749 Cism Jobs - Page 6

We are looking for a hands-on professional to manage SatSure s IT operations and drive compliance, risk, and information security initiatives. This role will ensure that our IT systems and practices effectively support the company s growth while maintaining security, compliance, and reliability. You will work closely with engineering, business, and legal teams to implement best practices and enable smooth, secure operations. About SatSure SatSure is a deep tech, Decision Intelligence company working at the intersection of agriculture, infrastructure, and climate action. We transform satellite data into actionable insights, enabling faster, smarter, and more responsible decisions especially for underserved regions of the world. Key Responsibilities: IT Infrastructure Manage daily IT operations, including networks, endpoints, cloud resources, and collaboration tools. Ensure the reliability, security, and cost-effectiveness of cloud and internal IT infrastructure. Implement and maintain IT governance, access control, and operational procedures. Compliance Risk Develop and enforce policies to meet regulatory, contractual, and internal compliance requirements. Support internal and external audits (e.g., ISO 27001, SOC 2) and help maintain certifications. Monitor, assess, and mitigate IT and cyber risks. Information Security Oversee day-to-day security practices, including vulnerability checks, incident response, and data privacy. Create awareness programs to promote good security practices across teams. Collaboration Leadership Work with delivery, legal, and client teams to ensure compliance requirements are addressed in operations and contracts. Mentor junior team members, and help build a culture of accountability and continuous improvement. Qualifications 5 8 years of experience in IT operations, with some experience in compliance, risk, or information security. Bachelor s degree in Computer Science, Information Systems, or a related field. Certifications like CISM, CISSP, or ISO 27001 LA are an advantage but not required. Must Have Skills Strong working knowledge of cloud platforms (AWS, GCP, or Azure) and enterprise IT systems. Familiarity with standards like ISO 27001, GDPR, SOC 2, and ITIL. Ability to communicate risks and requirements clearly across teams. Experience supporting audits, managing vendors, and working with legal or client teams is a plus. Perks Benefits Health insurance for you and your family, including unlimited online doctor consultations. Access to mental health support for you and your dependents. Learning development allowance. Comprehensive leave policy (including paid, casual, marriage, and bereavement leaves). Biannual performance appraisals.

Hiring a Senior Cybersecurity GRC Consultant, you will play a pivotal role in helping organizations manage and improve their Governance, Risk, and Compliance (GRC) frameworks. You will be responsible for setting up and leading assessments, implementing strategies, and advising clients on how to mitigate cybersecurity risks and achieve compliance with industry standards and regulatory requirements. 8+ Years of Experience in cybersecurity, risk management, and governance, with a proven track record of leading GRC initiatives. Educational Background: Bachelors or Masters degree in Information Technology, Cybersecurity, Computer Science, Business Administration, or a related field. Certifications: Relevant cybersecurity certifications such as CISSP, CISA, CISM, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, or similar. Must have experience in customer facing projects (onsite / offsite); Should be able to lead the junior team members. In-depth Knowledge of Cybersecurity Frameworks: Expertise in implementing and advising on security frameworks such as Unified Cybersecurity Framework, NIST/RBI/IRDAI/SEBI Cybersecurity Frameworks, ISO 27001/2, CIS Controls etc. Project Management: Proven ability to manage and lead multiple GRC projects simultaneously, with strong organizational and time-management skills. Client-Focused: Demonstrated ability to build and maintain relationships with clients, providing expert advice and ensuring customer satisfaction. Cloud Security: Knowledge of cloud environments (AWS, Azure, Google Cloud) and their associated risks and compliance requirements. Penetration Testing & Vulnerability Management: Familiarity with vulnerability assessment, penetration testing, and ethical hacking practices. Incident Management: Experience in developing or improving incident response plans, business continuity plans, and disaster recovery strategies.

We are hiring for- Role: Technical product Manager Experience: 5-10 Years Location: Bangalore Work Mode: Hybrid Key Responsibilities Product Roadmap & Execution: Lead the product vision and execution for AI features in our GRC suite, bringing insight into leveraging AI for threat detection, vulnerability management, and risk quantification. Cross-functional Collaboration: Partner with engineering, data science, design, and QA teams to ensure the delivery of secure, scalable, and cyber risk-aligned product capabilities. User Research: Conduct deep-dive interviews and research with cyber stakeholders to pinpoint pain points, regulatory requirements, and opportunities for improvement across threat and control landscapes. Requirements Management: Translate complex business and user needs into clear product requirements, user stories, and acceptance criteria informed by real-world risk scenarios and industry standards. Prioritization & Backlog Management: Prioritize product enhancements to maximize value for cyber risk professionals, strengthen risk posture, and aid in incident response and resilience. Client Feedback Loop: Work with sales and customer success teams to integrate actionable client feedback into the product lifecycle, focusing on user experience for cyber risk stakeholders. Metrics & Analysis: Monitor adoption and effectiveness of AI-powered features, using product data to inform ongoing risk mitigation and reporting enhancements. Product Evangelism: Advocate for the product through presentations, documentation, and customer engagements, articulating its value for cyber risk and security teams. Subject Matter Expertise: Contribute your deep expertise in cyber risk management, threat modeling, NIST CSF, ISO 27005, and regulatory frameworks such as GDPR, PCI DSS, and DORA. Skills and Experience Experience : 510 years in Cyber Risk, Compliance, or Security Risk Management roles, preferably within high-impact or regulated environments. Domain Expertise : Advanced understanding of cyber risk methodologies—threat identification, impact analysis, vulnerability management, and risk treatment. Technical Acumen : Familiarity with AI/ML applications in cybersecurity (e.g., anomaly detection, behavioral analytics, automated risk prioritization). Product Mindset : Experience with design thinking and product development lifecycle (PDLC). Compliance Frameworks : Working knowledge of data protection laws and cybersecurity standards (e.g., NIST, ISO 27001, SOC 2). Certifications : Professional credentials such as CISSP, CRISC, CISM, or CEH. Security Product Development: Proven experience in security product creation or as a subject matter expert in GRC initiatives. Education Bachelor's or Master's degree in Cybersecurity, Information Technology, Risk Management, or related discipline. -- Muugddha Vanjarii 7822804824 mugdha.vanjari@sunbrilotechnologies.com

Brief overview of the business areas Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to risk management framework. The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC s estate in concert with business and technology teams on premise, within the Cloud and resulting from 3 rd party engagements. What you will be doing; The Threat and Controls Assessment Senior Consultant role will work as part of a global team to perform Threat Modelling on HSBC services. This role will report into the Threats and Controls Assessment Regional Lead, closely collaborating with peers across Penetration Testing; Secure Development, Third Party Security Assessment and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification. Key Responsibilities: Independently identify and assess the potential security threats and vulnerabilities in systems, applications, and networks. Work on complex architecture, systems, network to identify the potential security gaps and help HSBC bank to achieve expected security posture of the systems. Perform effective threat and control assessments of services within our internal, external and cloud estate. Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps. Understand the Business requirements, evaluate potential products / solutions and provide technical recommendations. Be "hands on" with technology and contribute to the design, development and the support of projects with security recommendations. Identify threats across the IT estate; including applications, databases, network and other infrastructure components. Engage with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues. Work as Technical Lead and take ownership to improve the processes, procedures and h elp team to improve technically. Stay up to date with industry new trends and best practices. What you will bring to the role; To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills: Mindset An inquisitive approach, always asking how to achieve goals in a smarter and more effective way Positive and professional attitude, team player, flexible and adaptable, embraces change Good Risk and Controls understanding Knowledge and exposure of Risk and Control Management Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications Requirements Strong Technical background In-depth understanding of security concepts and principles Proven experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets Strong understanding of applications design and architecture Knowledge and experience with network, host and application security practices Good working knowledge of one or more of the Cloud Service Providers AWS, GCP or Azure Strong understanding of Software Development Life Cycle (SDLC) with a focus on security Experience in continuous improvement and process optimisation. Understanding of emerging technologies and corresponding security threats Strong stakeholder management and communications skills Experience of working in international and diverse environments Experience in engaging with business, technology, regional and regulatory stakeholders Ability to communicate to key stakeholders effectively translating technical gaps into business risk Ability to complete tasks independently to a high quality standard Self-motivated individual with strong analytical and problem solving skills Experience within fast-moving, complex and demanding corporate environments and able to provide appropriate direction to the team whilst dealing with ambiguity and change Interpersonal Skills Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management

You re at the right place if you wish to make a difference and see the impact. Work with us to unleash your true potential while being yourself. Associate Governance Risk & Compliance Responsibilities Perform information security audits and consulting as per the regulatory requirement and security standards Develop and participate in implementation of client initiatives focused on the reduction of technology risk, governance and compliance to policies and external regulatory compliance Developing IT security policies, procedures and guidelines controls to manage risks. Knowledge of vulnerability management. A good understanding of IT data centre operations and a variety of technology platforms Qualifications 1-3 years experience in Compliance, Security, or related industry; Ideally should have a CISSP, CISA or CISM qualification; Knowledge and understanding of HIPAA, GDPR, PCI DSS, SOC 2, ISO27001 and ISO 22301 is preferred.

Description & Requirements About the Role Responsible for managing the Digital Cyber Security Engineering activities related to any kind of application security and secure software development activities, incorporating best practices across the entire company. This includes the evaluation of new security technologies, maintenance and configuration of the existing security tool landscape related to software development and application security. Identified risks are tracked for remediation and regularly reported to senior leadership for visibility. You are also a focal point for not just the IT but also the different business departments to serve as subject matter expert related to information security topics and provide tailored solutions towards the business needs. What You Will Do Support the security of software development activities across the company Assess and improve the security of applications used in or created by Harman Continuously improve and optimize Cyber Security environment related to software development and application security, including Cloud environments Manage and maintain the present Security Stack related to application security and software development Evaluate risks and appropriate processes and technology to mitigate these risks Perform risk assessments of individual projects as well as holistic companywide assessments What You Need Bachelor degree or higher, or equivalent qualification Several years (5+ years would be ideal) of experience on Cyber Security in a global footprint Solid experience in Secure Software Development Lifecycle (SSDLC) and Continuous Integration / Continuous Delivery (CI/CD) pipelines Expertise in various security technologies and product-suites (Azure, AWS, Atlassian tool suite or comparable) Ability to effectively communicate in English, including reading, writing and speaking Ability to prioritize and execute tasks in a structured and analytical way Very good communication in a team environment Project Management Experience What is Nice to Have CISSP certified Other Certifications around Information Security (e.g. CISM, CCSP, ISO27001 LI, OSCP ) Experience with OWASP top 10, dynamic and static code analysis What Makes You Eligible Be willing to travel up to 5%, domestic only OR domestic and international travel This role is eligible to work remotely 80% with occasional trips into the office location. What We Offer Flexible work environment, allowing for full-time remote work globally for positions that can be performed outside a HARMAN or customer location Access to employee discounts on world-class Harman and Samsung products (JBL, HARMAN Kardon, AKG, etc.) Extensive training opportunities through our own HARMAN University Competitive wellness benefits Tuition Reimbursement Access to HARMAN Campus Fitness Center and Cafeteria An inclusive and diverse work environment that fosters and encourages professional and personal development You Belong Here HARMAN is committed to making every employee feel welcomed, valued, and empowered. No matter what role you play, we encourage you to share your ideas, voice your distinct perspective, and bring your whole self with you all within a support-minded culture that celebrates what makes each of us unique. We also recognize that learning is a lifelong pursuit and want you to flourish. We proudly offer added opportunities for training, development, and continuing education, further empowering you to live the career you want. About HARMAN: Where Innovation Unleashes Next-Level Technology Ever since the 1920s, we ve been amplifying the sense of sound. Today, that legacy endures, with integrated technology platforms that make the world smarter, safer, and more connected. Across automotive, lifestyle, and digital transformation solutions, we create innovative technologies that turn ordinary moments into extraordinary experiences. Our renowned automotive and lifestyle solutions can be found everywhere, from the music we play in our cars and homes to venues that feature today s most sought-after performers, while our digital transformation solutions serve humanity by addressing the world s ever-evolving needs and demands. Marketing our award-winning portfolio under 16 iconic brands, such as JBL, Mark Levinson, and Revel, we set ourselves apart by exceeding the highest engineering and design standards for our customers, our partners and each other. If you re ready to innovate and do work that makes a lasting impact, join our talent community today! HARMAN is proud to be an Equal Opportunity employer. HARMAN strives to hire the best qualified candidates and is committed to building a workforce representative of the diverse marketplaces and communities of our global colleagues and customers. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.HARMAN attracts, hires, and develops employees based on merit, qualifications and job-related performance.( www.harman.com )

Description & Requirements About the Role As a Principal Engineer, IT & Cloud Security, you will bring specialized depth and breadth of expertise in Cloud Security and Risk Governance, leading strategic security initiatives and ensuring the implementation of best practices across the organization. This role requires a strong analytical mindset, the ability to lead complex projects, and a deep understanding of enterprise security frameworks. You will independently drive security improvements, providing strategic recommendations to address both internal and external business challenges. As a thought leader in security, you will collaborate with cross-functional teams to strengthen the company s security posture, influencing technology, processes, and risk management. Additionally, you will be facilitating technical discussions with external vendors, ensuring accountability for performance, and optimizing security tools across the organization. Your insights will directly impact security strategy, operational excellence, and risk mitigation at a global scale. Your Team This position reports to the Director, Digital Security Engineering and is technically guiding a Cloud Security Analyst position. You also lead cross-functional teams on security initiatives and projects with moderate resource requirements, risk, and complexity. What You Will Do Drive the companys Cloud Security strategy, ensuring continuous improvement and optimization in alignment with industry best practices. Own and enhance the risk governance framework for Cloud Security, defining KPIs and reporting metrics for executive leadership. Independently assess, analyze, and mitigate complex security risks, influencing corporate-wide security decisions. Lead security-related projects with cross-functional teams, ensuring effective collaboration and risk mitigation. Manage and evaluate external security vendors, ensuring appropriate licensing, service quality and accountability. Provide strategic guidance to business and IT teams, interpreting business challenges and identifying innovative solutions. Communicate complex security concepts to stakeholders, negotiating adoption of best practices across departments. Ensure effective operation and maintenance of security tools, continuously identifying opportunities for improvement. What You Need Bachelor s degree or equivalent qualification. 8+ years of experience in Cyber Security, preferably in a global organization. Deep expertise in Risk Governance and Cloud Security, including AWS, Azure, or GCP. Strong knowledge of Endpoint Security, Application Security, and Network Security. CISSP certification required. Experience managing external security vendors and ensuring performance accountability. Ability to interpret complex security risks, provide strategic recommendations, and influence leadership decisions. Strong project leadership experience, with the ability to lead cross-functional teams on security initiatives. Excellent communication and negotiation skills, with the ability to explain complex security challenges to both technical and non-technical stakeholders. Structured and analytical approach to problem-solving, with strong prioritization skills. What is Nice to Have Additional security certifications (e.g., CISM, CCSP, ISO 27001 LI, OSCP). Hands-on expertise with Cisco and CrowdStrike security solutions. Experience in enterprise security architecture and cloud-native security solutions. What Makes You Eligible Be willing to travel up to 5%, domestic only OR domestic and international travel What We Offer Flexible work environment, allowing for full-time remote work globally for positions that can be performed outside a HARMAN or customer location Access to employee discounts on world-class Harman and Samsung products (JBL, HARMAN Kardon, AKG, etc.) Extensive training opportunities through our own HARMAN University Competitive wellness benefits Tuition Reimbursement Access to HARMAN Campus Fitness Center and Cafeteria An inclusive and diverse work environment that fosters and encourages professional and personal development You Belong Here HARMAN is committed to making every employee feel welcomed, valued, and empowered. No matter what role you play, we encourage you to share your ideas, voice your distinct perspective, and bring your whole self with you all within a support-minded culture that celebrates what makes each of us unique. We also recognize that learning is a lifelong pursuit and want you to flourish. We proudly offer added opportunities for training, development, and continuing education, further empowering you to live the career you want. About HARMAN: Where Innovation Unleashes Next-Level Technology Ever since the 1920s, we ve been amplifying the sense of sound. Today, that legacy endures, with integrated technology platforms that make the world smarter, safer, and more connected. Across automotive, lifestyle, and digital transformation solutions, we create innovative technologies that turn ordinary moments into extraordinary experiences. Our renowned automotive and lifestyle solutions can be found everywhere, from the music we play in our cars and homes to venues that feature today s most sought-after performers, while our digital transformation solutions serve humanity by addressing the world s ever-evolving needs and demands. Marketing our award-winning portfolio under 16 iconic brands, such as JBL, Mark Levinson, and Revel, we set ourselves apart by exceeding the highest engineering and design standards for our customers, our partners and each other. If you re ready to innovate and do work that makes a lasting impact, join our talent community today! HARMAN is proud to be an Equal Opportunity employer. HARMAN strives to hire the best qualified candidates and is committed to building a workforce representative of the diverse marketplaces and communities of our global colleagues and customers. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.HARMAN attracts, hires, and develops employees based on merit, qualifications and job-related performance.( www.harman.com )

Your role in risk identification, control evaluation, and security governance is crucial in advising on complex situations and enhancing the firm s risk posture. Through collaboration and analytical skills, you will contribute to the Testing CoE s overall success and strengthen the firm s compliance with regulatory obligations and industry standards. Job Summary As a Vice President within the Testing CoE team, you will be responsible in risk identification, control evaluation, and security governancein advising on complex situations and enhancing the firm s risk posture. Job responsibilities Lead and manage control evaluations and end-to-end substantive testing activities, including planning, fieldwork and reporting. Lead comprehensive control evaluations and substantive testing to independently assess the design and effectiveness of controls within the Commercial and Investment Banking (CIB). Ensure compliance with internal policies, procedures, and external laws, rules, and regulations, while identifying necessary remediation actions. This includes developing and executing testing procedures, meticulously documenting results, drawing informed conclusions, making actionable recommendations, and distributing detailed compliance testing review reports. Foster collaboration with Compliance and Operational Risk Officers on various engagements. This includes developing detailed test scripts, facilitating issue discussions, participating in business meetings, and drafting comprehensive final reports to ensure alignment and clarity. Utilize advanced critical thinking skills to apply substantive testing techniques, thoroughly evaluating the effectiveness of high-risk business processes and identifying potential areas for improvement. Proactively assess and monitor risks, ensuring adherence to firm standards, regulatory requirements, and industry best practices. Implement strategies to mitigate identified risks effectively. Collaborate with cross-functional teams and stakeholders to support the design and effectiveness of controls. Drive initiatives that enhance the business control environment through recommended updates to the Compliance and Operational Risk Evaluation (CORE) application. Develop and execute robust control test scripts aimed at identifying control weaknesses, determining root causes, and recommending practical solutions to enhance operational efficiency and control effectiveness. Document test steps and results in a comprehensive and organized manner, ensuring sufficient support and justification for testing conclusions. Maintain a high standard of documentation to facilitate transparency and accountability. Lead meetings with business owners at various management levels, delivering testing results and supporting sustainable control enhancements. Identify and capitalize on opportunities to strengthen controls and improve operational efficiency. Required qualifications, capabilities, and skills 8+ years of experience or equivalent expertise in risk management, assessment, control evaluations, or a related field, Possess a strong understanding of industry standards and regulatory requirements. Demonstrated ability to analyze complex issues, develop and implement effective risk mitigation strategies, and communicate insights and recommendations clearly to senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices. Ability to stay updated with evolving regulatory landscapes and adapt strategies accordingly. Exceptional ability to develop and communicate well-founded recommendations based on regulatory guidance and standards, ensuring alignment with organizational goals and compliance requirements. Highly organized and detail-oriented, with a proven track record of managing multiple priorities and delivering results in a fast-paced environment. Strong analytical and communication skills, with the ability to convey complex information in a clear and concise manner to diverse audiences. Preferred qualifications, helpful capabilities, and skills CISM, CRISC, CISSP, CISA, CCEP, CRCM, CRCMP, GRCP, or other industry-recognized risk and risk certifications preferred. A background in auditing and the ability to understand of internal controls is beneficial. Proficiency in MS (Microsoft Suite) Office - Microsoft Word, Excel, Access, and PowerPoint. Knowledge of data analytical tools such as Tableau, Altryx or Pythyon Your role in risk identification, control evaluation, and security governance is crucial in advising on complex situations and enhancing the firm s risk posture. Through collaboration and analytical skills, you will contribute to the Testing CoE s overall success and strengthen the firm s compliance with regulatory obligations and industry standards. Job Summary As a Vice President within the Testing CoE team, you will be responsible in risk identification, control evaluation, and security governancein advising on complex situations and enhancing the firm s risk posture. Job responsibilities Lead and manage control evaluations and end-to-end substantive testing activities, including planning, fieldwork and reporting. Lead comprehensive control evaluations and substantive testing to independently assess the design and effectiveness of controls within the Commercial and Investment Banking (CIB). Ensure compliance with internal policies, procedures, and external laws, rules, and regulations, while identifying necessary remediation actions. This includes developing and executing testing procedures, meticulously documenting results, drawing informed conclusions, making actionable recommendations, and distributing detailed compliance testing review reports. Foster collaboration with Compliance and Operational Risk Officers on various engagements. This includes developing detailed test scripts, facilitating issue discussions, participating in business meetings, and drafting comprehensive final reports to ensure alignment and clarity. Utilize advanced critical thinking skills to apply substantive testing techniques, thoroughly evaluating the effectiveness of high-risk business processes and identifying potential areas for improvement. Proactively assess and monitor risks, ensuring adherence to firm standards, regulatory requirements, and industry best practices. Implement strategies to mitigate identified risks effectively. Collaborate with cross-functional teams and stakeholders to support the design and effectiveness of controls. Drive initiatives that enhance the business control environment through recommended updates to the Compliance and Operational Risk Evaluation (CORE) application. Develop and execute robust control test scripts aimed at identifying control weaknesses, determining root causes, and recommending practical solutions to enhance operational efficiency and control effectiveness. Document test steps and results in a comprehensive and organized manner, ensuring sufficient support and justification for testing conclusions. Maintain a high standard of documentation to facilitate transparency and accountability. Lead meetings with business owners at various management levels, delivering testing results and supporting sustainable control enhancements. Identify and capitalize on opportunities to strengthen controls and improve operational efficiency. Required qualifications, capabilities, and skills 8+ years of experience or equivalent expertise in risk management, assessment, control evaluations, or a related field, Possess a strong understanding of industry standards and regulatory requirements. Demonstrated ability to analyze complex issues, develop and implement effective risk mitigation strategies, and communicate insights and recommendations clearly to senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices. Ability to stay updated with evolving regulatory landscapes and adapt strategies accordingly. Exceptional ability to develop and communicate well-founded recommendations based on regulatory guidance and standards, ensuring alignment with organizational goals and compliance requirements. Highly organized and detail-oriented, with a proven track record of managing multiple priorities and delivering results in a fast-paced environment. Strong analytical and communication skills, with the ability to convey complex information in a clear and concise manner to diverse audiences. Preferred qualifications, helpful capabilities, and skills CISM, CRISC, CISSP, CISA, CCEP, CRCM, CRCMP, GRCP, or other industry-recognized risk and risk certifications preferred. A background in auditing and the ability to understand of internal controls is beneficial. Proficiency in MS (Microsoft Suite) Office - Microsoft Word, Excel, Access, and PowerPoint. Knowledge of data analytical tools such as Tableau, Altryx or Pythyon

You will be joining NTT DATA as an Information Security-Management - Security Analysis Specialist Advisor in Noida, Uttar Pradesh (IN-UP), India (IN). In this role, you will be responsible for ensuring the seamless delivery of all information security services to the customer. Your key duties will include delivering information security services in compliance with contracts and standards, assisting clients in defining and implementing security policies, strategies, and procedures, and participating in strategic design processes to align security with business requirements. Additionally, you will support the implementation of security governance frameworks, collaborate with clients to review and monitor adherence to security policies and standards, and facilitate audits to ensure compliance. Your role will also involve performing risk reviews, developing risk treatment plans, and incorporating threat intelligence into risk management strategies. You will be expected to drive remediation efforts related to information security, identify weaknesses in current operations, and ensure information security operations meet standards. To qualify for this role, you should have at least 6 years of relevant experience, knowledge of standards/regulations impacting information security, and experience with internal and external audits. Preferred qualifications include certifications such as CISSP, SSCP, CISM, or CEH, customer relationship management experience, and knowledge of systems and network administration. NTT DATA is a trusted global innovator of business and technology services, serving 75% of the Fortune Global 100. As a Global Top Employer, NTT DATA is committed to helping clients innovate, optimize, and transform for long-term success. With experts in more than 50 countries and a robust partner ecosystem, NTT DATA offers services in consulting, data and artificial intelligence, industry solutions, and digital infrastructure. As a part of the NTT Group, NTT DATA invests in R&D to support organizations and society in moving confidently into the digital future. Visit us at us.nttdata.com.,

As a Customer Success Implementation Architect at AppViewX, you will play a crucial role in driving customer onboarding, solutioning, and ongoing adoption and usage of our products. You will lead the implementation of AppViewX solutions for automating customer IT network infrastructure and Public Key Infrastructure, combining deep technical knowledge with an understanding of customer business objectives and challenges to help them maximize the value of our products. Your responsibilities will include: - Collaborating with Customer Success Managers and Customer Success Design Architects to implement AppViewX technology for new customers, addressing their objectives and success criteria with technical attention to ensure a quick Go-live. - Implementing additional AppViewX technology to solve specific business challenges for new customers, acting as a trusted technical advisor to assist customers in navigating technical challenges throughout the implementation process. - Identifying new use cases as part of the account growth and renewal strategy. - Providing feedback to improve the customer experience, speed time-to-value, and create greater benefits for customers. - Contributing to Customer Business Reviews highlighting potential areas of improvements. - Partnering closely with cross-functional team members to translate business needs and product requirements into new solutions. - Working with Product and Engineering teams to prioritize product enhancements and long-term roadmap based on customer and industry priorities. Requirements: - Minimum 5 years of experience in a technical implementation role. - Minimum 3 years of experience in customer-facing technical roles for a SaaS company with enterprise software products. - Domain knowledge on PKI, DNS, Active Directory, ADCS, CRL, OCSP, and associated cryptographic standards. - Experience with Certificate Life Cycle management/operations and PKI implementation processes. - Hands-on experience with Kubernetes, Linux/Windows server management, Apache, IIS, and application expertise. - CISSP/CISM/CISA certification is preferred. - Excellent organization, troubleshooting, problem-solving, deployment, and multitasking skills with the ability to learn new technology quickly. - Experience working with F500 organizations. - Exceptional communication skills, both oral and written, coupled with excellent listening skills.,

We are seeking a skilled and motivated Cyber Security Engineer to lead efforts in securing our Software as a Medical Device (SaaMD) offerings. This pivotal role ensures global compliance and best-in-class security practices throughout the software development lifecycle, anchored in standards like ISO/IEC 27001, ISO/IEC 27002, and ISO 13485. Key Responsibilities : Security Control Implementation : - Design, implement, and monitor robust security controls across the SaaMD SDLC. - Align with ISO/IEC 27001, 27002, and ISO 13485 frameworks. - Guide secure coding, DevSecOps practices, and vulnerability management. - Apply a risk-based approach to identify and mitigate threats proactively. Compliance & Audit Readiness : - Support internal and external audits with detailed documentation. - Collaborate with Quality & Regulatory teams for ISO 13485 compliance. - Maintain audit-ready procedures and manage change documentation. Threat Modeling & Penetration Testing : - Develop threat models using tools like LucidChart. - Conduct pen-testing via BurpSuite, nmap, Wireshark, and Deptrack. - Run static and dynamic code analysis for vulnerability detection. Vulnerability Management : - Assess vulnerabilities using Grype, Dockle, Trivy, and Deptrack. - Partner with development teams for triage and resolution. - Drive remediation workflows and monitor KPIs. Reporting & Stakeholder Communication : - Produce detailed security assessments with actionable steps. - Deliver periodic updates on security posture to leadership. - Translate complex risks into business-friendly language. Security Awareness & Training : - Build training modules to cultivate a security-first mindset. - Advocate for secure engineering culture across teams. Qualifications : Required : - Bachelors in Computer Science, Information Security, or relevant experience. - 3+ years in cybersecurity engineering, ideally in healthcare or medical devices. - Proven knowledge of ISO/IEC 27001, 27002 & ISO 13485. - Hands-on expertise with LucidChart, BurpSuite, nmap, Wireshark, Deptrack. - Experience with Grype, Dockle, Trivy; DevSecOps & secure coding practices. - Track record in audit support and regulatory compliance. Preferred : - Certifications like CISSP, CEH, OSCP, CISM, or ISO/IEC 27001 Lead Implementer. - Background in SaaMD or regulated industries (healthcare/pharma). - Familiarity with frameworks like NIST, HITRUST, and CI/CD workflows. Skills & Traits : - Strong analytical, communication, and problem-solving skills. - Detail-oriented with a proactive risk management approach. - Team collaborator able to influence across engineering and compliance functions.

Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management. As a Tech Risk & Controls Lead in Cybersecurity & Tech Controls team, you will be responsible for identifying, and mitigating compliance and operational risks in line with the firms standards. You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards. By partnering with various stakeholders, including Product Owners, Business Control Managers, and Regulators, you will contribute to the reporting of a comprehensive view of technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape. Job responsibilities Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations Develop and maintain robust relationships, becoming a trusted partner with LOB technologists, assessments teams, and data officers to facilitate cross-functional collaboration and progress toward shared goals Execute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance work Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance Required qualifications, capabilities, and skills Formal training or certification on Tech Risk & Control concepts and 5+ years applied experience Expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation In-depth knowledge of application architecture, infrastructure, security principles, and technology risks/controls. Manage & lead transformative projects and initiatives, showcasing strong organizational and leadership skills. Excellent communication and presentation skills for conveying complex risk information to stakeholders at all levels. Adapt to and articulate changes in technology risk landscapes and emerging technologies. Stakeholder management skills, with the capability to engage and influence diverse groups Preferred qualifications, capabilities, and skills CISM, CRISC, CISSP, or other industry-recognized risk certifications. Familiar in a multi-tiered organization, with a deep understanding of how technology is applied across different levels. Join our team to play a pivotal role in mitigating tech risks and upholding operational excellence, driving innovation in risk management. As a Tech Risk & Controls Lead in Cybersecurity & Tech Controls team, you will be responsible for identifying, and mitigating compliance and operational risks in line with the firms standards. You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards. By partnering with various stakeholders, including Product Owners, Business Control Managers, and Regulators, you will contribute to the reporting of a comprehensive view of technology risk posture and its impact on the business. Your advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape. Job responsibilities Ensure effective identification, quantification, communication, and management of technology risk, focusing on root cause analysis and resolution recommendations Develop and maintain robust relationships, becoming a trusted partner with LOB technologists, assessments teams, and data officers to facilitate cross-functional collaboration and progress toward shared goals Execute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance work Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance Required qualifications, capabilities, and skills Formal training or certification on Tech Risk & Control concepts and 5+ years applied experience Expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation In-depth knowledge of application architecture, infrastructure, security principles, and technology risks/controls. Manage & lead transformative projects and initiatives, showcasing strong organizational and leadership skills. Excellent communication and presentation skills for conveying complex risk information to stakeholders at all levels. Adapt to and articulate changes in technology risk landscapes and emerging technologies. Stakeholder management skills, with the capability to engage and influence diverse groups Preferred qualifications, capabilities, and skills CISM, CRISC, CISSP, or other industry-recognized risk certifications. Familiar in a multi-tiered organization, with a deep understanding of how technology is applied across different levels.

Minimum 5+ years of experience in Information security and preferably in Banking and Financial services sector In-depth working experience on Cloud technologies, routers, switches, firewalls, load balancers and proxy will be added advantage for the role. Bachelor Degree in Engineering, Computer Science/Information Technology or its equivalent. Industry certifications will be a plus e.g. CISSP, CCNA Security, CCIE, CCNP Security, CISA, CRISC and CISM. Strong knowledge and subject matter expertise in multiple areas within Information Security. Hands on skill and expertise in performing risk / threat assessments/risk consulting. Excellent written, oral communication and reporting skills. Provides technical leadership, expertise and direction working with district and college technical staff for design and implementation of information technology security systems. Develops strategy for propagating, maintaining, and measuring compliance against security policies, standards, and guidelines district-wide. Time management and organizational skills Ability and desire to learn new skills quickly Performs other related duties as assigned.

Who youll be working with: WPP Enterprise Technology are proud technology solutions partner for WPP Corporate Functions. Our collaboration is instrumental in coordinating and assuring end-to-end change delivery, managing the IT technology lifecycle, and maintaining a robust innovation pipeline. The CRC discipline within WPP ET plays a crucial role in this partnership. We are responsible for providing advisory and support to the corporate business cluster on critical areas such as Technology Audits, Technology Risks, Control Assurance, and Technology Compliance. Our objective is to ensure that all central functions at WPP HQ operate in a safe, secure, and compliant manner. The CRC function in the Corporate Business Cluster drives compliant IT operations for WPP HQ teams, managing Legal, regulatory, and contractual obligations. As a Risk & Compliance Manager, you will play a critical role in developing and implementing a world-class technology risk and compliance program to support WPP HQ Finance Functions. You will collaborate with the WPP Chief Cyber, Risk and Compliance Officer (CCRCO), WPP CISO, Director of Cyber, Risk and Compliance, and WPP HQ Finance department heads to set the CRC functions vision and strategy, and manage escalations for technology operational risks, compliance, audit, BCP, and DR assessments. As an SME, you will lead and develop a highly effective risk and compliance function, strengthening defences and promoting a proactive, collaborative approach. You will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial with broad impacts spanning both the Corporate Cluster and the WPP Group. What youll be doing: Work closely with and assist CRC department head in developing a risk and compliance strategy for the corporate cluster that is aligned to WPP ET and CRC strategies. Establish technology risk & compliance community across the range of WPP HQ functions to drive the implementation and standardisation of agreed security governance, risk & compliance approach. Drive the Cluster s CRC strategy and approach, by closely working with Corporate CRC Director CRC Discipline Lead and other ET stakeholders. Drive BC/DR planning to the appropriate level across the Cluster and ensure BC/DR plans are updated and reviewed annually. Conduct and support Technology Risk Assessments e.g., quarterly risk landscaping - owning and driving Cluster-specific risk mitigation actions. Respond to tracking and reporting from Internal, External or Client Audit findings within the Corporate Cluster. Conduct CRC Cluster self-certification and self-monitoring of IT controls, and maintain an active liaising channel with the IT Ops function at WPP group level. Support CRC Cluster-wide input into the WPP IT Asset Register and CMDB owned by IT Ops teams. Be CRC point of contact for relevant business stakeholder escalations relating to Technology risk and compliance. Lead and oversee resolution of the most complex, critical, and impactful risk & compliance issues. Work across the CRC Cluster teams like Operational Security, Technology Operations, and Strategy and Architecture to design controls, deliver management information (KRIs) and risk mitigation plans. Drive engagement, comms and adoption for all risk, compliance and security tasks to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently. Design and deliver a range of educational activities and material to embed a strong SOX Compliant culture, mindset and behaviours across the Cluster. Build strong relationships with the external stakeholders (customer, suppliers, other major bodies) as well as build a network of peers to bring innovation and insights on industry best practice, standards, frameworks, and processes to deliver a future-fit capability. Ensure that the Corporate Function remains compliant with national legislative, regulatory, contractual and WPP technology governance obligations. Support Cluster teams and functions during client pitch for winning new work by providing a compelling narrative to our prospective clients around the strength of our risk, compliance and security proposition. What youll need: A minimum of 5 to 7 years of strong and deep background in managing SOX ITGC audits in complex global organisations. Key certifications (e.g. CISA, CRISC, CISSP, CISM, Azure & Dynamic 365) desirable but not essential Degree or equivalent (i.e. BSc, BEng, MSc) desirable but not essential Comprehensive knowledge of information security risk standards, frameworks and best practices (i.e., COBIT, SOX ITGC, ISO27K1, NIST, CIS, SOC, Cyber Essentials, GDPR) Ability to provide leadership on complex and unfamiliar situations, often involving risk and emotion Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders Able to lead highly complex programmes across multiple units and geographies with high-pressure deliverable Risk and Compliance subject-matter-expert with in-depth knowledge of technology governance in the cloud and on-prem IT technologies Good understanding of managing internal and external audits (i.e., SOC:1-2, SOX) and assurance activities, including testing the design and operational effectiveness of security controls Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity A genuine desire to lead, develop, coach and mentor junior team members Who you are: Youre open : We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. Youre optimistic : We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. Youre extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What well give you: Passionate, inspired people We aim to create a culture in which people can do extraordinary work. Scale and opportunity We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

Job Purpose- To be part of ERP Security Team and deliver day to day SAP operations. Dynamically consulting with our team on ERP security knowledge and skills, including but not limited to, User access management and role administration and SoX. Key Responsibilities- Day to day management of the team (indirect reports) to provision user access in the ERP applications using the respective ticketing system. Responsible for the approval of designs for new ERP security roles. Responsible for supporting the SAP security and authorization environment. This includes support for all security roles, profiles, Portal groups and detailed knowledge of Profile Generator within the SAP systems. Managing the project team to deliver solutions and processes in support of project objectives and requirements leading the project team members with clear direction and communication. Define the deployment strategy and prepare and execute the project plan ensuring the project solution is transition to full support post-delivery. Engage with the wider business obtaining role build requirements. Manage the partners/ internal resource engagement, project plan, budget, risks and issues Provide detailed process improvement ideas. Responsible for identifying, reporting and managing to resolution any non-compliances with SAP security policy, coordinating the actions of Business users, the service provider and Controls and Compliance team Execute and maintain ERP security controls. Work with the internal Controls and Compliance team to support SOX compliance in relation to General IT Controls over the SAP landscape. Responsible for responding to, and acting on, compliance related issues, including those raised by internal and external audit. Drive innovation within the area of SAP security and controls, with a view to optimizing the control environment to enhance the security of our SAP landscape. Work closely with our Information Services team around technical activity and contract management, supporting in BAU and on a project basis as required including supporting new ERP platform implementations as required. To ensure all activities that are completed in the system are fully auditable. Provide periodic reports to the Head of ERP Security and Controls. Develop relationships with stakeholders within the business. Provide support for incidents relating to ERP Security and coordinating with partners to ensure that to follow and achieve the SLA. Develop areas for improving the current processes and suggest the improvements and automation. Minimum Level of Job-Related Experience Required: Extensive SAP Security Expertise: 10 13 years of hands-on experience in SAP Security, including authorization concepts, role design, segregation of duties (SOD), and implementation. Comprehensive SAP Technology Knowledge: Proficient in SAP ECC, BI, HR, PLM, HR, SOLMAN, HANA DB and BTP security frameworks, with additional expertise in Fiori, BW, BPC, and S4 HANA (preferred). Governance, Risk, and Compliance (GRC): In-depth experience with SAP GRC 12.0, including the understanding of configuration and management of Access Control components & Process control management, especially ARA (Access Risk Analysis), rulesets, remediation and about mitigation controls. Compliance and Audit Expertise: Strong knowledge of SOX audit requirements, compliance regulations, controls frameworks, and segregation of duties concepts in SAP ERP environments. Project and Implementation Experience: Proven track record in SAP security consultation for system rollouts, version upgrades, implementation, and support projects, including the development of requirement specifications, blueprints, and test plans. Business Process Integration: Strong understanding of business processes and the ability to align SAP security architecture with organizational goals and operational needs. Problem-Solving and Optimization: Experience in identifying and addressing complex security challenges, optimizing SAP security processes, and ensuring effective risk management. Educational Background: A graduate in a related discipline or equivalent professional experience- BE/ B Tech/ B Sc in Computer science Or BCA/ MCA Leadership: strong communication and leadership skills to collaborate with cross-functional teams and drive successful outcomes Certification: SAP Certified Technology Professional, ITIL Certification, CISM will be a plus. Skills Project Management, SAP ERP Operations, SAP Governance Risk and Compliance (SAP GRC), SAP Project Management, SAP Security Uniting science, technology and talent to get ahead of disease together. GSK is a global biopharma company with a special purpose to unite science, technology and talent to get ahead of disease together so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology). Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together. If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in gsk.com , you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.

ome careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. Our Technology teams work closely with HSBC s global businesses to help design and build digital services that allow our millions of customers around the world; to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world s leading international bank. Our multi-disciplined Technology teams include amongst others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project and programme managers. Following extensive investment across our Technology and Digital domains and with plans for continued expansion, we are seeking a Lead Consultant for Threat and Controls Assessment , to join the HSBC Cybersecurity team within Technology. . Brief overview of the business areas Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to risk management framework. The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC s estate in concert with business and technology teams on premise, within the Cloud and resulting from 3 rd party engagements. What you will be doing; The Threat and Controls Assessment Lead Consultant role will work as part of the global team to perform Threat Modelling on HSBC services. This is a senior role reporting into the Threats and Controls Assessment Regional Lead, closely collaborating with peers across Penetration Testing; Secure Development, Third Party Security Assessment and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification. Key Responsibilities: Perform effective threat and control assessments for complex services and platforms across the HSBC estate. This will include cloud platform reviews for Azure, AWS and GCP Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps Work with the CSAT management team to enhance the Threats and Controls Assessment Service. Provide cybersecurity consultancy with HSBC Business and Functions Manage the team of resources and take responsibility that their deliveries are meeting the quality expectations. Stay up to date within the industry of new trends and best practices Provide supervision, guidance and mentor less experienced members of the global team Act as a point of contact and source of advice on issues relating to Cybersecurity within the team What you will bring to the role; To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills: Mindset An inquisitive approach, always asking how to achieve goals in a smarter and more effective way An ability and interest to learn and experiment with new approaches to vulnerability management, in different contexts, across the amazing scale that HSBC brings. Stay up to date within the industry of new trends, and best practices Good Risk and Controls understanding Knowledge and exposure of Risk and Control Management Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders. Knowledge of different frameworks and methodologies including Threat Modelling using STRIDE and the MITRE ATTCK Framework. Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications Requirements Strong Technical background Expert hands on knowledge in one or more of the main Cloud Service Providers Azure, AWS or GCP Proven experience in general security concepts and principles and application specific security concepts and principles. Proven experience working in a large scale, multi-national and technologically diverse environment Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets Strong understanding of applications design and architecture Strong understanding of Software Development Life Cycle (SDLC) with a focus on security Knowledge and experience with network, host and application security practices Understanding of emerging technologies and corresponding security threats Strong stakeholder management and communications skills Experience of working in international and diverse environments Experience in engaging with business, technology, regional and regulator stakeholders Ability to communicate to executive leadership effectively translating technical gaps into business risk Ability to prepare concise presentations and updates for senior management Ability to support hiring activities, manage the team of resources Interpersonal Skills Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management Some travel will be required expected once to twice a year. Come Power a Business that Defines How to Power the World As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation. We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies. As an HSBC employee, you will have access to tailored professional development opportunities and a competitive pay and benefits package.

Education Qualification : Engineer - B.E / B.Tech / MCA Skills : Primary -> Technology | Sentinel SIEM Tool Design SME | Level 3 Support | 3 - Experienced Primary -> Technology | Securonix SIEM Tools Expert | Level 3 Support | 3 - Experienced Secondary -> Technology | ArcSight SIEM Tools Administrator | Level 2 Support | 2 - Knowledgeable Secondary -> Technology | Cybersecurity General Administrator | Level 2 Support | 2 - Knowledgeable Tertiary -> Technology | Network Traffic Analysis Administrator | Level 2 Support | 2 - Knowledgeable Certification : Technology | CISSP/CISM/CISA/CRISC/GIAC SOC/GIAC Certified Enterprise Defender (GCED)/Certified Ethical Hacker (CEH)/SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling Delivery Skills required are: - Technical Expertise: - *Expert knowledge of threat detection techniques and tools. *Leading incident response efforts, including advanced techniques for containment, eradication, and recovery. *Conducting in-depth digital forensics investigations. *Expertise in configuring and optimizing SIEM (Security Information and Event Management) systems. Analytical Skills: - *Deep understanding of log analysis techniques and tools. *Identifying patterns and anomalies in large datasets. *Integrating threat intelligence into monitoring and response processes. *Staying updated on the latest threat intelligence and applying it to enhance security. Collaboration and Coordination: - *Working closely with other IT and security teams to ensure comprehensive security coverage. *Leading the coordination of response efforts during major incidents. *Ensuring effective communication and collaboration among all stakeholders. *Coordinating with external partners and vendors for specialized support. Continuous Improvement: - *Continuously evaluating and improving security processes and procedures. *Implementing lessons learned from incidents to enhance the overall security posture. *Contributing to the development and updating of security policies and procedures. Leadership and Mentoring: - *Leading and mentoring junior analysts and team members. *Providing training and development opportunities to enhance team skills. *Sharing expertise and best practices with the team. *Conducting training sessions and workshops to upskill team members.

Key Responsibilities Security Strategy & Compliance Define and enforce compliance to security policies, standards, and best practices for the ServiceNow platform in alignment with ServiceNow recommended Platform security shared responsibility model. Ensure service now platform is compliant with internal and external infosec requirements and industry best practices Establish governance frameworks for secure development, data protection, and risk mitigation. Access Control, Authentication, and authorization -Design and manage role-based access control (RBAC), ACLs, and authentication mechanisms in ServiceNow. Responsible for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and enterprise IAM solutions based on Infosec standard Regular review of access control & entitlement based on the job function and refinement using the principle of least privilege, Security Operations & Incident Management Oversee the implementation and optimization of ServiceNow Security Operations (SecOps), including: Security Incident Response (SIR) streamline incident detection, triage, and resolution. Vulnerability Response (VR) automate vulnerability identification and remediation workflows. Threat Intelligence integrate threat feeds and security insights for proactive defense. Coordinate with cybersecurity teams to detect, investigate, and respond to threats affecting ServiceNow. Data Privacy, Security & Encryption Defining Service Now data classification, data retention & data discovery strategy in alignment with Ameriprise data management policies /standards Implement data encryption strategy at rest, in transit & encryption key management Determining the data collection, storage, usage, sharing, archiving, and destruction policy of data processed in ServiceNow instances. Monitor access patterns and system activity to identify potential security threats. Secure Integrations & Automation Design and enforce secure API management for integrations between ServiceNow and third-party security tools (e.g., Active Directory, CyberArk and Aveksa, Azure AD, RIM, IAM). Leverage IntegrationHub, Automation Engine, and Orchestration to streamline security workflows. Ensure secure data exchange and prevent unauthorized access to ServiceNow instances. Risk & Compliance Management Deploy and manage ServiceNow Governance, Risk, and Compliance (GRC) solutions to assess security risks. Participate regular security audits, risk assessments, and penetration tests on the ServiceNow platform. Define and implement security controls to mitigate risks and enhance compliance. Required Skills & Qualifications Technical Expertise: ServiceNow Security: Deep understanding of SecOps, GRC, RBAC, ACLs, and platform security best practices. Cybersecurity & Compliance: Strong knowledge of security frameworks (NIST, ISO 27001, CIS), regulatory compliance, and risk management. Integration & Development: Experience with REST APIs, JavaScript, OAuth, and secure integration practices. Cloud Security: Understanding of SaaS security, encryption methods, and cloud-based security models. Certifications ServiceNow Certifications: Certified System Administrator (CSA) Certified Implementation Specialist SIR or VR Preferred Qualifications: Experience securing large-scale ServiceNow implementations in regulated industries (finance, healthcare, government). Strong problem-solving, analytical, and communication skills to interact with technical and non-technical stakeholders. Knowledge of emerging security trends, zero trust architecture, and AI-driven security solutions. Cybersecurity Certifications Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Experience Required: 14-18 years of IT security experience, with 14+ years in ServiceNow security architecture, administration, or operations. Hands-on experience in security automation, incident response, and risk management using ServiceNow. Prior experience working with cybersecurity, risk management, and IT governance teams.

The primary focus at EITSI is to develop the next generation LIMS (Lab Information Management system), Customer portals, e-commerce solutions, ERP/CRM system, Mobile Apps & other B2B platforms for various Eurofins Laboratories and businesses. Position Title: Information Security Analyst Team: Regional Security Support Crew (Information security) Reporting Location: Bangalore (B4 / B5) Job Overview: As a Regional Security Support crew, your primary role, will be to assist the Regional Information Security Officers (RISO) in implementing and maintaining cybersecurity strategies for various legal entities Globally. You will be responsible for ensuring compliance with group security policies, managing risks, and supporting the continuous improvement of the regional security posture. This role offers a unique opportunity to be part of a newly established team, providing a dynamic environment where you can help shape security processes from the ground up. Key Responsibilities: Provide direct support to the RISO in managing and implementing security plans for legal entities across the region. Assist in the creation, follow-up, and management of remediation plans for identified security risks and non-compliance issues. Conduct security risk assessments and ensure that security measures are aligned with the Group"™s standards and adapted to each legal entity"™s needs. Support the RISO in reviewing and approving changes to systems, processes, and applications prior to deployment. Perform and prioritize security audits, vulnerability scans, and reviews (including access rights, firewall rules, cloud compliance, etc.). Coordinate and support legal entities during internal and third-party security audits, ensuring compliance with all security policies. Conduct security training and awareness programs customized for regional entities, ensuring all staff are informed and compliant. Maintain accurate inventories of assets, third-party vendors, and local processes for audit and security monitoring purposes. Collaborate with regional and Group IT teams to ensure a "security by design" approach is applied in all regional architectures, applications, and processes. Assist in evaluating third-party vendors to ensure they meet security standards. Support the development of Disaster Recovery (DR) and Business Continuity (BC) plans. Assist the RISO with the development and implementation of policies, procedures, and guidelines that cater to local regulatory requirements and Group standards. Core Responsibilities in Incident Response and Vulnerability Management: Assist the RISO in incident response activities by investigating security breaches and incidents in collaboration with the Security Operations Center (SOC). Analyze vulnerability reports and assist in remediation efforts, ensuring timely patching and risk mitigation. Support the review and approval of firewall rules, configurations, and exceptions to maintain network security. Collaborate with the RISO in monitoring for emerging threats and recommending security improvements based on current trends. Qualifications & Skills: Strong communication and interpersonal skills, with the ability to work effectively with multiple stakeholders across various legal entities. Ability to manage multiple priorities and work under pressure in a fast-paced environment. Strong knowledge of cybersecurity concepts, including vulnerability assessments, incident management, network architecture, firewalls, and cloud security. Expertise in general IT concepts, including Active Directory, Office 365, and modern networking solutions like micro-segmentation, SASE, SD-WAN, etc. Demonstrated ability to assist in the creation and execution of security policies, procedures, and standards. Familiarity with security frameworks such as ISO 2700x, ITIL, and the EU Privacy Directives. Experience in conducting security assessments and working with audit teams during internal or external security reviews. Education & Experience: At least 3+ years of experience in cybersecurity, information security, or a related field. Certifications such as CISM, CISSP, or CEH are nice to have. Atypical profiles with experience from bug bounties, open-source projects, or bootcamps are also encouraged to apply if they can demonstrate strong skills and knowledge in the required areas. Key Competencies: A quick learner who is autonomous, adaptable, and detail oriented. Ability to work in large, complex IT environments and be comfortable with ambiguity and fast-changing priorities. A passion for cybersecurity, with strong problem-solving skills and a proactive approach to risk management. Strong English language skills are required, additional language is a plus. How You Will Help: Regularly test legal entities for compliance with security policies and procedures. Assist in conducting vulnerability assessments and implementing remediation measures based on Group standards. Investigate security incidents in collaboration with the SOC and provide technical support during audits. Support the development of Security Key Performance Indicators (KPIs) to monitor and improve the region"™s security posture. This is an exceptional opportunity for cybersecurity professionals who thrive in dynamic environments and enjoy creating and improving security processes. If you are passionate about cybersecurity and want to play a crucial role in protecting a diverse range of legal entities across Europe, we encourage you to apply. Qualifications A bachelor"™s degree in computer science / Equivalent Stream, Information Security, or a related field is preferred.

Company Description The primary focus at EITSI is to develop the next generation LIMS (Lab Information Management system), Customer portals, e-commerce solutions, ERP/CRM system, Mobile Apps & other B2B platforms for various Eurofins Laboratories and businesses. Position Title: Senior Information Security Analyst Reporting To: Manager Team: Regional Security Support Crew (Information security) Reporting Location: Bangalore (B4 / B5) Job Overview: As a Regional Security Support crew, your primary role, will be to assist the Regional Information Security Officers (RISO) in implementing and maintaining cybersecurity strategies for various legal entities Globally. You will be responsible for ensuring compliance with group security policies, managing risks, and supporting the continuous improvement of the regional security posture. This role offers a unique opportunity to be part of a newly established team, providing a dynamic environment where you can help shape security processes from the ground up. Key Responsibilities: Provide direct support to the RISO in managing and implementing security plans for legal entities across the region. Assist in the creation, follow-up, and management of remediation plans for identified security risks and non-compliance issues. Conduct security risk assessments and ensure that security measures are aligned with the Group"™s standards and adapted to each legal entity"™s needs. Support the RISO in reviewing and approving changes to systems, processes, and applications prior to deployment. Perform and prioritize security audits, vulnerability scans, and reviews (including access rights, firewall rules, cloud compliance, etc.). Coordinate and support legal entities during internal and third-party security audits, ensuring compliance with all security policies. Conduct security training and awareness programs customized for regional entities, ensuring all staff are informed and compliant. Maintain accurate inventories of assets, third-party vendors, and local processes for audit and security monitoring purposes. Collaborate with regional and Group IT teams to ensure a "security by design" approach is applied in all regional architectures, applications, and processes. Assist in evaluating third-party vendors to ensure they meet security standards. Support the development of Disaster Recovery (DR) and Business Continuity (BC) plans. Assist the RISO with the development and implementation of policies, procedures, and guidelines that cater to local regulatory requirements and Group standards. Core Responsibilities in Incident Response and Vulnerability Management: Assist the RISO in incident response activities by investigating security breaches and incidents in collaboration with the Security Operations Center (SOC). Analyze vulnerability reports and assist in remediation efforts, ensuring timely patching and risk mitigation. Support the review and approval of firewall rules, configurations, and exceptions to maintain network security. Collaborate with the RISO in monitoring for emerging threats and recommending security improvements based on current trends. Qualifications & Skills: Strong communication and interpersonal skills, with the ability to work effectively with multiple stakeholders across various legal entities. Ability to manage multiple priorities and work under pressure in a fast-paced environment. Strong knowledge of cybersecurity concepts, including vulnerability assessments, incident management, network architecture, firewalls, and cloud security. Expertise in general IT concepts, including Active Directory, Office 365, and modern networking solutions like micro-segmentation, SASE, SD-WAN, etc. Demonstrated ability to assist in the creation and execution of security policies, procedures, and standards. Familiarity with security frameworks such as ISO 2700x, ITIL, and the EU Privacy Directives. Experience in conducting security assessments and working with audit teams during internal or external security reviews. Education & Experience: A bachelor"™s degree in computer science / Equivalent Stream, Information Security, or a related field is preferred. At least 3+ years of experience in cybersecurity, information security, or a related field. Certifications such as CISM, CISSP, or CEH are nice to have. Atypical profiles with experience from bug bounties, open-source projects, or bootcamps are also encouraged to apply if they can demonstrate strong skills and knowledge in the required areas. looking 9+ yrs of overall IT Infra Experience. Key Competencies: A quick learner who is autonomous, adaptable, and detail oriented. Ability to work in large, complex IT environments and be comfortable with ambiguity and fast-changing priorities. A passion for cybersecurity, with strong problem-solving skills and a proactive approach to risk management. Strong English language skills are required, additional language is a plus. How You Will Help: Regularly test legal entities for compliance with security policies and procedures. Assist in conducting vulnerability assessments and implementing remediation measures based on Group standards. Investigate security incidents in collaboration with the SOC and provide technical support during audits. Support the development of Security Key Performance Indicators (KPIs) to monitor and improve the region"™s security posture. This is an exceptional opportunity for cybersecurity professionals who thrive in dynamic environments and enjoy creating and improving security processes. If you are passionate about cybersecurity and want to play a crucial role in protecting a diverse range of legal entities across Europe, we encourage you to apply.

The primary focus at EITSI is to develop the next generation LIMS (Lab Information Management system), Customer portals, e-commerce solutions, ERP/CRM system, Mobile Apps & other B2B platforms for various Eurofins Laboratories and businesses. Position Title: Senior. Information Security Analyst Team: Regional Security Support Crew (Information security) Reporting Location: Bangalore (B4 / B5) Job Overview: As a Regional Security Support crew, your primary role, will be to assist the Regional Information Security Officers (RISO) in implementing and maintaining cybersecurity strategies for various legal entities Globally. You will be responsible for ensuring compliance with group security policies, managing risks, and supporting the continuous improvement of the regional security posture. This role offers a unique opportunity to be part of a newly established team, providing a dynamic environment where you can help shape security processes from the ground up. Key Responsibilities: Provide direct support to the RISO in managing and implementing security plans for legal entities across the region. Assist in the creation, follow-up, and management of remediation plans for identified security risks and non-compliance issues. Conduct security risk assessments and ensure that security measures are aligned with the Group"™s standards and adapted to each legal entity"™s needs. Support the RISO in reviewing and approving changes to systems, processes, and applications prior to deployment. Perform and prioritize security audits, vulnerability scans, and reviews (including access rights, firewall rules, cloud compliance, etc.). Coordinate and support legal entities during internal and third-party security audits, ensuring compliance with all security policies. Conduct security training and awareness programs customized for regional entities, ensuring all staff are informed and compliant. Maintain accurate inventories of assets, third-party vendors, and local processes for audit and security monitoring purposes. Collaborate with regional and Group IT teams to ensure a "security by design" approach is applied in all regional architectures, applications, and processes. Assist in evaluating third-party vendors to ensure they meet security standards. Support the development of Disaster Recovery (DR) and Business Continuity (BC) plans. Assist the RISO with the development and implementation of policies, procedures, and guidelines that cater to local regulatory requirements and Group standards. Core Responsibilities in Incident Response and Vulnerability Management: Assist the RISO in incident response activities by investigating security breaches and incidents in collaboration with the Security Operations Center (SOC). Analyze vulnerability reports and assist in remediation efforts, ensuring timely patching and risk mitigation. Support the review and approval of firewall rules, configurations, and exceptions to maintain network security. Collaborate with the RISO in monitoring for emerging threats and recommending security improvements based on current trends. Qualifications & Skills: Strong communication and interpersonal skills, with the ability to work effectively with multiple stakeholders across various legal entities. Ability to manage multiple priorities and work under pressure in a fast-paced environment. Strong knowledge of cybersecurity concepts, including vulnerability assessments, incident management, network architecture, firewalls, and cloud security. Expertise in general IT concepts, including Active Directory, Office 365, and modern networking solutions like micro-segmentation, SASE, SD-WAN, etc. Demonstrated ability to assist in the creation and execution of security policies, procedures, and standards. Familiarity with security frameworks such as ISO 2700x, ITIL, and the EU Privacy Directives. Experience in conducting security assessments and working with audit teams during internal or external security reviews. Education & Experience: At least 3+ years of experience in cybersecurity, information security, or a related field. Certifications such as CISM, CISSP, or CEH are nice to have. Atypical profiles with experience from bug bounties, open-source projects, or bootcamps are also encouraged to apply if they can demonstrate strong skills and knowledge in the required areas. Total of 9+ years of experience Key Competencies: A quick learner who is autonomous, adaptable, and detail oriented. Ability to work in large, complex IT environments and be comfortable with ambiguity and fast-changing priorities. A passion for cybersecurity, with strong problem-solving skills and a proactive approach to risk management. Strong English language skills are required, additional language is a plus. How You Will Help: Regularly test legal entities for compliance with security policies and procedures. Assist in conducting vulnerability assessments and implementing remediation measures based on Group standards. Investigate security incidents in collaboration with the SOC and provide technical support during audits. Support the development of Security Key Performance Indicators (KPIs) to monitor and improve the region"™s security posture. This is an exceptional opportunity for cybersecurity professionals who thrive in dynamic environments and enjoy creating and improving security processes. If you are passionate about cybersecurity and want to play a crucial role in protecting a diverse range of legal entities across Europe, we encourage you to apply. Qualifications A bachelor"™s degree in computer science / Equivalent Stream, Information Security, or a related field is preferred.

Conduct Cyber Risk reviews for the organizational clients in a swift and thorough manner Assist in understanding common cyber threats and vulnerabilities Assist in understanding common cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations Assist in understanding Business continuity and disaster recovery planning methodologies Assist in understanding risk management methodologies and procedures Understand Underwriting Insights for Risk Report Creation Assist to prepare a risk report based on organizational internal cyber resilience network, which can become the primary basis of underwriting the cyber risk. Assist in understanding qualitative and quantitative methods for analyzing, interpreting, and synthesizing raw data into intelligence for deriving insights for liability underwriting Roles and Responsibilities 2

We are looking for cyber Security for Aurangabad location. Experience with security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM, and encryption technologies Strong skills in system design and architecture.

As a Staff member in our team, your primary responsibility will be to perform and document testing on consulting, compliance, and internal audit engagements within financial institutions, specifically focusing on IT risk, strategy, and governance. Additionally, you will provide training and supervision to other Staff members involved in the engagements. Your role will involve identifying findings and documenting opportunities for process improvement, as well as researching technical issues that may arise during the engagement. You will collaborate with Managers and Senior Managers to develop strategic solutions that meet client needs and assist in engagement planning, execution, and final report issuance within client deadlines. Furthermore, you will play a crucial role in laying the groundwork for building strong relationships with clients, which includes participation in networking and business development activities. Your dedication to meeting client deadlines and delivering exceptional client service will be key to your success in this role. To be considered for this position, you must hold a Bachelor's degree. While certifications such as CISA, CISM, or CISSP are preferred, candidates who are not certified must meet educational requirements to obtain a license upon hire in their state of employment. Additional certifications such as CPA, CIA, CRCM, CAMS, CFIRS, CFE, and/or CFF are advantageous. Ideally, you should have a minimum of 3 years of experience in information systems, internal audit, regulatory compliance, or consulting services. Experience in network engineering/administration with a security focus is desirable. Knowledge of IT control and service management standards like CObIT, ITIL, and ISO is preferred, along with SOX IT audit experience. Previous experience in banking or credit unions would be a plus. We are looking for individuals who can work effectively both as part of a team and independently, demonstrating creative problem-solving skills and strong research capabilities. Excellent verbal and written communication skills, along with proficient use of Microsoft Office tools, are essential. The ability to manage multiple priorities, tasks, and projects simultaneously is also crucial for success in this role.,

What we’re looking for In this dynamic Information Security Analyst III role, you'll be at the forefront of protecting SurveyMonkey by crafting sophisticated threat detections and staying ahead of emerging threats within the security operations team. You will be reporting to the Information Security Manager. Leveraging your expertise in SIEM query languages, you'll play a key role in identifying and mitigating risks, ensuring the company's security posture remains robust. We are looking for someone who has experience in automation and is constantly challenged to expand their knowledge of the latest security trends while contributing to the defense of a widely trusted service. What you’ll be working on Monitor and triage security events, identify vulnerabilities, and respond to security incidents. Develop and refine security automation playbooks. Expertise in creating threat detections and staying abreast of new and evolving threats. Ability to conduct research and log analysis into IT security issues and products as required. Deploy, manage and maintain all security tools and ensure strong security posture of corporate devices. We’d love to hear from people with Bachelor degree in Information Security, Cybersecurity, Information Technology, or a related field. 8+ years of hands-on experience in IT security, compliance or incident response. Strong familiarity with SIEMs, EDR, SOAR platforms (e.g.,CrowdStrike, LogScale, XSOAR) Working experience with MITRE ATT&CK and Cyber Kill Chain frameworks Experience with AWS cloud security monitor and detection tools. (e.g, AWS GuardDuty, AWS Cloudwatch or AWS CloudTrail or similar) Ability to effectively prioritize and execute tasks in a high-pressure environment. Certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CompTIA Security+, Certified Information Security Manager (CISM), or similar. SurveyMonkey believes in-person collaboration is valuable for building relationships, fostering community, and enhancing our speed and execution in problem-solving and decision-making. As such, this opportunity is hybrid and requires you to work from the SurveyMonkey office in Bengaluru 3 days per week. #LI - Hybrid