Job Description Work with External Auditors as required, including facilitating interactions and documentation requests. Assist with compliance framework assessments including, but not limited to NYDFS, PCI DSS, SOC, SOX, GLBA, CIS, MTL and HIPAA. Coordinate external penetration test(s). Coordinate remediation of observations noted from Audit(s) or Gap Analyses. Conduct Internal Audits each quarter. Conduct New Product Audits. Review and edit policies as necessary, but no less than annually. Develop technical security training programs for application users, site security personnel, IT and HR staff globally. Coordinates audit activities with customers workload and schedule. Maintains the Internal Audit manual and leads updates to audit templates. Conducting investigations on irregularities and errors seen during the Audit. Conduct Table Top exercises including, but not limited to Business Continuity/Disaster Recovery and Incident Response. Update Risk Assessment(s) no less than annually. Complete internal vulnerability scans. Complete new hire training, including but not limited to KnowBe4 and BAI. Work with vendors, banks, partners as required to meet their compliance needs, including but not limited to, Questionnaires, RFPs, and Report Requests. Provide consultation and advisement to the business and project leads around compliance initiatives. Performance of other duties and responsibilities as assigned Comply with and enforce company policies and procedures Provide regular and predictable attendance considering any rights to leaves provided by law or company policy Perform all essential job functions without posing a direct threat of harm to yourself or others Effective written and verbal communication with subordinates, peers and supervisor Preferred candidate profile Demonstrate an ability to work under pressure to meet deliverables accurately and on time Excellent communication, interpersonal, organizational, time management and leadership skills Collaborate effectively with other teams within the Security and Compliance department, IT and the Organization Must be able to resolve problems on a daily basis, handle conflict and make effective decisions under pressure. Determination, Dependability, Integrity, Professionalism

Highest Qualification: Any Full Time Graduate Note: Hands on experience in ISO 27001 Implementation is mandatory for this role Experienced in managing cyber security services like Cyber Risk Compliance consulting. Experience in setting up end to end Cyber Security frameworks, Compliance Standard implementation, including knowledge in testing (VAPT, Web mobiles appsec, secure code review) Should be adept at conducting gap analysis, risk assessments, Impact assessments, governance and strategy development, Have worked with organizations to develop and implement various industry security standards like, IS0 27001, ISO 20000, PCI DSS, SOC2, GDPR, Privacy standards etc... Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Specific Duties and Responsibilities Include: To manage cyber security projects across EMEA region for cyber security services like Cyber security testing cyber consulting Maintaining margins Business development like having presales discussions with various teams Assist in Business development of various security standards Must Have Skills: Excellent communication and presentation skills. Able to effectively interact with various clients/sales teams and manage clients Good to have Skills / Certification: ISO27001:2013 Lead Auditor CISSP, CISA, CISM, ISO22301, OSCP, CEH, SANS, Cloud certifications, Privacy certifications like CIPP/E, CIPM Qualification: BE/ BTech, MCA, MBA with specialization in Information Security

FISERV Location: Thane What does a successful Internal Audit- IT professional do at FISERV? • Efficiently conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: • Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) • Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. • Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas • Planning, conducting walkthroughs, drafting process understanding and relevant controls. • Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls • Documenting and Reviewing Test of Designs and Test of Effectiveness controls. • Perform analytical procedures/analysis to test the effectiveness of controls. • Document audit procedures and cross reference working papers. • Create management representation letter comments and recommendations and draft audit reports for management review. • Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., • Validations of audit issues. • Conducting special reviews. What will you need to know: • Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] • Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. • Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. • Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. • Good client interfacing skills, drafting skills, communication, and interpersonal skills. • Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: • Desired certifications: CISA / CISSP / CISM / CCNA certified professionals

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About the Role We are seeking a skilled Senior Security Analyst to join our SOC team. The ideal candidate will have a strong background in SOC operation and ensure that the SOC team is performing its functions as required and to trouble shoot incidents and events. As a Senior Security Analyst shall also act as the technical SME, and handle critical SOC task, Incident, guiding Level 1 and Level 2, customer communications. Key Roles & Responsibilities: Incident Response and Management Lead the investigation of high-severity security incidents and breaches. Provide expert analysis for complex incidents that L1 and L2 analysts cannot resolve. Develop and execute incident response procedures, including containment, eradication, and recovery. Ensure proper escalation processes are followed for incidents requiring higher expertise. Communicate with stakeholders, such as management and IT teams, to ensure appropriate handling of incidents. Threat Hunting and Analysis Perform proactive threat hunting activities to identify potential vulnerabilities, threats, and attacks before they happen using Splunk / QRadar SIEM. Use threat intelligence feeds to enrich SOC operations and identify emerging threats. Analyze large volumes of security data to detect patterns and anomalies. Security Tool Management Oversee and optimize the usage of security monitoring tools such as Splunk/ QRadar SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection systems. Configure, update, and fine-tune security tools to improve detection capabilities and reduce false positives. Recommend new security tools and technologies to improve SOC operations. Log and Event Analysis Review logs from various sources (network, endpoints, servers, etc. ) to identify security incidents. Ensure accurate log data collection and retention practices are followed. Provide in-depth analysis of security alerts and generate reports. Vulnerability Management Conduct vulnerability assessments and prioritize remediation activities for critical vulnerabilities. Collaborate with the IT and development teams to address security flaws and implement patches. Collaboration and Escalation Serve as the point of escalation for L1 and L2 SOC analysts when complex issues arise. Collaborate with other security teams, such as network security, application security, and IT operations, to ensure a comprehensive defense strategy. Work with external partners, including Managed Security Service Providers (MSSPs), to coordinate incident management and threat intelligence sharing. Security Policies and Best Practices Review and recommend improvements to security policies, procedures, and best practices. Ensure that the organizations security policies are being followed and advise on improvements. Conduct regular security awareness training for SOC staff and the broader organization. Reporting and Documentation Generate detailed reports on incidents, security posture, and threats for senior management and relevant stakeholders. Maintain incident logs and documentation to comply with regulatory and internal policies. Ensure all incidents are well-documented with root cause analysis, remediation efforts, and lessons learned. Continuous Improvement Analyze the effectiveness of the SOCs operations and suggest improvements to processes, workflows, and technologies. Stay updated on the latest cyber threats, tools, and techniques. Assist with the development and execution of simulations, exercises, and training to improve SOC capabilities. Compliance and Regulatory Requirements Ensure compliance with SLAs for all projects. Ensure SOC operations meet industry compliance requirements (e. g. , GDPR, HIPAA, PCI DSS). Help in audits and compliance assessments related to security operations. Mentoring and Training Provide mentorship and training to junior SOC analysts (L1 and L2). Share knowledge on advanced attack techniques, response strategies, and threat detection methods. Report deviations and concerns to the SOC Manager Basic Qualifications: B. E/B. Tech in Computer Science, Information Technology, Cybersecurity, or a related field. 5+ year of experience and strong foundational knowledge in security operations, SIEM, or IT security. Basic understanding of cybersecurity concepts, networking fundamentals, and security monitoring. Knowledge of IT infrastructure, networking, and cybersecurity principles. Communicate effectively with customers, teammates, and management Excellent problem-solving skills and attention to detail. Strong communication and interpersonal skills. Preferred Qualifications: Certifications in ECIH/GCIH/CISM/CISSP etc. Splunk Certified candidate Exposure to SIEM solutions, specifically Splunk, Qradar , DNIF or similar platforms. Familiarity with security tools such as EDR, XDR, WAF, DLP, email security gateways, and proxy solutions. Enthusiasm for learning and a strong interest in cybersecurity as a career. Ability to work in a team and adjust to rotational shifts in a high-stakes environment. Knowledge of cloud security and platforms (e. g. , AWS, Azure, GCP) Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you re passionate about technology and eager to make an impact, we d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

Job Description : Approve, within the given mandate, all tier 2-4 Vendor assessments. Advice Global TPCRM and Global DPO on tier 1 Vendor assessments. Collect and evaluate latest Vendor Assurance documents (ISO 27001 certificates and SOC2 statements, tier 1-2) and store them. Escalate high risks to Global TPCRM and Global DPO Launch relevant Vendor assessments (internal and external) Support business departments (Global and OPCOs) and Vendors filling in Vendor assessments Reports: Monthly reporting on Key Performance Indicators (KPI) Reports on Vendor risks, threats or findings Exp : 3+ years Expertise with Vendor Risk Management, GRC, and ISO 27001. Shift timing : 1.00 PM-10 PM IST Hybrid mode of work Location : Hyderabad Notice Period : Immediate- 30 days only.

The Role: The Senior Information Security Engineer is for responsible for implementing industry best security practices, will design, implement, maintain, and document the security measures to protect the organization against cyber threats and attend all ISO audits and requirements. Your Responsibilities: Ensuring that an ISMS system is established, implemented, and maintained in accordance with the ISO 27001:2013 and/or ISO 27001:2022. Lead all ISO and customer security audits/meetings and compliance activity. Contributing to Request for Proposal (RFPs) and supporting IT in CAPA management and Change Controls. Conducting regular internal security audits (Quarterly basis) to assess the effectiveness of security controls and identify areas for improvement. IT tickets handling related to security related incidents. Security Incident Reporting - Generating and presenting regular reports on the organization's security posture(weekly/quarterly/annual), including incidents, vulnerabilities, and risk mitigation efforts. Organization wide Security Awareness - Contributing to and developing security awareness by way of email leaflet/posters on monthly basis and training materials to improve security posture among the organization's staff. Security Policies and Procedures - Developing and implementing security policies, standards, and procedures to safeguard the organization's information assets. Review process documentation to ensure adequacy and consistency is maintained. Risk Assessment - Contribute to the team on regular assessments to identify potential security risks and vulnerabilities in the organization's IT infrastructure. Vulnerability Management - Monitoring and managing vulnerabilities in the organization's systems, including applying patches and updates in a timely manner. Running and automation of vulnerability scans and responsible for closure. Penetration Testing - Gathering penetration test requirements and performing internal pen tests on a scheduled basis. Should be adaptable for 24x7x365 availability for new security related projects/tasks. Preferred Qualifications, Training and Experience: Engineering degree in Computer Science, Information Technology, or a related field. Certifications such as CISSP, CISA/CISM, CEH and ISO 27001 demonstrating expertise in information security management and practices. Minimum of 10 years’ experience in information security roles, with a focus on security architecture, ISO Audits, incident response, and risk management. In-depth knowledge of security technologies such as firewalls, intrusion detection/prevention systems, encryption, and endpoint security solutions. Proficiency in security monitoring tools and techniques for detecting and responding to security incidents in real-time.

We are looking for a highly skilled and experienced Risk Consulting Senior Associate 1 to join our team in Bengaluru. The ideal candidate will have 3-5 years of experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control's design and operating effectiveness. Conduct IT internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to advise clients. Ensure documentation complies with quality standards and collaborate effectively with RSM consulting professionals, supervisors, and senior management. Manage multiple concurrent engagements and provide timely, high-quality client service that meets or exceeds expectations. Utilize problem-solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to best advise our clients. Exercise professional skepticism, judgment, and adhere to the code of ethics while on engagements. Ensure service excellence through prompt responses to internal and external clients. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 3-5 years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role and requires frequent communications with RSM International clients.

We are looking for a highly skilled and experienced IT Due Diligence Manager to join our team in Bengaluru. The ideal candidate will have 4-7 years of experience in the field. Roles and Responsibility Analyze technology implications for active M&A transactions. Review client investment theses, company profiles, and information on business technology environments. Research niche technologies, regulatory obligations, and latest trends to guide analysis. Participate in discussions with company executives to understand business processes and leverage technology strategy. Evaluate commercial off-the-shelf and custom-developed applications for sufficiency, scalability, and maintainability. Assess a company's IT infrastructure for hosting model adequacy, hardware inventory, network architecture, and business continuity procedures. Analyze technology vendor contracts and compute IT spend through contract reviews and financial documents. Develop workbooks and reports to capture diligence observations/analysis. Manage and develop RSM USI team members. Job Requirements Academic Qualification: B.Tech. and MBA from leading technology/business schools. Relevant experience of 4-7 years at a Big 4 or equivalent Advisory Services practice. Knowledge of Microsoft-powered AI products such as Microsoft CoPilot or any other GenAI tools is preferred. Experience with onshore teams, including data room management, document request list preparation, management meeting preparation, workbook analysis, quality of earnings, due diligence reports, client calls, and engagement team calls. Experience with post-acquisition/carve-out integration and separation-related engagements. Preferred industry experience in manufacturing, distribution, consumer products, business services, healthcare, financial services, business services, or technology. Knowledge of US-based regulatory and compliance frameworks such as FFIEC, NERC CIP, PCI DSS, HIPAA, GLBA, and HITECH is a plus. ERP or supply chain application implementation experience; functional expertise in IT and supporting front/back-office operations preferred. IT and cyber-related certifications (CISSP, CISM, HITECH, PCI DSS QSA, CEH, Azure, AWS). Strong skills in critical thinking, problem-solving, and process improvement. Excellent interpersonal and communication skills to interact effectively with internal team members and external clients. Ability to be a self-starter and drive successful client delivery. Demonstrates willingness to invest time in cross-time zone communication with U.S.-based teams. Evaluated as an exceptional performer in current position.

We are looking for a strategic and technically capable Cyber Defense Vulnerability Manager to lead vulnerability management initiatives within our Cyber Defense Operations (CDO) function. Responsible for the vulnerability remediation strategy, aligning with Arms global security standards and running the operational execution of the vulnerability management lifecycle. Responsibilities: Develop and lead strategic vulnerability management and Attack surface management initiatives across teams and geographies. Drive remediation accountability and ensure alignment with business risk profiles. Coordinate integration of threat intelligence and vulnerability scanning and Penetration Testing tools (eg, Tenable, Qualys) with ServiceNow workflows. Define Key Performance Indicators and metrics to govern remediation efficiency and SLA compliance. Collaborate with global teams, including Product Security, Red Team, Threat Intelligence, and Engineering. Provide leadership and mentoring to vulnerability analysts. Champion process automation and tooling enhancements. Drive operational transformation to mature existing processes, procedures and tooling. Lead the response efforts for major vulnerabilities in conjunction with security partners across the business. Act as a senior technical authority, as we'll as an escalation point for advanced response coordination. Scope and perform security reviews of platforms, web applications, mobile applications, and private and public cloud environments. Identify architectural deficiencies and implement vulnerability mitigation strategies to address. Required Skills and Experience: Demonstrable experience leading a vulnerability and Attack Surface management function in a global or enterprise-scale environment. Expertise in platforms like ServiceNow Vulnerability Management, Tenable, and third-party integrations. Sufficient understanding of web technologies to handle Web vulnerabilities. Solid understanding of security governance, frameworks (ISO 27001, NIST), and risk assessment practices. Demonstrated leadership in running multi-functional teams and stakeholder alignment. Ability to articulate security risk and remediation impact to executive audiences. Exposure to Networking, automation, scripting, and API integrations. Specialist technical knowledge spanning security and IT domains to enable a comprehensive response to vulnerabilities of the highest complexity, as we'll as cross organisational incident management. Detailed cyber security threat landscape knowledge and experience in bringing it to bear in response to a vulnerability. Nice To Have Skills and Experience: bachelors or masters in Cybersecurity, IT, or related field! Certifications such as CISSP, CISM, GIAC (GCCC, GCPM), or PMP. Understanding of Agile or DevSecOps practices

Visa is looking for a candidate to join its Cybersecurity 3rd Party Technology Risk Management (3PTRM) team as an Associate Cybersecurity Analyst, which works with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet Visa security requirements and mitigate any risks that are associated with engagement of third parties. The Analyst will work closely with Supplier Relationship Owners (SROs) and other Cybersecurity teams such as penetration testers, security architects, etc to assess and monitor third parties that do business with Visa. The role requires the candidate to have strong analytical, communication, and organizational skills, as we'll as a solid understanding of cybersecurity concepts and best practices. Essential Functions: Perform risk/security assessments of Suppliers and Third-Party relationships to identify, validate and remediate risks Cybersecurity Risks. This may include performing interviews, document design assessments and walkthroughs of cybersecurity controls. Support ongoing monitoring of Suppliers and Third Party to review compliance against compliance and regulatory requirements. Participate and conduct onsite assessments of Third Parties against Visa s security framework and industry security standards. Support risk/security assessments for special projects involving Third Parties. Support PCI-related activities relevant to third parties to ensure compliance with PCI requirements. Exhibit pragmatism in formulating process remediation and implementation strategies, defining work tracks, and submitting assessment findings and recommendations. Proactively follow-up with Suppliers to ensure prompt remedial actions for assessment findings. Basic Qualifications: Bachelors degree, OR 3+ years of relevant work experience Preferred Qualifications: 2 or more years of work experience. Bachelor s degree in Computer Science, Information Systems, Engineering, or related field, or equivalent work experience. Minimum of 1 years of experience in cybersecurity, IT audit, or IT risk management. Experience in cybersecurity, IT audit, risk management, compliance, or related fields. Knowledge of cybersecurity frameworks and standards such as NIST, ISO, PCI, etc. Strong written and verbal communication skills, and ability to communicate effectively with technical and non-technical audiences. Ability to work independently and collaboratively in a fast-paced environment. Certifications such as CISSP, CISA, CISM, CRISC, or equivalent are preferred.

We are looking for a highly motivated and detail-oriented individual with 0 to 3 years of experience to join our team as a Risk Consulting Associate in the IT SOX domain. The ideal candidate will have excellent analytical skills, strong knowledge of financial services, and a passion for delivering high-quality results. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control design and operating effectiveness. Conduct internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions. Ensure documentation complies with quality standards. Collaborate with RSM consulting professionals, supervisors, and senior management in the U.S. daily. Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients. Provide timely, high-quality client service, coordinating the development and execution of the consulting work plan and client deliverables. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 0-3 years of relevant experience in Information Technology/Security Controls, SSAE18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role requiring frequent communications with RSM International clients.

We are looking for a skilled professional with 8 to 13 years of experience to join our team as an Associate Manager/Manager - RC TRC IT SOX Consulting in Bengaluru. The ideal candidate will have a strong background in Information Technology/Security Controls and experience in Risk Consulting. Roles and Responsibility Develop an understanding of the RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review, document, evaluate control's design and operating effectiveness. Conduct internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to advise clients. Collaborate with the team to provide integrated service delivery and ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 8+ years of relevant experience in Information Technology/Security Controls. Intermediate knowledge of financials, operations, and technology, along with its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills, including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Excellent verbal and written communication skills, as this role requires frequent client interactions. Ability to manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients. Provide timely, high-quality client service that meets or exceeds expectations, including coordinating the development and execution of the consulting work plan and client deliverables. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery. Ensure professional development through ongoing education.

Key Responsibilities Identity and Access Management (IAM) Design, implement, and manage IAM frameworks, ensuring secure access control across on-premises and cloud environments. Administer user accounts, roles, and permissions following the principle of least privilege. Perform periodic access reviews and audits to ensure compliance with organizational policies. Manage single sign-on (SSO), multi-factor authentication (MFA), and identity federation solutions. Collaborate with application teams to implement secure authentication and authorization protocols. Vulnerability Management Conduct regular vulnerability scans across infrastructure, applications, and endpoints using tools such as Qualys, Nessus, or equivalent. Analyze vulnerability reports, prioritize risks, and coordinate remediation efforts with relevant teams. Maintain and improve patch management processes to address identified vulnerabilities. Monitor and track emerging threats, ensuring timely implementation of mitigation measures. Create and present vulnerability management dashboards and reports for stakeholders. Security Operations Monitor and respond to security incidents, ensuring quick containment and resolution. Configure and manage security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint security solutions. Conduct root cause analysis for incidents and implement preventive measures. Ensure compliance with security standards such as ISO 27001, NIST, or CIS benchmarks. Develop and update runbooks and incident response procedures. and Governance Work closely with DevOps, infrastructure, and application teams to integrate security best practices. Participate in security assessments, audits, and risk analysis exercises. Support the development and enforcement of security policies and standards. Provide security awareness training to teams and stakeholders. Documentation and Reporting Maintain comprehensive documentation of IAM workflows, security processes, and vulnerability management activities. Provide periodic compliance and risk reports to management and relevant stakeholders. Qualifications and Skills Proven experience in IAM, vulnerability management, and security operations. Strong knowledge of identity management tools and vulnerability scanning tools (e.g., Qualys). Proficiency in configuring and managing security tools such as firewalls, IDS/IPS, and endpoint security solutions. Familiarity with cloud security practices across platforms like AWS, Azure, or Google Cloud. Strong analytical and problem-solving skills with attention to detail. Relevant certifications such as CISSP, CISM, CompTIA Security+, or GIAC are highly desirable. Key Responsibilities Identity and Access Management (IAM) Design, implement, and manage IAM frameworks, ensuring secure access control across on-premises and cloud environments. Administer user accounts, roles, and permissions following the principle of least privilege. Perform periodic access reviews and audits to ensure compliance with organizational policies. Manage single sign-on (SSO), multi-factor authentication (MFA), and identity federation solutions. Collaborate with application teams to implement secure authentication and authorization protocols. Vulnerability Management Conduct regular vulnerability scans across infrastructure, applications, and endpoints using tools such as Qualys, Nessus, or equivalent. Analyze vulnerability reports, prioritize risks, and coordinate remediation efforts with relevant teams. Maintain and improve patch management processes to address identified vulnerabilities. Monitor and track emerging threats, ensuring timely implementation of mitigation measures. Create and present vulnerability management dashboards and reports for stakeholders. Security Operations Monitor and respond to security incidents, ensuring quick containment and resolution. Configure and manage security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint security solutions. Conduct root cause analysis for incidents and implement preventive measures. Ensure compliance with security standards such as ISO 27001, NIST, or CIS benchmarks. Develop and update runbooks and incident response procedures. and Governance Work closely with DevOps, infrastructure, and application teams to integrate security best practices. Participate in security assessments, audits, and risk analysis exercises. Support the development and enforcement of security policies and standards. Provide security awareness training to teams and stakeholders. Documentation and Reporting Maintain comprehensive documentation of IAM workflows, security processes, and vulnerability management activities. Provide periodic compliance and risk reports to management and relevant stakeholders. Qualifications and Skills Proven experience in IAM, vulnerability management, and security operations. Strong knowledge of identity management tools and vulnerability scanning tools (e.g., Qualys). Proficiency in configuring and managing security tools such as firewalls, IDS/IPS, and endpoint security solutions. Familiarity with cloud security practices across platforms like AWS, Azure, or Google Cloud. Strong analytical and problem-solving skills with attention to detail. Relevant certifications such as CISSP, CISM, CompTIA Security+, or GIAC are highly desirable.

Core Responsibilities Managing multiple shifts of Security Operations Centre Managers performing security event monitoring and incident identification for 247 Security Operations Centre Provide tactical and strategic direction for the Security Operations Centre staff, program development & maturity roadmap To validate the Incidents reported by SOC operators. To escalate timely when the SLA for alerting is not met. To identify the incidents if there are any missed by SOC operators To interact with external parties to resolve the queries relating to the raised incidents. To manage the SIEM, incidents knowledge base. To generate the daily reports, weekly reports and monthly reports on time. To maintain the timely delivery of reports. To maintain the updated and latest log baselines. The security analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2information security specialist, and/or customer as appropriate to perform further investigation and resolution. Recommend enhancements to SOC security process, procedures and policies. Participate in security incident management and vulnerability management processes. Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats Communicate effectively with customers, teammates, and management Provide input on tuning and optimization of security systems Follow ITIL practices regarding incident, problem and change management Document and maintain customer build documents, security procedures and processes. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Other responsibilities and additional duties as assigned by the security management team Qualifications Ideal candidates will have as much of the following High-level understanding of TCP/IP protocol and OSI Seven Layer Model. Knowledge of security best practices and concepts. Knowledge of Windows and/or Unix-based systems/architectures and related security. Intermediate level of knowledge of LAN/WAN technologies. Must have a solid understanding of information technology and information security. Certification in at least one industry-leading SIEM product. Preferred Information Security professional designations such as CISSP, CISM, CISA 3-5 years previous Security Operations Centre Experience in conducting security investigations Detail oriented with strong organizational and analytical skills Strong written communication skills and presentation skills Self-starter, critical and strategic thinker, negotiator and consensus builder Good knowledge of IT including multiple operating systems and system administration skills (Windows, Linux) Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products Strong understanding of security incident management, malware management and vulnerability management processes Security monitoring experience with any SIEM technologies and intrusion detection technologies Experience with web content filtering technology -policy engineering and troubleshooting Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP A Bachelors Degree / Diploma in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering Excellent English written and verbal skills. Shift work required After-hours availability required

ROLE & RESPONSIBILTY: Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. REQUIREMENTS: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

Role & responsibilities Implement and maintain security tools (firewalls, IDS/IPS, antivirus, encryption). Conduct vulnerability assessments and manage patching efforts. Lead internal/external security audits for compliance and risk mitigation. Investigate and respond to security incidents (NIST/CSF aligned). Monitor threat intelligence and update security controls accordingly. Develop and enforce security policies and procedures. Deliver security awareness training to employees. Qualifications & Experience: Bachelors/Masters degree in Information Security, Computer Science, or a related field. 12+ years of experience in cybersecurity. In-depth knowledge of security frameworks, tools, and technologies. Core Skills: Strong analytical and problem-solving skills. Proficient in SIEM (Splunk, QRadar), EDR (CrowdStrike, SentinelOne), and vulnerability scanners (Nessus, Qualys). Experience with firewalls (Cisco, Palo Alto), IDS/IPS (Snort, Suricata). Knowledge of cloud security (AWS, Azure) and network protocols. Skilled in log analysis, malware analysis, and penetration testing. Interested candidates share your cv to recruitment@gokaldasexports.com

Security Service Operations,IT Security Technologies,CISSP, CISM, CRISC, CISA,SIEM, EDR, Email Security Gateways, Vulnerability Management Software, Firewalls,security systems, user authentication and management

Job Summary As the Senior Analyst, Security Assurance you will work in a fast-paced environment fostering teamwork and open communication to focus on compliance with security standards and regulatory frameworks at Foundever. Your expertise will be vital in coordinating external audits, gathering evidence, validating compliance, and engaging stakeholders across the organization. Primary Job Responsibilities Maintain a comprehensive understanding of security compliance frameworks (HITRUST, PCI, DSS, SOC, ISO 27001, HIPAA, NIST) and their requirements Coordinate and support external IT audits, collecting, preparing and submitting necessary documentation and evidence in a timely manner Conduct regular risk assessments and gap analyses to identify areas of improvement Document compliance efforts and gaps, audit findings, and remediation plans, ensuring proper tracking and follow-through Prepare and present status updates, audit results, and risk assessments to leadership and stakeholders Utilize advanced data analytics techniques to assess compliance trends, identify potential risks, and uncover actionable insights that inform decision-making and strategic planning Develop and maintain interactive data visualization graphs and dashboards to effectively communicate compliance metrics, audit findings, and risk assessments to stakeholders Utilize Governance, Risk, and Compliance (GRC) tools to streamline compliance workflows and improve visibility Stay informed of industry trends, threats, and regulatory changes affecting information security Skills and Qualifications 5+ years of experience in information security with a focus on security assurance and compliance In-depth knowledge of security frameworks and standards such as HITRUST CSF, SOC 1/2, ISO 27001, NIST, PCI DSS, etc. Experience with data analytics and data visualization Experience with compliance software and external audit portals for evidence posting and collaboration Knowledge of audit cycles and certifications for cloud hosted applications Bachelors degree in Computer Science, Information Technology, Security Management, or a related field Preferred Skills and Qualifications HIPAA experience Relevant security and framework certifications (e.g., CCSFP, CISM, CISSP, CISA, PCIP) AI experience About Us Foundever is a global leader in the customer experience (CX) industry. With 170,000 associates across the globe, we re the team behind the best experiences for +750 of the world s leading and digital-first brands. Our innovative CX solutions, technology and expertise are designed to support operational needs for our clients and deliver a seamless experience to customers in the moments that matter. #LI-MA1 #LI-Remote .

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment Job Summary Projects in Role Governance would include Identity Access Governance (IAG) assessment, Role based Access control (RBAC) design and functional assistance in IAG solution implementation along with providing services to run IAG operations for client organizations. A bachelor s degree in engineering and 3-5 years of related work experience; or a master s or MBA degree in business, computer science, information systems.Knowledge of access management concepts and technologies such as single sign on (SSO), multi-facto authentication (MFA) mechanism.Exposure to internal audits, compliance assessments, and regulatory reporting related to access control.Exposure to automation data analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantageFamiliarity with ERP systems, financial applications and other business systems.Understanding of RBAC and SOD principles and risk management practice.Knowledge of IT security concepts and access management tools.Sector specific knowledge such as FS (banking/NBFC) is an added advantage.Proficiency with Microsoft Word, Excel and other MS Office toolsProfessional certifications (e.g., CISA, CISM, CISP or IAM-Specific certifications) can be advantageous and preferred.A team player and strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their colour, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability, or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavour for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Participate in client meetings and discussions to understand user life cycle processes for access management and determine IAG maturity in their environment.Demonstrate knowledge on RBAC and segregation of duties principles and conduct meetings with client stakeholders, to perform identity and access assessments and design RBAC including Access Control Matrices (ACM) and Segregation of Duty (SoD) Matrix.Collaborate with stakeholders to evaluate SOD conflicts in consultation with Business teams to resolve identified conflicts and/or implementing mitigating controls to address risk.Assistance in formal evaluation of potential IAG solutions depending on various identity needs of clients.

Diversity hiring for Cyber Security Engineer - 5 to 10 Years at Bangalore. Position Cyber Security Engineer Experience – 5 to 10 Years Location – Bangalore Job Description: 5-8 years of experience in cybersecurity engineering, preferably in the manufacturing or industrial control systems (ICS) sectors. Strong knowledge of cybersecurity principles, risk management, and threat analysis. Proficiency with cybersecurity tools and technologies used for monitoring, detection, and incident response. Familiarity with cybersecurity standards and regulations such as IEC 62443, ISO 27001, NIST, etc. Relevant certifications such as CISSP, CISM, CEH, or GIAC are preferred. If interested, please share cv on omkar@hrworksindia.com Regards, Omkar 8208497043

Required Skills Technology | Incident Response Design SME | Level 4 Support Technology | Certified Ethical Hacking Design SME | Level 4 Support Technology | Penetration Testing and Adversarial Thinking | Level 4 Support Technology | Security Assessment and Scenario Planning | Level 4 Support Technology | Security Assessment and Scenario Planning | Level 2 Support Education Qualification : Engineer - B.E / B.Tech / MCA Certification Mandatory / Desirable : Technology | Offensive Security Certified Expert/Certified Red Team Professional/Certified Purple Team Leader/GDSA/MITRE ATT&CK Defender/GIAC CIH/GIAC CFA / CISSP / CISM / CISA / CEH / CTIA / GMON Delivery Skills required are: - Advanced Technical Skills: - Expertise in conducting and managing penetration tests, red team exercises, and simulated attacks. Deep understanding of network security protocols, architecture, and defense mechanisms. Ability to automate security operations tasks using scripting languages (e.g., Python, PowerShell). Analytical and Problem-Solving Skills: - Capability to collect, analyze, and apply threat intelligence to enhance security measures. Integration of threat intelligence feeds and indicators of compromise (IOCs) into security operations. Skills in conducting comprehensive risk assessments and developing mitigation strategies. Communication and Leadership Skills: - Effective communication of technical security findings and recommendations to non-technical stakeholders. Clear and concise reporting on security incidents, vulnerabilities, and remediation efforts. Ability to lead and mentor a team of security professionals, including red and purple team members. Continuous Learning and Adaptability: - Continuous learning and staying abreast of emerging cybersecurity threats, trends, and technologies. Participation in industry conferences, training programs, and certifications to enhance skills and knowledge. Ability to adapt to evolving threats and changes in the cybersecurity landscape. Value Proposition: - Understand the existing environment and propose any opportunity of improvement. Look at nagging issues in the environment and come out with Get Around solutions by working with vendors and industry experts

Work with the company s external auditor in leading walkthroughs, test of design and operational effectiveness of IT general controls; Coordinate and perform SOX program testing/auditing of IT General Controls with control owners and management; Evaluate IT General Control deficiencies for impact and perform risk assessments and root cause analysis to determine appropriate management actions. Monitor management s associated remediation efforts to closure, including review of supporting evidence; Create and maintain supporting documentation for SOX compliance testing; Engage and deliver appropriate workpapers timely to external auditors; Engag e , develop relationships and maintain open communication with a wide variety of cross functional internal resources and management as appropriate; Assess new products, systems, databases or changes to existing processes to identify and evaluate financial risks; Recommend process efficiencies to drive effective SOX IT compliance; Assist second line of defense organizations in ensuring that approved IT General controls are embedded in current processes; Support development and delivery of training programs to educate development teams and other stakeholders on compliance requirements, best practices, and policies; Foster a culture of compliance awareness and accountability within the organization. Qualifications: CISA, CISSP, CISM, ISO 27001, and other security certifications preferred; 5 years relevant experience; Graduate Degree in Computer Science, Information Technology, or any other related discipline or commensurate work experience or demonstrated competence; Strong IT SOX audit experience, particularly IT controls; Demonstrated understanding of information management systems and infrastructure including IT processes, tools, controls; Technical acumen and the ability to understand and interpret technical specifications; Ability to meet stringent deadlines in a fast-paced environment, deliver quality product and work well in a dynamic team environment; Exceptional written and verbal skills.

We re looking for a Staff Compliance Analyst to join Procore s Product & Technology Team. Procore software solutions aim to improve the lives of everyone in construction and the people within Product & Technology are the driving force behind our innovative, top-rated global platform. We re a customer-centric group that encompasses engineering, product, product design and data, security and business systems. In this role, you ll play a key part in ensuring our organizations information assets are protected by maintaining and improving our compliance posture. As a Staff Compliance Analyst, you ll partner with the IT, Cybersecurity, Risk, and Engineering team to ensure adherence to relevant security standards and regulations, and provide guidance on compliance best practices. Use your understanding of security principles and security standards and regulations to ensure security is integrated into all aspects of system design and implementation, with a focus on maintaining compliance. This position reports into the Senior Manager, Compliance and will be based in our Bangalore office. We re looking for someone to join us immediately. Apply today to join our team. What you ll do: Collaborate with IT teams to ensure security is integrated into all aspects of system design and implementation, with a focus on maintaining compliance. Perform security assessments to evaluate the effectiveness of security controls and ensure compliance. Evaluate and recommend security tools and technologies to enhance security posture and ensure compliance. Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, AICPA TSC). Stay up-to-date on the latest security threats, trends, and technologies, and their impact on compliance. What we re looking for: Bachelors degree in Computer Science, Information Security, or a related field or equivalent experience Minimum of 5-7 years of experience in information security. Strong understanding of security principles, technologies, and best practices. Relevant security certifications (e.g., CISSP, CISM, CISA, etc.), with a focus on compliance. Familiarity with relevant security standards and regulations. Excellent analytical, problem-solving, and communication skills.

In the Age of AI, Cprime reshapes operating models and rewires workflows to deliver enterprise transformation. We are your Intelligent Orchestration Partner, combining strategic consulting with industry-leading platforms to drive innovation, enhance efficiency, and shift your enterprise toward AI native thinking. For over 20 years, weve changed the way companies operate by transforming their people, processes, and technology, including partnering with 300 of the Fortune 500 companies. In this new era, Cprime helps companies unlock unprecedented speed and efficiency by embedding AI at the core of their business and infusing it into every function, process, and team. We are seeking an experienced Cybersecurity Lead to oversee and enhance our organizations security posture. The ideal candidate will be responsible for designing, implementing, and managing security strategies to protect our systems, networks, and data. This role involves leading security initiatives, collaborating with cross-functional teams, and staying ahead of emerging cyber threats. What you will do: Develop and implement comprehensive cybersecurity strategies and policies. Lead incident response efforts, including investigation, containment, and remediation. Conduct regular security assessments, vulnerability scans, and penetration tests. Manage security tools and technologies (firewalls, IDS/IPS, SIEM, EDR, etc.). Provide guidance and training to internal teams on security best practices. Monitor threat intelligence sources and proactively address potential risks. Collaborate with IT, DevOps, and delivery teams to embed security into the development lifecycle. Hands-on experience in dynamic malware analysis. Collect the suspicious files/scripts and perform malware analysis using sandboxing. Incident Investigation and RCA Reporting: Lead incident investigations, analyzing alerts, and conducting evidence collection and triage. Generate Root Cause Analysis (RCA) reports to document, incidents, providing detailed findings and recommendations for remediation. Windows Administration: Performed Windows Server administration, including system configurations, user account management, patching, and security hardening, ensuring compliance with security best practices. EDR Management: Implementing and managing CrowdStrike Endpoint Detection and Response (EDR), configuring and managing the solution to provide advanced protection for endpoints, detect threats, and respond to security incidents effectively. Real-time log monitoring across diverse sources, including firewalls, IDS/IPS, Windows/Linux operating systems, Windows Servers, system applications, databases, web servers, and networking devices, ensuring seamless operations and security. Direct prior experience with core security technologies (SIEM, firewalls, IDS/IPS, HIPS, proxies, vulnerability scanners, AV, etc.) Determine the scope of a security incident and its potential impact on the Client network recommend steps to handle the security incident with all information and supporting evidence of security events. Prepare and present security reports to executive leadership. Qualifications and Skills: 5-7 years of experience in cybersecurity, with at least 1 year in a leadership role. Strong knowledge of security frameworks and threat modeling. Hands-on experience with security technologies and incident management. Relevant certifications (e.g., CISSP, CISM, CEH) are a plus. Excellent analytical, problem-solving, and communication skills. Education and Certifications: Bachelor s degree in computer science, Information Security, or related field. Should be certified in one of the three certifications - CISSP, CISM, CEH. #LI-ONSITE #LI-NH1

We are seeking a skilled Technology Consultant with expertise in Data Loss Prevention (DLP), Data Classification, and Data Flow Analysis. The ideal candidate will have experience with solutions like Trellix, Forcepoint, Microsoft Purview, and Titus Data Classification. Additional knowledge in Digital Rights Management (DRM) and Mobile Device Management (MDM) is a plus. Key Responsibilities: Design and implement DLP and data classification solutions. Conduct data flow analysis to secure data movement. Collaborate on data protection policies and procedures. Monitor and respond to data security incidents. Provide training and support on data protection best practices. Key Skills: Data Loss Prevention (DLP) Trellix, Forcepoint, Microsoft Purview, Titus Data Classification Data Classification and Sensitivity Labels Data Flow Analysis Digital Rights Management (DRM) Mobile Device Management (MDM) Cloud Security (AWS, Azure, Google Cloud) Network Security Regulatory Compliance (GDPR, CCPA, HIPAA) Incident Response and Management Analytical Thinking and Problem-Solving Strong Communication and Project Management Qualifications: bachelors or masters degree in computer science, Information Security, or a related field. Relevant certifications such as CISSP, CISM, CCSP are preferred. Minimum of 4 years of experience in data security, DLP, and data classification.