543 Cism Jobs - Page 19

You will be part of an outstanding technical pre-sales team in our Global Security Sales Organization (GSSO), responsible for driving the success of Cisco s Security Portfolio and focusing on protecting Customer Application Environments across on-prem and cloud platforms. Our mission is to democratize security by making it easy and effective for everyone. Your Impact As a key player in the team, you will have the opportunity to influence the security landscape by crafting tailored solutions that address specific customer needs. This role offers the excitement of working with cutting-edge technology and the fulfillment of building long-lasting relationships with customers. You will: Provide guidance and assist account teams in building solutions to address specific customer security needs. Understand business requirements and translate them into technical solutions. Create, present, and document technical solutions to customers, partners, and prospects. Lead technical consulting and upper-level management presentations. Drive major account opportunities while enabling local account teams to maintain long-term ownership. Minimum Qualifications Minimum of 4 years of technical sales or pre-sales experience with 2+ years in Security specialization (Email Security, IDS/IPS, AV, Firewall, Advanced Malware Protection). Bachelors degree in Cybersecurity, Computer Science, or a related field. Proven track record of successful quota achievement. Strong knowledge of cybersecurity concepts, technologies, and best practices. Industry certifications such as CISSP, CISM, or CCSP are preferred.. Preferred Qualifications Excellent presentation and interpersonal skills. Commercial awareness and strong communication skills. Highly motivated self-starter who excels without day-to-day management. Experience with Cisco security technologies and programming languages such as UNIX shell, Perl, or C. Willingness to travel and work from a home office. #WeAreCisco #WeAreCisco where every individual brings their unique skills and perspectives together to pursue our purpose of powering an inclusive future for all. Our passion is connection we celebrate our employees diverse set of backgrounds and focus on unlocking potential. Cisconians often experience one company, many careers where learning and development are encouraged and supported at every stage. Our technology, tools, and culture pioneered hybrid work trends, allowing all to not only give their best, but be their best. We understand our outstanding opportunity to bring communities together and at the heart of that is our people. One-third of Cisconians collaborate in our 30 employee resource organizations, called Inclusive Communities, to connect, foster belonging, learn to be informed allies, and make a difference. Dedicated paid time off to volunteer 80 hours each year allows us to give back to causes we are passionate about, and nearly 86% do! Our purpose, driven by our people, is what makes us the worldwide leader in technology that powers the internet. Helping our customers reimagine their applications, secure their enterprise, transform their infrastructure, and meet their sustainability goals is what we do best. We ensure that every step we take is a step towards a more inclusive future for all. Take your next step and be you, with us! "

Job Description Act as the primary expert for the company s cybersecurity product portfolio. Stay updated on cybersecurity threats, industry trends, and compliance regulations (e.g., GDPR, HIPAA, PCI-DSS). Conduct or assist in-depth product demonstrations and proof-of-concept sessions to show the effectiveness and value of the cybersecurity solutions. Collaborate with the sales team to identify and qualify new cybersecurity opportunities. Work directly with customers to understand their security challenges, compliance requirements, and risk profiles. Propose tailored solutions that meet customers specific cybersecurity needs, integrating with their existing technology environments. Five or more years of experience in cybersecurity sales, technical consulting, or security engineering roles. Proven track record of meeting or exceeding sales targets in a technical sales environment, ideally within cybersecurity. Qualification Experience: Experience with cybersecurity technologies such as firewalls, VPNs, IDS/IPS, endpoint security, identity and access management (IAM), encryption, and cloud security. Familiarity with security operations (SOC), vulnerability management, and incident response. Certifications (preferred but not required): CISSP, CISM, CEH, or equivalent cybersecurity certifications will be a plus. Strong presentation and communication skills, with the ability to explain complex technical concepts to both technical and non-technical audiences. Problem-solving mindset with the ability to design tailored solutions for customers unique cybersecurity needs. Ability to build strong relationships with customers, becoming a trusted advisor. Bachelor s degree in Information Security, Computer Science, Engineering, BCA or related field.

The Information Security Specialist is a role within the Chief Security Office. The Chief Security Office (CSO) is responsible for protecting DB s information and systems in order to protect assets and revenues, create competitive advantages, and prevent reputational damage. What we ll offer you As part of our flexible scheme, here are just some of the benefits that you ll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities Support for issues arising from complex business and CIO programs that require coordination or end-to- end support from the CSO area, such as the risks to be applied to information security, and decide who to involve from other CSO division teams. To assist in the development of appropriate pragmatic strategies to ensure effective controls and information security management in relevant programs. Identify and assess potential threat areas for information security by assessing the likelihood and impact and implementing appropriate mitigation measures. Monitoring and contributing to the implementation of the Information Security Strategy Assessment of the adequacy and effectiveness of internal controls in relation to information security risks. Ensure that appropriate procedures, policies and processes are in place and agreed and agreed with relevant stakeholders. Develop appropriate, pragmatic strategies to provide effective controls and information security management objectives and implement them across the Bank Maintain customer relationships and ensure management is focused on the information security agenda Experience in working as a single point of contact for all application issues / queries faced or encountered during the Cloud Migration Journey. Provide support to application stakeholders for migrating applications to GCP (Google Cloud Platform). Ensure compliance with security and operational readiness controls for GCP (Google Cloud Platform) migration. Identify and report risks associated with cloud migration. Working with various level of stakeholders and multi-cultural/global teams. Your skills and experience Graduate in computer science and/or first technical experience Very good technical knowledge information security and IS technology as well as cloud security Years of experience aligning standards, frameworks, and security with overall business and technology strategy Comprehensive knowledge of the processes of a security organization One or more of the following education/certification qualifications are also beneficial CISSP/CCSP/CISM/CEH/CISA/CCSK Excellent knowledge of English (oral and written) How we ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs

We are looking for an experienced GRC Manager with a strong background in conducting audits for Banks, Data Centres, and Insurance Companies. The ideal candidate should be CISA or CISSP certified and have excellent team management and customer handling skills. This role requires expertise in IT governance, compliance frameworks, risk management, and security audits. Key Responsibilities: Audit Compliance: Lead and manage IT security and compliance audits for Banking, Data Centre, and Insurance industries. Ensure adherence to regulatory requirements such as RBI, IRDAI, ISO 27001, PCI DSS, GDPR, DPDP Act, SEBI CSCRF and NIST frameworks. Conduct risk assessments, identify gaps, and recommend security improvements. Work closely with external auditors and regulatory bodies. Prepare audit reports, track remediation, and follow up on compliance actions. Governance Risk Management: Develop and maintain GRC policies, procedures, and controls to strengthen security posture. Conduct periodic risk assessments to identify vulnerabilities and develop mitigation plans. Ensure compliance with industry best practices and legal requirements. Drive third-party risk assessments and vendor security evaluations. Team Management Leadership: Lead, mentor, and manage a team of 12 GRC professionals , providing guidance and support. Allocate resources effectively to meet audit and compliance project deadlines. Encourage professional development and upskilling within the team. Customer Engagement Stakeholder Management: Collaborate with CIOs, CISOs, Chief Risk Officers, and Compliance Teams of customer organisations. Provide expert consultation on IT security, risk, and compliance matters. Ensure seamless communication and issue resolution with customers. Travel Engagements: Willingness to travel across India and internationally for client audits and assessments. Conduct on-site assessments and ensure compliance with global security standards. Requirements: Education: Bachelor s or Master s degree in IT, Computer Science, Cybersecurity, or a related field. Certifications (Mandatory): CISA or CISSP (Additional certifications like ISO 27001 LA, CRISC, CISM are a plus). Experience: 8+ years in IT Security, Audit, GRC, or Compliance roles. Industry Exposure: Banks, Data Centres, and Insurance companies. Technical Knowledge: IT Governance, Risk Management, and Compliance Frameworks (ISO 27001, NIST, PCI DSS, RBI IT Guidelines, DPDP Act). Cloud Security, Data Protection, Business Continuity, and Third-party Risk Management. Familiarity with SIEM, DLP, Vulnerability Management, and Endpoint Security solutions. Soft Skills: Strong leadership and team management skills. Excellent communication and customer handling abilities. Ability to work in a fast-paced, multi-client environment. Why Join Us Challenging rewarding role in a growing cybersecurity and GRC firm. Opportunity to lead and make an impact on large-scale compliance programs. International exposure through audit engagements across different countries.

Overview: Cvent is a leading meetings, events, and hospitality technology provider with more than 4,800 employees and ~22,000 customers worldwide, including 53% of the Fortune 500. Founded in 1999, Cvent delivers a comprehensive event marketing and management platform for marketers and event professionals and offers software solutions to hotels, special event venues and destinations to help them grow their group/MICE and corporate travel business. Our technology brings millions of people together at events around the world. In short, we re transforming the meetings and events industry through innovative technology that powers human connection. The DNA of Cvent is our people, and our culture has an emphasis on fostering intrapreneurship - a system that encourages Cventers to think and act like individual entrepreneurs and empowers them to take action, embrace risk, and make decisions as if they had founded the company themselves. At Cvent, we value the diverse perspectives that each individual brings. Whether working with a team of colleagues or with clients, we ensure that we foster a culture that celebrates differences and builds on shared connections. In This Role, You Will: Perform and manage IT internal audit, security risk assessment, and IT governance, risk, and compliance projects across Cvent s global business and IT operations. The candidate s responsibilities will include performing IT general controls / IT application controls testing (60-70%) and supporting security compliance audits (30-40%). Past experience in IT audit with a working knowledge of Sarbanes-Oxley, COSO framework, and relevant security compliance frameworks is preferred. Duties will include, but may not be limited to: Lead IT testing efforts for the company s global internal controls compliance programs, including planning, testing, and evaluating IT general controls and IT application controls. Coordinate and perform walkthrough discussions with business owners to document an understanding of control/process designs. Ensure the preparation of detailed and well-organized audit workpapers, documenting testing procedures, findings, and recommendations. Investigate and address complex issues and control deficiencies, collaborating with leaders from across the organization to develop effective solutions. Support security risk assessments, security compliance audits (e.g., PCI DSS, SSAE 18/SOC 1/SOC 2, ISO 27001:2013), and external audits. Assist with maintenance of compliance documentation consisting of policies, standard operating procedures, guidelines, flowcharts, and process narratives. Heres What You Need: 3-6 years of demonstrated experience in IT auditing, security risk management, or governance risk, and compliance. Working knowledge of Sarbanes-Oxley, COSO, and relevant industry security standards (e.g., ISO 27001:2013, PCI DSS, and SOC 1 / SOC 2). Ability to learn quickly with a willingness to take ownership for new projects in a dynamic, fast-changing, entrepreneurial environment. Ability to collaborate across teams, regions, and cultures. This role will work collaboratively and cross-functionally with the Internal Controls, Information Security, and Internal Audit teams (based in India and the United States) to manage the company s global and rapidly evolving internal controls and compliance programs. Good interpersonal communication skills with the confidence to engage and collaborate with internal stakeholders, senior management, and external auditors to achieve positive compliance outcomes. Excellent presentation and written communications skills and a team-focused attitude. Proficiency with productivity and collaboration tools, such as AuditBoard, Microsoft Office, Slack, Box, and Zoom. Knowledge of Oracle EBS, AWS, and common enterprise SaaS solutions (e.g., Salesforce, Coupa, Workday) is a plus. Possess or actively seeking relevant certifications, such as CA, CIA, CISSP, CISA, CISM, or CRISC.

Job Title - Security Assessor + Analyst/Sr Analyst + CISO(Corporate Function) Management Level :11/10- Analyst/Sr Analyst Location:Bangalore Must have skills:ISO27001, Conducted security assessment Good to have skills:other security standard such as NIST, COBIT etc. Job Summary : Resource will be responsible for conducting (Third-party audits)supplier security assessments. These assessments will verify the effective implementation of security controls in suppliers organization Roles & Responsibilities: Work directly with supplier contacts and business supplier management team to schedule and conduct the security assessment. Monitor the supplier on supplier risk management tools to analysis the risk and share action plan with supplier team for closure. Perform the assessment using customized work plan to address key risks of the Accenture suppliers (vendors) (Customized ISO27001 Controls) Identify assessment findings and recommend remediation Draft assessment report and submit for manager signoff Track and confirm closure of observations/findings Assessors will be part of a globally distributed team, and assess Accenture suppliers Professional & Technical Skills: Security+, CISA, CISSP or CISM certifications (optional) ISO 27001 Lead Auditor/Implementor (optional) Good technical writing skills Good communication skills Experience of managing Interaction with team management or senior management would be plus. Ability to think out of the box. Ability to be flexible and work creatively and analytically in a problem-solving environment Strong interpersonal, organizational and analytical skills Additional Information: Qualifications Experience:+2 years Educational Qualification:Graduation (10+2+3/4) / Bachelors Degree

About the Role: Vice President - Information Security will be responsible for leading and driving the organizations information security strategy, policies, and operations. will play a critical role in protecting the company from cybersecurity threats, fraud, and data breaches while fostering trust with customers and partners. VP will oversee all aspects of information security, including risk management, compliance, governance, and incident response. Responsibilities: Develop and implement a comprehensive information security strategy aligned with the organizations business objectives. Provide strategic direction on security initiatives to protect the confidentiality, integrity, and availability of the organization s information assets. Establish and maintain an enterprise-wide information security risk management framework. Conduct regular risk assessments to identify vulnerabilities, threats, and potential impacts on the business. Develop and oversee the implementation of incident response plans to manage and mitigate security breaches effectively. Lead the organizations response to cyber incidents, ensuring swift resolution and minimal disruption. Oversee the Security Operations Center (SOC) to monitor, detect, and respond to threats in real-time. Manage the deployment and maintenance of security tools and technologies, such as firewalls, SIEM, endpoint protection, and DLP systems. Ensure secure architecture and design for on-premises and cloud-based IT systems. Assess and manage the security posture of third-party vendors and service providers. Desired Candidate Profile: Minimum 15 years of experience in information security, with a proven track record of managing enterprise-wide security programs.Should have 3-5 years of experience with either blockchain / Fintech, Payments or digital asset management sectors. Must have experience of working regulated firms. Experience in designing and implementing security measures in both on-premise and cloud-based environments (e.g., AWS, Azure, Google Cloud). Strong understanding of regulatory frameworks and compliance requirements such as GDPR, HIPAA, PCI DSS, or SOX. Holding security certifications such as CISSP, CISM, CISA Preferred. In-depth knowledge of cybersecurity frameworks, threat intelligence, risk management, and security technologies. About Liminal: Liminal is a compliant and insured digital asset custody and wallet infrastructure provider. Launched in April 2021, Liminal Custody is a CCSS Level 3, SOC Type 2, and ISO 27001 27701 certified organization. Based in Singapore, Liminal has operations spread across APAC, MENA, and Europe, along with offices in Singapore,Taiwan , India, and UAE. The company has received an FSP license from FSRA in ADGM and initial approval from VARA. Liminal takes pride in supporting businesses with its qualified and insured custody (self and institutional) that enables stress-free safekeeping of digital assets for institutions. It also provides a cutting-edge wallet infrastructure platform that is secure, compliant, and automated and comes with a plug-and-play architecture for faster onboarding of developers, business partners, and government agencies. Our website - https://www.liminalcustody.com/

About the Role: Manager of Detection and Response will play a key role in leading our SOC efforts, coordinating with external SOC vendors, and internal stakeholders to ensure a robust and timely response to security incidents. This role requires hands-on experience with AWS incident response and a deep understanding of modern threat landscapes, detection techniques, and response processes. You will not focus on basic security analysis but will rather bring strategic leadership in responding to and managing security incidents. Key Responsibilities: Lead and manage SOC operations in collaboration with external vendors and internal teams. Drive the incident detection and response lifecycle, including monitoring, triage, containment, eradication, recovery, and post-incident analysis. Serve as the primary point of contact for SOC incident response activities, leveraging your expertise to mitigate risks and resolve threats. Ensure that all incidents are thoroughly documented, analyzed, and communicated to stakeholders with actionable recommendations. Develop, refine, and enforce incident response playbooks, procedures, and reporting structures. Collaborate with security engineering, DevOps, and cloud teams to continuously improve detection capabilities and incident response readiness. Conduct regular threat hunting and ensure visibility into emerging threat vectors, particularly in the cloud environment. Stay up-to-date on the latest attack vectors, vulnerabilities, and incident response technologies. Foster a culture of continuous improvement in incident response by providing feedback, conducting post-incident reviews, and implementing lessons learned. Manage and communicate with executive stakeholders during high-severity incidents. Key Qualifications: Bachelors degree in Cybersecurity, Information Technology, or a related field; advanced certifications (such as CISSP, AWS Certified Security - Specialty, GCIH, GCIA) are a plus. 7+ years of experience in information security, with at least 3 years in a leadership role Strong experience in incident detection and response, particularly in AWS environments In-depth knowledge of leading incident response efforts for cloud-based infrastructures. Proven ability to manage relationships with external vendors and coordinate joint efforts for SOC operations. In-depth knowledge of detection technologies, including SIEM, IDS/IPS, and EDR solutions. Familiarity with common security frameworks (e.g., NIST, ISO 27001, CIS) Excellent communication and stakeholder management skills, particularly in high-pressure situations. Ability to work collaboratively with cross-functional teams including engineering, DevOps, and product teams in a fast-paced environment. Experience with SIEM tools, log analysis, and security automation Experience in managing and improving SOC processes and ensuring continuous monitoring of advanced threats. Strong analytical and problem-solving skills Excellent communication and leadership abilities Required Skills: Proven experience in managing threat detection and response operations and vendor relationships Expert-level knowledge of AWS security services and incident response procedures Proficiency in scripting languages (e.g., Python, PowerShell) for security automation Experience with threat hunting and advanced persistent threat (APT) detection Strong knowledge of the MITRE framework In-depth knowledge of cyber kill chain and their stages to identify early indicators of compromise Strong understanding of network protocols and common attack vectors Has experience in Datadog Preferred Qualifications: Relevant security certifications (e.g., CISSP, CISM, GCIA, GCIH) Experience in cloud security beyond basic security concepts in AWS Knowledge of DevSecOps practices and tools Experience in a multi-cloud or hybrid-cloud environment About Liminal: Liminal is a compliant and insured digital asset custody and wallet infrastructure provider. Launched in April 2021, Liminal Custody is a CCSS Level 3, SOC Type 2, and ISO 27001 27701 certified organization. Based in Singapore, Liminal has operations spread across APAC, MENA, and Europe, along with offices in Singapore, India, and UAE. The company has received an FSP license from FSRA in ADGM and initial approval from VARA. Liminal takes pride in supporting businesses with its qualified and insured custody (self and institutional) that enables stress-free safekeeping of digital assets for institutions. It also provides a cutting-edge wallet infrastructure platform that is secure, compliant, and automated and comes with a plug-and-play architecture for faster onboarding of developers, business partners, and government agencies. Our website - https://www.liminalcustody.com/

Position: SOC Level 2 Shift Lead Job ID: SOC_002 Location: Andheri, Mumbai Your responsibilities as an SOC Level 2 Shift Lead: Act as the primary point of contact for escalated security events/incidents during your shift. Lead a team of SOC analysts to effectively respond to security events and incidents. Monitor and analyse phishing attempts, identifying trends and implementing strategies to mitigate risks. Manage user requests related to access control, authentication, and other security-related matters. Collaborate with other SOC teams and stakeholders to ensure timely and accurate incident response. Maintain documentation of security incidents, including incident reports and post-incident reviews. Provide guidance and mentorship to junior SOC analysts to enhance their skills and knowledge. Oversee quality delivery with minimal errors, ensuring that SOC operations adhere to established standards and procedures. Keep documentation updated, including incident reports, SOPs, and other relevant documentation. Prepare daily, weekly, and monthly reports on SOC activities, including incident metrics, trends, and analysis. Be flexible to work in 24*7 shifts, including nights, weekends, and holidays, as necessary to maintain SOC coverage and support organizational needs. Conduct training sessions and knowledge sharing sessions for SOC analysts to enhance their skills and capabilities. Stay updated on the latest security threats, vulnerabilities, and industry best practices to continuously improve SOC operations. Skill sets we require: Experience in leading or supervising SOC teams is highly desirable. In-depth knowledge of phishing techniques, tactics, and procedures. Strong understanding of network protocols, security tools, and technologies. Excellent communication and interpersonal skills, with the ability to effectively interact with clients and internal teams. Relevant certifications such as CIH, GCIH, CISM, or GIAC are a plus. Pedigree and Experience: Bachelors degree in Computer Science, Information Security, or related field. Minimum of 2+ years of experience in a SOC environment, with demonstrated proficiency in incident response and analysis.

About Us: Invimatic is committed to delivering high-quality services while ensuring the security and privacy of our clients and their customers data. We are looking for a strategic and experienced Information Security Officer to lead our information security initiatives and drive SOC 2 compliance across the organization. Job Summary: The Chief Information Security Officer (CISO) will be responsible for developing, implementing, and managing a comprehensive information security program that ensures the Security, confidentiality, integrity, privacy and availability of our customers data. The CISO will play a critical role in guiding the organization through the SOC 2 compliance process, ensuring that all necessary controls are established and maintained to meet SOC 2 standards. Key Responsibilities: Strategy Development: Develop and implement an information security strategy aligned with the company s goals and objectives. Establish a road-map for achieving SOC 2 compliance and continually assess compliance against SOC 2 criteria. Policy and Procedure Creation: Create and enforce information security policies, procedures, and standards to ensure compliance with SOC 2 requirements. Ensure the policies are regularly updated and communicated to all employees. Risk Management: Identify, assess, and mitigate information security risks related to company operations and data management. Conduct regular risk assessments and audits to evaluate the effectiveness of security controls. Team Leadership: Lead the information security team, fostering a culture of security awareness and compliance throughout the organization. Provide guidance and mentorship to team members in implementing security best practices. Stakeholder Collaboration: Work closely with executive leadership, IT, legal, and compliance teams to ensure alignment on security initiatives and SOC 2 compliance efforts. Serve as the primary point of contact for internal and external stakeholders regarding security and compliance matters. Training and Awareness: Develop and implement a security training and awareness program for all employees to promote a culture of security. Incident Response and Management: Oversee the incident response plan and ensure timely and effective responses to security incidents. Lead post-incident analysis to identify areas for improvement and prevent future occurrences. Continuous Improvement: Stay informed about industry trends, threats, and regulatory changes that may impact information security and compliance. Continuously evaluate and improve the organization s information security posture and compliance with SOC 2 standards. Qualifications: Bachelor s degree in Information Security, Computer Science, or a related field; Master s degree preferred. Minimum of 6-10 years of experience in information security, with a focus on compliance (SOC 2 preferred). Proven experience in implementing and managing security frameworks and compliance programs. Strong understanding of SOC 2 requirements and best practices. Relevant certifications such as CISM, CISSP, or CISA are highly desirable. Excellent leadership, communication, and interpersonal skills.

Overview Join our leading AI-driven Global Supply Chain Solutions Software Product Company recognized as one of Glassdoor s Best Places to Work. In this pivotal role, you will be responsible for scanning and securing our global infrastructure, spanning data centres and cloud environments. As a key member of our centralized information security team, your expertise will drive the continuous enhancement of our security posture through proactive vulnerability management, cloud security posture improvements, and advanced automation. Scope : Global Coverage: Assess and remediate vulnerabilities across assets in multiple regions and data centers worldwide. Centralized Role: Act as a strategic member of the information security team, influencing secure architecture and control implementations across the organization. Automation Efficiency: Leverage automation and scripting to streamline vulnerability scanning, threat analysis, and remediation processes integrated within our DevSecOps pipeline for improved efficiency and rapid incident response. What you will Do: Vulnerability Threat Management Conduct comprehensive vulnerability scans on both on-premise and cloud networks using tools such as Retina, Qualys, Nessus, and Nexpose. Discover and continuously monitor global cloud assets to detect security vulnerabilities and misconfigurations. Analyze scan results, document findings, and develop actionable remediation plans to address identified risks. Publish periodic vulnerability status reports to senior management, tracking progress on remediation efforts. Identify and assess potential threats to the organization s infrastructure and information assets. Define, implement, and monitor security architecture and controls across on-prem and cloud environments. Collaborate with internal teams to ensure compliance with security frameworks (e.g., NIST, ISO 27001/2, SSAE-18) and regulatory requirements. Automation Develop and maintain automated scripts (using Python, PowerShell, Bash, etc.) to execute regular vulnerability scans and parse outputs efficiently. Implement automation tools for prioritizing vulnerabilities, generating alerts, and triggering remediation workflows to minimize manual intervention. Leverage real-time data aggregation and analytics to build dynamic dashboards, delivering actionable insights and detailed metrics for management reporting. Incident Response Continuous Improvement Participate in and support the incident response team to address emerging security events promptly. Evaluate, select, and integrate new security tools to enhance threat detection and prevention capabilities. Proactively identify security gaps and recommend enhancements to fortify the overall security posture. Prepare and present comprehensive system security reports by analyzing and summarizing security data trends. What are we looking for: Experience Education Experience: 6+ years in Vulnerability Management, Vulnerability Assessment Penetration Testing (VAPT), or a closely related field. Education: Bachelor s degree in information security, Information Technology, Computer Science, or a related field. Certifications: Preferred certifications include CISM, CEH, CISSP, or equivalent. Technical Skills Vulnerability Threat Management: Proven expertise in utilizing vulnerability management tools (e.g., Retina, Qualys, Nessus, Nexpose) to assess and remediate security risks. Network System Security: Strong experience in architecting and implementing secure network designs, including firewalls, IDS/IPS, SIEM, and endpoint protection. Automation Scripting: Proficient in developing automation scripts (Python, Bash, PowerShell) and integrating security processes within CI/CD pipelines. Security Frameworks: Familiarity with industry-standard frameworks and regulatory requirements such as NIST, ISO 27001/2, and SSAE-18. Soft Skills Excellent written and verbal communication skills, with the ability to distill complex security issues into clear, actionable recommendations. Detail-oriented and analytical with a strong aptitude for interpreting data trends to manage risks effectively. Proven ability to work collaboratively with cross-functional teams in a fast-paced, dynamic environment. Shift Flexibility Ability to work the 2nd shift to overlap with global customer hours and ensure continuous security coverage. Our Values If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success - and the success of our customers. Does your heart beat like oursFind out here: Core Values All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

In this role, you ll serve as a key connector between departments, ensuring IAM solutions align with business goals. You will collaborate closely with the Business Analyst and IT Security Manager, to enhance security and seamlessly integrate applications Youll also communicate and coordinate with external service teams and providers, staying ahead of industry trends for long-term planning. Your security expertise will support team members, so that youll be ready to respond during incidents. Solution Development: Stay ahead of industry trends and emerging IAM solutions. You ll actively participate in relevant vendor events and conferences. Your insights will help us propose innovative capabilities and enhancements to our existing toolset and processes, ensuring they align with future requirements. Solution Design & Architecture: Own the overall technology roadmap and technical architecture within our IAM platforms. Review solution proposals and designs from projects, service providers and product vendors. Collaborate with other GIS Security areas to create and maintain their roadmaps. Project Support & Review: Be the main contact for projects, providing expertise and guidance for proper solution design. Actively participate in critical projects with high impact on IAM solutions and engage in project portfolio reviews and prioritization discussions. Service Delivery & Problem Management: Review Root Cause Analyses (RCAs) and collaborate with vendors - to suggest proactive measures for resolving recurring problem tickets. You ll also assist support teams by provide guidance for the resolution of critical incidents.

JD for DLP : Data Leakage Prevention Assistant Manager / Manager: Design and enforce Data Leakage Prevention (DLP) policies across email, endpoints, cloud, and network environments. Configure, monitor, and fine-tune Zscaler DLP to prevent unauthorized data transfers. Investigate, analyze, and respond to DLP alerts while ensuring timely remediation of policy violations. Conduct security awareness programs on data protection best practices. Continuously assess and improve DLP rules to reduce false positives and enhance effectiveness. Generate and present periodic reports on DLP incidents, violations, and risk trends to senior management Share KRI reports for inclusion in dashboards, KRI tracking, RCSA reports, and other governance activities Experience : Minimum 2 years of experience in configuring, managing & monitoring DLP solutions preferably Zscaler. Expertise in DLP rule creation, policy tuning & incident handling across email, endpoint, cloud & network environment. Proven ability to investigate & remediate data leakage incidents

Given the breadth and complexity of the hundreds of products and services developed and provided by Oracle, there are many vastly different attributes (including education, skills, knowledge, experience, and abilities) required for specific roles within this job code. Consult with your manager about the specific expectations for your role and career progression within your organization. Description Manage a team that is responsible for the information security function, including but not limited to information technology security controls and architecture, information privacy, incident response/investigations and digital forensics, disaster recovery and business continuity, regulatory compliance, communication and training for information security initiatives. Responsibilities Leads a small team maintaining and/or implementing information security policies and procedures. Supervises the development, deployment and execution of controls and defenses to ensure the security and risk mitigation of company infrastructure technology and information systems. Identifies security architecture, goals, objectives and metrics; analyzes business needs and priorities for protection of critical systems. Monitor security programs and assurance, e.g. threat and vulnerabilities management, incident response management, management of forensic investigations. Evaluates potential business impacts from security breaches and provides guidance to business decision-makers. Assists with the development and execution of security systems compliance policies and procedures. Selects, develops and evaluates personnel to ensure the efficient operation of the function. Qualifications Minimum 6-10+ years experience in the Information Security field required. Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. Previous experience as dotted line manager, vendor manager, employee mentor or technical lead. Preferred Certifications: CISSP, CISM, CEH, etc Career Level - M3 Manages a team maintaining and/or implementing information security policies and procedures. Manages the development, deployment and execution of controls and defenses to ensure the security and risk mitigation of company infrastructure technology and information systems. Identifies security architecture, goals, objectives and metrics; analyzes business needs and priorities for protection of critical systems. Manage security programs and assurance, e.g. threat and vulnerabilities management, incident response management, management of forensic investigations. Evaluates potential business impacts from security breaches and provides guidance to business decision-makers.

What youll be doing... Youll be finding the right technology to help ensure our customers keep their systems secure and spot risks before they become real threats. But youll be doing more than just providing SOX and IT securityyoull help customers prepare for the unexpected, defend their systems, and protect their business, brand, and bottom line. Designing solutions to mitigate risk and close security gaps and reduce vulnerability. Managing SOX Audit. PM/Engineering effort for tracking Security vulnerabilities. Working closely with VCG Application Development, App Security teams and other Key stakeholders in strategizing SOX and Security Engineering Practices and mitigating the Security Vulnerabilities. Adhering to industry standards and best practices and understanding emerging technologies and trends to continuously improve the systems, application, infrastructure, and processes. Performing SOX QA Support for Controls to ensure minimal SOX findings by auditors. Conducting quarterly Lesson Learned with SOX POCs/Directors/Performers to prevent the same issues from happening quarter over quarter. Supporting SOX BOT automation enhancements and testing in partnership with Control Performers. Supporting SOX Ops - Maintain and enhance SOX SOP documents for effective QA reviews by team. Where you'll be working... In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager. What were looking for... Application Security Skills: Secure Coding Practices: Deep understanding of secure coding principles and common vulnerabilities (OWASP Top 10, SANS 25) in various languages (e.g., Java, Python, .NET, JavaScript). SAST/DAST/IAST Expertise: Proficiency in using and interpreting results from Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and ideally Interactive Application Security Testing (IAST) tools. Open Source Software (OSS) Security: Knowledge of common OSS vulnerabilities, license compliance issues, and tools for managing OSS risks. Threat Modeling: Ability to perform threat modeling exercises to identify potential security weaknesses in application architectures and designs. Cloud Security (for Cloud-Native Apps): Familiarity with cloud security concepts, including secure configuration of cloud services (e.g., AWS, Azure, GCP), identity and access management (IAM), and cloud-native security tools. Logging and Monitoring: Experience with implementing and analyzing security logs, setting up security information and event management (SIEM) systems, and using intrusion detection/prevention systems (IDS/IPS). DevSecOps Practices: Understanding of integrating security into the software development lifecycle (SDLC) using DevSecOps methodologies and tools. Platform Security Skills: Cloud Security: Strong knowledge of cloud security best practices, including securing cloud infrastructure (compute, storage, network), managing cloud access, and implementing security monitoring in cloud environments. Container Security: Expertise in securing containerized applications and their underlying infrastructure (e.g., Docker, Kubernetes), including image scanning, runtime security, and container orchestration security. Vulnerability Management: Proficiency in using vulnerability scanning tools (like Tenable) for both network and application layers, prioritizing vulnerabilities, and coordinating remediation efforts. Hardware Security: Understanding of hardware security concepts, including firmware security, hardware-based encryption, and physical security measures. Incident Response: Experience with incident response processes, including detection, containment, eradication, and recovery, as well as post-incident analysis. SOX Auditing Exposure/ Experience: We are seeking a highly motivated and detail-oriented SOX Audit person to join our growing team. In this role, you will play a crucial part in ensuring the effectiveness of our internal control environment and compliance with the Sarbanes-Oxley Act (SOX). Plan, execute, and document SOX testing procedures for key financial and IT controls. Identify and assess the design and operating effectiveness of internal controls. Evaluate control deficiencies and recommend remediation strategies. Collaborate with process owners to remediate control deficiencies and enhance the control environment. Stay abreast of SOX compliance requirements and industry best practices. Assist with the development and maintenance of SOX documentation, including process narratives, flowcharts, and risk control matrices. Participate in special projects and other duties as assigned Additional Important Skills: Automation and Scripting: Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating security tasks and integrating security tools. Communication and Collaboration: Excellent communication skills to effectively convey security findings to technical and non-technical audiences and collaborate with development and operations teams. Problem-Solving and Analytical Skills: Strong analytical and problem-solving abilities to investigate security issues, identify root causes, and develop effective solutions. Youll need to have: Bachelors degree or four or more years of work experience. Four or more years of relevant experience required, demonstrated through work experience and/or military experience. Worked as a consultant. Four or more years of relevant experience in Application Security Skills, Platform Security Skills & SOX Auditing Exposure/ Experience. Even better if you have one or more of the following: A degree in engineering or computer science. Experience with security risk procedures, security patterns, authentication technologies and security attack pathologies. Certifications in one or more of the following: Security: CISSP, CISM, CEH, GCIH, GPEN, CCSK, Security+, Cisco, F5, BlueCoat, Check Point. Network: Cisco, Juniper, Palo Alto. Architecture: TOGAF. Service Delivery/Governance: ITILv2/3.

OVERALL PURPOSE OF THE ROLE: The primary responsibility of the specialist security Operationsis to ensure security risks are identified and managed within acceptable limits. The Security specialist will work closely with Design Authority, Solution Architects, IS Design,IS&T operations and Business teams to manage security of the organization RESPONSIBILITIES: To analyse and update critical and non critical log sources and their health status check for redundant log sources and take necessary steps working with right stake holders daily health check and monitoring of SOC infra Co-relationship, framework management for SOC use cases responsible for analytics and data crunching or data analysis and represenation of outcome for leadeship to make next decisions KPI definition, revision and imprvement for SOC infra, health and use cases TECHNICAL COMPETENCIES & EXPERIENCE To be considered for this role, candidate need to demonstrate the following skills experience and attributes: Bachelors/Masters degree in Engineering/Technology or related field Minimum 6-8 years of relevant IT experience Professional industry standard certifications like CISSP, CEH, GIAC, CISM, ISO 27002 etc. will be an added advantage Experience with various IT / Security technologies including, Active Directory, DNS, Messaging, Firewalls/ VPN Gateways, IPS, Proxy, WAF, PKI, IAM,etc. Good understanding of tools like CyberArk, PingIdentity, Sailpoint, Qualys, Veracode Proficient handson experience and understanding of various security tools and technologies. Experience in an operational role working directly with internal and external customers, trouble ticketing systems, and incident management Solid understanding of ITIL process framework Must understand and have worked in an operational environment such as a NOC or SOC for 2 4 years Demonstrated leadership experience in the area of Security Operations Proven planning, prioritization, and organizational skills Demonstrated drive for continuous learning, results orientation, and teamwork Ability to drive change through innovation & process improvement Ability to manage projects and drive action items with customers and crossfunctional peers Proven crisis management skills Professional & concise communication (written & verbal) Ability and flexibility to adapt to change, including shifting and competing priorities Demonstrated ability to be a big picture thinker, strategist, and long term planner Strong analytical skills with demonstrated problem solving ability Project management skills with a proven ability to design workable solutions will be an added advantage Exposure to ISO 27002 and ISO 27005

ROLE SUMMARY: The Associate Director of Technology Risk Advisory (TRA) will lead and oversee the development and growth of a high-performing Technology Risk Advisory practice. The role involves strategic planning, team building, client engagement, and service delivery while ensuring excellence in Cybersecurity, Governance, Risk, and Compliance (GRC), Technology Operations (TechOps), Security Operations (SecOps), and Global Privacy Regulations. This leader will focus on delivering client-centric solutions and building a robust practice. JOB DESCRIPTION : Practice Management : Operations : Develop a strategic roadmap to build and scale the Technology Risk Advisory practice. Design service offerings in Cybersecurity GRC, TechOps, SecOps, and Privacy Advisory. Establish robust frameworks, methodologies, and tools for delivering advisory services. Develop and implement cybersecurity frameworks based on ISO 27001, NIST CSF, COBIT, and other standards. Guide security operations, including SIEM, threat intelligence, and incident response. Offer advisory on technology operations, including IT infrastructure optimization and Dev SecOps integration. Ensure compliance with global privacy regulations (GDPR, CCPA, HIPAA, etc.). Design privacy programs, data protection mechanisms, and compliance monitoring systems. Maintain a strong understanding of emerging regulations and their impact on clients. Sign off on client cybersecurity strategies, encompassing threat management, incident response planning, business continuity, and disaster recovery. Ensure the effective execution of multiple projects simultaneously, adhering to project timelines, scope, and budget requirements. Profitability/Revenue Management : Increase topline revenue for the Practice as per predefined goals, while maintaining the practice gross margin. Budget management & optimization. Take responsibility for the IT Governance, Risk Management and Compliance budget. Business Relationship Management for IT Governance and Risk - this role will be a critical interface between the Firm's Leadership and the TRA team and will be required to present to the Leadership and the Executive teams periodically. Identify, prioritize, define and refine the Information Security strategy through the evaluation of new approaches and solutions in collaboration with the Managing Committee. Sales & Marketing Support : Drive growth through business development, partnerships, and client acquisition strategies. Identify market trends and position the practice as a thought leader in the industry. Develop marketing strategies, including whitepapers, webinars, and industry events. Support the Sales teams for deal closures Create visibility for the practice on various platforms and among a larger network Provide technical support to the sales & marketing team on practice service verticals Support the business development process, including proposal development, client pitches, and contribution to marketing efforts. Development of the Practice and promotion of the the Firm's brand name via articles in publications, regular update management for clients, speaker at seminars, etc. People Management: Ensure that personal and team objectives and strategy are aligned to departmental and organizational goals, and actively tracked and reported on across the year. Build and manage a team including recruitment, appraisals, developing training material, providing training to team members, and technically guiding the teams in completing their assigned deliverables Review of efficient and effective planning, selection and team management of all resources throughout the year including temporary resource redeployment within team/with other departments, Build and mentor a high-performing team with a blend of technical and advisory expertise. Retention of existing employees and measurable attrition management Address issues at emotional/infrastructural level at work being faced by teams, take responsibility for team building and career development of the team. Identify training needs of teams and assist in skill building wherever required. Ensure strategic resource planning, coupled to long term forecasting via the Annual Business Plan and 3/5 year plans, and in collaboration with HR. Succession planning for all critical roles within the team. Client Management & Quality Client Management: Act as a trusted advisor to clients, providing expert insights into technology risk management. Develop solutions aligned with client needs, industry standards, and regulatory requirements. Drive impactful outcomes, engage with senior client stakeholders, including CXOs and board members. Serve as the primary point of contact for key clients, managing expectations, building long-term relationships, and understanding their evolving technology risk needs. Provide thought leadership and expert guidance to clients on industry trends, regulatory developments, and emerging cybersecurity threats. Be part of critical client presentations and discussions to communicate project outcomes, cybersecurity vulnerabilities, and remediation strategies in a clear and actionable manner. Proactively identify opportunities to expand service offerings and assist clients in achieving their cybersecurity objectives. Manage current and developing new relationships and alliances. Quality: Maintain quality across all projects and seek active feedback on the same from all internal/external stakeholders. DESIRED CANDIDATE PROFILE: To be tailor-fit for the above skillsets, you need to have the following, Qualifications: Bachelors/masters degree in computer science, Information Security, or a related field. Professional certifications (CISSP, CISM, CRISC, CISA, or equivalent). Advanced certifications in privacy (CIPM, CIPT, or equivalent) preferred. Experience : 12-14 years of experience in Cybersecurity GRC, TechOps, and SecOps, with at least 5 years in a leadership role. Proven track record of building and scaling advisory practices, preferably in a global context. Intermediate knowledge of global privacy regulations and related compliance requirements. Experience in performing/overseeing IT audits, control assessments, and developing cybersecurity strategies and risk management frameworks. Knowledge of ethical hacking techniques, threat modelling, and exploitation of security vulnerabilities. Prior business development, sales, client management and practice management experience. Experience of handling a large client portfolio with a strong professional network/presence. Strong experience in leading large teams and managing complex client engagements. Skills : Advanced expertise in Cybersecurity frameworks, risk management, and operational security. Deep understanding of regulatory environments and privacy laws globally. Excellent leadership, communication, and stakeholder management skills. Strong business acumen, with the ability to identify and capitalize on market opportunities. In-depth knowledge of IT Governance, Risk, and Compliance (ITGRC) frameworks such as ISO 27001, NIST, COBIT, PCI DSS, and GDPR.

Senior - CTM - Threat Detection & Response We are seeking a highly skilled and experienced Senior Splunk Implementation Specialist to lead and oversee the deployment, administration, and use case development of Splunk Enterprise Security (ES) applications. The ideal candidate will have a deep understanding of Splunks capabilities and a strong background in cybersecurity. This role requires an individual with extensive experience in implementing and managing Splunk ES, as well as developing and maintaining security use cases to enhance client s security posture. KEY Capabilities Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA Lead the planning, design, and implementation of Splunk Enterprise Security (ES) across the organization. Develop and manage the Splunk implementation project plan, including timelines, milestones, and resource allocation. Coordinate with cross-functional teams, including IT, security, and compliance, to ensure seamless integration of Splunk with existing systems and processes. Oversee the configuration and customization of Splunk ES to meet the organizations specific security requirements. Develop, implement, and maintain security use cases, correlation searches, and dashboards within Splunk ES. Provide expert guidance and support to the security operations team in the use of Splunk ES for threat hunting and incident investigation. Ensure compliance with industry standards and regulatory requirements related to security monitoring and incident response. Develop and maintain documentation for Splunk configurations, processes, and procedures. Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc. Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers. Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems. Experience in creating use cases under Cyber kill chain and MITRE attack framework. Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc Sound knowledge in configuration of Alerts and Reports. Good exposure in automatic lookup, data models and creating complex SPL queries. Create, modify, and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement. Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations. Experience in creating custom commands, custom alert action, adaptive response actions etc. Qualification & experience Minimum of 5 to 7 years experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments. Proven experience in implementing and managing Splunk Enterprise Security (ES) applications. Strong understanding of cybersecurity principles, threat detection, and incident response. Extensive experience in developing and maintaining security use cases, correlation searches, and dashboards within Splunk ES. Excellent project management skills, with a track record of successfully leading complex security projects. Strong leadership and team management skills, with the ability to mentor and develop team members. Excellent communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels. Relevant certifications such as CISSP, CISM, Splunk Certified Admin, Splunk Certified Architect, or similar are highly desirable. Certifications in a core security related discipline will be an added advantage. Desired Skills Familiarity with scripting and automation tools (e.g., Python, PowerShell) for security operations and incident response. Knowledge of regulatory and compliance frameworks (e.g., GDPR, HIPAA, NIST). Experience in conducting security assessments and audits. Ability to develop and implement security policies, procedures, and best practices. Strong analytical and problem-solving skills.

Role Description Divisional Risk and Control is responsible for non-financial risk and control management for the relevant operating Division or Infrastructure function or Dedicated Central Control Unit for the bank. Work includes: Defining the risk management framework Developing process and procedures to report on, manage, and mitigate risks to acceptable levels Maintaining operational control and discipline across the organizational unit Ensuring that business is conducted in accordance with applicable laws, regulations and in adherence to the bank's internal policies Providing thought-leadership around business specific risk taxonomies, assessment methodologies, process and control implementation Developing, tailoring and testing the control infrastructure for the business Communicating regulatory development and implications to the business Executing certain risk-related processes and draft first like risk procedures (e.g. product reviews, issue capture, regulatory change management, vendor management etc.) Managing Risk and Compliance data and information for both first and second lines Coordinating execution of risk and control self-assessment (RCSA) process Driving messaging and information from second line to first line (e.g., policies, procedures, training) Providing a consolidated view of non-financial risks Developing a positive risk culture, whilst assuring strategy alignment among various organizational levels Your key responsibilities Responsible to ensure compliance with the Information Security Policy and the subordinate documents within area of responsibility Establish and document roles/entitlements for each of the application together with the Role owners. Ensure any changes to the roles are supported by documented valid justification/s along with an Impact and Risk assessment as part of business decisions Execute IS Risk assessment and compliance evaluations for assigned IT assets with support from BSO community Review and address quality issues within ISO scope of responsibilities Ensure execution of Information Security risk management in line with DB Information Security Policy/ Guidelines including 1) InfoSec controls 2) Mitigating Control weakness 3) End user access review and recertification 4) provide InfoSec advisory on vendor relationships 5) Support BCM and DR exercise from ISO perspective 6) Providing guidance on control implementation Support Chief ISO delegate on relevant actions and initiatives. Create Segregation of Duties (SoD) rules for IT , assess SoD Rule violations and make exception decisions Participate in Information Security initiatives and programmes, as relevant; Review and assess severity of information security breaches and recommend appropriate follow-up actions, where necessary Advise local business and other partners on CSO solutions and facilitate service adoption in cooperation with Central CSO teams Support in the review and assessment of data leakage incidents relevant to PB Booking Centre. Your skills and experience Education & Experience: Proven experience of working within Information Security / Information Technology environment ideally in Banking Environment Experience working on small to medium scale projects at least within a global environment Professional certification including ISO27001 Lead Auditor/ Lead Implementer, CISM, CRISC University degree. Competencies: Outstanding problem solving, analytical and project management skills Proficiency with Microsoft Office programs; e.g. Excel , Word and PowerPoint Ability to work in pressurised situations Strong work ethic, commitment to excel and proven capacity to work effectively with minimum supervision Strong communication (written and verbal) and relationship skills with excellent command of the English language Very good influencing and management skills to liaise effectively with Business and control functions Personal Characteristics: Proactive attitude and self-initiative Ability to think laterally. Strong Team Player skills as well as working independently Eagerness to learn and adapt to new situations and processes Delivery-focused, able to manage multiple deliverables to deadlines Flexibility with respect to new tasks and the ability to work diligently in stressful situations Ability to learn quickly Driven and able to handle day-to-day routine as well as cope with shifting priorities and changing responsibilities to meet needs and demands.

Hiring, Head of Information Security Job Purpose The Head of Information Security is tasked with creating and sustaining the enterprise vision, strategy, and program to safeguard the integrity, availability, and confidentiality of the organization's information assets. This involves implementing and maintaining comprehensive security measures and practices. This leadership position includes overseeing the development and execution of a strong cybersecurity framework, leading a team of security professionals, and working collaboratively with other departments to mitigate risks. Roles and responsibilities Strategy & Governance Development and implement a comprehensive information security strategy aligned with the organization goals and leading industry practices. Establish and maintain information security policies, standards and procedures to ensure compliance with relevant regulations and frameworks. Manage budget for IT security related activities and initiatives, ensure ROI on the same. Establish IT security governance frameworks, policies and procedures to ensure integrity and availability of information assets. Security Architecture Design Oversee design and implementation of a robust and resilient security architecture including network security, infrastructure and information security, and application security. Evaluate and select appropriate security technologies, tools and vendors to protect the organizations information assets. Review and assess the security controls and configurations of existing systems and applications and provide recommendations for improvement. Collaborate with enterprise architects/ technology partners to ensure security is integrated into the design and development of new systems and applications. Security Operations & Incident response Oversee the day-to-day operations of the organizations security infrastructure and develop incident response plans to address and mitigate security incidents effectively. Drive regular security, risk & vulnerability assessments to identify vulnerabilities and weaknesses in the organizations systems and infrastructure. Manage and resolve security incidents and lead incident response efforts, including investigations, containment, eradication and recovery in case of cyber attack Security incident & Threat Intelligence Stay updated on the latest security threats, vulnerabilities, and industry trends through continuous benchmarking and research. Proactively identify emerging threats and vulnerabilities and develop strategies to mitigate their impact. Collaborate with internal and external stakeholders to conduct penetration testing, vulnerability assessment and security audits. Develop standard operating procedures for incident response during ransomware attacks Vendor & Third-Party Risk Management Assess and manage security risks associated with third-party vendors and service providers. Provide input during vendor evaluation and selection based on their security capabilities and compliances with security standards. Compliance & Regulatory Requirements Ensure organization’s compliance with relevant laws, regulations and industry standards pertaining to information security. Monitor and interpret changes in security regulations and standards and assess their impact on the IT landscape. Lead and coordinate audits, assessments and certification processes related to information security. Collaboration Work closely with IT, legal, compliance, and business units to integrate security practices into daily operations. Act as the primary point of contact for security-related matters with external partners, vendors, and regulatory bodies Security awareness and Training Collaborate with learning & development team to implement security awareness and training programs about information security risks, leading practices and policies. Conduct regular security awareness campaigns, monitor and evaluate the effectiveness of security awareness efforts. Conduct Cyber War game drills with business users to enhance preparedness for handling ransomware attacks. People Management Provide direction and guidance to the team and foster a collaborative and high-performance environment. Qualification and Experience : A post-graduate or bachelor's degree in engineering with 18-22 years of work experience, including 7-10 years in leading a cybersecurity organization, is required. The role demands extensive experience in identifying and mitigating information & cyber security risks and a comprehensive understanding of regulatory requirements. Professional security certifications like CISA, CISSP, CISM, ISO 27001:2013 LA, etc., are highly desirable. Familiarity with security technologies is crucial, including firewalls, network access control, IDAM & ITDR, EDR, secure web gateways, email security gateways, data leak prevention (DLP), MFA, WAF, DDoS, PAM, SIEM & SOAR, and micro-segmentation. Other Skills: Excellent Communication, Presentation & inter-personal Skills Should possess knowledge of various Security Solutions (Endpoint Protection, Advanced Threat Protection, Data Leak Prevention), Network Security, Databases, OS, etc. Knowledge of the industry's standards and regulations in the Healthcare or Pharma industry is preferred.

About Vara: The Vara Group is the front runner in embracing innovation and leveraging world-class Infra tech to deliver maximum business value to organizations and the government. For over 7 years, Vara has been helping businesses to adopt new technologies to stay ahead of change. Our rigorous attempts to build platforms that are futuristic and need-based are backed by our research, design thinking-driven approach, and unmatched solutions in technology and operations. This creates an innovative roadmap to help Indian enterprises transit from conventional technology to smarter and quicker means. Vara excels in delivering niche solutions in the following domains: Blockchain | Cyber Security | Tolling Platform & Logistics | 3D Printing | IoT | Data Science Our offices are currently in Mumbai, Kolkata and Delhi. Please Visit www.varainfrovate.com / www.varatechnology.com for more details. Designation Manager / Senior Manager Major roles : End to end sales cycle. New client acquisition. Developing pipeline and sourcing strategic accounts with field sales, partners, marketing, technical and operational resources to create sales strategies and execute revenue goals. Enterprise Sales of Cyber Security Software. Develop and maintain commercially productive relationships. Develop and execute sales strategy and tactics that maximize Cyber Security opportunity within the customer environment. Demonstrated ability to manage solution based sales at multiple levels in our customers organization. Work closely with CXOs of the top enterprises across India. The person should have industry connects with CIOs/CTOs/CISOs across various verticals. The person should have sales & account management experience in Cyber Security services / IT Software / Hardware /Service Demonstrated ability to meet/exceed sales quotas. Roles and Responsibilities Lead presales efforts for cybersecurity solutions, focusing on application security. Collaborate with cross-functional teams to design and deliver comprehensive security architectures for clients. Develop and maintain strong relationships with key decision-makers at target accounts to drive business growth. Conduct product demonstrations, presentations, and workshops to showcase our cybersecurity offerings. Identify new sales opportunities through market research, competitive analysis, and industry trends.

As a Tech Risk & Controls Senior Associate in [Insert LOB and/or Sub LOB], you will contribute to the successful management of technology-aligned aspects of Governance, Risk, and Compliance in line with the firms standards. Leverage your broad knowledge in risk management principles and practices to assess and monitor risks and implement effective controls. Your role in risk identification, control evaluation, and security governance is crucial in advising on complex situations and enhancing the firm s risk posture. Through collaboration and analytical skills, you will contribute to the overall success of the Technology Risk & Services team and ensure compliance with regulatory obligations and industry standards. Job responsibilities Assess and monitor technology risks, ensuring compliance with firm standards, regulatory requirements, and industry best practices Support implementation of effective controls in collaboration with cross-functional teams and stakeholders Evaluate the effectiveness of existing controls, identify gaps, and recommend improvements to mitigate risks and enhance the firms risk posture Analyze complex situations, provide advice on risk management strategies, and support the implementation of risk mitigation measures Required qualifications, capabilities, and skills Formal training or certification on Tech Risk & Control concepts and 3+ years applied experience Expertise in technology risk management, information security, or a related field, with a focus on risk identification, assessment, and mitigation. Proficiency in working with large datasets, including data cleaning, transformation, and analysis, as as automating routine processes using tools such as Python, R, or Alteryx. Strong data visualization skills with experience in platforms like Tableau, Power BI, or similar, to effectively communicate insights and automate metrics and KRIs reporting Experience in risk identification, assessment, and control evaluation, with a strong understanding of industry standards Demonstrated ability to analyze complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders Proficient knowledge of risk management frameworks, regulations, and industry best practices Preferred qualifications, capabilities, and skills CISM, CRISC, CISSP, or other industry-recognized risk certifications Familiar in data analysis and reporting automation

AVP - DATA PRIVACY AND BUSINESS INFORMATION SECURITY - LEADING MNC - 8-12 YRS - MUMBAI B.E./ B.Tech./ MCA in IT or CS. ROLE: Understand the key assets and processes, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies Responsible for complex privacy and/or security matters and privacy programs in compliance ISO 27001, #GDPR and other global privacy laws and regulations (with additional consideration for sector-specific experience in financial services, insurance, education, telecom, biometrics, or digital advertising Drive data breach preparation, risk mitigation, coordination and responses Drive Technology transactions related to privacy and security-related due diligence and advising. Ensure business compliance with Information Security Policies and Standards while continuously monitoring and reporting on risks and documented exceptions Develop and maintain in depth understanding of region/business unit processes, systems, technologies, data, customers, consumers, partners Review and audit the Information Security Policies and Standards and technical implementations of security solutions required to meet business objectives Identify noncompliance and areas of potential improvement, and issue corrective actions Provide escalation path for security issues, incidents and inquiries Review work of the Security Incident Response and Crisis Management teams to ensure effectively driving incidents to acceptable resolution; assist with investigations as needed Work with the Compliance and Information Risk Management team to drive policy and regulatory compliance. EXPERIENCE: Certification pertaining to information security and data privacy protection (#CISSP, #CISA, #CRISC, #CISM, etc.) Experience in the design and implementation of information security programs Experience in compliance, government or financial industry. Expert level understanding of key network and technical security controls Security best practices including experience with #ISO27001 and PCI DSS Certifications: CISA/ CISSP/ COBIT/ ITILv3/ CISM/ CRISC/ ISO27001

Assist the team in planning engagements, conducting fieldwork, discussing findings and observations with the clients, preparing work papers to support conclusions and preparing written reports. Conduct IT, Data Privacy & Information Security audits. Develop policies and procedures inline with Information Security & Privacy international and local standards. Attend preliminary meetings with clients; offer advice and develop a client understanding for the overall service process; communicate access and information requirements. Support Engagement partners and Directors to lead business development initiatives including, but not limited to, review pre-engagement activities, contracting and setting up meetings with prospective clients. Keeping up to date with developments in Technology, UAE markets, relevant professional standards (eg: ISO 27001, Data Privacy Law etc.) and specific industry sectors. Pursuit of highest professional standards, specialist skills in technology and credibility in the market through continuous professional education, certification, contributions to professional groups and appropriate networking. Contribute towards managing the overall client service delivery in accordance with BDO quality guidelines & methodologies. Contribute towards managing accounts on a day-to-day basis & explore new business opportunities for the firm. Maintain professional relations with clients, answer queries, offer expert advice. Ensure thorough project documentation and maintain electronic filing in accordance to BDO guidelines. Complete project assignments with minimum supervision and within the timelines provided by the management. Required Skills: Bachelors degree in Computer science, Engineering, or related field Post-qualification work experience of 6 to 8 years, with at-least 6-year experience in implementing the regulatory & compliance framework requirements (e.g. ISO 27001, ISO 27701, GDPR, ADHICS) Experience in international and local regulatory requirements related to Data Privacy & Protection Two (2) or more industry certifications strongly preferred. Example certifications include: CISA, CISSP, CIPM/CIPP, CISM, CCSP

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it , our most valuable asset is our people. Here you ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage an d passion to drive life-changing impact to ZS. Our most valuable asset is our people . At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Senior Information Proection Analyst The Senior Information Protection Analyst will play a pivotal role in enhancing our organizations information security posture by developing and executing robust information protection strategies. This position requires a deep understanding of information security principles, risk management, and industry best practices. What Youll Do: Lead the development, implementation, and enforcement of information protection policies, procedures, and guidelines using best in industry data protection tools & technologies. Monitor and manage security technologies, such as data loss prevention (DLP), data classification (unstructured & structured), encryption, etc. Collaborate with cross-functional teams to assess information protection requirements and ensure compliance with relevant laws, regulations, and industry standards. Analyze security incidents, breaches, and vulnerabilities, and provide guidance for effective incident response and resolution. Provide technical expertise and guidance to IT teams on security architecture around data protection. Participate in security audits, assessments, and compliance initiatives to ensure alignment with information protection standards. Mentor and guide junior members of the information protection team. Collaborate with the legal and compliance teams to address privacy concerns and ensure compliance with data protection regulations. Assist in the development of information security strategies and roadmaps. Prepare and present regular reports on information protection activities, incidents, and risk assessments to senior management. What Youll Bring : Bachelor s degree in information security, Cybersecurity, or related field. 4-6 years of experience in information security, with a focus on information protection, DLP and data protection. Strong understanding of information security frameworks, regulations, and standards (e.g., ISO 27001, NIST, GDPR). Experience with security technologies such as data classification, DLP, encryption, SIEM, and access controls. Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent. Excellent analytical and problem-solving skills, with the ability to assess risks and recommend effective solutions. Strong communication and interpersonal skills to collaborate with various teams and stakeholders. Proven track record of successfully implementing and managing information protection programs. Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel: Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying? At ZS, were building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you dont meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application: Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered.