541 Cism Jobs - Page 2

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Governance Good to have skills : Security Architecture DesignMinimum 7.5 year(s) of experience is required Educational Qualification : BTECH Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:- Expected to be an SME- Collaborate and manage the team to perform- Responsible for team decisions- Engage with multiple teams and contribute on key decisions- Provide solutions to problems for their immediate team and across multiple teams- Develop and implement security policies and procedures- Conduct security assessments and audits- Stay updated on the latest security trends and technologies Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Governance- Strong understanding of security architecture design- Experience in implementing cloud security controls- Knowledge of security compliance standards- Hands-on experience with security tools and technologies Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Governance- This position is based at our Gurugram office- A BTECH degree is required Qualification BTECH

Position: Cyber Security Engineer Experience: 3 to 4 Yrs Location: Noida Education: B.E./ B.Tech. MCA Mandatory Skills Candidate Profile Must have experience in Governance - Security Operational Tasks support & governance. Compliance and Risk Management. Vulnerability Management - vulnerability (infra and app) scans and remediation plans SMP (Security Management Plan) - preparing, reviewing and managing Authorisation management - should have managed the accounts & controls in the Infra scope Security Patch management - end-to-end coordination and implementation Security product management - Antivirus Management, like TrendMicro, Defender, etc... Security incident management - Managing the end-to-end security incident lifecycle with corrective measures Audit support - support auditors' mandate on the security system and artefacts Mitigation - thinking analytically and executing efficiently. Analyse and optimise orchestration and automation between security tools Vendor Management, Collaboration, Facilitation - Excellent customer-facing skills and significant experience building strong client relationships Communication Skills - Communicate security and technology needs effectively Security Reporting, Meetings & Communication - Prepare and develop security report as contractually required, attend client and Sopra Steria meetings to provide security expertise and advice Certification: CISM & ISO 27001 certification is a must

Your Impact Youll be responsible for engaging with senior customer representatives including CISO and other C-suite stakeholders to engage on topics around CyberSecurity, adjacent technical areas, and application of technology and programs in the business. Provides trusted support, advice and guidance on the latest trends and developments in CyberSecurity and how these can be used to provide lasting business value and impact for our customers. Applying your wide and deep experience in solving these challenges elsewhere youll help our customers with their journey, articulating Ciscos unique value proposition and architecture for CyberSecurity and how Cisco can help our customers succeed with their CyberSecurity goals. By establishing yourself as a trusted advisor and building lasting relationships, youll help bridge the communications gap between customer needs and what Cisco can offer. Identifies opportunities for Cisco to provide additional products and services that are aligned to achieving the customers CyberSecurity goals. Results and Outcomes Youll proactively strengthen and expand Ciscos presence and technology leadership in the CyberSecurity domain through externally visible activities such as blog posts, social media posts, papers, external speaking engagements and serving on external forums and boards. Youll continually acquire the knowledge and expertise necessary to pioneer new thinking and approaches. Youll contribute new materials and innovative articles rather than solely parroting existing materials or campaigns. Youll have a strongly accretive impact on Ciscos CyberSecurity business as evidenced by pipeline generation and supporting sales of products. Youll actively contribute to talent development, ensuring the principals of improving inclusion and diversity are honoured and promoted. Minimum Qualifications: * Bachelor or Masters degree in a relevant area, an MBA is preferred * CertificationsCISSP, CRISC, CISA and CISMand advantage. * Telco expertise and hands on implementation * 15+ years relevant experience with at least five (5 )years as: a CISO, Head of Risk or equivalent in a major organization; Partner or Associate, Principal, or Managing Director in a big 4+1 company or other leading consulting organization; or a combination thereof. * Proven experience and recognized as a thought leader in CyberSecurity in one or more industry verticals such as Financial Services; Service Provider; Manufacturing, Mining, Transportation, Oil and Gas, or Utilities; or Technology. * A proven record of business leadership in a technical domain and experience in transformational or strategic programs, with evidence of where past contributions have a significant impact on business. * Proven track record of C-suite engagement with an extensive personal contact base. * Published author, conference speaker and social media presence. Preferred Skills * Proven experience and recognized as a thought leader in CyberSecurity in Service Provider is highly desired * Proven experience in delivering security solutions, knowing cisco security solution is a plus.

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks).

Role Summary: Designs and implements technical solutions for protecting the confidentiality, integrity and availability of sensitive information. Provides technical evaluations of client systems and assists with making security improvements. Provides technical support in the areas of vulnerability assessment, risk assessment, network security and security implementation. Conducts testing and audit log reviews to evaluate the effectiveness of current security measures. Conducts security product evaluations, and recommends products, technologies and upgrades to improve the client"™s security posture. Responsibilities : Customizes, validates, administers and supports a variety of enterprise wide information security platforms, systems, frameworks and applications, based on requirements provided by management; Develops implementation plans related to information security for systems, tools, platforms, and frameworks. Conducts security assessments of systems, tools, platforms, policies, procedures and frameworks. Creates designs and diagrams related to information security for systems, tools, platforms, and frameworks. Develops standard operating procedures for information security related to systems, tools, platforms, and frameworks. Leads audits and reviews designs for information security issues. Validates vulnerabilities identified during security testing, audits, and assessments, while reviewing for false positives. Understands large scale multi-tenant software products supporting multiple government agencies. Understands large scale software integrations of multiple software products. Acts as source for direction, training and guidance for less experienced information security engineers. Works with engineering teams to define and refine information security and systems management policies and settings. Evaluates new and emerging products, technologies and make recommendations to leadership concerning introduction of new technologies. Required Skills > 6 years of information security experience for state and/or federal agencies required. > 6 years of leading information security assessments, policy development, framework implementation, and tool implementation. Must have knowledge of one or more of the following productsBroadcom Identity Manager, Identity Suite and Single Sign On. Preferred Skills Undergraduate degree Certification from Information Security Program (CISM, CompTIA, GSEC, CISSP, etc.) Preferred. Preferred knowledge of one or more of the following productsDell Nutanix, Dell VxRail, VMware ESXi/vCenter/NSX/SRM, Microsoft Windows Server, RedHat Enterprise Linux, MS SQL Server, Nagios, NewRelic APM/Infrastructure/Browser, Octopus Deploy, Puppet, Splunk, Veracode.

Hi, Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Bangalore . We are looking for candidates with 10+ years of experience in internal audit. Qualification: CA qualified OR having relevant certification (CISA/CIA/CISM/ISO/CISSP) Job Description: 10+ years of post-qualification experience in IT internal audit. Working in third line of defense. Should be comfortable with yearly international travel. Hands-on experience with global on-site audits. Interested candidates for above position kindly share your CVs on sneh.ne@peoplefy.com with below details - Experience : CTC : Expected CTC : Notice Period : Location :

Overview 170+ Years Strong. Industry Leader. Global Impact. At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. The Senior Security Specialist will be responsible for assessing client security needs, developing customized security strategies, and implementing solutions to mitigate risks. This role requires strong analytical skills, technical expertise, and the ability to communicate effectively with clients Responsibilities Represent Pinkerton’s core values of integrity, vigilance, and excellence. Proven project management expertise with a strong understanding of security design principles. Demonstrated ability to develop and implement standardized security processes and best practices in collaboration with subject matter experts. This includes defining project scope, documentation, metrics, communication strategies, and successful implementation. Excellent time management and prioritization skills to meet client needs and deadlines. Adept at creating clear and concise security documentation, including SOPs, guidelines, presentations and Skilled in creating high-quality reports Strong communication and interpersonal skills. Holds a Project Management Professional (PMP)/CPP certification. 5 to 7 years of relevant experiences. Collaborate with stakeholders to define project scope, objectives, and deliverables. Develop and implement comprehensive security solutions, including physical security design, access control systems, and surveillance technologies. Create and maintain accurate documentation, including project plans, risk assessments, and incident reports. Communicate effectively with clients, security leaders, and other team members Proactively identify and mitigate security risks. Prioritize tasks and manage workload to meet deadlines and client expectations. Develop and deliver security awareness training to employees. Perform other security-related duties as assigned by the client. All other duties, as assigned. Qualifications Proven experience as a Security Consultant or in a similar role. • Strong understanding of security protocols, risk management, and incident response. • Excellent analytical, problem-solving, and communication skills. • Relevant certifications such as CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are preferred. Working Conditions: With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; Regular computer usage. Occasional reaching and lifting of small objects and operating office equipment. Frequent sitting, standing, and/or walking. Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law.

Your day at NTT DATA The Senior Associate Information Security Analyst is a developing subject matter expert, responsible for designing and implementing security systems to protect the organization's computer networks from cyber-attacks, and to help set and maintain security standards. This role is required to monitor the organization's computer networks for security issues, install security software, and document any security issues or breaches found. The Senior Associate Information Security Analyst is responsible for assisting in the planning, implementation, and management of information security measures to safeguard the organization's digital assets and systems and contributes to maintaining a secure and compliant environment. What you'll be doing Key Responsibilities: Monitors security alerts and events from various sources, investigates potential threats, and escalates incidents as necessary. Assists in the implementation and monitoring of security controls, including firewalls, intrusion detection systems, and access controls. Performs regular vulnerability assessments, analyses scan results, and assists in prioritizing and remediating identified vulnerabilities. Supports the incident response team in investigating security incidents, documenting findings, and participating in remediation efforts. Assists in ensuring compliance with industry standards (for example, GDPR, ISO 27001) by conducting assessments and implementing necessary controls. Installs security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programs. Documents security breaches and assess the damage they cause. Works with the security team to perform tests and uncover network vulnerabilities. Fixes detected vulnerabilities to maintain a high-security standard. Develops organizational best practices for IT security. Performs penetration testing and upgrades systems to unable security software. Installs and upgrades antivirus software and tests and evaluates new technology. Assists with the installation of security software and understands information security management. Researches security enhancements and makes recommendations to management. Stays abreast of information technology trends and security standards. Contributes to security awareness initiatives by creating training materials, conducting workshops, and educating employees about best security practices. Maintains accurate records of security incidents, assessments, and actions taken for reporting and audit purposes. Assists in the management and maintenance of security tools, including antivirus software, encryption tools, and security information and event management (SIEM) systems. Participates in risk assessments to identify potential security threats, vulnerabilities, and associated risks to the organization. Collaborates with cross-functional teams, IT, and other teams to ensure security measures are integrated into the organization's processes and projects. Performs any other related task as required. Knowledge and Attributes: Good communication skills to effectively convey technical information to non-technical stakeholders. Good analytical thinking and problem-solving skills to prevent hacking on a network. Ability to identify and evaluate potential risks and to develop solutions. Ability to identify and mitigate network vulnerabilities and explain how to avoid them. Understands firewalls, proxies, SIEM, antivirus, and IDPS concepts. Understands patch management with the ability to deploy patches in a timely manner whilst understanding business impact. Developing proficiency with MAC and OS. Familiarity with security frameworks, standards, and regulations (for example, NIST, CIS, GDPR). Basic understanding of network and system architecture, protocols, and security controls. Ability to analyze security incidents and assess potential risks. Ability to work both independently and collaboratively in a fast-paced environment. Academic Qualifications and Certifications: Bachelor's degree or equivalent in information security, cybersecurity, computer science, or related. Security certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are advantageous. Required Experience: Moderate level of demonstrated experience in information security or cybersecurity, or related roles. Moderate level of demonstrated experience working in a global IT organization. Moderate level of demonstrated experience with computer network penetration testing and techniques. Moderate level of demonstrated experience with security assessment and vulnerability scanning tools. Workplace type : On-site Working

Your day at NTT DATA The Senior Infrastructure and Operations Engineer is an advanced subject matter expert, responsible for ensuring the availability of the infrastructure service platforms and/or software. This role responds to situations where standard procedures have failed to fix problems in non-functioning infrastructure service platforms and/or software. This role designs system configurations, documents and manages the installation of a new network, and maintains and upgrades existing systems as necessary and later support the operation of overall IT services offered by the company. What youll be doing Key Responsibilities: Performs operational tasks to resolve all incidents / requests in a timely manner and within agreed Service Level Agreement (SLA). Update tickets with resolution tasks performed. Maintains network and services availability by performing maintenance and health checks. Supports, assists or leads engineering, design and problem isolation. Provides third level support to all incidents, requests and identify the root cause of incidents and problems. Communicates with other teams and clients for extending support. Executes changes with clear identification of risks and mitigation plans to be captured into the change record. Escalates all tickets to seek right focus from other teams, if needed continue the escalations to management. Establishes monitoring for platform infrastructure. Leads and manages all initial client escalation for operational issues. Contributes to the change management process by logging all change requests with complete details for standard and non-standard including patching and any other changes to Configuration Items. Ensures all changes are carried out with proper change approvals. Plans and executes approved maintenance activities. Performs any other related task as required. Knowledge and Attributes: Advanced knowledge in Microsoft Solutions, i.e. design and implementation of Windows Server platforms, Office 365 migrations, Active Directory, Group Policy, System Centre Configuration. Advanced understanding of network switches, network routing, MPLS, network administration, network integration, network security and network advancement. Advanced knowledge in architecture, design, configuration, and deployment within the Microsoft Azure platform. Advanced understanding of server and desktop hardware/operating systems, networks, firewalls. Excellent oral, written and presentation communication skills. Advanced knowledge of IT infrastructure management processes, techniques, risks and best practices. Advanced knowledge of infrastructure technologies such as system management, system/network administration and development. Advanced knowledge of server administration, data center operations, project and change management principles and practices. Ability to facilitate discussions in order to address emerging problems and opportunities. Ability to handle multi-task, set priorities and meet deadlines. Advanced knowledge and understanding of information systems technology areas. Academic Qualifications and Certifications: Bachelors degree or equivalent in Information Technology or a related field. Relevant certifications such as CCIE/CCNP/ITIL/COBIT/PMP/CISA/CISM certifications. Required Experience: Advanced experience in similar IT roles, with a focus on IT infrastructure engineering and operations. Proven working experience in a large-scale organization. Advanced experience with IT frameworks ITIL, MoF, CoBIT, Run SAP. Advanced experience supporting IT infrastructure and service delivery. Advanced experience working with vendors and/or service providers. Advanced experience, judgment and drive to plan, make decisions and accomplish individual and team goals. Advanced experience working in a team-oriented, collaborative environment. Workplace type On-site Working

Key Responsibilities: Monitors security alerts and events from various sources, investigates potential threats, and escalates incidents as necessary. Assists in the implementation and monitoring of security controls, including firewalls, intrusion detection systems, and access controls. Performs regular vulnerability assessments, analyses scan results, and assists in prioritizing and remediating identified vulnerabilities. Supports the incident response team in investigating security incidents, documenting findings, and participating in remediation efforts. Assists in ensuring compliance with industry standards (for example, GDPR, ISO 27001) by conducting assessments and implementing necessary controls. Installs security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programs. Documents security breaches and assess the damage they cause. Works with the security team to perform tests and uncover network vulnerabilities. Fixes detected vulnerabilities to maintain a high-security standard. Develops organizational best practices for IT security. Performs penetration testing and upgrades systems to unable security software. Installs and upgrades antivirus software and tests and evaluates new technology. Assists with the installation of security software and understands information security management. Researches security enhancements and makes recommendations to management. Stays abreast of information technology trends and security standards. Contributes to security awareness initiatives by creating training materials, conducting workshops, and educating employees about best security practices. Maintains accurate records of security incidents, assessments, and actions taken for reporting and audit purposes. Assists in the management and maintenance of security tools, including antivirus software, encryption tools, and security information and event management (SIEM) systems. Participates in risk assessments to identify potential security threats, vulnerabilities, and associated risks to the organization. Collaborates with cross-functional teams, IT, and other teams to ensure security measures are integrated into the organization's processes and projects. Performs any other related task as required. Knowledge and Attributes: Good communication skills to effectively convey technical information to non-technical stakeholders. Good analytical thinking and problem-solving skills to prevent hacking on a network. Ability to identify and evaluate potential risks and to develop solutions. Ability to identify and mitigate network vulnerabilities and explain how to avoid them. Understands firewalls, proxies, SIEM, antivirus, and IDPS concepts. Understands patch management with the ability to deploy patches in a timely manner whilst understanding business impact. Developing proficiency with MAC and OS. Familiarity with security frameworks, standards, and regulations (for example, NIST, CIS, GDPR). Basic understanding of network and system architecture, protocols, and security controls. Ability to analyze security incidents and assess potential risks. Ability to work both independently and collaboratively in a fast-paced environment. Academic Qualifications and Certifications: Bachelor's degree or equivalent in information security, cybersecurity, computer science, or related. Security certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are advantageous. Required Experience: Moderate level of demonstrated experience in information security or cybersecurity, or related roles. Moderate level of demonstrated experience working in a global IT organization. Moderate level of demonstrated experience with computer network penetration testing and techniques. Moderate level of demonstrated experience with security assessment and vulnerability scanning tools.

Your day at NTT DATA The Manager, Information Security Incident Response is a management role, responsible for managing the Information Security Incident Response Management team. This role ensures their team is equipped and enabled to detect and monitor threats and suspicious activity affecting the organization's technology domain. This role serves as the escalation point for incidents workflows and participates in the delivery of security measures through analytics and threat hunting processes. The Senior Manager, Information Security Incident Response manages a team of security professionals whilst fostering a collaborative and innovative team culture focused on operational excellence. What youll be doing Key Responsibilities: 10+ Years of experience in SOC. 4+ Years of experience as a SOC Manager. 4+ Years of experience in SIEM (Splunk) CISM/CISSP Certification is must. Good understanding about SOAR/UEBA/NBAD/XDR. Strong Exp in EDR and email fishing, Ransomware alerts. Troubleshooting technical issues to ensure project success. End-end integration of all soc solutions health check as per the signoff Implementing changes to align with Client demands and specifications. Providing guidance, direction, and instructions to the team to achieve specific objectives. Developing and executing a timeline for the team to achieve its goals. Monitoring incident detection and closure. Presenting regular metrics and reports. Identifying new alert requirements. Ensuring services meet SLA parameters. Conducting periodic DR drills. Following up with departments to close various reports/incidents and escalating long outstanding issues. Designing SIEM solutions to enhance security value, service management, and scalability. Identify, resolve, and conduct root-cause analysis for security incidents which is essential for maintaining a proactive and responsive security posture. Develop and document incident response procedures. Ensuring the SIEM system is optimized for efficient performance is vital. This includes handling data volume effectively and maintaining responsiveness for timely threat detection and response. Align reports SIEM rules and alerts with security policies and compliance reports requirements ensures that the system contributes to overall security and regulatory adherence. Developing customized and dashboards provides meaningful insights into the LICs security posture, aiding in decision-making and monitoring. Integration with other solutions/devices (including security solutions) to enhance overall security monitoring and incident response capabilities, creating a more comprehensive security infrastructure. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the systems reliability and effectiveness. Academic Qualifications and Certifications: Bachelors degree or equivalent in Information Technology, Computer Science or related field. Industry Certifications such as CISSP, CISM preferred. Required Experience: Advanced experience in a Technology Information Security Industry. Advanced prior experience working in a SOC/CSIR. Comprehension and practical knowledge of the Cyber Threat Kill Chains. Advanced knowledge of Tools, Techniques and Processes (TTP) used by threat actors. Advanced practical knowledge of indicators of compromise (IOCs). Advanced experience with End Point Protection and Enterprise Detention and Response Software. Advanced experience or knowledge of SIEM and IPS technologies. Advanced experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis. Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends. Preferably an interest, or knowledge of, or experience with SIEM and IPS technologies. Advanced knowledge of network technologies including routers, switches, firewalls Advanced prior demonstrated experience managing and leading a team in a related field. Workplace type On-site Working

Key Responsibilities: Monitors security alerts and events from various sources, investigates potential threats, and escalates incidents as necessary. Assists in the implementation and monitoring of security controls, including firewalls, intrusion detection systems, and access controls. Performs regular vulnerability assessments, analyses scan results, and assists in prioritizing and remediating identified vulnerabilities. Supports the incident response team in investigating security incidents, documenting findings, and participating in remediation efforts. Assists in ensuring compliance with industry standards (for example, GDPR, ISO 27001) by conducting assessments and implementing necessary controls. Installs security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programs. Documents security breaches and assess the damage they cause. Works with the security team to perform tests and uncover network vulnerabilities. Fixes detected vulnerabilities to maintain a high-security standard. Develops organizational best practices for IT security. Performs penetration testing and upgrades systems to unable security software. Installs and upgrades antivirus software and tests and evaluates new technology. Assists with the installation of security software and understands information security management. Researches security enhancements and makes recommendations to management. Stays abreast of information technology trends and security standards. Contributes to security awareness initiatives by creating training materials, conducting workshops, and educating employees about best security practices. Maintains accurate records of security incidents, assessments, and actions taken for reporting and audit purposes. Assists in the management and maintenance of security tools, including antivirus software, encryption tools, and security information and event management (SIEM) systems. Participates in risk assessments to identify potential security threats, vulnerabilities, and associated risks to the organization. Collaborates with cross-functional teams, IT, and other teams to ensure security measures are integrated into the organization's processes and projects. Performs any other related task as required. Knowledge and Attributes: Good communication skills to effectively convey technical information to non-technical stakeholders. Good analytical thinking and problem-solving skills to prevent hacking on a network. Ability to identify and evaluate potential risks and to develop solutions. Ability to identify and mitigate network vulnerabilities and explain how to avoid them. Understands firewalls, proxies, SIEM, antivirus, and IDPS concepts. Understands patch management with the ability to deploy patches in a timely manner whilst understanding business impact. Developing proficiency with MAC and OS. Familiarity with security frameworks, standards, and regulations (for example, NIST, CIS, GDPR). Basic understanding of network and system architecture, protocols, and security controls. Ability to analyze security incidents and assess potential risks. Ability to work both independently and collaboratively in a fast-paced environment. Academic Qualifications and Certifications: Bachelor's degree or equivalent in information security, cybersecurity, computer science, or related. Security certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are advantageous. Required Experience: Moderate level of demonstrated experience in information security or cybersecurity, or related roles. Moderate level of demonstrated experience working in a global IT organization. Moderate level of demonstrated experience with computer network penetration testing and techniques. Moderate level of demonstrated experience with security assessment and vulnerability scanning tools.

5+ exp compliance or policy development in IT, cybersecurity, or endpoint management Policy Development and Implementation Compliance Monitoring and Reporting Risk Management Training and Awareness Incident Management Collaboration and Support Required Candidate profile Compliance & Policy Development CISA, CISM, CISSP Preferred Work with IT, legal, CISO office, and cybersecurity Present compliance reports to - Unified Endpoint Manager, CISO office stakeholders

Network Security Engineer - Staffing & HR Services Job Title: Network Security Engineer Job Summary: We are seeking a dynamic and experienced Network Security Engineer to join SCLERAVDMS Private Limited. The ideal candidate will lead the implementation and management of our network security infrastructure, ensuring the alignment of security strategies with business objectives. This role requires a strategic thinker with strong technical expertise, deep knowledge of network security best practices, and the ability to proactively identify and address potential vulnerabilities. The Network Security Engineer will be responsible for safeguarding the organization s data and IT systems while fostering a secure, efficient, and compliant environment. Key Responsibilities: Design, implement, and maintain network security systems, ensuring the protection of company systems, data, and networks. Handle and manage SOC, ISO, or HIPAA audits to ensure compliance with industry standards and regulatory requirements. Conduct regular network security assessments, vulnerability assessments, and penetration testing. Assist with internal and external audits, providing necessary documentation and evidence for compliance. Collaborate with IT and security teams to identify and resolve network security vulnerabilities. Monitor and respond to security incidents, ensuring quick resolution and minimal impact on operations. Develop and enforce network security policies, procedures, and best practices. Stay up to date with emerging network security threats and industry trends, implementing appropriate solutions. Maintain detailed records of security incidents and audits for reporting and compliance purposes. Qualifications: Bachelor s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Minimum of 2 years of experience in a network security role with experience in SOC Audits, ISO Audits, or HIPAA Audits. Strong understanding of network protocols, security technologies, and network defense strategies. Hands-on experience with security tools such as firewalls, intrusion detection systems, and encryption technologies. Knowledge of regulatory standards including SOC 1/2, ISO 27001, HIPAA, and NIST frameworks. Familiarity with common security frameworks, risk management, and incident response procedures. Ability to analyze and resolve complex security issues in a timely manner. Strong communication and documentation skills. Relevant certifications (e.g., CISSP, CISM, CISA, or similar) are a plus.

Product Security Engineer Location: Bangalore, India Experience: 3-6 years About Us: The Opportunity: This is more than just a security role; its a chance to build an information security function at Nurix AI, a rapidly scaling AI startup. With our exponential growth and our use of sophisticated AI, LLMs, and multi-cloud infrastructure (AWS, GCP, Azure), we need a seasoned expert to establish and champion a world-class security posture. Our customers are entrusting us with their data in an era of heightened security concerns, and your role will be pivotal in maintaining and strengthening that trust. You will be instrumental in fortifying our defenses at Nurix AI, proactively addressing the unique security challenges of AI and LLMs, and ensuring our innovative solutions are secure by design. What Youll Do (Key Responsibilities): Roles & Responsibilities (What you ll be doing): Execute penetration tests on web apps, APIs, and mobile applications, then deliver detailed vulnerability assessments and clear remediation advice. Perform both manual and automated secure code reviews primarily in Java, Python, and JavaScript. Build Python-based security automation tools to broaden test coverage, cut manual work, and speed up assessments. Partner with engineering teams to resolve security issues quickly within rapid release cycles. Develop and maintain threat models, applying proven techniques to surface and address design-level risks early. Champion a security-first culture by coaching developers on secure coding, common weaknesses, and attack vectors, while clearly presenting findings to all stakeholders. What you bring to the table: 2-5 years of hands-on experience in application security, penetration testing, or a closely related field. Deep expertise with testing tools such as Burp Suite, OWASP ZAP, Semgrep, MobSF, Jadx-GUI , and other mobile security frameworks. Proven ability to embed security across the SDLC , leveraging modern DevSecOps pipelines and tooling. Strong command of secure-coding fundamentals, the OWASP Top 10 , CWE catalog, and common exploit techniques. Solid scripting and automation skills Python preferred. Excellent communication and stakeholder-management capabilities. A passion for continual learning and staying ahead of emerging threats. Bonus Skills: Master s degree in Cybersecurity or a related field. Industry-recognized security certifications such as CISSP, CISM, CCSP, CEH, or CompTIA Security+, or specific cloud security certifications (AWS, GCP, Azure). Experience in a rapidly scaling technology startup. Strong working knowledge of global and Indian data privacy frameworks (e.g., GDPR, HIPAA, DPDP Act ). Experience building a security function from the ground up. Bonus points for credentials like OSCP, OSWE, CRTP , or a noteworthy bug-bounty / CTF track record. What We Offer: Opportunity to work on cutting-edge generative AI projects with leading clients. A dynamic and inclusive work environment that promotes professional growth and development. Competitive salary and benefits package, including opportunities for continuous learning and skill enhancement. If you are passionate about leveraging generative AI to drive business transformation and have the expertise to lead complex projects, we invite you to apply and join our innovative team.

Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India. About the Job: The Application Security Consultant reports directly to the Cloud and Application Security Practice Director and is tasked with guiding clients from traditional DevOps practices to a comprehensive DevSecOps model. This role encompasses conducting in-depth code reviews, utilizing DAST, SAST, and SCA tools for security assessments, and performing web application penetration tests. With a focus on integrating security into the development lifecycle, this role requires a candidate with a strong development background and familiarity with a broad spectrum of programming languages. Responsibilities: Lead security reviews and web application penetration tests to identify vulnerabilities across a variety of development frameworks and languages. Advise on the integration of security practices within DevOps processes, aiding in the transition to DevSecOps. Perform thorough code reviews using DAST, SAST, and SCA tools, focusing on a wide array of programming languages. Work closely with development teams to instill secure coding practices and embed security measures within CI/CD pipelines. Support the bug bounty program. Support the preparation of security releases. Assist in development of security processes and automated tooling that prevent classes of security issues. Requirements: 2-3 years overall application security experience Extensive experience application and code security Experience with static and dynamic code analysis solution. For Example: Veracode, Checkmarx, SonarQube Retain one or more of the following certifications: CISSP, CISM, OSCP, CEH Experience in solution architecture, DevSecOps practices, and cloud integration. Experience working with Infrastructure as Code, CI/CD pipelines and Secure DevOps processes. Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, SAML, etc.). Strong expertise in at least one of the major programming languages (e.g., C/C++, Java, Python). This foundational knowledge is crucial for conducting effective code reviews and security assessments. An understanding of, or experience with, a diverse set of languages, including but not limited to Gosu, Business Basic, CLI Scripts, HCL Domino, Net.Data, PowerShell, Shell, SQL, and SQR. Strong security inclination & technical writing skills Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.

Assist the team in planning engagements, conducting fieldwork, discussing findings and observations with the clients, preparing work papers to support conclusions and preparing written reports. Conduct IT, Data Privacy & Information Security audits. Develop policies and procedures inline with Information Security & Privacy international and local standards. Attend preliminary meetings with clients; offer advice and develop a client understanding for the overall service process; communicate access and information requirements. Support Engagement partners and Directors to lead business development initiatives including, but not limited to, review pre-engagement activities, contracting and setting up meetings with prospective clients. Keeping up to date with developments in Technology, UAE markets, relevant professional standards (eg: ISO 27001, Data Privacy Law etc.) and specific industry sectors. Pursuit of highest professional standards, specialist skills in technology and credibility in the market through continuous professional education, certification, contributions to professional groups and appropriate networking. Contribute towards managing the overall client service delivery in accordance with BDO quality guidelines & methodologies. Contribute towards managing accounts on a day-to-day basis & explore new business opportunities for the firm. Maintain professional relations with clients, answer queries, offer expert advice. Ensure thorough project documentation and maintain electronic filing in accordance to BDO guidelines. Complete project assignments with minimum supervision and within the timelines provided by the management. Required Skills: Bachelors degree in Computer science, Engineering, or related field Post-qualification work experience of 6 to 8 years, with at-least 6-year experience in implementing the regulatory & compliance framework requirements (e.g. ISO 27001, ISO 27701, GDPR, ADHICS) Experience in international and local regulatory requirements related to Data Privacy & Protection Two (2) or more industry certifications strongly preferred. Example certifications include: CISA, CISSP, CIPM/CIPP, CISM, CCSP

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Operation Automation Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud technologies and security threats. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and frameworks.- Conduct regular assessments and audits to ensure compliance with security policies and standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Operation Automation.- Strong understanding of cloud security principles and best practices.- Experience with security incident response and management.- Familiarity with security compliance frameworks such as ISO 27001, NIST, or CIS.- Knowledge of automation tools and scripting languages to enhance security operations. Additional Information:- The candidate should have minimum 5 years of experience in Security Operation Automation.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Third Party IT Risk Management Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. A typical day involves collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular assessments of cloud security measures and recommend improvements.- Facilitate training sessions for team members on cloud security best practices. Professional & Technical Skills: - Must To Have Skills: Proficiency in Third Party IT Risk Management.- Strong understanding of cloud security principles and frameworks.- Experience with risk assessment methodologies and tools.- Ability to develop and implement security policies and procedures.- Familiarity with compliance standards such as ISO 27001 and NIST. Additional Information:- The candidate should have minimum 7.5 years of experience in Third Party IT Risk Management.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Service Delivery Good to have skills : Security GovernanceMinimum 15 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture while adapting to evolving threats and compliance requirements. Roles & Responsibilities:- Expected to be a Subject Matter Expert with deep knowledge and experience.- Should have influencing and advisory skills.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team understanding of cloud security practices.- Continuously evaluate and improve the cloud security framework based on emerging threats and technologies. Professional & Technical Skills: - Must To Have Skills: Proficiency in Service Delivery.- Good To Have Skills: Experience with Security Governance.- Strong understanding of cloud security principles and best practices.- Experience in risk assessment and management related to cloud environments.- Ability to design and implement security controls tailored to cloud architectures. Additional Information:- The candidate should have minimum 15 years of experience in Service Delivery.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Shell has a requirement for ITGC Analyst . Based on JD, it appears to be more on Risk Management/Environment Governance. Can you suggest a primary skill to be used for this role and add the respective representative from TA team for this role. As an ITGC Testing Analyst, you will support management in assessing the IT control environment. You will identify and report control weaknesses, track remediation action plans, and monitor the quality of remediation efforts.. More specifically, your role will include: ITGC Testing: Conduct testing of IT General Controls (ITGCs) to ensure compliance and effectiveness. ITC Testing: Perform testing of IT Components (ITCs) to validate data integrity and accuracy. Test Scripts: Developing and executing test scripts, documenting test procedures, and evaluating results to identify control gaps. Documentation: Maintain detailed documentation of testing procedures, findings, and recommendations. Reporting: Ensure adherence to the approved assurance plan and provide regular updates on progress. Issue Management: Advise IT operations on risk management and contribute to remediation plans for deficient controls. : Work with the offshore testing team to assess the design and effectiveness of IT controls. Stakeholder Communication: Communicate effectively with stakeholders to ensure understanding and alignment with assurance processes and risk management strategies. Tool Management: Oversee tools and reports used by the team and stakeholders, ensuring accuracy and updates based on business needs. Experience: IT Audit Expertise: Proven experience in IT audits or ITGC testing. Technical Skills: Certifications: Relevant certifications like ISO 27001, CISA, CISM, and CRISC or having a strong desire to work towards obtaining such certifications. Information Risk Management: Good understanding of information risk management and associated processes. Application Proficiency: Experience with widely used applications such as SAP, Power Platform, and Cloud technologies is desirable. Continuous Improvement: A mindset geared towards continuous improvement and project management experience. Work Schedule: Mid-Shift: Working hrs will be IST 12 noon to 9 pm. Shift allowance will be eligible per organization po Shell has a requirement for ITGC Analyst . Based on JD, it appears to be more on Risk Management/Environment Governance. Can you suggest a primary skill to be used for this role and add the respective representative from TA team for this role. As an ITGC Testing Analyst, you will support management in assessing the IT control environment. You will identify and report control weaknesses, track remediation action plans, and monitor the quality of remediation efforts.. More specifically, your role will include: ITGC Testing: Conduct testing of IT General Controls (ITGCs) to ensure compliance and effectiveness. ITC Testing: Perform testing of IT Components (ITCs) to validate data integrity and accuracy. Test Scripts: Developing and executing test scripts, documenting test procedures, and evaluating results to identify control gaps. Documentation: Maintain detailed documentation of testing procedures, findings, and recommendations. Reporting: Ensure adherence to the approved assurance plan and provide regular updates on progress. Issue Management: Advise IT operations on risk management and contribute to remediation plans for deficient controls. : Work with the offshore testing team to assess the design and effectiveness of IT controls. Stakeholder Communication: Communicate effectively with stakeholders to ensure understanding and alignment with assurance processes and risk management strategies. Tool Management: Oversee tools and reports used by the team and stakeholders, ensuring accuracy and updates based on business needs. Experience: IT Audit Expertise: Proven experience in IT audits or ITGC testing. Technical Skills: Certifications: Relevant certifications like ISO 27001, CISA, CISM, and CRISC or having a strong desire to work towards obtaining such certifications. Information Risk Management: Good understanding of information risk management and associated processes. Application Proficiency: Experience with widely used applications such as SAP, Power Platform, and Cloud technologies is desirable. Continuous Improvement: A mindset geared towards continuous improvement and project management experience. Work Schedule: Mid-Shift: Working hrs will be IST 12 noon to 9 pm. Shift allowance will be eligible per organization po

We are seeking a Senior Cyber Security Consultant with extensive experience in enterprise IT security, risk management, and cloud-based security solutions. The ideal candidate will have a deep understanding of managing cyber security risks during digital transformations and will be responsible for leading hands-on engagements and delivering results that address critical security concerns. This role involves working closely with both technical and business teams to identify and mitigate risks in complex environments. Key Responsibilities Leadership in Execution & DeliveryLead hands-on engagements, managing the development of deliverables from start to finish. Work with teams to analyze requirements and produce prioritized results aligned with client needs and risk profiles. Expert Cyber Security AdvisoryProvide expert advice on best practices for managing cyber security risks during digital transformation, including adoption of cloud, DevOps, containerization, microservices, and zero trust frameworks. Security Reviews & AssessmentsConduct security reviews and maturity assessments across technology and business teams to identify and address cyber risks. Provide clear, organized findings and actionable recommendations for risk mitigation. Trusted Engineer for ClientsAct as a trusted advisor and security engineer for customers' engineering teams, ensuring that security is integrated into every phase of digital transformation. Risk and Vulnerability AnalysisAssess and implement security measures to safeguard IT environments. Identify vulnerabilities, focusing on security protocols, cryptography, authentication, authorization, and performance. Security ImplementationLead the implementation of security solutions, including multi-factor authentication (MFA), single sign-on (SSO), identity management, and related technologies. Client Interaction & CommunicationEffectively communicate security measures and solutions to a broad audience, including both technical and executive teams. Manage client expectations with clear, concise verbal and written communication. Continuous Learning & InnovationStay updated with the latest security protocols, vulnerabilities, and best practices to ensure the adoption of the most effective security controls and technologies. Security MaturityWork with clients to evaluate and improve their security maturity, providing insights into the current cyber threat landscape. Minimum Qualifications 8+ years of total IT experience. 5+ years of consulting experience in enterprise security environments. Expertise in information security, IT risk management, and performance reliability. Solid understanding of security protocols, cryptography, and authentication technologies. Experience in implementing multi-factor authentication, SSO, and identity management. Ability to explain and enforce security measures to a broad range of stakeholders. Excellent verbal and written communication skills. Degree in Information Technology, Computer Science, or related fields. Preferred Qualifications Google Cloud Security Engineer certification. Strong knowledge of infrastructure, OS, application vulnerabilities, security architecture, and controls. 5+ years of experience with cloud computing security concepts and solutions. Security-related certifications such as CISSP, CISM, or GCIH.

The Security Compliance Specialist works with the Security Compliance Leader and will have the execution responsibility around (but not limited to) the following areas: Compliance enforcement: Implementing necessary controls and measure to ensure organization’s overall security compliance, in alignment with internal security standards, applicable regulations and industry standards (e.g., ISO 27001, NIST, GDPR). Ensure adherence to the compliance requirements for network infrastructure, OpenShift environments, and IBM Z systems based on the actionable policies and procedures using approved IBM technology choices. Policy Creation and Management: Maintain and enforce security policies, standards, and controls applicable to network operations, cloud environments, and mainframe systems. Partner with IBM CISO organization to regularly review and update security policies to address emerging threats, regulatory changes, and organizational needs. Risk Management: Conduct risk assessments to identify potential compliance gaps and vulnerabilities within the organization’s IT environment. Collaborate with IT and security teams to develop risk mitigation strategies and implement necessary compliance controls. Audit and Assessment: Prepare for regular compliance audits for network, OpenShift platform, and IBM Z systems. Ensure prompt rectification of any compliance findings and develop action plans for continuous improvement. Training and Awareness: Conduct comprehensive training programs to raise awareness of security compliance requirements and best practices among employees. Foster a culture of security compliance by regularly communicating the importance of adherence to security standards. Monitoring and Reporting: Adopt/leverage metrics and reporting frameworks to continuously monitor compliance status and effectiveness of security controls. Prepare regular reports for executive management on compliance initiatives, audit findings, and the overall status of security compliance across the organization. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Qualifications & Skills 8-10 years of professional experience with at least 5+ years of relevant experience in the information technology security & compliance domain. Bachelor’s degree in Cybersecurity, Information Technology, or a related field; advanced degree or security certifications (e.g., CISSP, CISM, CISA) are a plus. Extensive experience in security compliance management, particularly in network security, cloud security, and mainframe environments. Strong understanding of regulatory requirements and compliance frameworks relevant to the industry. Should be open and willingness to learn new technologies and be open for continuous upskilling experience. Excellent analytical and problem-solving skills to assess compliance issues and risks. Strong Proficiency in working with Secured communications across varied Hybrid platforms (On-Prem, On-Cloud etc). Strong leadership and communication skills to influence and guide cross-functional teams. Ability to work collaboratively with various stakeholders, including technical teams, executive management, and external auditors. Proficiency in compliance management tools and security frameworks. Proficiency in automation tools such as Ansible and pipeline orchestration tools such as Tekton and GitHub Actions.

Key Responsibilities: Compliance Strategy Development: Develop and lead the organization’s overall security compliance strategy, ensuring alignment with internal security standards and applicable regulations and industry standards (e.g., ISO 27001, NIST, GDPR). Identify compliance requirements for network infrastructure, OpenShift environments, and IBM Z systems and translate them into actionable policies and procedures using approved IBM technology choices. Policy Creation and Management: Establish, maintain, and enforce security policies, standards, and controls applicable to network operations, cloud environments, and mainframe systems. Partner with IBM CISO organization to regularly review and update security policies to address emerging threats, regulatory changes, and organizational needs. Risk Management: Conduct risk assessments to identify potential compliance gaps and vulnerabilities within the organization’s IT environment. Collaborate with IT and security teams to develop risk mitigation strategies and implement necessary compliance controls. Audit and Assessment: Plan and oversee regular compliance audits for network, OpenShift platform, and IBM Z systems. Coordinate with external auditors and regulatory bodies during compliance audits and assessments. Ensure prompt rectification of any compliance findings and develop action plans for continuous improvement. Training and Awareness: Design and implement comprehensive training programs to raise awareness of security compliance requirements and best practices among employees. Foster a culture of security compliance by regularly communicating the importance of adherence to security standards. Monitoring and Reporting: Establish metrics and reporting frameworks to continuously monitor compliance status and effectiveness of security controls. Prepare regular reports for executive management on compliance initiatives, audit findings, and the overall status of security compliance across the organization. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Qualifications & Skills: 12+ years of professional experience with at least 8 years of relevant experience in the information technology security & compliance domain. Bachelor’s degree in Cybersecurity, Information Technology, or a related field; advanced degree or security certifications (e.g., CISSP, CISM, CISA) are a plus. Extensive experience in security compliance management, particularly in network security, cloud security, and mainframe environments. Strong understanding of regulatory requirements and compliance frameworks relevant to the industry. Should be open and willingness to learn new technologies and be open for continuous upskilling experience. Excellent analytical and problem-solving skills to assess compliance issues and risks. Strong Proficiency in working with Secured communications across varied Hybrid platforms ( On-Prem, On-Cloud etc). Strong leadership and communication skills to influence and guide cross-functional teams. Ability to work collaboratively with various stakeholders, including technical teams, executive management, and external auditors. Proficiency in compliance management tools and security frameworks. Preferred technical and professional experience Hiring manager and Recruiter should collaborate to create the relevant verbiage.

5 years in sec ops with focus on SOC operations & incident response Indepth knowledge of sec technologies, tools, & methodologies SIEM, IDS/IPS, EDR Understanding of cyber threats, attack vectors Exp with security compliance frameworks NIST ISO 27001 Required Candidate profile Technical Leadership Soc Process Optimization Tool Evaluation Incident Response & Threat Intelligence Strong Scripting skills- mandatory Exp-Tomcat/JBoss/Apache/Ruby/ NGINX Ability to work with Devops Perks and benefits Mediclaim + Additional 10% variable