752 Cism Jobs - Page 19

Number of Openings 3 ECMS ID in sourcing stage TS-ID-15358 Assignment Duration 6 Months Total Yrs. of Experience 12+ years Relevant Yrs. of experience 10 +years Detailed JD (Roles and Responsibilities) Crypto Mainframe Engineer Position Overview We are seeking an experienced Crypto Mainframe Engineer to join our team. The ideal candidate will have a minimum of 10 years of experience working in financial institutions and a strong background in using KeyFactor PrimeKey. This is a unique opportunity to work on cutting-edge encryption technologies and ensure the security of our financial systems Key Responsibilities Design, implement, and maintain cryptographic systems on mainframe platforms. Utilize KeyFactor PrimeKey to manage and deploy cryptographic keys and certificates. Ensure the security and integrity of financial data through the application of advanced encryption techniques. Collaborate with cross-functional teams to integrate cryptographic solutions into existing systems Monitor and respond to security incidents related to cryptographic systems. Keep abreast of the latest developments in cryptography and implement best practices Provide technical guidance and mentorship to junior engineers and staff Qualifications Bachelors degree in Computer Science, Information Security, or a related field Minimum of 10 years of experience working in financial institutions Extensive experience with KeyFactor PrimeKey for key and certificate management Strong understanding of cryptographic algorithms and protocols Knowledge of mainframe systems and their security features Experience with incident response and security monitoring Excellent problem-solving and analytical skills Strong communication and teamwork skills. Preferred Skills Masters degree in a relevant field Experience with EKMF and other mainframe cryptography Certifications in cryptography or information security (e.g., CISSP, CISM) Experience with other cryptographic tools and technologies Knowledge of regulatory requirements in the financial sector. Domain Crypto Mainframe Engineer Max Vendor Rate in Per Day (Currency in relevance to work location) 12000 INR Work Location given in ECMS ID Bangalore/Pune WFO/WFH/Hybrid WFO Hybrid BG Check (Before OR After onboarding) As per Infosys Policy Is there any working in shifts from standard Daylight (to avoid confusions post onboarding) YES/ NO NO

Every career journey is personal. Thats why we empower you with the tools and support to create your own success story. Be challenged. Be heard. Be valued. Be you ... be here. Job Summary The Director, Cyber Security is be responsible for understanding the business model and organizational priorities, while leading, guiding and directing technical and business leaders in effort to ensure compliance to regulatory requirements, the protection of company information assets, and the continued maturation of the cyber security program. This position reports to the SVP, Chief Information Security Officer and works closely across Technology Operations, Privacy, Legal, Enterprise Risk Management, and the business. Essential Job Functions Oversee and advise on the continued development and management of the Cyber Security team s strategy and vision. Lead of a team of Cyber Security managers, along with their direct reports of various experience levels and bands. Hire and train new staff, conduct performance reviews and utilize subject matter expertise to guide and coach team members. - (35%) Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied within the department and across the organization. Identify and understand drivers for change and act as a champion and partner with other leaders to deliver those changes. - (5%) Collaborate with senior leaders on strategic and tactical information security plans for major system and application changes, ensuring standards are maintained and assets protected. Resolve conflicts and simplify complex concepts for effective communication. Serve as an enabling partner and take solution based approach. - (10%) Communicate goals and new programs effectively with other senior leaders within the organization. Produce presentations at various levels of abstraction dependent on intended audience using Microsoft Power Point, Microsoft Visio, or equivalent tools. - (10%) Lead the design and the implementation of key Technology projects and initiatives as they pertain to the organizations long-term security strategy. Identify areas of improvement where processes do not currently exist and drive the development and delivery of new processes to address these gaps. Ability to lead through ambiguity and deliver quality results. - (25%) Maintain appropriate internal processes and procedures to ensure operational effectiveness of the team. Oversee and lead the creation of and the maintenance of relevant documentation including run books, project updates, process documentation, architecture and technical requirements and presentations. Actively assist in managing departmental budget and costs. - (10%) Work with the Change Advisory Board (CAB) to identify and manage changes that will impact Information Security controls. Oversee, develop and deliver Key Performance Indicators (KPIs) through the understanding of the tools and deliverables by helping to develop, maintain and mature the associated reporting structure. - (5%) Minimum Qualifications Bachelor s Degree or equivalent experience in Computer Science or Information Technology One or more field related professional technical certifications (CISSP, CISA, CISM, Security+) or able to complete within 12 months 15+ years of progressive experience in Cyber Security including proven expertise in multiple disciplines (SOC, IAM, Cyber Engineering Architecture, Governance Regulatory Compliance, etc.) 7+ years direct leadership experience Preferred Qualifications Master s Degree in computer science or information technology Two or more field related professional technical certifications (CISSP, CISA, CISM, Security+) 15+ years of progressive experience in Cyber Security including proven expertise in multiple disciplines (SOC, IAM, Cyber Engineering Architecture, Governance Regulatory Compliance, etc.) 8+ years direct leadership experience Skills Cloud Architectures Amazon Web Services (AWS) Cybersecurity Cloud Security Identity and Access Management (IAM) NIST 800-53 NIST Cybersecurity Framework (CSF) PCI DSS Compliance Reports To : VP and above Direct Reports : 6 - 10 Work Environment Normal office environment, hybrid. Other Duties This job description is illustrative of the types of duties typically performed by this job. It is not intended to be an exhaustive listing of each and every essential function of the job. Because job content may change from time to time, the Company reserves the right to add and/or delete essential functions from this job at any time. About Bread Financial At Bread Financial, you ll have the opportunity to grow your career, give back to your community, and be part of our award-winning culture. We ve been consistently recognized as a best place to work nationally and in many markets and we re proud to promote an environment where you feel appreciated, accepted, valued, and fulfilled both personally and professionally. Bread Financial supports the overall wellness of our associates with a diverse suite of benefits and offers boundless opportunities for career development and non-traditional career progression. Bread Financial (NYSE: BFH) is a tech-forward financial services company that provides simple, personalized payment, lending, and saving solutions to millions of U.S consumers. Our payment solutions, including Bread Financial general purpose credit cards and savings products, empower our customers and their passions for a better life. Additionally, we deliver growth for some of the most recognized brands in travel entertainment, health beauty, jewelry and specialty apparel through our private label and co-brand credit cards and pay-over-time products providing choice and value to our shared customers. To learn more about Bread Financial, our global associates and our sustainability commitments, visit breadfinancial.com or follow us on Instagram and LinkedIn . All job offers are contingent upon successful completion of credit and background checks. Bread Financial is an Equal Opportunity Employer. Job Family: Information Technology Job Type: Regular

Ericsson is seeking an experienced GRC Specialist with 8 to 15 years of expertise in Governance, Risk, and Compliance to join our team in Noida or Bangalore. The ideal candidate will have a strong background in managing risk frameworks, compliance programs, and governance processes within large enterprises, preferably in telecom or IT sectors. Key Responsibilities: Develop, implement, and maintain governance, risk, and compliance frameworks aligned with global standards and Ericsson policies. Perform comprehensive risk assessments and compliance audits to identify gaps and recommend remediation actions. Ensure adherence to regulatory requirements such as ISO 27001, GDPR, NIST, COBIT, and ITIL. Manage and monitor compliance controls and policies to mitigate organizational risks. Collaborate with internal stakeholders and external auditors to facilitate audit readiness and compliance reporting. Drive continuous improvement initiatives for GRC processes and tools. Support incident response and business continuity planning from a GRC perspective. Lead awareness programs and training sessions on governance, risk, and compliance topics. Utilize and optimize GRC platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC) for automated risk management and reporting. Required Skills and Qualifications: Bachelors or Masters degree in Information Technology, Cybersecurity, Business Administration, or related field. 8 to 15 years of experience in Governance, Risk, and Compliance roles. In-depth knowledge of GRC frameworks and standards (ISO 27001, NIST, COBIT, GDPR, ITIL). Practical experience with GRC tools and platforms. Strong understanding of cybersecurity risk management and control frameworks. Excellent analytical, organizational, and communication skills. Ability to work collaboratively across teams and influence senior stakeholders. Relevant certifications such as CISA, CISM, CRISC, CISSP, or similar preferred. Connect with me over LinkedIn at : https://www.linkedin.com/in/nitin-tushir-abc0048/

Role Overview: As a Manager, Customer Success, with a deep passion for creating a world-class customer experience, you lead a team that directly supports and guides our largest customers throughout their product adoption and onboarding journey. You are a trusted advisor, assisting customers in maximizing the value of our cybersecurity solutions, ensuring they can achieve their security goals. Working across our teams in Sales, Customer Value, Support, and Product, your role is pivotal in ensuring a seamless onboarding experience, while proactively managing the ongoing success of customers throughout their lifecycle to drive strong customer satisfaction, retention, and growth. A little about the role: As a Manager, Customer Success, with a deep passion for creating a world-class customer experience, you lead a team that directly supports and guides our largest customers throughout their product adoption and onboarding journey. You are a trusted advisor, assisting customers in maximizing the value of our cybersecurity solutions, ensuring they can achieve their security goals. Working across our teams in Sales, Customer Value, Support, and Product, your role is pivotal in ensuring a seamless onboarding experience, while proactively managing the ongoing success of customers throughout their lifecycle to drive strong customer satisfaction, retention, and growth. Lead a team that owns the end-to-end project management of the onboarding process, ensuring a smooth transition from sales to active usage. Ensure continued alignment between the customer teams and the implementation process to deliver projects in line with the projects required timelines Effectively collaborate with stakeholders, present project updates, and document key activities. Identify project risks and blockers and manage the activities required to remediate. Deliver compelling reports, lead meetings, and communicate insights to both technical and non-technical audiences. Serve as the leader of a team that is the primary point of contact for assigned accounts, building strong, trusted, long-term relationships. Actively manage product adoption and proactively address any challenges to help the customer get value from our products and enable Skyhigh s growth with the customer. Conduct regular business reviews to track progress, review adoption and utilisation status, and identify expansion opportunities across all dimensions of the account. Act as a cybersecurity advisor, helping customers optimize their security posture with our solutions. Coordinate training and enablement sessions and provide best practices to accelerate product adoption. Work closely with renewal teams to ensure contract extensions and expansions. Gather and analyze customer feedback to help shape product enhancements and service improvements. Act as the voice of the customer internally, ensuring their needs are represented in product roadmaps. Create and maintain customer success resources, including best practice guides, training materials, and FAQs. required for a Customer Success Manager: 5+ years of experience leading teams that support the customer experience managing coverage of Enterprise level customer accounts, or high-ARR accounts with a Customer Success or Technical Account Management role within the IT/cybersecurity sector. A working knowledge of networks, cybersecurity products and solutions. Experience managing Enterprise level customers. Exceptional relationship management skills with the ability to engage both technical and business stakeholders. Strong project management skills, with experience managing customer onboarding, training, and implementation projects. Strong problem-solving skills with a proactive, customer-first mindset. Ability to manage multiple accounts while prioritizing key customer needs. Exceptional attention to detail, ensuring accuracy in project planning, execution, and reporting. Be capable of understanding customers distinct use cases and how they align to the project goals. Influencing skills to drive alignment, manage expectations, and gain buy-in from cross-functional teams and stakeholders. Strong verbal and written communication skills along with excellent presentation skills Experience working with CRM tools (Salesforce, ChurnZero, etc.) or other Customer Success platforms. It would be great if you also have the following, but they are not required Experience working specifically with solutions such as SWG, CASB, Zero Trust, Endpoint Security, or similar. Cybersecurity certifications (CISSP, CISM, or equivalent) are a plus. We believe that the best solutions are developed by teams who embrace each others unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees. Medical, Dental and Vision Coverage Were serious ab out our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Description Requirements : Bravura s Commitment and Mission At Bravura Solutions, collaboration, diversity and excellence matter. We value your ideas, giving you room to be curious and innovate in an exciting, fast-paced, and flexible environment. We look for many different skills and abilities, as well as how you can add value to Bravura and our culture. As a Global FinTech market leader and ASX listed company, Bravura is a trusted partner to over 350 leading financial services clients, delivering wealth management technology and products. We invest significantly in our technology hubs and innovation labs, which inspire and drive our creative, future-focused mindset. We take pride in developing cutting-edge, digital first technology solutions that support our clients to achieve financial security and prosperity for their customers. About The Team/Project The Information Security Officer is responsible for supporting the implementation and operation of the organisations Information Security Management System (ISMS) within their region. This role will support security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the analysts will enable security controls aligning with client contractual obligations, regulatory requirements, and industry best practices. The analyst will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges What You ll Do The position is within the Information Security team. Main activities will include but are not limited to: Internal Audit Assurance: Support the implementation and operations of the ISMS within the region. Support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Support continuous assessment and improvement of security controls and processes. Information Security Risk Management Support, identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Information Security Policy Standards Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit Compliance Support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training Awareness Support the delivery of security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Support the assessment and management of security risks associated with third-party vendors and suppliers. Support security requirements are included in vendor contracts and SLAs. Enable regular security assessments of critical suppliers, considering the impact on client services. Security Operations Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. Qualifications and Experience Bachelor s degree in Information Security, Computer Science, or related field (or equivalent experience). 3+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. Good understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. Experience in security risk management, audits, compliance, and client security assurance. Knowledge of security operations, incident response, and managed security services. Familiarity with supply chain security and third-party risk management. Good communication and stakeholder management skills, with experience working with clients on security matters. Ideally security certifications such as CISSP, CISM, or CRISC are preferred. Working at Bravura Our people are the heart of our business. We work hard to provide a rich employee experience and a robust framework for ongoing career development. Competitive salary and employee benefits scheme. Flexible working hours, we value work-life balance. Maternity/ Parental (including secondary) leave policy. Cab facility available in Delhi/NCR. Meal facility available Free Medical Insurance So, what s next We make hiring decisions based on your experience, skills and passion so even if you don t match every listed skill or tick all the boxes, we d still love to hear from you. Please note that interviews are primarily conducted virtually and if you require any reasonable adjustments or would like to note which pronouns you use, please let us know. All final applicants for this position will be asked to consent to a criminal record and background check. Please note that people with criminal records are not automatically barred from applying for this position. Each application will be considered on its merits. Youtube Video

Dear Candidate, We are hiring an IT Security Engineer to protect the organizations infrastructure and data by designing, implementing, and maintaining security tools and controls. Key Responsibilities: Design and deploy security solutions (firewalls, IDS/IPS, SIEM, EDR). Monitor threats, perform vulnerability assessments, and patch systems. Develop and enforce access controls, encryption, and compliance policies. Support incident response and forensic investigations. Conduct security awareness training and audits. Required Skills & Qualifications: Deep knowledge of cybersecurity principles and practices. Hands-on experience with security tools (e.g., Splunk, CrowdStrike, Palo Alto). Familiarity with regulatory frameworks (ISO 27001, NIST, GDPR). Scripting or automation experience (Python, PowerShell). Security certifications (e.g., CISSP, CEH, OSCP) preferred. Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Job Title: Assistant Manager - Security Engineering Location: UniOps Bangalore ABOUT UNILEVER: Every individual here can bring their purpose to life through their work. Join us and you ll be surrounded by inspiring leaders and supportive peers. Among them, you ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we ll work to help you become a better you. ABOUT UNIOPS: Unilever Operations (UniOps) is the global technology and operations engine of Unilever offering business services, technology, and enterprise solutions. UniOps serves over 190 locations and through a network of specialized service lines and partners delivers insights and innovations, user experiences and end-to-end seamless delivery making Unilever Purpose Led and Future Fit Business Context and Main Purpose of the Role Unilever is one of the world s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3. 4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann s, Wall s, Ben & Jerry s, Marmite, Magnum, and Lynx. Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That s why our purpose as Unilever is to make sustainable living commonplace . At Unilever, we re determined to achieve a culture where everyone can thrive, a culture where all individuals are treated fairly and respectfully, and where their uniqueness is celebrated. We re taking a holistic approach that focuses on how we can use the scale and reach of our business to have the greatest impact in our own workplace and beyond. We ve set clear goals to eliminate any bias and discrimination in our policies and practices, accelerate diverse representation in our leadership, and remove barriers for people with disabilities. At the same time, we re setting out to spend more with diverse businesses and increasing representation of diverse groups in our advertising. Find out more about our commitment to equity, diversity, and inclusion. Unilever s Cyber Security organization is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organization runs a 24x7 Security Operations Centre (SOC), has a robust cyber technology landscape, provides Risk Advisory to our business, and assesses the security of our vast technology estate, including office, factories, R&D, platforms, etc. Cyber Security is tasked with elevating, reporting on and influencing enterprise cyber security risk across Unilever. Role Purpose: The Security Engineering Assistant Manager role is tasked with delivering world class cyber security tools & services in partnership with our Business Owners (who operate these capabilities) and our partners. This partnership will generate value by ensuring that our key risks are appropriately managed, and we are continuously developing our capabilities to meet the needs of the business. Role Summary: The Security Engineering Assistant Manager is responsible for deploying and managing the cyber security technology stack to ensure our key cyber risks are being appropriately managed. This requires collaboration between our Business Owners (i. e. who operate these capabilities), our suppliers and our partners - all with the common goal of continuous improvement. This position will report to the Security Engineering Manager. Key areas under this role includes: Managing our Cyber Security capabilities (in partnership with the relevant Business Owner) including SIEM, SOAR, CSPM, NDR, EDR / XDR, IDP, DAM, NAC, WAF, TVM, Email Security, Threat Intelligence Platforms, Security Validation Platforms, Penetration testing platforms, etc. Defining (in partnership with the relevant Business Owner) the requirements for our capability and identifying any gaps that require addressing. Partnering our Security Architecture colleagues in defining the capability roadmap. Supporting any Proof-of-Concept (POC) projects by providing expertise / advice, supporting the testing, and assisting in collating the results (including the creation of the business case where required). Being accountable for the deployment of our capability and ensure its adoption in all areas of the business including IT infrastructure, Hybrid Cloud, IT applications, OT, and IoT. Responsible for Service Management of our cyber security capabilities through our defined framework (e. g. ITIL). Collaborating with our Business Owners (e. g. SOC, Threat Intelligence, etc) and our suppliers to identify areas of improvement, optimisation, or opportunity - driving continuous improvement through our demand funnel. Responsible for raising incidents and issues with our suppliers and ensuring a quick resolution. Becoming a trusted advisor within the organisation that identifies areas of risk and provides technology-based solutions. Main Accountabilities Being the Service Owner for all your assigned cyber capabilities and being responsible for the Service Governance of these capabilities. Responsible for overseeing the demand funnel and ensuring a continuous stream of improvement through each sprint cycle. Responsible for the deployment of our cyber capabilities against the architectural design (even if responsibility is delegate to project teams or suppliers) and adoption with our business owners. Responsible for compliance against Unilever policies, guidelines and standards especially those associated with platform / service ownership (cyber, CMDB, ITIL, etc). Partnering with our Business Owners (e. g. SOC, Threat Intelligence, Engagement, etc. ) and our suppliers to ensure we drive value from every technology investment to reduce our Cyber Risk. Holding our technology suppliers and strategic partners (e. g. our Managed Security Services Provider or MSSP) to account. Responsible for supporting Security Architecture in developing their cyber technology roadmap. Responsible for supporting in Proof-of-Concept implementation, testing, analysis, and reporting. Self-skilling yourself to an appropriate technical level to perform your role and be continuous informed of evolving risks, technology trends, etc. Qualifications, Skills, and Experience Qualification and Skills: A strong technical background in IT, IoT and OT. Excellent written and verbal communication skills including the ability to be understood by both technical and non-technical personnel. Stakeholder management and interpersonal skills at both a technical and non-technical level. Ability to manage conflicting priorities and multiple tasks. Ability to lead and deliver through others. Ability to work both independently and in collaboration with international teams. Outstanding analytical, critical thinking and problem-solving skills. Customer-orientated, whether responding to queries or delivering new services. Skills in Programme and Project Management. Understanding of security principles, frameworks, and technologies Knowledge in public cloud environments, network and system security concepts. Knowledge of current cybersecurity trends, threats, and best practices. Relevant certifications such as CISSP, CISM, or SANS GIAC are highly desirable. Basic experience with programming languages such as Python, Bash, PowerShell, etc is desirable. Familiarity with various security frameworks and standards (e. g. , ISO 27001, NIST, MITRE, CIS). Experience: Previous experience in deploying Service Management models (e. g. ITIL, COBIT, CMMI, etc). Previously held a role in Security Engineering, or IT Platforms. Experience with managing cloud, on-premise, OT, and / or IoT environments A working knowledge of Cyber Security capabilities including SIEM, SOAR, CSPM, NDR, EDR / XDR, IDP, DAM, NAC, WAF, TVM, Email Security, Threat Intelligence Platforms, Security Validation Platforms, Penetration testing platforms, etc. Experience with security governance, risk, and compliance standards and requirements. Experience in developing, deploying, and maintaining security solutions. Extensive experience in providing thought leadership, and driving a complex change agenda, and an ability to challenge the status quo . Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues, and constraints of digital businesses. Behaviours Candidates would be required to demonstrate the Unilever Standards of Leadership & live the Values through showing the following behaviours: Agility - Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, has a healthy dissatisfaction with the status quo. Personal Mastery - Actively builds wellbeing and resilience in themselves and their team. Has emotional intelligence to take feedback, manage mood and motivations, and build empathy for others. Sets high standards for themselves and always brings their best self. Passion for High Performance - Inspires the energy needed to win, generating intensity and focus to motivate people to deliver results at speed. Talent Catalyst - Develops and magnifies the power of people. Creates an inclusive climate, empowering everyone to be at their best. Investing in people, coaching individuals, and teams to realise their full potential. Continually inspires powerful collaboration.

Visa is seeking a Controls Monitoring & Testing Analyst within its Technology Risk Management program to review and assess Cybersecurity and Technology risks. The candidate will perform Risk Assessments, Design Effectiveness Assessments, and Operational Effectiveness Testing for key technology threat vectors such as security configuration management, firewall configuration, application, user access management, and availability & reliability. Responsibilities include managing stakeholder engagement plans, participating in process walkthroughs, tracking/reporting deliverables, and producing high-quality work papers for all lines of defense and risk stakeholders. Additionally, the candidate will interpret data from source systems to perform statistical sampling and aggregate assessment across various risk management levers, collaborate with technology partners, and distill information into management and executive-level reporting. Key Responsibilities: Technology & Cybersecurity Controls Testing: Perform independent technology and cybersecurity controls testing. Document testing results in detailed workpapers. Prepare management reports based on testing outcomes. Communicate findings with stakeholders. Automation for Continuous Monitoring: Develop automation for continuous controls monitoring/auditing for technology and cybersecurity. Monitor the results of automated controls, perform investigation and follow-ups as needed. Risk & Control Self-Assessment (RCSA): Execute RCSA Risk Business Partner (RBP) controls quality review and sample-based testing. Conduct Key Risk Indicator (KRI) testing. Training, Metrics Alignment & Reporting: Develop and track risk management training. Align metrics with reporting dashboards. Develop reporting and stakeholder communication. Bachelor s degree with 5 years of work experience in cyber, risk controls, or equivalent. Experience with technology and cyber processes and functions (e.g., Vulnerability, Availability & Reliability Risk, Cyber Defense, Third Par

FS XSector Specialism Risk Management Level Senior Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In identity and access management at PwC, you will focus on confirming secure and efficient access to systems and data for employees and/or clients. Your work will involve the design and implementation of strategies to protect sensitive information and manage user identities. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purposeled and valuesdriven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . & Summary As a Senior Associate in Identity & Access Management, you will play a critical role in the design, implementation, and management of IAM solutions for our clients. This is a handson technical role, requiring deep expertise in IAM technologies and the ability to work closely with clients to address their security challenges. Responsibilities Key Responsibilities Assist in the design and implementation of IAM solutions tailored to client needs, focusing on identity governance, authentication, authorization, and access control. Configure and deploy IAM technologies, such as Saviynt, Okta, Microsoft Entra, 1Kosmos or similar platforms, ensuring seamless integration with existing systems. Conduct technical assessments and audits of clients IAM environments to identify vulnerabilities and areas for improvement. Collaborate with client teams to troubleshoot and resolve IAMrelated issues, providing technical support and guidance. Develop and maintain documentation for IAM processes, configurations, and best practices. Implement rolebased access controls and identity lifecycle management processes to enhance security and compliance. Support the development and execution of IAM strategies and roadmaps in alignment with business and regulatory requirements. Stay uptodate with the latest IAM trends, tools, and technologies to provide clients with innovative solutions. Contribute to the creation of technical reports and presentations for clients, articulating IAM concepts and solutions clearly. Work closely with crossfunctional teams within the firm to deliver comprehensive cybersecurity solutions. Bachelor s degree in Information Technology, Computer Science, Cybersecurity, or a related field. Relevant certifications (e.g., CISSP, CISM, or similar) are a plus. 57 years of experience in IAM, with handson experience in implementing and managing IAM technologies. Strong technical expertise in IAM platforms such as Saviynt, Okta, Microsoft Entra, 1Kosmos or other similar technologies. Proficient in identity lifecycle management, authentication protocols (e.g., SAML, OAuth, OpenID), and directory services. Strong analytical and problemsolving skills, with attention to detail and a commitment to delivering highquality work. Excellent communication skills, with the ability to work collaboratively with clients and team members. Selfmotivated and capable of working independently in a fastpaced consulting environment. Willingness to travel as required to meet client needs. Mandatory skill sets Strong technical expertise in IAM platforms such as Saviynt, Okta, Microsoft Entra, 1Kosmos or other similar technologies. Preferred skill sets Identity Access Management Years of experience required 5+ Education qualification BE Btech MBA MCA a Education Degrees/Field of Study required Master of Business Administration, Bachelor of Engineering Degrees/Field of Study preferred Required Skills IAM Tools Accepting Feedback, Accepting Feedback, Access Control Models, Access Control System, Access Management, Active Listening, Analytical Thinking, Authorization Compliance, Authorization Management Systems, Azure Active Directory, Cloud Identity and Access Management (IAM), Communication, Creativity, CyberArk Management, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Federated Identity Management, ForgeRock Identity Platform, Identity and Access Management (IAM), IdentityBased Encryption, Identity Federation, Identity Governance Framework (IGF) {+ 23 more} Travel Requirements Government Clearance Required?

. Job Description - External About the Company: At AT&T, we re connecting the world through the latest tech, top-of-the-line communications and the best in entertainment. Our groundbreaking digital solutions provide intuitive and integrated experiences for millions of customers across online, retail and care channels. Join our mission to deliver compelling communication and entertainment experiences to customers around the world as we continue to evolve as a technology-powered, human-centered organization. As part of our team, you ll transform the way we deliver a seamless customer experience with digital at the center of all you do. In our world, digital is much larger than just an eCommerce channel, we are transforming all channels to digitally perform as one team to create a better customer experience. As we move into 2024, the digital transformation will revolutionize the digital space and you can build a career that will propel your future. About the Role: This career step requires senior level experience. Responsible for cyber security areas across products, services, infrastructure, networks, and/or applications while providing protection for AT&T, our customers and our vendors/partners. Works with senior team members on various projects relating to the protection of devices, customers, assets, data, information technology, and networks. Supports innovation, strategic planning, technical proof of concepts, testing, lab work, and various other technical program management related tasks associated with the cyber security programs. The Lead Engineer in this role will have expertise in holistic enterprise Web Application Firewall (WAF) policy management, architecture, configuration, management, troubleshooting, optimization, governance, risk assessment and automation. Roles & Responsibilities include: Perform Enterprise Web Application Firewall (WAF) policy management, architecture, configuration, management, troubleshooting, optimization, governance, risk assessment and automation Perform Proxy policy operations and provide required support. End to End life cycle of Web Application Firewalls (F5, Akamai, Barracuda, Cloud) Proxy SWATs and Call to Work US off hours Perform migration of unprotected applications Perform API security (Akamai/NoName) related operations & tasks Required/Desired Skills Over 12 years of experience in Cybersecurity engineering with experience configuring, operating and managing forward and reverse proxies. Extensive experience providing SME level support in large, highly dynamic enterprise environment. Engineering, administrative, and operational experience supporting F5, Barracuda, Forcepoint, Secure Service Edge, Cloud Proxy and Cloud WAF platforms Understanding and practical experience with web applications, web platforms, application firewalls, frameworks and protocols with respect to application development, deployment, and operation including tuning of policies and signatures. Strong understanding of TCP/IP, web protocols and networking concepts Expertise with mainstream operating systems, web services, programming languages, regular expressions, analyzing log files, packet captures, network devices and attack vectors Script writing and programming using common shell and mainstream languages Senior level understanding of PKI Technology Experience exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks Understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms Lead, support and mentor team members on technical and non-technical matters as required Cyber Defense and Incident Response: Solid understanding of Incident Response process Prior experience in Cybersecurity operations and Incident Response Working level understanding of Cybersecurity operations and processes Desirable Skills: Excellent communication skills including metrics/performance documentation/presentation, technical drawing/architecture origination and modification Operates well under pressure and urgent circumstances Self-reliant and diligent in follow-through for assigned tasks Ability to work with a geographically disperse team Engaged collaborator, contributor and team player CISSP, CISM, SANS GIAC, GWEB or relevant cybersecurity Flexible to provide coverage in US morning hours on a need-basis, and as required Experience working in an environment where coordination with multiple teams is essential to success Ability to prioritize individual/group work in a high-stress and time-bound environment Location: IND:AP:Hyderabad / Argus Bldg 4f & 5f, Sattva, Knowledge City- Adm: Argus Building, Sattva, Knowledge City Job ID R-70797 Date posted 06/11/2025

We re seeking a future team member for the role of Vice President to join our Information Security team. This role is located in Pune, Maharashtra -HYBRID BNYM is seeking an initiative-taking professional to join its Cyber Security Third Party Governance (CTPG) team. The successful candidate will work in a technically diverse and dynamic environment with a team of Cyber Security professionals responsible for the assessment, analysis and governance of cyber security for third party vendors. The successful candidate will have deep technical and assessment skills to identify vendor cyber vulnerabilities that puts the BNYM at risk. The individual works closely with the Cyber TPG Security Leader, Business Sourcing Leads (BSL), enterprise sourcing, technology risk management, engagement managers, business teams and vendors on identified cyber risks in vendor environments. This requires both good oral and written communications skills and the ability to negotiate. Must be able to keep sensitive information confidential and know how to use appropriately. In this role, you ll make an impact in the following ways: Assess the cyber security risk of third party vendors with an appropriate level of detail Travel to vendor locations for on-site assessments Interface with enterprise sourcing, technology risk management, business teams and engagement management on vendor cyber security issues identified Review and challenge vendor evidence for issue closure Assist in the design and implementation Cyber TPG related processes and tools Define and create relevant metrics, presentations and reports Review the cyber related attestations by third parties such as SOC2 and ISO 27001 and report any observations for further review and tracking Review vendor risk reports created by internal and external entities for impacts to cyber security Keep up to date on the latest trends, methodologies and tools related to third party Interface with industry coalitions working on third party cybersecurity issues To be successful in this role, we re seeking the following: Bachelors degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred. Industry certifications such as CISSP or CISM a plus 17+ years of experience in cyber security related activities required Firsthand experience in performing control-level technical cyber risk assessments In-depth technical knowledge in 1-2 cyber domains Experience in the securities or financial services industry is a plus Experience in third party governance and related tools is strongly desired but not required Ability to manage multiple projects and priorities Familiarity with various global regulations and industry standards concerning cyber security Strong verbal and written communication skills

Proficient in Risk assessment and analysis methodologies Risk management software and tools proficiency Knowledge of regulatory (GDPR,PCI-DSS, Anti-Money Laundering (AML)) requirements and compliance standards. Understanding of insurance principles and coverage. Industry-specific certifications (CRISC, CISM, ISO 27001:LA) Project management expertise. A thorough understanding of: ISO 27001 (Information Security Management) NIST Cybersecurity Framework SOC 1 and SOC 2 Standards

We are seeking a passionate and proactive Security Expert to serve as the Security Lead for OCI Data Integration and Intelligent Datalake teams. We are seeking a passionate and proactive Security Expert to serve as the Security Lead for OCI Data Integration and Intelligent Datalake teams, playing a pivotal role in integrating security seamlessly across product management, development, and compliance functions. This individual will be the bridge between development, security, and compliance teams ensuring smooth alignment with security architecture standards and fostering a strong, proactive security culture across the organization. Key Responsibilities: Conduct baseline security checks, ensuring alignment with enterprise security architecture standards. Work to improve security processes, tools, and automation. Conducting vulnerability assessments, penetration tests, and security audits to identify weaknesses in applications, infrastructure, and services. Oversee exception management processes, including identifying, assessing, and documenting risk exceptions. Analyze and triage monthly security tickets including Fortify findings, third-party assessments, malware scans, and more. Contribute to PCI DSS compliance efforts, ensuring controls are in place and audit ready. Play a key role during security incidents or crises by coordinating response and communication. Work closely with developers to remediate security issues including vulnerability fixes, version updates, OS hardening, and secure coding guidance accelerating product security compliance and 3P readiness. Perform regular Security Design reviews and operational monitoring in collaboration with relevant component teams. Represent the organization in audit programs, ensuring accurate and timely evidence collection, documentation, and stakeholder engagement. Qualifications: Bachelor s degree in computer science or a related field. 10+ years of experience in application/product security, risk management, or related roles. Experience in both offensive and defensive security, particularly in web application security, cloud security, and threat modeling. Solid understanding of secure software development lifecycle (SSDLC), common vulnerabilities, and remediation strategies. Experience with tools such as Fortify, SAST/DAST scanners, malware scanners, and ticketing platforms. Knowledge of industry frameworks. Strong collaboration and communication skills; able to work effectively across engineering, compliance, and security teams. Security certifications (e.g., CISSP, CISM). Familiarity with audit and compliance program management.

Stefanini is a leading provider of cybersecurity solutions committed to protecting our clients from digital threats and ensuring the safety of their data. As our SOC Manager, you will be pivotal in leading our Security Operations Center and driving various specialized squads to enhance our security operations. You will be at the forefront of our security initiatives, safeguarding our clients most valuable asset-their data. Position Summary The SOC Manager will oversee the day-to-day operations of the Security Operations Center, ensuring effective monitoring, detection, and response to security incidents. This role includes managing a comprehensive suite of cybersecurity services, including Managed Detection and Response (MDR), SOC as a Service, CISO Advisory, SOC Advisory, Brand Protection & External Data Leakage, Attack Surface & Vulnerability Management, and Insider Threat Detection. The SOC Manager will also be responsible for SOC gamification and executing strategic squad lab research and development. Key Responsibilities Lead and Manage the SOC Team Supervise and mentor a team of Tier-1 through Tier-3 Security Analysts and Engineers, providing guidance, training, and performance evaluations to ensure effective team management and leadership. Deployment and Oversight Oversee the deployment, configuration, and delivery of core cybersecurity services, ensuring their effective integration and operation within the SOC. Incident Response Manage the detection, investigation, and resolution of security incidents. Coordinate with other departments to mitigate and recover from security breaches. Toolset Management Ensure the effective deployment and use of cybersecurity tools and platforms, including SIEM, endpoint protection, vulnerability assessment tools, and threat intelligence feeds, and integration of Stefaninis SAI Cyber Hub platform. Security Monitoring Continuously monitor security systems and alerts to identify and respond to potential threats, utilizing the full range of managed services. Policy and Procedure Development Develop and maintain SOC policies, procedures, and playbooks to ensure a standardized approach to security operations and consistent service delivery. Reporting and Metrics Generate regular reports on security incidents, team performance, and SOC activities, providing insights and recommendations for improvements across all service areas. Stakeholder Communication Liaison between the SOC and other business units, ensuring clear communication of security issues and their impact and the status and performance of the deployed services. Continuous Improvement Stay current with the latest cybersecurity trends and technologies. Implement best practices and innovative solutions to enhance the SOCs capabilities and service offerings. SOC Gamification Oversight Implement and oversee SOC gamification strategies to enhance team engagement, motivation, and continuous skill development. Track and report on gamification metrics and progress. Strategic Squad Lab R&D Execute and manage the day-to-day operations of strategic squad lab research and development initiatives as directed by the Head of Cybersecurity. Ensure alignment with overall security objectives and innovation goals. Job Requirements Details Required Skills and Qualifications Experience At least 5 years in a service delivery role, with at least 7 years in a SOC management position. Education A Bachelors or Masters degree in Computer Science, Information Security, or a related field is highly desirable. Relevant certifications such as CISSP, CISM, or CEH are also highly desirable. Technical Proficiency In-depth knowledge of SIEM systems, endpoint security solutions, vulnerability management tools, threat intelligence platforms, incident ticketing systems, knowledge management systems, access management solutions, and asset management tools. Leadership Skills Proven ability to lead, manage, and motivate a team of security professionals. Analytical Skills Strong problem-solving and analytical skills, with the ability to think critically and make informed decisions under pressure. Communication Skills Excellent verbal and written communication skills, with the ability to convey complex security concepts to non-technical stakeholders. Attention to Detail High level of accuracy and attention to detail in all aspects of work. Adaptability Ability to work in a fast-paced, dynamic environment and adapt to changing priorities and technologies. IAM Policies and Procedures Knowledge Proficient in developing, implementing, and managing policies and procedures related to Identity and Access Management. Cloud Experience Experience with AWS, Azure, or Google Cloud, along with automation capabilities. Data Security Solid understanding of data security principles. Generative AI Experience Experience with generative AI is a plus. Preferred Qualifications Certifications CISSP, CISM, CEH, or equivalent certifications. Compliance Experience Familiarity with industry standards and regulations such as NIST 2.0, ISO 27001, NIST 800-53, NIST 800-171, HIPAA, and PCI-DSS.

Why join usDiversity, Equality and Inclusion at DWF Nurturing talent is very important to us. We are committed to equal opportunities in all areas of work and business. We want people to achieve their best, which will positively impact on our clients and communities in which we live and work. At DWF, we empower people to be themselves within an inclusive and supportive environment, enabling everyone to achieve their full potential in line with their abilities and career aspirations. Responsibilities Key Responsibilities Technical Leadership Management: Provide strong technical leadership to a team of threat hunters, digital forensics experts, and incident responders. Foster a culture of continuous learning, collaboration, and excellence within the SOC team. Ensure the team is well-trained, motivated, and following best practices for security operations. Threat Hunting Intelligence: Oversee the development of proactive threat hunting strategies to identify unknown or evasive threats that may bypass traditional security measures. Gather and analyze threat intelligence from diverse sources to anticipate emerging attacks and hunt for indicators of compromise before they cause harm. Leverage advanced tools and DWF Group - Confidential Data methodologies to continuously search for signs of malicious activity within the network. Incident Response Investigation: Lead the end-to-end incident management process - from detection and containment to eradication and recovery. When security incidents occur, coordinate the team s rapid response to minimize impact and restore operations swiftly. Conduct in-depth investigations of incidents to determine the extent of compromise, root causes, and attack vectors. Guide the team in following incident response playbooks and adapt tactics as needed for complex or novel attacks. Digital Forensics Evidence Handling: Provide expert direction in digital forensics during incident investigations. Ensure that the team properly collects, preserves, and analyzes electronic evidence from affected systems in accordance with legal and regulatory standards. Utilize forensic tools and techniques to uncover artifacts of malicious activity (e.g., malware traces, log data, compromised accounts) and build a clear timeline of events. Maintain chain-of-custody and documentation of evidence for potential legal proceedings or regulatory inquiries, upholding the integrity of the data collected. Reporting Documentation: Prepare comprehensive incident investigation reports detailing the findings, actions taken, and remediation recommendations for each significant incident. Communicate incident status and post-incident analysis to both technical teams and non-technical stakeholders (such as executives or client representatives) in a clear and concise manner. Log all incidents and near-misses in our tracking systems, and use this data to identify trends or recurring issues that can inform improvements in security controls. Cross-Functional Collaboration: Collaborate closely with other teams - including IT infrastructure, applications, compliance, and the broader risk management group - to proactively mitigate risks and respond to incidents. Provide security expertise and actionable recommendations to these teams (for example, advising on patching critical vulnerabilities or improving access controls) to prevent incidents. Work with the Legal and Compliance departments to ensure that incident response and reporting processes meet all legal, regulatory, and client requirements (e.g., breach notifications, evidence handling standards). Serve as an escalation point and subject matter expert for security issues that involve multiple departments or complex technical challenges. Continuous Improvement Strategy: Keep abreast of the latest threat landscape trends, attacker techniques, and vulnerabilities. Continuously update the team s techniques and tools to address new threats. Refine and DWF Group - Confidential Data evolve the SOC s standard operating procedures, playbooks, and response strategies based on lessons learned from incidents and changes in the business. Establish metrics and KPIs (such as incident response times, threat detection rates, etc.) to measure the team s performance and drive improvements. Develop security policies and procedures in line with industry best practices and the firm s needs, and ensure the team and relevant stakeholders are trained on them. MA Security Integration: Support the security aspects of mergers and acquisitions activities. When the firm acquires or merges with other organizations, assess the acquired company s security posture and lead efforts to integrate its IT systems and data safely into our environment. Identify any inherited vulnerabilities or threats during the acquisition process and advise on remediation. This may involve conducting cybersecurity due diligence, aligning disparate security tools or protocols, and establishing unified security standards across the merged entities. Ensure that sensitive data is protected throughout the transition and that the combined operations adhere to our security and compliance requirements. Escalation Incident Command: Serve as the incident commander during critical security events. Provide clear direction to responders, allocate resources, and make quick decisions to contain threats. Act as the primary point of contact for major incidents, briefing senior management and, when appropriate, coordinating with external parties such as cybersecurity consultants, law enforcement, or regulatory bodies. After resolution, conduct thorough post-incident reviews with the team to identify lessons learned and drive process improvements to prevent similar incidents in the future What will help you succeed in this roleQualifications and Experience Education Certifications: Bachelor s degree in Information Security, Computer Science, or a related field (or equivalent experience). While formal education is valued, hands-on experience is paramount. Relevant industry certifications such as GIAC (e.g., GCIH), CISM, or other cybersecurity credentials are highly desirable (nice-to-have) but not mandatory. Experience: Proven experience in cybersecurity with a focus on threat hunting, digital forensics, and incident response (approximately 3+ years overall is preferred). Within this, at least 2 years in a technical lead or managerial role overseeing security operations or incident response teams. Demonstrated history of handling complex security incidents and driving them to resolution. Experience in the legal industry or other highly regulated environments is a DWF Group - Confidential Data plus, as is experience supporting cybersecurity during mergers and acquisitions (e.g., performing security due diligence or integrating acquired IT environments). Technical Expertise: Deep knowledge of security operations technologies and practices. This includes hands-on familiarity with SIEM tools, intrusion detection/prevention systems, EDR (Endpoint Detection and Response), and other threat detection platforms. Strong understanding of malware analysis techniques, network security, and incident analysis methodologies. Experience with digital forensic tools (for disk, memory, and network forensics) and analyzing system log data to identify anomalies. Up-to-date with current threat intel feeds, TTPs (tactics, techniques, and procedures) of attackers, and vulnerability assessment practices. Ability to script or use automation for incident response is an advantage. Technical Leadership Communication Skills: Outstanding technical leadership abilities with a proven track record of building and guiding highperforming teams. Able to mentor and develop junior analysts, and manage teams across different locations. Excellent communication skills, both written and verbal. Capable of conveying technical findings and security concepts in clear, non-technical language to inform lawyers, executives, or clients as needed. Strong collaboration skills to work with cross-functional teams and influence others to prioritize security. Calm under pressure, with the ability to make sound decisions during high-stress incident scenarios. Knowledge of Legal/Regulatory Frameworks: Solid understanding of the legal and regulatory requirements surrounding cybersecurity in an international context. Familiarity with data protection laws and breach notification regulations is expected - for example, understanding GDPR obligations for handling EU personal data and reporting breaches. Knowledge of standards and frameworks such as ISO 27001, NIST, or ITIL incident management processes is beneficial. An appreciation for the ethical duty of confidentiality in the legal profession and how it impacts information security (e.g. protecting attorney-client privileged data) is important. Problem-Solving Ethics: Strong analytical and problem-solving skills, with a talent for troubleshooting complex security problems and identifying innovative solutions. High degree of professional integrity, ethical conduct, and commitment to maintaining the confidentiality of sensitive information at all times. A proactive mindset with passion for staying ahead of cyber threats and continuously improving security practices What we offerAt DWF, we deeply appreciate the significance of offering a comprehensive rewards package that extends beyond a basic salary. Our commitment is to ensure that each member of our team not only feels valued but is also duly rewarded throughout their tenure with us. Upon joining our organisation, you will have the opportunity to select from a diverse array of benefits, allowing you to carefully tailor a package that perfectly aligns with your individual needs and those of your family. In addition to our standard benefits, we offer a wide range of flexible benefits and robust well-being programs. Our recruitment process upholds the highest standards of fairness and engagement. It includes comprehensive interviews and, at times, a written assessment, an assessment day, or presentation. We aim to create a positive experience for all candidates and offer any adjustments or additional support. About us DWF is a global legal business providing Complex, Managed and Connected Services. We empower people to be themselves within an inclusive and supportive environment, enabling everyone to achieve their full potential in line with their abilities and career aspirations.

Position: Cyber Security Engineer Experience: 3 to 4 Yrs Location: Noida Education: B.E./ B.Tech. MCA Mandatory Skills Candidate Profile Must have experience in Governance - Security Operational Tasks support governance. Compliance and Risk Management. Vulnerability Management - vulnerability (infra and app) scans and remediation plans SMP (Security Management Plan) - preparing, reviewing and managing Authorisation management - should have managed the accounts controls in the Infra scope Security Patch management - end-to-end coordination and implementation Security product management - Antivirus Management, like TrendMicro, Defender, etc... Security incident management - Managing the end-to-end security incident lifecycle with corrective measures Audit support - support auditors mandate on the security system and artefacts Mitigation - thinking analytically and executing efficiently. Analyse and optimise orchestration and automation between security tools Vendor Management, Collaboration, Facilitation - Excellent customer-facing skills and significant experience building strong client relationships Communication Skills - Communicate security and technology needs effectively Security Reporting, Meetings Communication - Prepare and develop security report as contractually required, attend client and Sopra Steria meetings to provide security expertise and advice Certification: CISM ISO 27001 certification is a must

Conduct comprehensive IT audits to evaluate the effectiveness and efficiency of IT systems and processes. Assess and document IT Governance, Risks and Compliance's vulnerabilities and control deficiencies. Ensure compliance with RBI guidelines and industry standards (e.g., ISO 27001, NIST, COBIT, COSO). Develop and implement audit plans and methodologies. Review and analyze evidence, document audit findings, and propose practical solutions. Collaborate with IT and business teams to improve IT governance and control frameworks. Prepare detailed audit reports and present findings to senior management. Rigor in tracking and follow-up of IS audit open points on the implementation of audit recommendations. Evaluate and test IT General Controls (ITGCs), automated controls, and key reports. Participate in risk assessments and design audit programs. Review regulatory submissions and ensure timely and accurate documentation. Perform IT vendor audits and assist in IT Governance audits. Stay updated on industry trends, emerging threats, and regulatory changes. Required Qualifications, Capabilities, and Skills: A bachelor's or masters degree in computer science, Information Technology, or Engineering, with at least 5 years of experience in IT Technical and Process Audit, along with at least one industry-recognized certification such as CISA, CRISC, or CISM. Strong understanding of RBI guidelines for NBFCs. Knowledge of Governance, Risk & Compliance function, Software development processes, IT systems, Network architecture, Databases, and Cybersecurity measures. Extensive knowledge of industry security frameworks (e.g., NIST, CIS) and ISO 27001/2 standards. Proven experience in implementing or testing IT General Controls. Basic understanding of AI-ML models, their risks, and audit testing procedures. Excellent verbal and written communication skills to effectively present audit findings and recommendations. Ability to analyze complex data, identify risks, and provide actionable recommendations. Experience in identifying and evaluating IT risks and developing mitigation strategies. Ability to identify issues and develop practical solutions. Experience in planning and managing audit projects to ensure timely completion. Meticulous in documenting audit processes and findings. Ability to work effectively with cross-functional teams and stakeholders. Capable of managing multiple audits simultaneously and meeting deadlines in a dynamic, fast-paced environment. Highly motivated, enthusiastic, performs well under pressure, and takes personal responsibility and accountability. Upholds the highest standards of professionalism, integrity, and ethical conduct.

Area Head IT Security Specialist Analyst Engineer: About Company: CMR Green Technologies Limited is Indias largest producer of Aluminium and Zinc die-casting alloys with a combined annual capacity of over approx 4, 18, 000 MT per annum. Since its inception in 2006, it has maintained its fast-paced growth by leveraging latest technology and continuous improvement. CMR, which recycles aluminium scrap to make alloy, has 28-30 percent market share in India and is nearly three times larger than its nearest competitor. We are having strong presence at PAN India level (North, West & South) with 13 manufacturing units, 5000 strong workforce and supplies to major automotive industry in India including tier one OEMs like Maruti Suzuki , Honda Cars , Bajaj Auto , Hero MotoCorp and Royal Enfield Motors. We are seeking a skilled IT Security Specialist/Analyst/Engineer to join our IT team. In this role, you will be responsible for protecting our organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. You will work closely with IT and other departments to identify and mitigate IT security risks, ensuring that our systems and data remain secure. Position: Area Head IT Security Specialist/Analyst/Engineer Job Band/ Designation: B/ Dy. Manager/ Manager/ Sr. Manager No. of Post: 01 Department: Information Technology Reporting to: Chief Information Officer Qualifications: Essential: B.E./ B Tech / Bachelors degree in Computer Science, Information Technology, or related field . Desirable:- Relevant certifications (e.g., CISSP, CISM, CEH) are a plus. Experience: Proven 7-12 years of experience as an IT Security Specialist/Analyst/Engineer or similar role. Job Responsibilities: 1.Develop and enforce policies and procedures for data security, network access, and backup systems. 2.Identify vulnerabilities within our network and propose and implement security enhancements. 3.Coordinate with internal and external stakeholders to monitor network traffic for suspicious behavior. 4.Conduct regular system audits and manage the response to security incidents. 5.Lead cybersecurity awareness training for all staff. 6.Lead ISO 27001 certification for the organization 7.Stay up to date with the latest security systems, standards, authentication protocols, and products. 8.Create budget for security software and hardware and take buy-in from stakeholders. 9.Ensure compliance with the relevant laws and regulations regarding information security and privacy. functional competencies: Strong understanding of firewalls, VPNs, Data Loss Prevention, IDS/IPS, Web-Proxy, Zero Trust, DPDP Act, VAPT and Security Audits. CISSP certification is preferred. Experience with incident detection, incident response, and forensics. Key Personality Attributes: Effective Communication Knowledge sharing and learning. Execution Excellence General: Age -25-35 years. CTC 10 LPA-15 LPA approx. CTC is not a constraint for suitable candidate. Candidate should not be frequent job changer. Notice Period - Joining period Max 30 Days. We can buy notice period, if required Interested candidate those who are matching with our required, only can apply for the position. Location: Corporate office:-7th Floor, Tower 2, L & T Business Park, 12/4 Delhi Mathura Road (Near Delhi Badarpur Border) Faridabad, Haryana, 121003.

Eviden, part of the Atos Group, with an annual revenue of circa " 5 billion is a global leader in data-driven, trusted and sustainable digital transformation. As a next generation digital business with worldwide leading positions in digital, cloud, data, advanced computing and security, it brings deep expertise for all industries in more than 47 countries. By uniting unique high-end technologies across the full digital continuum with 47,000 world-class talents, Eviden expands the possibilities of data and technology, now and for generations to come. RoleGRC Consultant Location: Bangalore (JP Nagar), Navi Mumbai (Mahape) Experience: 3+ years Highest Qualification: Any Full Time Graduate Note: Hands on experience in ISO 27001 Implementation is mandatory for this role Experienced in managing cyber security services like Cyber Risk & Compliance consulting. Experience in setting up end to end Cyber Security frameworks, Compliance Standard implementation, including knowledge in testing (VAPT, Web & mobiles appsec, secure code review) Should be adept at conducting gap analysis, risk assessments, Impact assessments, governance and strategy development, Have worked with organizations to develop and implement various industry security standards like, IS0 27001, ISO 20000, PCI DSS, SOC2, GDPR, Privacy standards etc... Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Specific Duties and Responsibilities Include: To manage cyber security projects across EMEA region for cyber security services like Cyber security testing & cyber consulting Maintaining margins Business development like having presales discussions with various teams Assist in Business development of various security standards Must Have Skills: Excellent communication and presentation skills. Able to effectively interact with various clients/sales teams and manage clients Good to have Skills / CertificationISO27001:2013 Lead Auditor CISSP, CISA, CISM, ISO22301, OSCP, CEH, SANS, Cloud certifications, Privacy certifications like CIPP/E, CIPM Qualification: BE/ BTech, MCA, MBA with specialization in Information Security

We have a team of security compliance leaders overseeing solutions for this complex environment, collaborating with security architects and Cloud DevOps teams internally and around IBM. The security compliance leader’s role is to determine the secure operation of the all computer systems, servers, and network connections in accordance with our policies, procedures, and compliance requirements. A security compliance leader in our team will participate in some or all of the following: Providing subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA Having the ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Interpreting standards, requirements, and their application to the enterprise Cloud environment in the most reasonable and cost-effective manner Developing, implementing, maintaining, and overseeing enforcement of security policies Collaborating with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements. Defining the requirements and validating the procedures and audit testing methodology Conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. Working with the DevOps teams to prepare ongoing client reporting, information for prospective clients, and marketing materials Providing training to teams as needed Assisting team members and internal clients in addressing highly complex security issues applicable to enterprise environment Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Minimum of 12 years of relevant compliance experience and cybersecurity knowledge Compliance leaders do not require dev experience, but it is an advantage. 10+ years of security compliance audit experience is a must Ability to utilize working knowledge of information security best practices such asNIST 800 series, ISO 27000 series, GDPR, etc Experience with compliance programs such as FFIEC or FedRAMP/ FISMA, HIPAA, GDPR, SOC 2, or PCI Experience in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology Ability to understand enterprise business computing operations/requirements, and in particular, Cloud Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Job Title - Network & Cloud Manager, Level:Manager, Entity:CF Management Level:Manager Location:Bangalore or Any location Must have skills: Strong experience in cloud security (AWS, Azure, or GCP) IAM, key management, logging, hardening. Solid foundation in network security firewalls, VPNs, SD-WAN, NAC, segmentation. Practical knowledge of security frameworks ISO 27001, NIST, CIS Controls. Project management expertise planning, risk tracking, stakeholder coordination. Strong written and verbal communication skills for reporting and presentations. Good to have skills: Job Summary : Were looking for an experienced professional to lead Information Security initiatives while also overseeing the project management of key security programs and risk initiatives. This role requires a strong understanding of cybersecurity principles, regulatory frameworks, and the ability to drive structured project execution across teams and departments. Youll be responsible for aligning our security efforts with business goals, ensuring compliance, managing risks, and driving the successful rollout of enterprise security programs. You'll work closely with cross-functional teams to deliver secure, scalable, and efficient solutions, while also ensuring projects stay on track and align with business goals. If you enjoy combining hands-on tech work with planning, process, and team leadership, this might be the right fit for you Roles & Responsibilities: Lead and manage security-related projects, ensuring alignment with business priorities and timelines. Own project delivery from initiation to closure planning, scheduling, resourcing, and reporting. Develop and manage documentation, dashboards, and executive reporting for security programs. Stay up to date with industry trends, emerging technologies, and best practices. Professional & Technical Skills: Cloud Security: AWS/Azure/GCP security services (IAM, KMS, GuardDuty, Security Center, etc.) Network Security :Firewalls (e.g., Palo Alto, Fortinet), VPNs, SD-WAN, NAC, IDS/IPS. Communication: Strong documentation, reporting, and executive presentation skills. Certifications (preferred): CISSP, CISM, CCSP, AWS Security Specialty, Azure Security Engineer, PMP Additional Information: This is a strategic yet hands-on role requiring a blend of security expertise and project execution. The position involves working with multiple internal and external stakeholders, including auditors and technology teams. Flexibility is available for remote, or hybrid work arrangements based on business needs. Opportunities for career growth in cybersecurity leadership and program management are significant. About Our Company | AccentureQualification Experience: 812 years of relevant experience in network and/or cloud security roles Minimum 35 years of experience managing security-related projects Ability to work across teams and manage deliverables in matrix environments A strategic yet practical approach to solving security and governance challenges Ability to stay current on emerging threats, technologies, and best practices Educational Qualification: Bachelors Degree in Engineering B.Tech / B.E in Computer Science, Information Technology, Electronics & Communication, or a related field. Preferred :Certifications such as AWS Certified Solutions Architect, Microsoft Certified:Azure Administrator, CCNP, CISSP, CISM, or other relevant cloud and security certifications.

Job Title: Client Data Protection Opportunity Support (CDPOS) Specialist + Level 09/10 + CF Location: India Management Level: 09 Specialist/10 Senior Analyst Must have skill :Information Security process and procedures As part of the CDPOS Client Response team, the CDPOS RFP Specialist is primarily responsible for supporting Accenture business development teams to respond to a) client Information Security (IS) and Vendor questionnaires (which are commonly issued as part of Request for Proposal (RFP) process), b) reviewing client Information Security policies / standards, c) completing client Risk Management market surveys, and d) supporting IS and DP conversations with both Client and Accenture Account teams. The role sits within the pre-contract, business development space interfacing with multiple stakeholders common to the contract development process (Solution Architects, Legal, Contract Management and Security leads). The Specialist will act as an Information Security Subject Matter Expert who will support multiple Accenture business development teams (operating across multiple countries) to respond to client information security and data privacy requests related to Accenture IS policies / standards / processes and recognized security frameworks. Key Responsibilities: Respond to client security questionnaires and management market surveys Liaise with account business development team, IT and technical teams to understand specific client security requirements set out in security questionnaire / market survey and determine appropriate responses that meet both client technical requirements and Accenture Information Security standards. Agree a project schedule to respond to requirements and communicate progress with key stakeholders. Perform quality checks on final information security submission Participate in client meetings focused on Information Security controls (if required) Establish and maintain effective working relationships across multiple stakeholders who interact with the Accenture business development process - account management, business development, technical / solution leads, Information Security, Legal and Finance representatives Contribute to the creation of high-quality and reusable IS solutions by updating the CDPOS RFP database with new information security related proposal data (new product release documents / new responses created / changes to Accenture IS Standards & Policies and other Accenture wide developments) Continually build own knowledge on the features of Accenture products, IS practice, services and commonly used IT concepts to respond to client and account questions that are technical in nature Skills and Experience: Possess an understanding and awareness of typical information security framework and common information security standards Demonstrate working knowledge of the Accenture business development process (with practical experience working with stakeholders in the process being an advantage) Be comfortable challenging account executives who are most commonly above peer group - influencing executive decisions and addressing conflicts and challenges Developed an appreciation of Information security best practices, auditing, and overall risk management Possess strong organizational skills with the ability to handle multiple work activities under tight, short-term deadlines (whilst meeting account and qualitative expectations) Demonstrate effective prioritization and time management capability Achieved work experience assessing and implementing information security and data protection controls Strong relationship development skills with an ability to influence and interact with organizational leadership and account executive across multiple countries Preferably hold at least one recognized security certification such as ISO 27001 LA, CISSP, CISA, CISM or CRISC Demonstrate good verbal and written communication skills Possess a good knowledge of MS Office applications (Excel, Word, Power Point) About Our Company | AccentureQualification Good to have skill: Overview on ITIL Experience: Minimum of 1yr

Grade HResponsible for supporting information security and risk activities for the specialism, using sound technical capabilities to review and adjust information security processes, supporting the delivery of security solutions, recommending improvements to security strategies and managing external service providers, as required. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security. Entity: Technology ITS Group You will work with This team is responsible for response and management of cyber incidents, utilizing an intelligence-led approach for identification, mitigation, and rapid response to safeguard bp on a global scale. By applying lessons learned and data analytics, they establish engineering principles and enhance the technology stack to continuously bolster bps cybersecurity posture. Let me tell you about the role We are looking for an Information Security Engineering Specialist with great knowledge in security fundamentals and is eager to apply them in complex environments. In this role, you will assist in implementing security controls, executing vulnerability assessments, and supporting automation initiatives. This position will have an emphasis in one or more of the following areas - cloud security; infrastructure security; and/or data security. You will have an opportunity to learn and grow under the mentorship of senior engineers, while also contributing to critical security tasks that keep our organization safe. What you will deliver Define security policies that can be used to improve our cloud, infrastructure or data security posture. Integrate our vulnerability assessment tooling into our environments, to provide continuous scans, uncovering vulnerabilities, misconfiguration or potential security gaps. Work with engineering teams to support the remediation and validation of vulnerability mitigations and fixes. Integrate security validations into continuous integration/continuous deliver (CI/CD) pipelines and develop scripts to automate security tasks. Maintain clear, detailed documentation of security procedures and policies, including how to embed and measure security on our cloud, infrastructure or data environments. What you will need to be successful (experience and qualifications) Seasoned security professional with 3+ years delivering security engineering services and/or building security solutions within a complex organization. Practical experience designing, planning, productizing, maintaining and documenting reliable and scalable data, infrastructure, cloud and/or platform solutions in complex environments. Firm foundation of information and cyber security principles and standard processes. Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus. Development experience in one or more object-oriented programming languages (e.g., Python, Scala, Java, C#) and/or cloud environments (including AWS, Azure, Alibaba, etc.) Exposure/experience with full stack development. Experience with security tooling (vulnerability scanners, CNAPP, Endpoint and/or DLP) and automation and scription for security tasks (e.g., CI/CD integration). Familiarity with basic security frameworks such as NIST CSF, NIST 800-53, ISO 27001, etc. Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX) Continuous learning and improvement approach. About bp bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future! We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Travel Requirement Up to 10% travel should be expected with this role Relocation Assistance: This role is eligible for relocation within country Remote Type: This position is a hybrid of office/remote working Skills:

IT Operations Engineer - Security Chennai, Tamil Nadu, India Apply now Share Company Overview At Zuora, we do Modern Business . We re helping people subscribe to new ways of doing business that are better for people, companies and ultimately the planet. It s an approach resulting from the shift to the Subscription Economy that puts customers first by building recurring relationships instead of one-time product sales and focuses on sustainable growth. Through our leading expertise and multi-product suite, we are transforming all industries and working with the world s most innovative companies to monetize new business models, nurture subscriber relationships and optimize their digital experiences. The Team & Role The IT Security Operations team at Zuora is responsible for safeguarding digital assets, defending against cyber threats, and maintaining the confidentiality, integrity, and availability of information systems. The team implements a comprehensive framework of policies, technologies, and procedures to identify, assess, and mitigate security risks across Z s infrastructure, networks, applications, and endpoints. Role: Monitor, Detect and Respond to alerts generated by security controls as part of IT Security operations team Security Incident Response, Containment and Remediation handling. Analyze, document and report on potential security incidents and perform Threat Hunting for business critical environments Collaborating with cross-functional teams to address and resolve vulnerabilities detected within the environment. This is a hybrid position, so you ll work both remotely and in the office. Whenever it is required the engineer should be working from the office Our Tech Stack: Rapid7, Zscaler, CrowdStrike, AWS , WIZ, GCP, HP Aruba, Palo Alto, What you ll do Evaluate, implement, and configure security tools and platforms (e.g., SIEM, EDR, NDR, SOAR) to enhance detection, monitoring, and response capabilities. Familiarity with cloud security (AWS, Azure, GCP), endpoint protection, and network security best practices. Design and implement robust detection and response strategies to identify and mitigate cyber threats. Conduct threat hunting activities and provide recommendations for improving detection capabilities. Deploy and integrate security tools and frameworks into the existing environment. Conduct security assessments, gap analyses, and vulnerability assessments to identify security risks and recommend solutions. Design and implement automation solutions for security operations, incident response, and monitoring processes (e.g., using SOAR tools or custom scripts). Create playbooks, automated workflows, and integration strategies to reduce response time and increase operational efficiency. Provide expert guidance and hands-on support for security incident response efforts, from detection to containment and recovery. Your experience 2-6 years of security experience, specifically on SIEM/ SOC operations. Strong understanding of Network Security, System Security, Web application security, End-point Security including hands-on exploitation skills coupled with defensive skills. Familiarity with infrastructure and systems security domains and automation. Ability to explain complex security issues and their impact to diverse audiences. Be a fast learner and have experience partnering with cross-functional teams. Strong communication and interpersonal skills, with the ability to explain complex technical concepts to nontechnical stakeholders. BA/BSc in Computer Science or similar technical degree or equivalent experience Nice to haves: Industry certifications such as Certified SOC Analyst (CSA), CISM,CISSP or similar are preferred. Additional certifications in security automation (e.g., SOAR tools) or specific technologies like Rapid7, Zscaler, CrowdStrike, Palo Alto are a plus. #ZEOLife at Zuora As an industry pioneer, our work is constantly evolving and challenging us in new ways that require us to think differently, iterate often and learn constantly it s exciting. Our people, whom we refer to as ZEOs are empowered to take on a mindset of ownership and make a bigger impact here. Our teams collaborate deeply, exchange different ideas openly and together we re making what s next possible for our customers, community and the world. As part of our commitment to building an inclusive, high-performance culture where ZEOs feel inspired, connected and valued, we support ZEOs with: Competitive compensation, variable bonus and performance reward opportunities, and retirement programs Medical, dental and vision insurance Generous, flexible time off Paid holidays, wellness days and company wide end of year break 6 months fully paid parental leave Learning & Development stipend Opportunities to volunteer and give back, including charitable donation match Free resources and support for your mental wellbeing Specific benefits offerings may vary by country and can be viewed in more detail during your interview process. Location & Work Arrangements Organizations and teams at Zuora are empowered to design efficient and flexible ways of working, being intentional about scheduling, communication, and collaboration strategies that help us achieve our best results. In our dynamic, globally distributed company, this means balancing flexibility and responsibility flexibility to live our lives to the fullest, and responsibility to each other, to our customers, and to our shareholders. For most roles, we offer the flexibility to work both remotely and at Zuora offices. Our Commitment to an Inclusive Workplace Think, be and do you! At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all. Zuora does not discriminate on the basis of, and considers individuals seeking employment with Zuora without regards to, race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance(at)zuora.com. Apply now Let s do this. You re unique and we re on a journey so let s embark on a unique journey together. We encourage you to apply to all roles that utilize your skills and ignite the passion within you. No matter where you re located, or which team you work on, you ll be part of a group of people working together to build a better world: The World Subscribed. Go ahead and apply! Internal Job Opportunities Are you a current ZEO looking to take on new challenges? If so, check out our internal job openings on our internal job board .

Cyber Security Director - HIH - Evernorth About Evernorth: Evernorth Health Services, a division of The Cigna Group (NYSE: CI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people. Role Title: Cyber Security Director Position Summary: The Cigna Information Protection, Head of Security is a key leadership business facing position with primary focus is to act as conduit between the Cigna Information Protection organizational goals and business line interests. Acting as the primary delegate for the business line Chief Information Security Officer, you will oversee the development and execution of the Cyber / Information Security Strategy at a granular level. Strategically you will be responsible for delivery of the last mile execution of all Cigna Information Protection global Shared Services, developing and measuring capabilities whilst running subsequent risk mitigation Cyber Information Security Management programs. Being the local evangelist and expert, you will focus on local stakeholder business management and also wider stakeholders such as regulators, clients and external parties. Job Description Responsibilities: Manage all external local client and regularity engagements, including fielding queries, regulatory compliance submissions in conjunction with matrix Cigna Information Protection Shared Service Partners and governance stakeholders, legal, compliance and data privacy. Lead localized Controls Assurance activities, define and track effectively control testing and remediation risks for local business line. Coordinate Shared Service benchmarking exercises (NIST etc.) using Cigna Information Protection standards. Leverage the Enterprise Risk Management framework, perform focused localized risk assessments of existing or new services and technologies in line with policies and standards, and manage the risk exceptions process. Develop residual risk registers and integrate into Shared Service Integrated Risk Management Framework. Coordinate the local delivery of global Cyber Privacy portfolio risk mitigation projects and programs into business line / region. Conversely feed the portfolio by registering local business line residual risk outputs driving controls mitigation activity. Evolve Cigna Information Protection security policies and processes, aligning to local business requirements and operate the policy exceptions management process. Coordinate security education awareness initiatives in line with policy framework, integrate with the Shared Service overall thematic awareness program. Partner with business line / regional CIOs and technology stakeholders to educate and integrate risk management activities in first and second line of defense governance. Coordinate with Shared Services to provide localized risk and vulnerability management information and reporting and embed Cyber / Information Security into business operational governance forums enabling data driven decision making. Develop organizational wide Cyber / Information Security risk views by collaborating with internal control groups e.g. Audit, Compliance, Enterprise Risk Management, Legal and Privacy. Liaise across Legal, Privacy and Sourcing teams to manage 3rd party risks. Conduct 3rd Party Assessments, including evaluations, contract reviews and onsite visit where appropriate. Embed secure development practices, working with local business and technology teams to implement enterprise tooling and processes to ensure secure code implementation. Embed risk management practices into Agile / DevSecOps pipelines to minimizing production vulnerabilities. Run localized Infrastructure, Application and Cloud evaluations / assessments against agreed security patterns and pre-production scanning processes to reduce production vulnerabilities. Integrate residual risk outputs in local and Shared Services governance. Champion local incident responses handling processes, provide business context and local expertise in incident scenarios. Coordinate with Shared Service owner to manage local incident management post mortem activities and track residual findings to resolution. Maintain and manage local regulatory incident response reporting requirements. Engage with Shared Services to carry out forensics security investigations work integrating processes with business and legal / compliance stakeholders. Partner with Global Architecture Shared Services organizations to implement standard security solutions and capabilities, providing expert change solution design in local business line. Conversely feed global Architecture roadmaps by capturing local requirements. Support business line mergers, acquisitions and divestiture activities in line with the Shared Services playbook designed to reduce change risk. Lead local business Cigna Information Protection teams as well as matrix manage Shared Services peers. Ensure in person employee engagement by motivating team, running personalized development programs, and creating an empowering culture aligned with Cigna values. Experience Required: Minimum 18-21 years of Information Security / Cyber or related risk management experience. Experience Desired: Experience leading teams of over 125-150 employees Experience within the Healthcare, Insurance or Financial Services industry preferred. Education and Training Required: CISSP or other security related certification preferred (CISM / CISM etc.) Primary Skills: Implementation level knowledge of information security standards and frameworks (e.g. ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) and attestation reports (e.g. SOC 1/2). Awareness of Governance, Risk and Compliance and workflow management tools, e.g. Onspring, ServiceNow VR, Brinqa etc. Additional Skills: Ability to translate information security and technical controls into business terms that are easily understood. About Evernorth Health Services