752 Cism Jobs - Page 21

Your Impact Youll be responsible for engaging with senior customer representatives including CISO and other C-suite stakeholders to engage on topics around CyberSecurity, adjacent technical areas, and application of technology and programs in the business. Provides trusted support, advice and guidance on the latest trends and developments in CyberSecurity and how these can be used to provide lasting business value and impact for our customers. Applying your wide and deep experience in solving these challenges elsewhere youll help our customers with their journey, articulating Ciscos unique value proposition and architecture for CyberSecurity and how Cisco can help our customers succeed with their CyberSecurity goals. By establishing yourself as a trusted advisor and building lasting relationships, youll help bridge the communications gap between customer needs and what Cisco can offer. Identifies opportunities for Cisco to provide additional products and services that are aligned to achieving the customers CyberSecurity goals. Results and Outcomes Youll proactively strengthen and expand Ciscos presence and technology leadership in the CyberSecurity domain through externally visible activities such as blog posts, social media posts, papers, external speaking engagements and serving on external forums and boards. Youll continually acquire the knowledge and expertise necessary to pioneer new thinking and approaches. Youll contribute new materials and innovative articles rather than solely parroting existing materials or campaigns. Youll have a strongly accretive impact on Ciscos CyberSecurity business as evidenced by pipeline generation and supporting sales of products. Youll actively contribute to talent development, ensuring the principals of improving inclusion and diversity are honoured and promoted. Minimum Qualifications: * Bachelor or Masters degree in a relevant area, an MBA is preferred * CertificationsCISSP, CRISC, CISA and CISMand advantage. * Telco expertise and hands on implementation * 15+ years relevant experience with at least five (5 )years as: a CISO, Head of Risk or equivalent in a major organization; Partner or Associate, Principal, or Managing Director in a big 4+1 company or other leading consulting organization; or a combination thereof. * Proven experience and recognized as a thought leader in CyberSecurity in one or more industry verticals such as Financial Services; Service Provider; Manufacturing, Mining, Transportation, Oil and Gas, or Utilities; or Technology. * A proven record of business leadership in a technical domain and experience in transformational or strategic programs, with evidence of where past contributions have a significant impact on business. * Proven track record of C-suite engagement with an extensive personal contact base. * Published author, conference speaker and social media presence. Preferred Skills * Proven experience and recognized as a thought leader in CyberSecurity in Service Provider is highly desired * Proven experience in delivering security solutions, knowing cisco security solution is a plus.

Maintains, populates and reviews vulnerability, risk, control and issue management tools. Engages with management to ensure vulnerabilities, risks, controls and issues are dealt with escalating as needed. Serves as liaison and point of contact for new risk issues, including process assistance, tools, tracking status and status of issues advancing to closure. Escalating and facilitating discussions to explore risk acceptance, waivers or policy deviations ensuring traction of issues; Collaborates with various levels of management, teams, security, corporate risk. Conducts deep dives on risk, compliance, and security-related processes including vulnerability management reporting, policy compliance reporting, and other projects as assigned; Provides statistical information to various levels of management, Develops control processes and works closely with key stakeholders on writing and documenting processes. Collaborate with internal audit team to review controls that owners document prior to scheduled audits; Performs policy compliance reviews for policies such as Technology Lifecycle Management (TLMP), Third Party Risk Management (TPRM), Cloud. Develops plans and manage implementation of annual policy compliance tracking such as TLMP or TPRM.Assists personnel in compliance actions or raises non-compliance issues Creates and reports metrics for policy compliance; maintains documentation standards; communicates compliance solutions; supports internal audits; provides TSSI compliance training; evaluates EITS RCSA. Skill/competency required: University bachelor degree in Computer Science or related field, Posses technical professional certifications CRISC, CISM, CISA, CISSP. 5 years experience of working in an IT governance role, Advanced English level Experience of cross-regional work for a regulated multinational company, regional regulation awareness and/or management. About Experian Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, all using our unique combination of data, analytics and software. We also assist millions of people to realise their financial goals and help them save time and money. We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.co m Experience and Skills University Bachelor Degree Additional Information Our uniqueness is that we celebrate yours. Experians culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, collaboration, wellness, reward & recognition, volunteering... the list goes on. Experians people first approach is award-winning; Worlds Best Workplaces 2024 (Fortune Global Top 25), Great Place To Work in 24 countries, and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site and Glassdoor to understand why. Benefits Experian care for employees work life balance, health, safety and wellbeing. In support of this endeavor, we offer best-in-class family well-being benefits, enhanced medical benefits and paid time off. This is a hybrid remote/in-office role and reporting to Director. This is individual contributor (Non-Managerial) role Experian Careers - Creating a better tomorrow together Find out what its like to work for Experian by clicking here

is a next-generation technology and product engineering company at the forefront of innovation in Generative AI, Agentic AI , and autonomous intelligent systems . We build intelligent, secure, and scalable digital platforms that power the future of AI across industries. Role Overview: We are looking for a Senior Security Specialist with 8+ years of experience in cybersecurity, cloud security, and application security. You will be responsible for identifying, mitigating, and preventing threats across our technology landscape particularly in AI-powered, data-driven environments. This role involves leading penetration testing efforts , managing vulnerability assessments , and implementing best-in-class security tools and practices to protect our platforms and clients. What we are looking from an ideal candidate? Design and implement robust security architectures for cloud-native and on-prem environments. Conduct penetration testing (internal/external, network, application, API) and deliver clear remediation strategies. Perform regular vulnerability assessments using industry-standard tools and frameworks. Lead threat modeling and risk assessments across systems, services, and data pipelines. Collaborate with development and DevOps teams to integrate security in SDLC and CI/CD pipelines ( DevSecOps ). Define and enforce security policies, incident response procedures, and access controls. Monitor for security breaches and investigate security events using SIEM and forensic tools. Ensure compliance with global standards such as ISO 27001 , SOC 2 , GDPR , and HIPAA . Provide guidance on secure implementation of AI/ML components and data protection strategies. Preferred Skills: What skills do you need? Requirements: 8+ years of experience in information security , application security , or cybersecurity engineering . Proficient in penetration testing methodologies and use of tools such as Burp Suite , Metasploit , Nmap , Wireshark , Nessus , OWASP ZAP , Qualys , etc. Deep experience in vulnerability management , patching, and security hardening practices. Strong understanding of OWASP Top 10 , CWE/SANS Top 25 , API security, and secure coding principles. Hands-on experience with cloud security (AWS, Azure, or GCP), IAM, firewalls, WAFs, encryption, and endpoint security. Familiarity with SIEM , EDR , IDS/IPS , and DLP solutions. Knowledge of DevSecOps and tools like Terraform , Kubernetes , Docker , etc. Excellent problem-solving, analytical, and incident-handling capabilities. Preferred Qualifications: Certifications such as CISSP , CISM , CEH , OSCP , or AWS Security Specialty . Experience working on security aspects of AI/ML platforms , data pipelines , or model inferencing . Familiarity with governance and compliance frameworks (e.g., PCI-DSS, HIPAA). Experience in secure agile product environments and threat modeling techniques. What We Offer: A mission-critical role securing next-gen AI systems Opportunity to work with an innovative and fast-paced tech company High visibility and leadership opportunities in a growing security function Compensation is not a constraint for the right candidate

170+ Years Strong. Industry Leader. Global Impact. At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. The Senior Security Specialist will be responsible for assessing client security needs, developing customized security strategies, and implementing solutions to mitigate risks. This role requires strong analytical skills, technical expertise, and the ability to communicate effectively with clients Responsibilities Represent Pinkerton s core values of integrity, vigilance, and excellence. Proven project management expertise with a strong understanding of security design principles. Demonstrated ability to develop and implement standardized security processes and best practices in collaboration with subject matter experts. This includes defining project scope, documentation, metrics, communication strategies, and successful implementation. Excellent time management and prioritization skills to meet client needs and deadlines. Adept at creating clear and concise security documentation, including SOPs, guidelines, presentations and Skilled in creating high-quality reports Strong communication and interpersonal skills. Holds a Project Management Professional (PMP)/CPP certification. 5 to 7 years of relevant experiences. Collaborate with stakeholders to define project scope, objectives, and deliverables. Develop and implement comprehensive security solutions, including physical security design, access control systems, and surveillance technologies. Create and maintain accurate documentation, including project plans, risk assessments, and incident reports. Communicate effectively with clients, security leaders, and other team members Proactively identify and mitigate security risks. Prioritize tasks and manage workload to meet deadlines and client expectations. Develop and deliver security awareness training to employees. Perform other security-related duties as assigned by the client. All other duties, as assigned. Qualifications Proven experience as a Security Consultant or in a similar role. Strong understanding of security protocols, risk management, and incident response. Excellent analytical, problem-solving, and communication skills. Relevant certifications such as CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are preferred. Working Conditions: With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; Regular computer usage. Occasional reaching and lifting of small objects and operating office equipment. Frequent sitting, standing, and/or walking. Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law.

At Bravura Solutions, collaboration, diversity and excellence matter. We value your ideas, giving you room to be curious and innovate in an exciting, fast-paced, and flexible environment. We look for many different skills and abilities, as well as how you can add value to Bravura and our culture. As a Global FinTech market leader and ASX listed company, Bravura is a trusted partner to over 350 leading financial services clients, delivering wealth management technology and products. We invest significantly in our technology hubs and innovation labs, which inspire and drive our creative, future-focused mindset. We take pride in developing cutting-edge, digital first technology solutions that support our clients to achieve financial security and prosperity for their customers. The Information Security Officer is responsible for supporting the implementation and operation of the organisations Information Security Management System (ISMS) within their region. This role will support security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the analysts will enable security controls aligning with client contractual obligations, regulatory requirements, and industry best practices. The analyst will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges The position is within the Information Security team. Main activities will include but are not limited to: Support the implementation and operations of the ISMS within the region. Support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Support continuous assessment and improvement of security controls and processes. Support, identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit & Compliance Support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training & Awareness Support the delivery of security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Support the assessment and management of security risks associated with third-party vendors and suppliers. Support security requirements are included in vendor contracts and SLAs. Enable regular security assessments of critical suppliers, considering the impact on client services. Security Operations & Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. Qualifications and Experience Bachelor s degree in Information Security, Computer Science, or related field (or equivalent experience). 3+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. Good understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. Experience in security risk management, audits, compliance, and client security assurance. Knowledge of security operations, incident response, and managed security services. Familiarity with supply chain security and third-party risk management. Good communication and stakeholder management skills, with experience working with clients on security matters. Ideally security certifications such as CISSP, CISM, or CRISC are preferred. Our people are the heart of our business. We work hard to provide a rich employee experience and a robust framework for ongoing career development. Competitive salary and employee benefits scheme. Flexible working hours, we value work-life balance. Maternity/ Parental (including secondary) leave policy. Cab facility available in Delhi/NCR. Meal facility available Free Medical Insurance We make hiring decisions based on your experience, skills and passion so even if you don t match every listed skill or tick all the boxes, we d still love to hear from you. Please note that interviews are primarily conducted virtually and if you require any reasonable adjustments or would like to note which pronouns you use, please let us know. All final applicants for this position will be asked to consent to a criminal record and background check. Please note that people with criminal records are not automatically barred from applying for this position. Each application will be considered on its merits.

Redefine the future of customer experiences. One conversation at a time. We re changing the game with a first-of-its-kind, conversation-centric platform that unifies team collaboration and customer experience in one place. Powered by AI, built by amazing humans. Our culture is forward-thinking, customer-obsessed and built on an unwavering belief that connection fuels business and life; connections to our customers with our signature Amazing Service , our products and services, and most importantly, each other. Since 2008, 100,000+ companies and 1M+ users rely on Nextiva for customer and team communication. If you re ready to collaborate and create with amazing people, let your personality shine and be on the frontlines of helping businesses deliver amazing experiences, you re in the right place. Build Amazing - Deliver Amazing - Live Amazing - Be Amazing The AI Security and Compliance Engineer is responsible for working with development and compliance teams to ensure secure and compliant AI development throughout the product lifecycle. The engineer applies knowledge of AI and application security risks and threats to design and implement appropriate, cost-effective security controls during development, deployment, and operation of AI based applications. The engineer defines and promotes the implementation guidelines for data classification, segregation, and access controls to AI model inputs and training data to ensure data confidentiality and privacy for different data sources and user groups. The engineer performs audits and vulnerability assessments, penetration testing and supports mitigation of findings. Key Responsibilities: Ensure AI products have security and privacy by design. Establish and document policies and guidelines for data classification and data used for training to prevent leaks of sensitive data. Work with development and compliance teams to ensure secure and compliant AI development throughout the product lifecycle to meet customer, regulatory, and contractual obligations. Monitor and audit AI systems and development processes for compliance with policies, regulations and contractual obligations. Monitor and respond to security incidents involving AI systems. Create AI-specific incident management procedures to address AI related security incidents. Enhance the resilience of AI systems against potential threats by implementing cyber security best practices, controls, and tools to protect AI models from threats such as those in the OWASP AI Top Ten, including supply chain and model poisoning threats and attempts to access, modify, and exfiltrate confidential information via the query interface. Establish policies and guidelines for access controls, limitations and guardrails on usage and prompts for AI inputs and API s. Ensure proper access controls on API s and processing pipelines, and segregation of data. Create, update, and maintain threat models for a wide variety of software projects. Provide AI security training for internal development teams. Maintain current knowledge of AI risks, threats, and AI testing tools and techniques. Perform other duties to support the technical and operational security of the organization as required. Qualifications: Bachelor s degree in an IT related field or equivalent experience and 2-5 years of experience in working in IT security, software development, or AI development. Desired certifications - one or more of the following: CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), SSCP (Systems Security Certified Practitioner), CCSP (Certified Cloud Security Professional) or CompTIA Security+. Understanding of Application Security and Data Security for applications and AI, such as the OWASP Top 10 and the OWASP Top 10 for Generative AI. Proficiency in and strong working knowledge of AI technologies and models such as Llama and ChatGPT. Experience and understanding of threats and risks related to web applications and API s, particularly with AI based applications. General knowledge of security implications of threats and vulnerabilities related to networks, servers, operating systems, applications, and databases. Experience with vulnerability management, patching, and mitigation assessment. Experience working within and implementing policies for a security framework such as ISO 27001 and NIST. Flexibility to work off-hours to support global project teams and maintenance windows. Ability to support 24x7 on-call for incident response on a rotating basis. Experience developing software, scripting and using SQL queries to automate controls, processes and reporting. Competencies: Strong analytical problem-solving skills and attention to detail. Organization, Time Management & Prioritization - Self-starter that focuses on key priorities; plans, organizes, schedules and executes on tasks and projects in an efficient and productive manner. Ability to form productive relationships across the organization to accomplish information security objectives. Ability and willingness to learn all aspects of the information security field. Professional verbal and written communication skills in English. Expresses ideas using clear, effective and efficient language. Listens patiently and attentively. Adapts to the purpose of the communication with appropriate style, substance, detail, confidence and channel. Possess the ability to manage multiple channels of communication simultaneously; phone, email, tickets, and chat. Able to assess, document, and prioritize identified security flaws and vulnerabilities based on risk. Total Rewards Our Total Rewards offerings are designed to allow our employees to take care of themselves and their families so they can be their best, in and out of the office. Our compensation packages are tailored to each role and candidates qualifications. We consider a wide range of factors, including skills, experience, training, and certifications, when determining compensation. We aim to offer competitive salaries or wages that reflect the value you bring to our team. Depending on the position, compensation may include base salary and/or hourly wages, incentives, or bonuses. Medical - Medical insurance coverage is available for employees, their spouse, and up to two dependent children with a limit of 500,000 INR, as well as their parents or in-laws for up to 300,000 INR. This comprehensive coverage ensures that essential healthcare needs are met for the entire family unit, providing peace of mind and security in times of medical necessity. Group Term & Group Personal Accident Insurance - Provides insurance coverage against the risk of death / injury during the policy period sustained due to an accident caused by violent, visible & external means. Coverage Type - Employee Only Sum Insured - 3 times of annual CTC with minimum cap of INR 10,00,000 Free Cover Limit - 1.5 Crore Work-Life Balance - 15 days of Privilege leaves per calendar year, 6 days of Paid Sick leave per calendar year, 6 days of Casual leave per calendar year. Paid 26 weeks of Maternity leaves, 1 week of Paternity leave, a day off on your Birthday, and paid holidays Financial Security - Provident Fund & Gratuity Wellness - Employee Assistance Program and comprehensive wellness initiatives Growth - Access to ongoing learning and development opportunities and career advancement At Nextiva, were committed to supporting our employees health, well-being, and professional growth. Join us and build a rewarding career! Established in 2008 and headquartered in Scottsdale, Arizona, Nextiva secured $200M from Goldman Sachs in late 2021, valuing the company at $2.7B.To check out what s going on at Nextiva, check us out on Instagram , Instagram (MX) , YouTube , LinkedIn , and the Nextiva blog . #LI-RQ1 #LI-Hybrid

Fynd is India s largest omnichannel platform and multi-platform tech company with expertise in retail tech and products in AI, ML, big data ops, gaming+crypto, image editing and learning space. Founded in 2012 by 3 IIT Bombay alumni: Farooq Adam, Harsh Shah and Sreeraman MG. We are headquartered in Mumbai and have 1000+ brands under management, more than 10k stores and servicing 23k + pin codes. We are seeking a highly skilled Data Protection Officer (DPO) / GRC Officer responsible for ensuring compliance with global security and data protection regulations. The ideal candidate will oversee governance, risk, and compliance (GRC) programs, implement security frameworks, and safeguard sensitive data across the organization. What will you do at Fynd ? 1. Governance, Risk, and Compliance (GRC): Develop, implement, and maintain GRC frameworks to align with regulatory and industry standards. Establish risk assessment methodologies and ensure mitigation strategies are in place. Conduct IT General Controls (ITGC) assessments to ensure effective security controls and processes. Oversee third-party risk assessments, ensuring vendors comply with security policies. 2. Data Protection & Privacy Compliance: Implement and oversee compliance with DPDP (Digital Personal Data Protection Act, India) and GDPR regulations. Act as the point of contact for data protection authorities and internal privacy matters. Conduct Data Protection Impact Assessments (DPIAs) and privacy risk assessments. Develop and enforce privacy policies, data retention, and protection measures. 3. Information Security Compliance & Certifications: Lead and maintain compliance with ISO 27001, ensuring policies and controls meet certification requirements. Manage SOC 2 compliance efforts, including security, availability, processing integrity, confidentiality, and privacy principles. Oversee PCI-DSS compliance for handling cardholder data securely. Ensure alignment with NIST security frameworks for risk management and cybersecurity resilience. 4. Business Continuity & Incident Management: Develop and maintain a Business Continuity Management (BCM) program, including disaster recovery plans. Lead security incident response and investigations to mitigate data breaches and cybersecurity threats. Conduct regular tabletop exercises and audits to test resilience and readiness. Some Specific Requirements Bachelor s/Master s degree in Information Security, Cybersecurity, Compliance, or a related field. Professional certifications such as CIPP/E, CIPM, CISSP, CISM, CISA, ISO 27001 Lead Auditor, or CRISC are highly preferred. 5+ years of experience in Data Protection, Compliance, GRC, or Cybersecurity roles. Strong knowledge of regulatory frameworks (SOC2, ISO27001, GDPR, DPDP, PCI-DSS, NIST, ITGC, Third-Party Risk Management). Experience in implementing GRC tools and automating compliance processes. Excellent stakeholder management skills with the ability to work cross-functionally. Strong analytical, problem-solving, and decision-making skills. What do we offer? Growth Growth knows no bounds, as we foster an environment that encourages creativity, embraces challenges, and cultivates a culture of continuous expansion. We are looking at new product lines, international markets and brilliant people to grow even further. We teach, groom and nurture our people to become leaders. You get to grow with a company that is growing exponentially. Flex University We help you upskill by organising in-house courses on important subjects Learning Wallet: You can also do an external course to upskill and grow, we reimburse it for you. Culture Community and Team building activities Host weekly, quarterly and annual events/parties. Wellness Mediclaim policy for you + parents + spouse + kids Experienced therapist for better mental health, improve productivity & work-life balance We work from the office 5 days a week to promote collaboration and teamwork. Join us to make an impact in an engaging, in-person environment!

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks).

Role Summary: Designs and implements technical solutions for protecting the confidentiality, integrity and availability of sensitive information. Provides technical evaluations of client systems and assists with making security improvements. Provides technical support in the areas of vulnerability assessment, risk assessment, network security and security implementation. Conducts testing and audit log reviews to evaluate the effectiveness of current security measures. Conducts security product evaluations, and recommends products, technologies and upgrades to improve the client"™s security posture. Responsibilities : Customizes, validates, administers and supports a variety of enterprise wide information security platforms, systems, frameworks and applications, based on requirements provided by management; Develops implementation plans related to information security for systems, tools, platforms, and frameworks. Conducts security assessments of systems, tools, platforms, policies, procedures and frameworks. Creates designs and diagrams related to information security for systems, tools, platforms, and frameworks. Develops standard operating procedures for information security related to systems, tools, platforms, and frameworks. Leads audits and reviews designs for information security issues. Validates vulnerabilities identified during security testing, audits, and assessments, while reviewing for false positives. Understands large scale multi-tenant software products supporting multiple government agencies. Understands large scale software integrations of multiple software products. Acts as source for direction, training and guidance for less experienced information security engineers. Works with engineering teams to define and refine information security and systems management policies and settings. Evaluates new and emerging products, technologies and make recommendations to leadership concerning introduction of new technologies. Required Skills > 6 years of information security experience for state and/or federal agencies required. > 6 years of leading information security assessments, policy development, framework implementation, and tool implementation. Must have knowledge of one or more of the following productsBroadcom Identity Manager, Identity Suite and Single Sign On. Preferred Skills Undergraduate degree Certification from Information Security Program (CISM, CompTIA, GSEC, CISSP, etc.) Preferred. Preferred knowledge of one or more of the following productsDell Nutanix, Dell VxRail, VMware ESXi/vCenter/NSX/SRM, Microsoft Windows Server, RedHat Enterprise Linux, MS SQL Server, Nagios, NewRelic APM/Infrastructure/Browser, Octopus Deploy, Puppet, Splunk, Veracode.

Hi, Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Bangalore . We are looking for candidates with 10+ years of experience in internal audit. Qualification: CA qualified OR having relevant certification (CISA/CIA/CISM/ISO/CISSP) Job Description: 10+ years of post-qualification experience in IT internal audit. Working in third line of defense. Should be comfortable with yearly international travel. Hands-on experience with global on-site audits. Interested candidates for above position kindly share your CVs on sneh.ne@peoplefy.com with below details - Experience : CTC : Expected CTC : Notice Period : Location :

Overview 170+ Years Strong. Industry Leader. Global Impact. At Pinkerton, the mission is to protect our clients. To do this, we provide enterprise risk management services and programs specifically designed for each client. Pinkerton employees are one of our most important assets and critical to the delivery of world-class solutions. Bonded together, we share a commitment to integrity, vigilance, and excellence. Pinkerton is an inclusive employer who seeks candidates with diverse backgrounds, experiences, and perspectives to join our family of industry subject matter experts. The Senior Security Specialist will be responsible for assessing client security needs, developing customized security strategies, and implementing solutions to mitigate risks. This role requires strong analytical skills, technical expertise, and the ability to communicate effectively with clients Responsibilities Represent Pinkerton’s core values of integrity, vigilance, and excellence. Proven project management expertise with a strong understanding of security design principles. Demonstrated ability to develop and implement standardized security processes and best practices in collaboration with subject matter experts. This includes defining project scope, documentation, metrics, communication strategies, and successful implementation. Excellent time management and prioritization skills to meet client needs and deadlines. Adept at creating clear and concise security documentation, including SOPs, guidelines, presentations and Skilled in creating high-quality reports Strong communication and interpersonal skills. Holds a Project Management Professional (PMP)/CPP certification. 5 to 7 years of relevant experiences. Collaborate with stakeholders to define project scope, objectives, and deliverables. Develop and implement comprehensive security solutions, including physical security design, access control systems, and surveillance technologies. Create and maintain accurate documentation, including project plans, risk assessments, and incident reports. Communicate effectively with clients, security leaders, and other team members Proactively identify and mitigate security risks. Prioritize tasks and manage workload to meet deadlines and client expectations. Develop and deliver security awareness training to employees. Perform other security-related duties as assigned by the client. All other duties, as assigned. Qualifications Proven experience as a Security Consultant or in a similar role. • Strong understanding of security protocols, risk management, and incident response. • Excellent analytical, problem-solving, and communication skills. • Relevant certifications such as CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) are preferred. Working Conditions: With or without reasonable accommodation, requires the physical and mental capacity to effectively perform all essential functions; Regular computer usage. Occasional reaching and lifting of small objects and operating office equipment. Frequent sitting, standing, and/or walking. Travel, as required. Pinkerton is an equal opportunity employer to all applicants and positions without regard to race/ethnicity, color, national origin, ancestry, sex/gender, gender identity/expression, sexual orientation, marital/prenatal status, pregnancy/childbirth or related conditions, religion, creed, age, disability, genetic information, veteran status, or any protected status by local, state, federal or country-specific law.

Your day at NTT DATA The Senior Associate Information Security Analyst is a developing subject matter expert, responsible for designing and implementing security systems to protect the organization's computer networks from cyber-attacks, and to help set and maintain security standards. This role is required to monitor the organization's computer networks for security issues, install security software, and document any security issues or breaches found. The Senior Associate Information Security Analyst is responsible for assisting in the planning, implementation, and management of information security measures to safeguard the organization's digital assets and systems and contributes to maintaining a secure and compliant environment. What you'll be doing Key Responsibilities: Monitors security alerts and events from various sources, investigates potential threats, and escalates incidents as necessary. Assists in the implementation and monitoring of security controls, including firewalls, intrusion detection systems, and access controls. Performs regular vulnerability assessments, analyses scan results, and assists in prioritizing and remediating identified vulnerabilities. Supports the incident response team in investigating security incidents, documenting findings, and participating in remediation efforts. Assists in ensuring compliance with industry standards (for example, GDPR, ISO 27001) by conducting assessments and implementing necessary controls. Installs security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programs. Documents security breaches and assess the damage they cause. Works with the security team to perform tests and uncover network vulnerabilities. Fixes detected vulnerabilities to maintain a high-security standard. Develops organizational best practices for IT security. Performs penetration testing and upgrades systems to unable security software. Installs and upgrades antivirus software and tests and evaluates new technology. Assists with the installation of security software and understands information security management. Researches security enhancements and makes recommendations to management. Stays abreast of information technology trends and security standards. Contributes to security awareness initiatives by creating training materials, conducting workshops, and educating employees about best security practices. Maintains accurate records of security incidents, assessments, and actions taken for reporting and audit purposes. Assists in the management and maintenance of security tools, including antivirus software, encryption tools, and security information and event management (SIEM) systems. Participates in risk assessments to identify potential security threats, vulnerabilities, and associated risks to the organization. Collaborates with cross-functional teams, IT, and other teams to ensure security measures are integrated into the organization's processes and projects. Performs any other related task as required. Knowledge and Attributes: Good communication skills to effectively convey technical information to non-technical stakeholders. Good analytical thinking and problem-solving skills to prevent hacking on a network. Ability to identify and evaluate potential risks and to develop solutions. Ability to identify and mitigate network vulnerabilities and explain how to avoid them. Understands firewalls, proxies, SIEM, antivirus, and IDPS concepts. Understands patch management with the ability to deploy patches in a timely manner whilst understanding business impact. Developing proficiency with MAC and OS. Familiarity with security frameworks, standards, and regulations (for example, NIST, CIS, GDPR). Basic understanding of network and system architecture, protocols, and security controls. Ability to analyze security incidents and assess potential risks. Ability to work both independently and collaboratively in a fast-paced environment. Academic Qualifications and Certifications: Bachelor's degree or equivalent in information security, cybersecurity, computer science, or related. Security certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are advantageous. Required Experience: Moderate level of demonstrated experience in information security or cybersecurity, or related roles. Moderate level of demonstrated experience working in a global IT organization. Moderate level of demonstrated experience with computer network penetration testing and techniques. Moderate level of demonstrated experience with security assessment and vulnerability scanning tools. Workplace type : On-site Working

Your day at NTT DATA The Senior Infrastructure and Operations Engineer is an advanced subject matter expert, responsible for ensuring the availability of the infrastructure service platforms and/or software. This role responds to situations where standard procedures have failed to fix problems in non-functioning infrastructure service platforms and/or software. This role designs system configurations, documents and manages the installation of a new network, and maintains and upgrades existing systems as necessary and later support the operation of overall IT services offered by the company. What youll be doing Key Responsibilities: Performs operational tasks to resolve all incidents / requests in a timely manner and within agreed Service Level Agreement (SLA). Update tickets with resolution tasks performed. Maintains network and services availability by performing maintenance and health checks. Supports, assists or leads engineering, design and problem isolation. Provides third level support to all incidents, requests and identify the root cause of incidents and problems. Communicates with other teams and clients for extending support. Executes changes with clear identification of risks and mitigation plans to be captured into the change record. Escalates all tickets to seek right focus from other teams, if needed continue the escalations to management. Establishes monitoring for platform infrastructure. Leads and manages all initial client escalation for operational issues. Contributes to the change management process by logging all change requests with complete details for standard and non-standard including patching and any other changes to Configuration Items. Ensures all changes are carried out with proper change approvals. Plans and executes approved maintenance activities. Performs any other related task as required. Knowledge and Attributes: Advanced knowledge in Microsoft Solutions, i.e. design and implementation of Windows Server platforms, Office 365 migrations, Active Directory, Group Policy, System Centre Configuration. Advanced understanding of network switches, network routing, MPLS, network administration, network integration, network security and network advancement. Advanced knowledge in architecture, design, configuration, and deployment within the Microsoft Azure platform. Advanced understanding of server and desktop hardware/operating systems, networks, firewalls. Excellent oral, written and presentation communication skills. Advanced knowledge of IT infrastructure management processes, techniques, risks and best practices. Advanced knowledge of infrastructure technologies such as system management, system/network administration and development. Advanced knowledge of server administration, data center operations, project and change management principles and practices. Ability to facilitate discussions in order to address emerging problems and opportunities. Ability to handle multi-task, set priorities and meet deadlines. Advanced knowledge and understanding of information systems technology areas. Academic Qualifications and Certifications: Bachelors degree or equivalent in Information Technology or a related field. Relevant certifications such as CCIE/CCNP/ITIL/COBIT/PMP/CISA/CISM certifications. Required Experience: Advanced experience in similar IT roles, with a focus on IT infrastructure engineering and operations. Proven working experience in a large-scale organization. Advanced experience with IT frameworks ITIL, MoF, CoBIT, Run SAP. Advanced experience supporting IT infrastructure and service delivery. Advanced experience working with vendors and/or service providers. Advanced experience, judgment and drive to plan, make decisions and accomplish individual and team goals. Advanced experience working in a team-oriented, collaborative environment. Workplace type On-site Working

Key Responsibilities: Monitors security alerts and events from various sources, investigates potential threats, and escalates incidents as necessary. Assists in the implementation and monitoring of security controls, including firewalls, intrusion detection systems, and access controls. Performs regular vulnerability assessments, analyses scan results, and assists in prioritizing and remediating identified vulnerabilities. Supports the incident response team in investigating security incidents, documenting findings, and participating in remediation efforts. Assists in ensuring compliance with industry standards (for example, GDPR, ISO 27001) by conducting assessments and implementing necessary controls. Installs security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programs. Documents security breaches and assess the damage they cause. Works with the security team to perform tests and uncover network vulnerabilities. Fixes detected vulnerabilities to maintain a high-security standard. Develops organizational best practices for IT security. Performs penetration testing and upgrades systems to unable security software. Installs and upgrades antivirus software and tests and evaluates new technology. Assists with the installation of security software and understands information security management. Researches security enhancements and makes recommendations to management. Stays abreast of information technology trends and security standards. Contributes to security awareness initiatives by creating training materials, conducting workshops, and educating employees about best security practices. Maintains accurate records of security incidents, assessments, and actions taken for reporting and audit purposes. Assists in the management and maintenance of security tools, including antivirus software, encryption tools, and security information and event management (SIEM) systems. Participates in risk assessments to identify potential security threats, vulnerabilities, and associated risks to the organization. Collaborates with cross-functional teams, IT, and other teams to ensure security measures are integrated into the organization's processes and projects. Performs any other related task as required. Knowledge and Attributes: Good communication skills to effectively convey technical information to non-technical stakeholders. Good analytical thinking and problem-solving skills to prevent hacking on a network. Ability to identify and evaluate potential risks and to develop solutions. Ability to identify and mitigate network vulnerabilities and explain how to avoid them. Understands firewalls, proxies, SIEM, antivirus, and IDPS concepts. Understands patch management with the ability to deploy patches in a timely manner whilst understanding business impact. Developing proficiency with MAC and OS. Familiarity with security frameworks, standards, and regulations (for example, NIST, CIS, GDPR). Basic understanding of network and system architecture, protocols, and security controls. Ability to analyze security incidents and assess potential risks. Ability to work both independently and collaboratively in a fast-paced environment. Academic Qualifications and Certifications: Bachelor's degree or equivalent in information security, cybersecurity, computer science, or related. Security certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are advantageous. Required Experience: Moderate level of demonstrated experience in information security or cybersecurity, or related roles. Moderate level of demonstrated experience working in a global IT organization. Moderate level of demonstrated experience with computer network penetration testing and techniques. Moderate level of demonstrated experience with security assessment and vulnerability scanning tools.

Your day at NTT DATA The Manager, Information Security Incident Response is a management role, responsible for managing the Information Security Incident Response Management team. This role ensures their team is equipped and enabled to detect and monitor threats and suspicious activity affecting the organization's technology domain. This role serves as the escalation point for incidents workflows and participates in the delivery of security measures through analytics and threat hunting processes. The Senior Manager, Information Security Incident Response manages a team of security professionals whilst fostering a collaborative and innovative team culture focused on operational excellence. What youll be doing Key Responsibilities: 10+ Years of experience in SOC. 4+ Years of experience as a SOC Manager. 4+ Years of experience in SIEM (Splunk) CISM/CISSP Certification is must. Good understanding about SOAR/UEBA/NBAD/XDR. Strong Exp in EDR and email fishing, Ransomware alerts. Troubleshooting technical issues to ensure project success. End-end integration of all soc solutions health check as per the signoff Implementing changes to align with Client demands and specifications. Providing guidance, direction, and instructions to the team to achieve specific objectives. Developing and executing a timeline for the team to achieve its goals. Monitoring incident detection and closure. Presenting regular metrics and reports. Identifying new alert requirements. Ensuring services meet SLA parameters. Conducting periodic DR drills. Following up with departments to close various reports/incidents and escalating long outstanding issues. Designing SIEM solutions to enhance security value, service management, and scalability. Identify, resolve, and conduct root-cause analysis for security incidents which is essential for maintaining a proactive and responsive security posture. Develop and document incident response procedures. Ensuring the SIEM system is optimized for efficient performance is vital. This includes handling data volume effectively and maintaining responsiveness for timely threat detection and response. Align reports SIEM rules and alerts with security policies and compliance reports requirements ensures that the system contributes to overall security and regulatory adherence. Developing customized and dashboards provides meaningful insights into the LICs security posture, aiding in decision-making and monitoring. Integration with other solutions/devices (including security solutions) to enhance overall security monitoring and incident response capabilities, creating a more comprehensive security infrastructure. Collaborate with SIEM solution vendors for updates, patches, and support to ensure the systems reliability and effectiveness. Academic Qualifications and Certifications: Bachelors degree or equivalent in Information Technology, Computer Science or related field. Industry Certifications such as CISSP, CISM preferred. Required Experience: Advanced experience in a Technology Information Security Industry. Advanced prior experience working in a SOC/CSIR. Comprehension and practical knowledge of the Cyber Threat Kill Chains. Advanced knowledge of Tools, Techniques and Processes (TTP) used by threat actors. Advanced practical knowledge of indicators of compromise (IOCs). Advanced experience with End Point Protection and Enterprise Detention and Response Software. Advanced experience or knowledge of SIEM and IPS technologies. Advanced experience with Wireshark, tcpdump, Remnux, decoders for conducting payload analysis. Knowledge of malware analysis, hacking techniques, latest vulnerabilities, and security trends. Preferably an interest, or knowledge of, or experience with SIEM and IPS technologies. Advanced knowledge of network technologies including routers, switches, firewalls Advanced prior demonstrated experience managing and leading a team in a related field. Workplace type On-site Working

Your day at NTT DATA The Risk Analyst is a seasoned subject matter expert, responsible for assessing and managing risks to ensure the security, integrity, and resilience of the organization's operations and services. This role involves identifying potential threats, analyzing vulnerabilities, and providing recommendations to mitigate risks. Through proactive risk assessment and collaboration with cross-functional teams, this role contributes to the organization's efforts to maintain a secure and compliant environment. Key responsibilities: Analyzes risk to business activities and operations. Identifies areas of potential loss or damage for current and proposed business and financial operations, processes, structures and cyber-risk exposure and quantifies impact Implements and evaluates compliance with business and cyber risk-reduction policies, processes and standards. May participate in the development and maintenance of disaster recovery and business continuity plans. Supports organizational processes and programs for mitigation of financial risk, including administration of insurance. May support and administer security and health/safety programs in addition to risk management activities. Performs any other related task as required by management. To thrive in this role, you need to have: Strong understanding of risk assessment methodologies, global regulations, and compliance requirements. Proficiency in data analysis tools and techniques for identifying trends, patterns, and potential risks. Excellent analytical skills and attention to detail. Effective communication skills to convey complex risk concepts to a global audience. Cultural sensitivity and adaptability to work across different regions and time zones Strong problem-solving skills and ability to work collaboratively with cross-functional and global teams. Academic qualifications and certifications: Bachelor's degree or equivalent in Business, Information Security, Risk Management or related field. Relevant certifications such as CISM, CRISC, CISSP, CIPP preferred. Required experience: Seasoned years of experience as a Risk Analyst, preferably in a global organization with diverse operations.

5+ exp compliance or policy development in IT, cybersecurity, or endpoint management Policy Development and Implementation Compliance Monitoring and Reporting Risk Management Training and Awareness Incident Management Collaboration and Support Required Candidate profile Compliance & Policy Development CISA, CISM, CISSP Preferred Work with IT, legal, CISO office, and cybersecurity Present compliance reports to - Unified Endpoint Manager, CISO office stakeholders

Network Security Engineer - Staffing & HR Services Job Title: Network Security Engineer Job Summary: We are seeking a dynamic and experienced Network Security Engineer to join SCLERAVDMS Private Limited. The ideal candidate will lead the implementation and management of our network security infrastructure, ensuring the alignment of security strategies with business objectives. This role requires a strategic thinker with strong technical expertise, deep knowledge of network security best practices, and the ability to proactively identify and address potential vulnerabilities. The Network Security Engineer will be responsible for safeguarding the organization s data and IT systems while fostering a secure, efficient, and compliant environment. Key Responsibilities: Design, implement, and maintain network security systems, ensuring the protection of company systems, data, and networks. Handle and manage SOC, ISO, or HIPAA audits to ensure compliance with industry standards and regulatory requirements. Conduct regular network security assessments, vulnerability assessments, and penetration testing. Assist with internal and external audits, providing necessary documentation and evidence for compliance. Collaborate with IT and security teams to identify and resolve network security vulnerabilities. Monitor and respond to security incidents, ensuring quick resolution and minimal impact on operations. Develop and enforce network security policies, procedures, and best practices. Stay up to date with emerging network security threats and industry trends, implementing appropriate solutions. Maintain detailed records of security incidents and audits for reporting and compliance purposes. Qualifications: Bachelor s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Minimum of 2 years of experience in a network security role with experience in SOC Audits, ISO Audits, or HIPAA Audits. Strong understanding of network protocols, security technologies, and network defense strategies. Hands-on experience with security tools such as firewalls, intrusion detection systems, and encryption technologies. Knowledge of regulatory standards including SOC 1/2, ISO 27001, HIPAA, and NIST frameworks. Familiarity with common security frameworks, risk management, and incident response procedures. Ability to analyze and resolve complex security issues in a timely manner. Strong communication and documentation skills. Relevant certifications (e.g., CISSP, CISM, CISA, or similar) are a plus.

Product Security Engineer Location: Bangalore, India Experience: 3-6 years About Us: The Opportunity: This is more than just a security role; its a chance to build an information security function at Nurix AI, a rapidly scaling AI startup. With our exponential growth and our use of sophisticated AI, LLMs, and multi-cloud infrastructure (AWS, GCP, Azure), we need a seasoned expert to establish and champion a world-class security posture. Our customers are entrusting us with their data in an era of heightened security concerns, and your role will be pivotal in maintaining and strengthening that trust. You will be instrumental in fortifying our defenses at Nurix AI, proactively addressing the unique security challenges of AI and LLMs, and ensuring our innovative solutions are secure by design. What Youll Do (Key Responsibilities): Roles & Responsibilities (What you ll be doing): Execute penetration tests on web apps, APIs, and mobile applications, then deliver detailed vulnerability assessments and clear remediation advice. Perform both manual and automated secure code reviews primarily in Java, Python, and JavaScript. Build Python-based security automation tools to broaden test coverage, cut manual work, and speed up assessments. Partner with engineering teams to resolve security issues quickly within rapid release cycles. Develop and maintain threat models, applying proven techniques to surface and address design-level risks early. Champion a security-first culture by coaching developers on secure coding, common weaknesses, and attack vectors, while clearly presenting findings to all stakeholders. What you bring to the table: 2-5 years of hands-on experience in application security, penetration testing, or a closely related field. Deep expertise with testing tools such as Burp Suite, OWASP ZAP, Semgrep, MobSF, Jadx-GUI , and other mobile security frameworks. Proven ability to embed security across the SDLC , leveraging modern DevSecOps pipelines and tooling. Strong command of secure-coding fundamentals, the OWASP Top 10 , CWE catalog, and common exploit techniques. Solid scripting and automation skills Python preferred. Excellent communication and stakeholder-management capabilities. A passion for continual learning and staying ahead of emerging threats. Bonus Skills: Master s degree in Cybersecurity or a related field. Industry-recognized security certifications such as CISSP, CISM, CCSP, CEH, or CompTIA Security+, or specific cloud security certifications (AWS, GCP, Azure). Experience in a rapidly scaling technology startup. Strong working knowledge of global and Indian data privacy frameworks (e.g., GDPR, HIPAA, DPDP Act ). Experience building a security function from the ground up. Bonus points for credentials like OSCP, OSWE, CRTP , or a noteworthy bug-bounty / CTF track record. What We Offer: Opportunity to work on cutting-edge generative AI projects with leading clients. A dynamic and inclusive work environment that promotes professional growth and development. Competitive salary and benefits package, including opportunities for continuous learning and skill enhancement. If you are passionate about leveraging generative AI to drive business transformation and have the expertise to lead complex projects, we invite you to apply and join our innovative team.

Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India. About the Job: The Application Security Consultant reports directly to the Cloud and Application Security Practice Director and is tasked with guiding clients from traditional DevOps practices to a comprehensive DevSecOps model. This role encompasses conducting in-depth code reviews, utilizing DAST, SAST, and SCA tools for security assessments, and performing web application penetration tests. With a focus on integrating security into the development lifecycle, this role requires a candidate with a strong development background and familiarity with a broad spectrum of programming languages. Responsibilities: Lead security reviews and web application penetration tests to identify vulnerabilities across a variety of development frameworks and languages. Advise on the integration of security practices within DevOps processes, aiding in the transition to DevSecOps. Perform thorough code reviews using DAST, SAST, and SCA tools, focusing on a wide array of programming languages. Work closely with development teams to instill secure coding practices and embed security measures within CI/CD pipelines. Support the bug bounty program. Support the preparation of security releases. Assist in development of security processes and automated tooling that prevent classes of security issues. Requirements: 2-3 years overall application security experience Extensive experience application and code security Experience with static and dynamic code analysis solution. For Example: Veracode, Checkmarx, SonarQube Retain one or more of the following certifications: CISSP, CISM, OSCP, CEH Experience in solution architecture, DevSecOps practices, and cloud integration. Experience working with Infrastructure as Code, CI/CD pipelines and Secure DevOps processes. Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, SAML, etc.). Strong expertise in at least one of the major programming languages (e.g., C/C++, Java, Python). This foundational knowledge is crucial for conducting effective code reviews and security assessments. An understanding of, or experience with, a diverse set of languages, including but not limited to Gosu, Business Basic, CLI Scripts, HCL Domino, Net.Data, PowerShell, Shell, SQL, and SQR. Strong security inclination & technical writing skills Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position.

Assist the team in planning engagements, conducting fieldwork, discussing findings and observations with the clients, preparing work papers to support conclusions and preparing written reports. Conduct IT, Data Privacy & Information Security audits. Develop policies and procedures inline with Information Security & Privacy international and local standards. Attend preliminary meetings with clients; offer advice and develop a client understanding for the overall service process; communicate access and information requirements. Support Engagement partners and Directors to lead business development initiatives including, but not limited to, review pre-engagement activities, contracting and setting up meetings with prospective clients. Keeping up to date with developments in Technology, UAE markets, relevant professional standards (eg: ISO 27001, Data Privacy Law etc.) and specific industry sectors. Pursuit of highest professional standards, specialist skills in technology and credibility in the market through continuous professional education, certification, contributions to professional groups and appropriate networking. Contribute towards managing the overall client service delivery in accordance with BDO quality guidelines & methodologies. Contribute towards managing accounts on a day-to-day basis & explore new business opportunities for the firm. Maintain professional relations with clients, answer queries, offer expert advice. Ensure thorough project documentation and maintain electronic filing in accordance to BDO guidelines. Complete project assignments with minimum supervision and within the timelines provided by the management. Required Skills: Bachelors degree in Computer science, Engineering, or related field Post-qualification work experience of 6 to 8 years, with at-least 6-year experience in implementing the regulatory & compliance framework requirements (e.g. ISO 27001, ISO 27701, GDPR, ADHICS) Experience in international and local regulatory requirements related to Data Privacy & Protection Two (2) or more industry certifications strongly preferred. Example certifications include: CISA, CISSP, CIPM/CIPP, CISM, CCSP

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Operation Automation Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud technologies and security threats. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and frameworks.- Conduct regular assessments and audits to ensure compliance with security policies and standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Operation Automation.- Strong understanding of cloud security principles and best practices.- Experience with security incident response and management.- Familiarity with security compliance frameworks such as ISO 27001, NIST, or CIS.- Knowledge of automation tools and scripting languages to enhance security operations. Additional Information:- The candidate should have minimum 5 years of experience in Security Operation Automation.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Third Party IT Risk Management Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. A typical day involves collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular assessments of cloud security measures and recommend improvements.- Facilitate training sessions for team members on cloud security best practices. Professional & Technical Skills: - Must To Have Skills: Proficiency in Third Party IT Risk Management.- Strong understanding of cloud security principles and frameworks.- Experience with risk assessment methodologies and tools.- Ability to develop and implement security policies and procedures.- Familiarity with compliance standards such as ISO 27001 and NIST. Additional Information:- The candidate should have minimum 7.5 years of experience in Third Party IT Risk Management.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Service Delivery Good to have skills : Security GovernanceMinimum 15 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture while adapting to evolving threats and compliance requirements. Roles & Responsibilities:- Expected to be a Subject Matter Expert with deep knowledge and experience.- Should have influencing and advisory skills.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team understanding of cloud security practices.- Continuously evaluate and improve the cloud security framework based on emerging threats and technologies. Professional & Technical Skills: - Must To Have Skills: Proficiency in Service Delivery.- Good To Have Skills: Experience with Security Governance.- Strong understanding of cloud security principles and best practices.- Experience in risk assessment and management related to cloud environments.- Ability to design and implement security controls tailored to cloud architectures. Additional Information:- The candidate should have minimum 15 years of experience in Service Delivery.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Shell has a requirement for ITGC Analyst . Based on JD, it appears to be more on Risk Management/Environment Governance. Can you suggest a primary skill to be used for this role and add the respective representative from TA team for this role. As an ITGC Testing Analyst, you will support management in assessing the IT control environment. You will identify and report control weaknesses, track remediation action plans, and monitor the quality of remediation efforts.. More specifically, your role will include: ITGC Testing: Conduct testing of IT General Controls (ITGCs) to ensure compliance and effectiveness. ITC Testing: Perform testing of IT Components (ITCs) to validate data integrity and accuracy. Test Scripts: Developing and executing test scripts, documenting test procedures, and evaluating results to identify control gaps. Documentation: Maintain detailed documentation of testing procedures, findings, and recommendations. Reporting: Ensure adherence to the approved assurance plan and provide regular updates on progress. Issue Management: Advise IT operations on risk management and contribute to remediation plans for deficient controls. : Work with the offshore testing team to assess the design and effectiveness of IT controls. Stakeholder Communication: Communicate effectively with stakeholders to ensure understanding and alignment with assurance processes and risk management strategies. Tool Management: Oversee tools and reports used by the team and stakeholders, ensuring accuracy and updates based on business needs. Experience: IT Audit Expertise: Proven experience in IT audits or ITGC testing. Technical Skills: Certifications: Relevant certifications like ISO 27001, CISA, CISM, and CRISC or having a strong desire to work towards obtaining such certifications. Information Risk Management: Good understanding of information risk management and associated processes. Application Proficiency: Experience with widely used applications such as SAP, Power Platform, and Cloud technologies is desirable. Continuous Improvement: A mindset geared towards continuous improvement and project management experience. Work Schedule: Mid-Shift: Working hrs will be IST 12 noon to 9 pm. Shift allowance will be eligible per organization po Shell has a requirement for ITGC Analyst . Based on JD, it appears to be more on Risk Management/Environment Governance. Can you suggest a primary skill to be used for this role and add the respective representative from TA team for this role. As an ITGC Testing Analyst, you will support management in assessing the IT control environment. You will identify and report control weaknesses, track remediation action plans, and monitor the quality of remediation efforts.. More specifically, your role will include: ITGC Testing: Conduct testing of IT General Controls (ITGCs) to ensure compliance and effectiveness. ITC Testing: Perform testing of IT Components (ITCs) to validate data integrity and accuracy. Test Scripts: Developing and executing test scripts, documenting test procedures, and evaluating results to identify control gaps. Documentation: Maintain detailed documentation of testing procedures, findings, and recommendations. Reporting: Ensure adherence to the approved assurance plan and provide regular updates on progress. Issue Management: Advise IT operations on risk management and contribute to remediation plans for deficient controls. : Work with the offshore testing team to assess the design and effectiveness of IT controls. Stakeholder Communication: Communicate effectively with stakeholders to ensure understanding and alignment with assurance processes and risk management strategies. Tool Management: Oversee tools and reports used by the team and stakeholders, ensuring accuracy and updates based on business needs. Experience: IT Audit Expertise: Proven experience in IT audits or ITGC testing. Technical Skills: Certifications: Relevant certifications like ISO 27001, CISA, CISM, and CRISC or having a strong desire to work towards obtaining such certifications. Information Risk Management: Good understanding of information risk management and associated processes. Application Proficiency: Experience with widely used applications such as SAP, Power Platform, and Cloud technologies is desirable. Continuous Improvement: A mindset geared towards continuous improvement and project management experience. Work Schedule: Mid-Shift: Working hrs will be IST 12 noon to 9 pm. Shift allowance will be eligible per organization po