that meet Nomura s requirements, including AI/ML, SaaS, security automation, and R&D. Provide technical guidance and expertise on security infrastructure design, configuration, and deployment. Provide clarity to IT (including projects) to ensure the most optimal risk reduction solutions are implemented. Establish a security lab (and sandbox) to evaluate security solutions for Nomura as well as assessing and testing emerging technologies for the business. Stay current on emerging technologies, trends, and threats in the field of information security architecture and engineering. Collaborate with internal and external stakeholders to ensure alignment with industry standards, regulatory requirements, and compliance frameworks. Skills, experience, qualifications and knowledge required Experience in managing technical security engineering functions Bachelors degree in Computer Science, Information Technology, or related field; Masters degree preferred. Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification is required. Minimum of 10 years of experience in information security, with a focus on security engineering. Strong knowledge of security technologies, protocols, and frameworks, such as ISO 27001, NIST, and OWASP. Experience with engineering and implementing security controls for cloud environments, network infrastructure, data security, and software applications. Excellent analytical, problemsolving, and project management skills. Strong communication and interpersonal skills to collaborate with diverse teams and stakeholders. Ability to lead and mentor a team of security engineers in a global environment.

Req ID: 125023. Remote Position: Hybrid. Region: Asia. Country: India. State/Province: Chennai. City: Guindy, Chennai. Summary. The Senior Specialist, IT Solutions is a key role that evaluates, implements, and manages Security solutions to protect Celestica's systems and data. Responsibilities include implementing automation technologies, performing risk assessments, contributing to automation policies and standards, and advising on automation best practices. This role also mentors junior team members and provides advanced technical support for automation solutions.. Detailed Description. Performs tasks such as, but not limited to, the following:. Maintain security infrastructure for operational efficiencies. collaborate with other IT infrastructure, application and network teams to ensure seamless integrations of tools and technology.. Develop and implement playbooks for security automation and orchestration to respond to security events and incidents.. Design and implement integrations between security tools such as EDR, SIEM, and ServiceNow, to automate incident response and threat intelligence sharing.. Automate security processes, such as vulnerability scanning, patching, and user provisioning, using scripting and configuration management tools.. Develop custom scripts and tools, such as parsers and data enrichment scripts, to automate repetitive security tasks and integrate disparate security data sources.. Create and maintain comprehensive documentation and runbooks for security automation processes and integrations.. Collaborate with other security team members, such as threat intelligence analysts and incident responders, to identify automation opportunities and implement effective security automation solutions.. Stay up-to-date on emerging security threats and technologies to proactively identify and address potential security risks through automation.. Knowledge/Skills/Competencies. Expert knowledge of information security principles, practices, and technologies.. Expert knowledge of EDR, SIEM, and ServiceNow. Strong understanding of data integration and API development. In-depth knowledge of information security standards and regulations (e.g., ISO 27001, NIST).. Strong understanding of software design processes and data modeling.. Excellent problem-solving and analytical skills.. Strong leadership, mentoring, and communication skills.. Ability to work independently and as part of a team.. Physical Demands. Duties of this position are performed in a normal office environment.. Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.. Typical Experience. 6 to 8 years of experience in information security, with a proven track record of evaluating, implementing, and managing security solutions.. Typical Education. Bachelor's degree in Software Engineering, Computer Science, Information Security, or a related field.. Relevant industry certifications (e.g., CISSP, CISM) are highly desirable.. Notes. This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.. Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law).. At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.. Company Overview. Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.. Celestica would like to thank all applicants, however, only qualified applicants will be contacted.. Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.. Show more Show less

Summary Of The Position:. This position requires candidate should be Graduate/Post Graduate on Engineering / Computer Science with at least 10 + years of experience in managing Information Security / Cyber Security for an enterprise level.. Lead and manage day-to-day security operations and ensure the implementation and enforcement of security measures across the organization. Role will involve assessing vulnerabilities, managing security incidents, and overseeing a team of security professionals. Collaborate closely with IT, risk management, and other business units to maintain a secure infrastructure and ensure compliance with relevant security standards and regulations.. Qualification, Certifications and Knowledge level. Tech/ B. Certifications: CEH / GSEC / CISM or other relevant security. 10 years of experience in cybersecurity or information security roles.. Strong knowledge of SIEM, firewalls, IDS/IPS, vulnerability management, and encryption.. Experience with security frameworks such as NIST, ISO 27001, SOC 2 or CIS.. Hands-on experience with incident response and management.. Prior experience in a leadership or managerial role within security operations is preferred.. Good understanding of IT/IS & Cyber risks. Experience in risk management processes and reporting. Experience in third-party risk management frameworks & processes. Good Communication Skills. Ability to work independently and to take emergent decisions on his/her own. Ability to work collaboratively with internal and external stakeholders to achieve a mutually beneficial result. Good team player, hardworking, enthusiastic with good attitude. Experience:. 10-12 years of relevant work experience in Information Security / IT Security and risk management functions.. Roles & Responsibilities:. Security Operations Management:. Oversee daily security operations and lead the Security Operations Center (SOC) team.. Develop and enforce security policies, procedures, and guidelines.. Manage vulnerability scanning, penetration testing, and threat monitoring activities.. Ensure all security tools (firewalls, IDS/IPS, DLP, SIEM) are properly configured, maintained, and updated.. Incident Response And Management:. Lead investigations and response to security incidents, breaches, or cyberattacks.. Perform root cause analysis and post-incident reporting.. Ensure incident response plans are regularly tested and optimized.. Threat And Vulnerability Management:. Manage and review system vulnerabilities and threats and implement risk mitigation strategies.. Perform regular risk assessments and security audits to identify and address security gaps.. Collaborate with DevOps and infrastructure teams to integrate security best practices in all systems.. Compliance And Governance:. Ensure compliance with security regulations, standards, and frameworks (ISO 27001, NIST, GDPR, etc.).. Maintain up-to-date documentation of security controls and processes.. Coordinate internal and external security audits, including audits related to compliance.. Leadership And Team Development:. Supervise and mentor junior security analysts and engineers.. Provide guidance on career development, training, and certifications.. Collaborate with HR and senior leadership to define security team goals and objectives.. Vendor And Stakeholder Management:. Liaise with third-party vendors to assess security tools and technologies.. Work closely with other business units, such as IT, legal, and finance, to ensure security objectives are aligned with business priorities.. Security Awareness And Training:. Develop and implement IT security awareness training programs for employees.. Foster a culture of security awareness across the organization.. Perform a phishing simulation exercise at the organizational level and assess the associated risks.. Summary Of The Position:. This position requires candidate should be Graduate/Post Graduate on Engineering / Computer Science with at least 10 + years of experience in managing Information Security / Cyber Security for an enterprise level.. Lead and manage day-to-day security operations and ensure the implementation and enforcement of security measures across the organization. Role will involve assessing vulnerabilities, managing security incidents, and overseeing a team of security professionals. Collaborate closely with IT, risk management, and other business units to maintain a secure infrastructure and ensure compliance with relevant security standards and regulations.. Qualification, Certifications and Knowledge level. Tech/ B. Certifications: CEH / GSEC / CISM or other relevant security. 10 years of experience in cybersecurity or information security roles.. Strong knowledge of SIEM, firewalls, IDS/IPS, vulnerability management, and encryption.. Experience with security frameworks such as NIST, ISO 27001, SOC 2 or CIS.. Hands-on experience with incident response and management.. Prior experience in a leadership or managerial role within security operations is preferred.. Good understanding of IT/IS & Cyber risks. Experience in risk management processes and reporting. Experience in third-party risk management frameworks & processes. Good Communication Skills. Ability to work independently and to take emergent decisions on his/her own. Ability to work collaboratively with internal and external stakeholders to achieve a mutually beneficial result. Good team player, hardworking, enthusiastic with good attitude. Experience:. 10-12 years of relevant work experience in Information Security / IT Security and risk management functions.. Roles & Responsibilities:. Security Operations Management:. Oversee daily security operations and lead the Security Operations Center (SOC) team.. Develop and enforce security policies, procedures, and guidelines.. Manage vulnerability scanning, penetration testing, and threat monitoring activities.. Ensure all security tools (firewalls, IDS/IPS, DLP, SIEM) are properly configured, maintained, and updated.. Incident Response and Management:. Lead investigations and response to security incidents, breaches, or cyberattacks.. Perform root cause analysis and post-incident reporting.. Ensure incident response plans are regularly tested and optimized.. Threat and Vulnerability Management:. Manage and review system vulnerabilities and threats and implement risk mitigation strategies.. Perform regular risk assessments and security audits to identify and address security gaps.. Collaborate with DevOps and infrastructure teams to integrate security best practices in all systems.. Compliance and Governance:. Ensure compliance with security regulations, standards, and frameworks (ISO 27001, NIST, GDPR, etc.).. Maintain up-to-date documentation of security controls and processes.. Coordinate internal and external security audits, including audits related to compliance.. Leadership and Team Development:. Supervise and mentor junior security analysts and engineers.. Provide guidance on career development, training, and certifications.. Collaborate with HR and senior leadership to define security team goals and objectives.. Vendor and Stakeholder Management:. Liaise with third-party vendors to assess security tools and technologies.. Work closely with other business units, such as IT, legal, and finance, to ensure security objectives are aligned with business priorities.. Security Awareness and Training:. Develop and implement IT security awareness training programs for employees.. Foster a culture of security awareness across the organization.. Perform a phishing simulation exercise at the organizational level and assess the associated risks.. UnifyCX is an emerging Global Business Process Outsourcing company with a strong presence in the U.S., Colombia, Dominican Republic, India, Jamaica, Honduras, and the Philippines. We provide personalized contact centers, business processing, and technology outsourcing solutions to clients worldwide. In nearly two decades, unifyCX has grown from a small team to a global organization with staff members all over the world dedicated to supporting our international clientele.. At UnifyCX, we leverage advanced AI technologies to elevate the customer experience (CX) and drive operational efficiency for our clients. Our commitment to innovation positions us as a trusted partner, enabling businesses across industries to meet the evolving demands of a global market with agility and precision.. UnifyCX is a certified minority-owned business and an EOE employer who welcomes diversity.. Show more Show less

WHAT YOU DO AT AMD CHANGES EVERYTHING. We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives.. AMD together we advance_. The Staff Information Security Analyst will be responsible for identifying and defining requirements and engineering solutions to solve the existing threats and security issues of a global organization. This role will initial focus heavily on data protection, leading advancements in data loss prevention, and changing how AMD protects data going forward.. The Person. The ideal candidate will possess strong multi-tasking skills and enthusiasm for details and should think one step ahead of cyber-criminals. They should be well prepared to thrive in a fast-paced environment, possessing strong interpersonal and communication skills. You will use your critical thinking and sense of ownership to focus on long term quality IT security solutions. Are you self-motivated and a team player with proven ability to deliver end-to-end solutions in a high-tech and fast-moving industry? If so, this is a great career opportunity!. Key Responsibilities. The Staff Information Security Analyst responsibilities include, but are not limited to:. Building and growing AMD’s data security capabilities to keep AMD data secure regardless of location.. Identifying, monitoring, and defining the requirements to reduce the overall risk to AMD data, systems, and infrastructure.. Implementing hardware and software solutions to help mitigate a wide variety of information security risks.. Collaborating with other IT teams to align initiatives across the company.. Preferred Experience. Minimum of 5 years of IT security related experience.. Professional experience as a Security Engineer with demonstrated successful leadership and delivery of data protection solutions.. Experience as a customer-facing technical lead, including working with both management-level and development teams.. Senior/advanced related IT or security experience working in one or more Security Domains.. Experience with CASB, DLP, CSPM, Web Proxy.. Hands on experience with Data Classification policies and technologies to address data leakage.. Working knowledge of network topology, protocols, components, and OSI model, and IAM technologies (e.g., PKI, Oauth, OIDC, SAML). Understanding of NIST Cyber Security Framework standard and requirements and ability to apply them to an enterprise environment.. Experience with infrastructure operations and processes associated with IT service management in an Enterprise-level organization.. Experience with cloud services (AWS, Google, Microsoft) and associated networking, as well as collaboration and integration with O365 products.. Hands on experience with Enterprise Linux platforms.. Experience with EDR solutions is a plus.. DLP, CASB. Nice to have: Client proxy, SIEM, File and Removable Media Protection [FRP]. It Would Be Nice If You Also Had. Experience with scripting language (python, PowerShell, etc.).. Strong documentation skills.. Academic Credentials. BS CS preferred but not required.. CISSP, CISA, CISM, CCSK. Benefits offered are described: AMD benefits at a glance.. AMD does not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. AMD and its subsidiaries are equal opportunity, inclusive employers and will consider all applicants without regard to age, ancestry, color, marital status, medical condition, mental or physical disability, national origin, race, religion, political and/or third-party affiliation, sex, pregnancy, sexual orientation, gender identity, military or veteran status, or any other characteristic protected by law. We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective laws throughout all stages of the recruitment and selection process.. Show more Show less

Job Description Summary The Identity & Access Management Program Manager is responsible leading efforts to provide system users, system owners, and business leaders with identity & access management processes and procedures that adhere to regulatory requirements and uphold business governance in a compliant, reliable & user friendly method Job Description Roles and Responsibilities In this role, you will be responsible for supporting the development, implementation, and monitoring of identity compliance initiatives within the organization. This role involves ensuring that all identity-related processes, policies, and systems comply with relevant regulations and standards. The ideal candidate will have a strong understanding of identity management, regulatory compliance, risk management, knowledge and expertise in SOX and awareness of data privacy regulations. This role requires a strong technical background, with the ability to translate compliance requirements into actionable tasks. Project management skills will be advantageous. Key Responsibilities: Compliance Analysis: Analyze identity management processes to ensure compliance with relevant regulations, standards, and internal policies. Policy Support: Assist in the development, implementation, and maintenance of identity compliance policies and procedures. Data Collection: Collect and analyze data related to identity management to identify compliance gaps and areas for improvement. Audit Preparation: Support internal and external audits related to identity compliance by preparing necessary documentation and reports. Incident Response: Assist in investigating and responding to identity-related incidents, ensuring timely resolution and documentation. Training and Awareness: Support the development and delivery of training programs to educate employees on identity compliance requirements and best practices. Reporting: Generate regular reports on identity compliance status, issues, and improvements for review by senior management. Collaboration: Work closely with IT, Legal, HR, and other departments to ensure a cohesive approach to identity compliance. Continuous Improvement: Stay updated on industry trends, regulatory changes, and best practices in identity management and compliance. Qualifications: Education: Bachelor s degree in Information Security, Computer Science, Business Administration, or a related field. Experience: Minimum of 2-4 years of experience in identity management, compliance, or a related field. Certifications: Relevant certifications such as Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) are preferred. Knowledge: Strong understanding of identity management frameworks, regulatory requirements (e.g., SOX, GDPR), and industry standards (e.g., ISO 27001). Skills: Excellent analytical, problem-solving, and communication skills. Ability to work independently and as part of a team. Attention to Detail: High level of accuracy and attention to detail in all aspects of work. Relocation Assistance Provided: No

Position Purpose A primary focus for this position will be to lead audit execution covering end-to-end processes of auditable entities within the IT and Cybersecurity Inspection Generale APAC team. Responsibilities This individual will work closely with audit assignment team members to complete each phase of the audit. This will entail: assessing the sufficiency and suitability of controls to mitigate risks; and testing the operating effectiveness and sustainability of controls; and documenting walk-throughs of in-scope processes; and documenting the investigations conducted and their results; and drafting findings and associated recommendations to address identified gaps in the control environment; and documenting the final report. This individual will have regular interactions with team members, process / control owners, and management of business units. Based on experience, this role will entail contributing to IT audits. Duties: Demonstrates a strong ability to audit procedures and controls accurately, timely, and with minimal supervision. Executes audit work in accordance with BNPP Inspection Generale policies and procedures. Testing the control design and operating effectiveness of in-scope IT controls Contributes to the completion of continuous monitoring activities for assigned auditable entities and escalates matters that may impact the timing of the next audit assignments. Prepares and updates risk assessments for assigned auditable entities for supervisory review. Validates the sufficiency and suitability of business corrective actions to address audit recommendations. May be asked to direct the work of more junior staff members on the audit assignments. Performs other duties as assigned. Technical Behavioral Competencies Deep knowledge of IT audit Requires deep knowledge of banking functions typically obtained through advanced education combined with experience. Exhibits effective written and verbal communication skills with all levels of management (in English) Not less than 10 years of experience in IT external auditing / internal auditing / in the financial services industry. Curiosity, rigor, and precision. Outstanding analytical skills High level of initiative, commitment, and drive Ability to work effectively under pressure and within short deadlines Promotes a constructive, cooperative, and participative teamwork environment Specific Qualifications (if required) Possess a Bachelors / Masters Degree in Information Technology/ Management Information System / Computer Science and related discipline; Professional Qualification/Certification: in IT Audit - CISA (Certified Information System Audit) required other IT certification: Cybersecurity (e.g CISSP, CISM, CCSP/CCSK, CEH), IT Service Management (ITIL foundation). Skills Referential Behavioural Skills : Communication skills - oral written Ability to collaborate / Teamwork Attention to detail / rigor Active listening Adaptability Transversal Skills: Analytical Ability Ability to manage a project Ability to manage / facilitate a meeting, seminar, committee, training Ability to understand, explain and support change Ability to anticipate business / strategic evolution Education Level: Master Degree or equivalent Experience Level At least 10 years

Bravura’s Commitment and Mission At Bravura Solutions, collaboration, diversity and excellence matter. We value your ideas, giving you room to be curious and innovate in an exciting, fast-paced, and flexible environment. We look for many different skills and abilities, as well as how you can add value to Bravura and our culture. As a Global FinTech market leader and ASX listed company, Bravura is a trusted partner to over 350 leading financial services clients, delivering wealth management technology and products. We invest significantly in our technology hubs and innovation labs, which inspire and drive our creative, future-focused mindset. We take pride in developing cutting-edge, digital first technology solutions that support our clients to achieve financial security and prosperity for their customers. About The Team/Project The Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will support security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the analysts will enable security controls aligning with client contractual obligations, regulatory requirements, and industry best practices. The analyst will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges What You’ll Do The position is within the Information Security team. Main activities will include but are not limited to: Internal Audit & Assurance: Support the implementation and operations of the ISMS within the region. Support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Support continuous assessment and improvement of security controls and processes. Information Security Risk Management Support, identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Information Security Policy & Standards Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit & Compliance Support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training & Awareness Support the delivery of security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Support the assessment and management of security risks associated with third-party vendors and suppliers. Support security requirements are included in vendor contracts and SLAs. Enable regular security assessments of critical suppliers, considering the impact on client services. Security Operations & Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. Qualifications and Experience • Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). • 3+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. • Good understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. • Experience in security risk management, audits, compliance, and client security assurance. • Knowledge of security operations, incident response, and managed security services. • Familiarity with supply chain security and third-party risk management. • Good communication and stakeholder management skills, with experience working with clients on security matters. • Ideally security certifications such as CISSP, CISM, or CRISC are preferred. Working at Bravura Our people are the heart of our business. We work hard to provide a rich employee experience and a robust framework for ongoing career development. Competitive salary and employee benefits scheme. Flexible working hours, we value work-life balance. Maternity/ Parental (including secondary) leave policy. Cab facility available in Delhi/NCR. Meal facility available Free Medical Insurance So, what’s next? We make hiring decisions based on your experience, skills and passion so even if you don’t match every listed skill or tick all the boxes, we’d still love to hear from you. Please note that interviews are primarily conducted virtually and if you require any reasonable adjustments or would like to note which pronouns you use, please let us know. All final applicants for this position will be asked to consent to a criminal record and background check. Please note that people with criminal records are not automatically barred from applying for this position. Each application will be considered on its merits. Youtube Video

Position Purpose The role of the Third-Party Technology Risk Management Analyst / Consultant is to implement the set of operational activities to be carried out within BNP Paribas (Group & entities) to manage ICT & Cyber risks for the beneficiaries of sourcing (Outsourcing, purchasing & shoring) initiatives supported by ICT service providers and third parties involved in ICT projects or business projects with ICT components. She/he can operate within TPTRM scope governance, providers, beneficiaries & SMEs spread throughout global region. As part of his role, she/ he will have to work closely with German stakeholders. Especially, she / he will help clients assess the risks associated to their arrangement and provide recommendations for managing those risks.. Responsibilities Direct Responsibilities Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary Review thoroughly asset classifications and pre-existing asset related risks & control responses ensuring sync with TPTRM assessments responses Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the providers feedback Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.) Ensure periodic review of ICT arrangements and contracted ICT services Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption. Contributing Responsibilities Direct Responsibilities Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary Review thoroughly asset classifications and pre-existing asset related risks & control responses ensuring sync with TPTRM assessments responses Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the providers feedback Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.) Ensure periodic review of ICT arrangements and contracted ICT services Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption. Contributing Responsibilities Instruct the 5 European Bank Authority ICT risks categories and follow them throughout TPTRM assessments Participate in Initialization Committee/ Validation Committee & Go-Live committee for Supporting specific arrangements and results Provide support to beneficiary / contract owner to implement residual actions Facilitate the business/sponsor/beneficiary/SME decision-making with deep analysis based on relevant flagged risk families Provide support to contract owners and coordinate/ assist to ensure proper assessments are done Manage TPTRM inventory with follow-up tracker management Contribute to process improvement, upkeep with new policies, regulations, standards & guidelines Technical & Behavioral Competencies Functional Skills Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation. Experience in the Finance & IT industry with a strong exposure to IT Operations, Application Security, and/or network administration, IPS Demonstrate knowledge of Risk & Compliance, cybersecurity, cyber risk, cyber threats, Third Party Technology Risk Management/ Vendor assessments Working knowledge of global regulations, frameworks and standards (ISO, NIST, COBIT, PCI-DSS, HIPAA) and conversant in the tactics, techniques and procedures used by Risk adversaries. Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Good IT knowledge Technical : - Good understanding of organizations and IT Businesses - Good technical understanding of infrastructures and IT Security Productions and Systems - IT risk /Third Party risk analysis and management methods and should have worked on Risk Management Tools like, ServiceNow etc. - Knowledge of Cyber Resilience, IT continuity and business continuity - GRC - Governance, Risk Management and Compliance Management. - Firewall and Internet technologies; Cloud Security, Banking Tools & Technologies. - Secure access control mechanisms; Encryption and Key management technics Behavioral : - Strong Communication, Analytical and problem-solving skills. - Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills - Good documentation and reporting skills - Ability to work independently - Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back-office users - Good communication, technical writing/diagramming skills - Attention to detail and accuracy Specific Qualifications (if required) - One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CEH, CRISC, OSCP or Security+. - IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. - IT Auditing (ISO27001/2, NIST 800 Series, ISO27005, ISO42001) - Regulatory Compliance MBA in Finance/Systems/IT, Masters in Technology, Bachelor of Commerce, Masters in Commerce, Bachelor in Science, Bachelor in Technology Skills Referential Behavioural Skills : (Please select up to 4 skills) Communication skills - oral & written Attention to detail / rigor Ability to deliver / Results driven Creativity & Innovation / Problem solving Choose an item. Choose an item. Choose an item. Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to manage a project Ability to understand, explain and support change Ability to develop and adapt a process Ability to anticipate business / strategic evolution Education Level: Bachelor Degree/ Master Degree or Equivalent Choose an item. Experience Level 5-7 years and 3-5 years Choose an item. Other/Specific Qualifications (if required) CISA/CISSP/CISM/CRISC

Hi , As per response to your profile which is uploaded in Job portals. Excellent job openings for Enterprise Security Archite ct in IT MNC If your already received email or not looking for job change/ irrelevant - please ignore it. Note: Apply for only Relevant & interested candidates. Please Note:-please refer your friends who are looking for job changes. Job Description: Enterprise Security Architect. JD:- Required Experience & Education:- Experience Minimum of 10 years of experience in enterprise architecture. Experience with leading teams and complex projects. Strong leadership, coaching and mentoring of resources in architecture functions. Knowledge of healthcare industry standards and regulations. Strong understanding of technology trends and emerging technologies. 5+ years of experience with developing and implementing enterprise cybersecurity and risk management architecture strategies and roadmaps. Experience with security risk management frameworks such as NIST-CSF, HITRUST, MITRE and compliance certifications such as HIPAA, PCI-DSS, SOC-II. 2+ years developing and maturing EcoSystem driven frameworks. Excellent problem-solving and critical thinking skills. Excellent written and verbal communication skills. Ability to work independently and in a team environment Education Bachelors degree in computer science, information technology or related field or equivalent combination of education/experience. 2- Preferred Experience & Education:- Experience 10 years of experience in enterprise architecture or similar roles. Direct hands-on experience with Teams, DevOps, Rally, JIRA, Confluence and other productivity tools. In-depth knowledge of and proven cloud experience with multi-cloud solutions and hybrid business intelligence stacks Experience with Cyber risk quantification methodologies. Experience with healthcare data terminologies, high-performance computing Experience with App Orchard, Job Description : Develop and maintain the enterprise cybersecurity and risk management architecture strategy and roadmap for our organization. Manage a team of architects. Responsible for the budget, and staff recruitment, performance, engagement, and retention. Work closely with CISO and other cybersecurity leadership to align our security technology investments with our business objectives. Define and maintain our enterprise cybersecurity architecture standards and guidelines. Provide leadership and guidance to our IT, security, and infrastructure teams. Ensure that our systems and solutions are integrated, scalable, and secure. Remain current with new cybersecurity threats and assess systems to ensure they can defend the business. Stay on top of new and disruptive trends in the security industry. Formally communicate trends to EA and CISO. Advise CISO and leadership team in vendor/product/service selection, assist in educating and persuading business and operational leaders with adoption of security controls. Own development of rolling 18-month cycle to achieve To-Be architecture for Cybersecurity and risk management. Review vendor technology roadmaps into cybersecurity domain roadmaps to ensure continuous improvements to cyber domain operations, including cost-to-serve and other financial KPIs. Oversee development and maturity of Cybersecurity response, containment, recovery and restore playbooks for the enterprise. Partner with office of CISO to deploy Enterprise and Cyber Resiliency processes, procedures and methods. Oversee development and maintenance of blueprint of Disaster Recovery of critical business systems from Cyber induced disaster events. Partner with IT, Applications, Operations, IT GRC, Cybersecurity and other teams to simulate a Cybersecurity disaster and recovery drills, tabletop exercises. Partner with CISO to document gaps and drive collaboration to remediate. Partner with CISO to develop cohesive strategy to implement frictionless security controls and achieve industry certifications, such as HITRUST, SOC-II Partner with CISO to develop implementable roadmap to deploy controls aligning to security industry best practices, such as Zero Trust Network Access, Defense in Depth. Stay up-to-date with emerging technologies and industry trends. Drive innovation and continuous improvement in our technology landscape. Collaborate with our IT and security teams to ensure that our technology investments comply with healthcare industry standards and regulations. Conduct architecture assessments and provide recommendations for improvement. Develop and maintain architecture-related policies and procedures. Provide guidance and support for technology procurement and vendor management 5. Certification Requirements /any-1. Required Certification in at least one of the common architecture frameworks (TOGAF, Zachman, DODAF, FEAF or FEAC) 2. Preferred Certifications in multiple common architecture frameworks such as TOGAF, Zachman, DODAF, FEAF, FEAC is preferred. Security industry certifications, such as CISSP, CISM etc Those who have relevant experience and Skills, as mentioned above please revert back ur updated resume to - Sreenivasa.k@happiestminds.com. It"s a kind request, Please provide the below mentioned details in Ur CV/mail before u send it to us. Total Exp: Relevant Exp:- Current Company: Current CTC: Expected CTC: Current Location: Preferred location: Notice Period: Degree: Regards, Many Thanks Regards Sreenivas Sreenivasa.k@happiestminds.com

Essential Services : Role & Location fungibility About the role We are looking for a skilled professional to join our Information Security Team as a DevSecOps Manager. As a DevSecOps Manager, you will be responsible for implementation of Security tools in DevOps CI/CD (Continuous integration/Continuous Delivery) pipeline and publish security standards and best practices for Developers teams. Key Responsibilities Identifying Vulnerabilities Enable automated security scanning process to identify the known vulnerabilities in source code, Open-source library, and configuration. Provide technical leadership and direction in the DevSecOps domain. Analysis Troubleshoot DevSecOps pipeline implementation issue and support for successful deployment. Implement DevSecOps with multiple agile teams across various platforms, environments, and instances. Implement Automated DevSecOps template-based solutions for cloud environments. Implement Security Measures Understand the Security Requirements & Implement the new DevSecOps process. Integrate, Monitor and Improve Cloud Security controls via DevSecOps process in existing DevOps process. Perform assessment and help to mitigate Security findings and implement improvement Security measures. Configure Cloud Security Tools/Systems in a CI/CD Pipelines. Implementing Security scanning into Jenkins, Code Pipeline, and DevOps workflows. Define gating process metrics for security and implement in DevSecOps. Employ infrastructure as code to increase automation, scalability, and reliability. Reporting Prepare and provide necessary metrics, detailed reports, artifacts, executive summary and dashboard to leadership on a regular frequency. Build and maintain a set of tools that enable developers to self-serve for remediation. Monthly Dashboard Reporting for Leadership. Collaborate Capable of working in a dynamic environment, multi-department coordination and attaining the target. Qualifications & Skills Educational Qualification Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent. Certifications CSSLP, CISSP, GPEN, ECSA, CEH, CISM, CISA, or equivalent. Compliance Good understanding of cyber security trends & hacking techniques. Experience in analysing threats of cloud and application components. Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance. Ability to review assessment reports to provide risk mitigation & recommendations on that basis. Technical Skills Experience with various application security tools including SAST, DAST, Software composition analysis and application Penetration testing. Experience with Automation in testing or orchestration Selenium, Maven, Ant, Msbuild, Npm, Yarn, Jenkins, Gitlab, Bitbucket, etc. Knowledge of Agile and Scrum processes. Understanding of virtualization and container technologies (Docker, Kubernetes, etc). Communication Skills Outstanding communication abilities. Ability to effectively communicate the required recommendations.

Essential Services : Role & Location fungibility At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team . To achieve this, employees at ICICI Bank are expected to be role and loc ation-fungible with the understanding that Banking is an essential service .The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the role We are looking for a skilled professional to join our Information Security Team as an Infrastructure Cloud Risk Assessment Manager. The candidate is expected to have a solid understanding and experience of major cloud-native architectures, expertise in identity and access management, familiarity with various data encryption methods, and knowledge of cloud compliance regulations. driving revenue, while keeping NPS at the core of your engagement and following the Banks philosophy of Fair Customer, Fair to Bank. Key Responsibilities Identifying Vulnerabilities Understanding of cloud architecture review, and virtualization. Conduct cloud security assessments, across but not limited to the following domains: * Network and Perimeter Security *Data Protection and Backup Management * Identity and Access Management * Log Management and Monitoring Analysis Identify and analyse the risks associated. Provide recommendations for the identified findings and develop the road-map. Implement Security Measures Develop and implement robust security measures for cloud environments, ensuring the confidentiality, integrity, and availability of data. Contribute in creating and enforcing security policies, procedures, and best practices across the organization. Reporting Contribute in creating and enforcing security policies, procedures, and best practices across the organization. Collaborate Work closely with cross-functional teams to integrate security controls seamlessly into cloud-based architectures and applications. Collaborate with other IT professionals, including network engineers, developers, and system administrators, to integrate cloud security measures into existing systems and processes. Qualifications & Skills Educational Qualification Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent. Certifications Relevant certifications such as CISSP, CISM, AWS Certified Security, etc. Compliance Assist in securing the IT landscape/ecosystem built on-premises and multi-cloud environment. As an enterprise Network Security architect in the security domain crafted to ensure availability, reliability, security and performance and resilient architecture to address customers/client business challenges and accelerate technology adoption to improve the product services. AWS/Azure cloud security architecture, design, operations and service orchestration, including application security, architectural concepts, compliance requirements, data security, design requirements, infrastructure security, legal requirements, process and platform. Technical Skills Proficient in cloud security assessment, across all the deployment and service models IaaS, PaaS, SaaS. Experience with the cloud-native services across major cloud service providers (AWS, GCP, Azure, OCI). Control on security by design principle of applications hosted in public cloud (Azure, AWS, GCP, OCI). Technical understanding on zero-trust architecture and micro segmentation. Hands-on experience with SIEM (Security Information and Event Management) tools to proactively monitor, analyse, and respond to security incidents. Communication skills Outstanding communication abilities. Ability to effectively communicate the required recommendations.

As a Product Security Architect (Software, Hardware/Firmware) , you will be responsible for ensuring the security, integrity, and confidentiality of the hardware, software systems and applications developed by Luminous. You will work closely with development teams, project managers, and other stakeholders to design, implement, and maintain robust security measures and best practices throughout the software development lifecycle. Your primary objective will be to identify potential security vulnerabilities, define security requirements, and implement effective solutions to safeguard sensitive data and protect against cyber threats. Qualification/ Personal Attributes Qualification Bachelors / Master s degree in Computer Science, Information Security or similar Experience 8-10 years of experience in software & firmware security (for Web application, Mobile App in IoT domain) Proven experience as a Software & firmware Security Architect or in a similar role. In-depth knowledge of software security principles, secure coding practices, Database security and common security vulnerabilities. Drafting polices related to product security. Expertise in Cloud Security Experience in DevSecOps Experience with security testing tools and methodologies, including static code analysis, dynamic analysis, and penetration testing. Strong understanding of authentication and authorization protocols (e.g., OAuth, SAML, JWT) and encryption techniques. Familiarity with compliance standards such as OWASP, ISO 27001, NIST, and PCI DSS. Proven experience as an IoT Security Architect or a similar role with a focus on IoT security. Solid understanding of IoT architectures, protocols, and technologies. In-depth knowledge of IoT security principles, secure design patterns, and common IoT vulnerabilities. Experience with IoT security frameworks and industry standards (e.g., IoT Security Foundation, IEC 62443, NIST SP 800-53). Familiarity with IoT device security features (e.g., hardware security modules, Trusted Platform Modules). Strong understanding of network security and encryption technologies Excellent communication and collaboration skills to work effectively with cross-functional teams. Relevant certifications such as CISSP, CSSLP, or CISM are a plus. Team handling experience (with Pen tester, Security analyst & DevSecOps engineer) Skills & Attributes Problem-solving skills with a sharp analytical mind Capability to collaborate with cross functional teams/3rd parties Understanding the business side of the application An ardent researcher of market trends and technology evaluation Job Description Responsibilities 1. Security Architecture Design: Develop and design the security architecture for software applications and systems, taking into consideration various factors like scalability, performance, and usability while ensuring robust security measures. Create and maintain security policies, standards, and guidelines for the development and deployment of software applications. 2. Threat Modeling and Risk Assessment: Perform threat modeling and risk assessments for software projects to identify potential security risks and vulnerabilities. Collaborate with cross-functional teams to prioritize and address security issues based on the severity of risks. 3. Secure Coding Practices: Advise development teams on secure coding practices and conduct code reviews to identify and rectify security flaws. Promote the adoption of security-related best practices and coding standards across the development teams. 4. Security Testing: Plan and oversee security testing activities, including penetration testing, vulnerability scanning, and code analysis. Plan and oversee security testing activities for IoT devices and applications, including penetration testing and vulnerability assessments. Analyze and interpret the results of security testing and work with the development teams to address identified issues. 5. Authentication and Authorization: Design and implement strong authentication and authorization mechanisms to control access to software applications and data. Integrate industry-standard authentication and authorization protocols into the software systems. 6. Encryption and Data Protection: Ensure the appropriate use of encryption techniques to protect sensitive data at rest and in transit. Implement data protection mechanisms to safeguard the confidentiality and integrity of data. 7. Incident Response and Security Monitoring: Collaborate with the incident response team to develop incident response plans and participate in security incident handling and investigations. Implement security monitoring solutions to detect and respond to security incidents proactively. 8. Compliance and Governance: Support compliance audits and assessments related to software security. Stay up-to-date with industry security trends, regulations, and best practices to ensure compliance with relevant security standards. 9. IoT Data Security: Establish data security and privacy measures for IoT data storage, transmission, and processing. Implement encryption and data access controls to safeguard sensitive data collected by IoT devices. 10. Network Security for IoT: Design and implement secure communication protocols for IoT networks, ensuring data confidentiality and integrity. Implement network segmentation and access controls to isolate and protect critical IoT components.

Job Title: Executive Director - Head of Identity Engineering Work Type: Permanent Location: DLF Downtown - Gurgaon It s more than a career at NAB. It s about more meaningful work, more global opportunities and more innovation beyond boundaries . Your job is just one part of your life. When you bring your ideas, energy, and hunger for growth, you ll be recognised and rewarded for your contribution in return. You ll have our support to excel for our customers, deliver positive change for our communities and grow your career. NAB has established NAB Innovation Centre India as a centre for operations and technology excellence to support NAB deliver faster, better, and more personalized experience to customers and colleagues. At NAB India, we re ramping-up and growing at a very fast pace. Our passionate leaders recruit and develop high performing people, empowering them to deliver exceptional outcomes to make a positive difference in the lives of our customers and our communities. Role Purpose Lead and mature global engineering and technical teams across Identity and Access Management (IAM) domains. Ensure stability, scalability, and continuous improvement of existing IAM platforms. Build and run engineering teams capable of building & delivering new IAM solutions. Develop IAM technical strategy in line with business requirements. Oversee the full lifecycle of IAM solutions including governance, authentication, access management, and SSO. Engage with staff, peers, and senior leaders to align IAM strategy with enterprise needs. Maintain a strong engineering discipline focused on secure, high-quality solution delivery. Apply deep technical acumen and cyber security awareness to manage access-related risks. Drive innovation and transformation in a complex, fast-paced technology environment Key Accountability Promote and improve the maturity of the staff identity operations and admin capability and drive improved risk reduction across the NAB group Security thought leader and encourage and support the assessment and use of emerging security practices Define, influence and support staff identity operations and admin capabilities to enable user centric outcomes Influences and implements solutions to support standardised patterns and drive adoption of the solutions Accountable for improved ROI & optimisations of products and toolsets whilst ensuring consistent security outcomes are achieved Drives a global approach to delivering change and utilises cross functional teams to support and maintain solutions Key Decisions Maintain operational effectiveness of implemented security controls across NAB Change management including requirements validations, design decisions and testing / quality management. Continuous review and adoption of relevant tools and frameworks to improve process and delivery. Key Performance Indicators Provision of service levels according to Service Level Agreements. Operational and system hygiene maintained in adherence to enterprise standards. Take assigned initiatives from inception to successful change deployment across relevant assets and platforms Recognized as a key contributor to the innovation, development and implementation of changes Evidence of process simplification, optimization and automation delivered - quantifiable via cost/time saved. Stakeholder engagement - recognised as trusted advisor to the business. Frame and develop enhanced capabilities and services to optimise solutions and products Development and support of talent through elevating technical disciplines Consult and improve cross functional impacts and resolve complex problems. Essential capabilities Build effective relationships and implement technical strategies. Define and implement technical solutions to support business needs. Provide services to guide and assure design of solutions. Develop areas of change in requirements for efficiency, integration, or cost reduction. Provide expertise and technical assurance for key system components. Develop technical evaluations of products, tools, techniques, and methods. Create and contribute to technical strategies. Support project work and "business as usual" environment. Understand the impact of technology change on bank IT systems. Understand risk management, controls, and standard operating procedures. Know policies, regulations, and obligations in technology and business operations. Focus on quality and detail. Excellent documentation and communication skills. Build and lead high-performing, geographically distributed engineering teams. Expertise in IAM domains: authentication, federation, access governance, RBAC/ABAC, provisioning, privileged access. Strong background in engineering best practices: CI/CD, DevSecOps, code quality, testing automation, cloud-native development. Hands-on experience with IAM platforms (e.g., ForgeRock, SailPoint, Okta, Ping, CyberArk, Azure AD). Deep understanding of cyber security principles, risks, and regulatory obligations (e.g., zero trust, least privilege, audit, SoD). Experience Required Over 20 years of overall experience, with 5-10 years experience in different domains of information and cyber security 5-10 years experience in leading large teams A minimum of 5 years leading IAM solution delivery. A career that includes both operational and technical management of capabilities and risk reduction across multiple teams. Tertiary qualification in a Technology discipline or related field CISM, CISSP, IAPP certifications advantageous Relevant Financial Services Industry experience advantageous

Infrastructure Engineering & Coud Operations (IECO) is evoving into a word-cass, coud-optimized organization focused on deivering secure, scaabe, and high-performing patforms. As we transition from co-ocated environments to modern coud soutions, we are pacing a heightened emphasis on vunerabiity management, patch compiance, and infrastructure security.As a DevOps Manager within IECO, you wi ead a team of engineers with a core mission to ensure the security and resiience of our coud infrastructure. You wi drive the impementation of robust vunerabiity and patch management programs, ensuring timey remediation of security risks whie maintaining operationa exceence. Your eadership wi be instrumenta in advancing automation, improving system reiabiity, and safeguarding customer trust.You must be a proactive, resuts-driven eader who thrives in dynamic environments. You bring a security-first mindset, a passion for continuous improvement, and the abiity to mentor and inspire high-performing teams. What you do Buid and ead a high-performing team focused on vunerabiity detection, assessment, and remediation across coud and hybrid environments.Oversee the end-to-end patch management ifecyce, ensuring timey depoyment of security patches and updates across a infrastructure components.Estabish and enforce security baseines and compiance standards, integrating them into CI/CD pipeines and infrastructure as code.Monitor and anayze vunerabiity metrics and patch compiance KPIs, using data to drive continuous improvement and risk reduction.Coaborate with Security, Risk, and Compiance teams to aign on threat inteigence, audit requirements, and remediation strategies.Lead incident response efforts reated to infrastructure vunerabiities, ensuring rapid containment and resoution.Drive automation initiatives to streamine vunerabiity scanning, patch depoyment, and compiance reporting.Provide technica eadership in coud infrastructure design, ensuring security is embedded in architecture and operations.Partner with Product Management and Appication Engineering to aign infrastructure security with product roadmaps and business goas.Manage 24/7 operations, ensuring high avaiabiity, performance, and security of critica systems.Create and maintain documentation for systems, processes and procedures to ensure knowedge sharing across teamsStay updated on industry trends and emerging technoogies What we want you to have: Bacheors degree in Computer Science, Engineering, Information Security, or reated fied (or equivaent experience).10+ years of experience in IT infrastructure, DevOps, or SRE roes with a strong focus on security and patch management.Proven experience impementing and managing vunerabiity management toos (e.g., Quays, Tenabe, Rapid7) and patch management soutions (Tanium).Hands-on experience with coud patforms (AWS, Azure, GCP) and container orchestration (Docker, Kubernetes).Famiiarity with DevSecOps practices, infrastructure as code (Terraform, Ansibe), and secure CI/CD pipeines.Strong understanding of ITIL, security frameworks (NIST, CIS), and compiance standards (SOC 2, ISO 27001).Exceent communication and eadership skis, with experience managing geographicay distributed teams.Avaiabiity for on-ca support during critica incidents or high-impact events. Stay up to date on everything Backbaud, foow us on Linkedin, X, Instagram, Facebook and YouTube Backbaud is proud to be an equa opportunity empoyer and is committed to maintaining an incusive work environment. A quaified appicants wi receive consideration for empoyment without regard to race, coor, reigion, gender, gender identity or expression, sexua orientation, nationa origin, physica or menta disabiity, age, or veteran status or any other basis protected by federa, state, or oca aw.

Cyber Security Auditor Location: Mumbai Leading Bank Work From office mail at manjeet.kaur@mounttalent.com whatsap at 8384077438 Roles and Responsibilities 4 years of experience (upto 12 yrs.) in the field of information security operations, Information System Audits encompassing experience into any of the Banking Technologies Domains Application Security, Database management and administration, / Network security and SOC / Payment systems in addition to IT General controls (ITGC). Exposure to the Banking / Finance / Payment industry domains would be preferrable. Hands-on experience in the following areas: Writing Information security policies, procedures, and processes Conducting risk assessment covering Cyber Security domains as noted below: Application Security: Mobile application assessment, OWASP security practices for applications, VA/PT/AppSec, source-code review, black/grey/white box testing, application SDLC, Strong knowledge of programming languages for applications. Database Security: Database administration and management - Oracle, MS SQL etc., Database Activity Monitoring tools, data security and localization. Payments Systems Security: Understand payment systems and architecture such as SWIFT, UPI, IMPS, ATM, Internet Banking, Mobile Banking, Core Banking System, payment gateway, ATM switch and terminal. Experience in PCI DSS implementation/assessment and ATM end-point security and Cards data security and operations. Networks Security: Managing firewalls, routers, proxy, WAF, email filtering, DLP, DDoS protection, data encryption, IPS/IDS, Incident response and investigate security breaches, VA-PT for networks. Security Operations Centre- Implementation and review. IT General Controls: Familiarity with Technical Security controls of Identity & Access Management, Network, Server, Application, Change management, Backup and Restoration etc. and process controls reviews. Understand BCP and DR processes and architecture. Experience in conducting reviews based on ISO standards and regulatory guidelines in banking sector for a medium to large sized organization would be preferred. Experience in conducting Information System Audits Must have experience in preparing quality deliverables such as audit reports, presentations etc. Excellent written, oral communication and presentation skills Excellent organizational and interpersonal skills Ability to work independently or as part of a team Information technology / Banking and Financial services / Auditing / Cyber Security consulting Candidate will have to travel extensively within Mumbai and across the country for performing audits, as per RBI requirements. Conducting audit of Information security policies, procedures, and processes to identify process/design gaps. Conduct audits of information security systems and infrastructure to verify systems are secure and support the related applications/business processes. Conducts audits in different banking technology domains such as Active Directory, WAF, Network access security, End-point security, Application VA/PT/AppSec, SDLC, Database management and security, PCI-DSS, ATM controls, Cards (Debit/Credit) security, Payment-gateway, Cloud and API Security and IT General Controls etc. Additional weightage will be given to candidates with experience in domains such as Cloud Security, API security. Developing project plans, work programs, evaluating system controls, identify risks and audit gaps, documenting results in proper audit report format, making recommendations, and communicating information to stakeholders. Support in maintaining audit checklist and documents, trend analysis, preparing presentations etc. Should be a self-learner and must keep updated with the latest security guidelines issued by regulators, international standards for information security, threats and vulnerabilities researched/discovered. Research public domain to keep up to date knowledge on latest banking applications / technologies and emerging technologies Cloud, Virtualisation, AI-ML, IOT etc. and ensure continuous learning in identified security competencies and new/emerging technologies. Experience into people management / team management will be preferred.