749 Cism Jobs - Page 9

MECPL is a construction company specializing in Civil, Structural & Interior Contracts. We focus on delighting clients by consistently meeting requirements and exceeding expectations through Quality Construction, Timely completion, and After Sales Service of Industrial, Commercial & Institutional Projects. Our use of state-of-the-art technology and commitment to quality construction keeps us at the forefront of the industry. This is a full-time on-site Information Technology Security role located in Pune at MECPL. The role involves implementing cybersecurity measures, ensuring network security, managing information security, and overseeing application security on a day-to-day basis. You will lead the organization's cybersecurity posture and ensure the safe deployment and operation of cloud platforms, SaaS apps, and user identity systems. Key Responsibilities: - Implement firewalls, MFA, endpoint detection (EDR/XDR) - Ensure Email security: SPF, DKIM, DMARC; spam/phishing protection - Monitor threats, audit logs, VPN, and remote access policies - Maintain Microsoft 365 / Google Workspace security configuration - Oversee Cloud workload security (if using AWS, Azure, GCP) Must-Have Skills: - CISSP/CEH/CISM preferred or equivalent experience - Knowledge of SIEM tools, endpoint security (CrowdStrike, SentinelOne) - Familiarity with Microsoft Intune, Google Admin Console, Okta/Azure AD Qualifications: - Cybersecurity, Network Security, and Information Security skills - Experience in Information Technology and Application Security - Strong understanding of security principles and best practices - Certifications like CISSP, CISM, or CISA are a plus - Bachelor's degree in Computer Science, Information Technology, or a related field - Relevant work experience in IT security roles,

As a Technology Transformation Risk Senior at EY, you will be instrumental in ensuring that technology transformations are executed with a thorough understanding and management of associated risks. Your role will involve identifying, assessing, and mitigating risks related to significant technology changes like system upgrades, cloud migrations, and the implementation of new digital tools. By adhering to the company's risk management policies, you will guarantee the secure and compliant implementation of technological advancements. Key Responsibilities: - Conduct risk assessments for technology transformation projects to identify potential risks and vulnerabilities. - Assist in developing and executing risk mitigation strategies to address identified risks. - Collaborate with project teams to incorporate risk considerations throughout the project lifecycle. - Monitor and communicate the status of risk mitigation activities to the Technology Transformation Risk Manager and other stakeholders. - Contribute to the preparation and upkeep of risk documentation, including risk registers, reports, and dashboards. - Participate in the formulation of risk management policies, procedures, and training materials. - Engage with internal and external stakeholders to convey risk findings and recommendations. - Stay abreast of emerging technology trends, threats, and regulatory requirements that could impact the risk landscape. - Support the Technology Transformation Risk Manager in cultivating a culture of risk awareness and proactive risk management within the organization. Qualifications: - Bachelor's degree in Information Technology, Computer Science, Risk Management, or a related field. - At least 3 years of experience in technology risk management, particularly in transformation projects. - Profound knowledge of IT governance frameworks (e.g., COBIT, ITIL), cybersecurity principles, and data privacy regulations (e.g., GDPR, CCPA). - Preferred experience in Internal controls within SAP ECC/S4 Applications, IT application controls, IT general controls, and interface controls. - Professional certifications such as CRISC, CISM, CISSP, or equivalent are highly advantageous. - Demonstrated exposure to client-facing roles and collaboration with cross-functional teams including internal audits, IT security, and business stakeholders to evaluate control effectiveness and facilitate remediation activities. - Excellent communication, documentation, and report writing skills. Join EY to craft a fulfilling career and contribute to building a better working world for all.,

You will be responsible for reviewing and approving firewall requests in line with the risk appetite of the organization. Your role will involve reviewing and analyzing firewall rules to ensure their effectiveness and alignment with security best practices. It will be crucial for you to ensure that all firewall rules are recertified by owners within the specified timeframe. In cases where no owner is assigned, you will be required to find an owner and update the necessary information accordingly. Your duties will include performing firewall ruleset reviews and validating rule compliance reports generated from automated firewall review solutions. You will need to collaborate with stakeholders and manage ACL ruleset by adding, updating, removing, and optimizing rules to eliminate defunct or duplicate entries. Adherence to the change management process for creating, modifying, or removing rules with appropriate approvals is essential. Documenting all changes to firewall rules comprehensively is a key aspect of this role. This documentation should include the reason for the change, details of the change, the requestor's information, and the date and time of the change. Regularly reviewing existing firewall rules to ensure their necessity and appropriateness is also part of your responsibilities. Outdated or redundant rules should be identified and removed, while adjustments to rules based on identified issues should be made as necessary. In terms of experience qualifications, you should possess 16 to 20 years of experience in setting up, configuring, and managing firewall devices such as Palo Alto, F5, Zscaler, Cisco ISE, Azure, and DDoS solutions. A strong background in Network Architecture and the ability to design and develop the architecture framework are essential. Experience in preparing High-Level Design (HLD) and Low-Level Design (LLD) documents, managing end-to-end delivery, and excellent communication skills are required. Moreover, you should demonstrate strong leadership and team management skills, along with the ability to collaborate effectively with cross-functional teams. Possessing certifications such as CISSP, Certified Ethical Hacker (CEH), or CISM would be considered advantageous for this role.,

Role Overview: We are seeking a highly skilled Information Security Specialist to join our team. The ideal candidate will have extensive experience in addressing client queries related to product security, AI security, and cloud security (AWS and Azure) . This role requires a proactive approach to identifying and mitigating security risks , as well as excellent communication skills to effectively interact with clients. Key Responsibilities: Good and detailed understanding of Azure and AWS services provisioning, architecture and security recommendations Respond to client queries regarding product security, AI security, and cloud security (AWS and Azure). Develop and implement security policies, protocols, and procedures. Conduct regular security audits and assessments to identify vulnerabilities. Collaborate with the product development team to ensure security best practices are integrated into the product lifecycle. Monitor and analyze security incidents to determine root causes and implement corrective actions. Stay updated with the latest security trends, threats, and technologies. Provide training and guidance to internal teams on security best practices. Co-ordinate with internal InfoSec team for timely deliverables, as required Hands-On experience for Azure and AWS Cloud services and application end -to-end provisioning on Cloud. Key Performance Indicators (KPIs): Client Query Response Time: Ensure all client queries related to security are addressed within 24 hours. Incident Resolution Time: Resolve security incidents within the defined SLA (Service Level Agreement). Security Audit Compliance: Achieve a compliance rate of 95% or higher in all security audits. Client Satisfaction: Maintain a client satisfaction score of 90% or higher for security-related queries and support. Training Effectiveness: Conduct quarterly security training sessions with an average feedback score of 4.5/5. Cloud Architecture: Ensure secure hosting of product at Cloud Environment. Qualifications: Bachelor's degree in computer science, Information Technology, or a related field. Minimum of 10-15 years of experience in information security, with a focus on AI security and cloud security (AWS and Azure). Relevant certifications such as CISSP, CISM, or AWS Certified Security Specialty. Strong understanding of security frameworks and standards (e.g., ISO 27001,NIST). Excellent problem-solving skills and attention to detail. Strong communication and interpersonal skills. Nice to have Exposure to financial research domain Industry recognized certification programs on Data Management/Cloud etc. » Experience with JIRA, Confluence » Understanding of scrum and Agile methodologies » Experience with data visualization tools, such as Grafana, GGplot, etc. Soft skills » Oral and written communication skills » Good problem solving and negotiation skills » Intellectual curiosity to find new and unusual ways of how to solve data management issues. » Passionate about the work and attention to detail

Job Title: Information Security Engineer Job Type: Full-Time Position Overview: We are seeking a highly skilled Information Security Engineer to manage Risk Assessment,Compliance, and Clouds Infrastructure Security, with specialized expertise in healthcaresecurity, cybersecurity analytics, and emergency preparedness. The ideal candidate will haveexperience designing secure applications and architectures, conducting SAST/DAST testing,managing cyber emergency preparedness, and ensuring robust security protocols across theenterprise. You will also be responsible for developing security policies and procedures andintegrating cutting- edge security practices to maintain the organization's security posture andcompliance standards. Key Responsibilities: Risk Assessment: Perform internal and third-party risk assessments, conductsecurity audits, and manage vulnerability remediation. Develop mitigation strategiesand report risks to senior management. Clouds Infrastructure Security: Secure cloud environments (AWS, Azure, GCP) and on prem infrastructure, ensuring access controls, encryption, and network securityprotocols are in place. Compliance Management: Oversee compliance with HIPAA, GDPR, DPDPA, and healthcare-specific regulations. Support audit preparation, conduct assessments, andensure alignment with industry and privacy standards. Cybersecurity Analytics: Leverage cybersecurity analytics to monitor, identify, andrespond to threats in real-time, utilizing data-driven insights to enhance overall securityposture. Designing Secure Applications Architectures: Collaborate with development teams todesign and implement secure applications and system architectures, ensuring thatsecurity best practices are incorporated into the software development lifecycle. SAST /DAST: Implement Static and Dynamic Application Security Testing (SAST/DAST) to identify vulnerabilities and ensure secure coding practices throughout the development pipeline. Cyber Emergency Preparedness: Develop and maintain cyber emergency preparednessplans, including incident response, disaster recovery, and business continuity strategies. Electronic Surveillances Corporate Security: Oversee and manage electronic surveillance systems to detect and prevent both physical and cybersecurity threats.Ensure seamless integration between corporate security measures and IT/cybersecurity strategies. Security Policies Procedures: Develop, document, and maintain comprehensive securitypolicies and procedures to ensure regulatory compliance and alignment with riskmanagement frameworks. Incident Response: Lead investigations into security incidents, conduct root cause analysis,and recommend corrective actions to prevent future breaches. Collaboration Training: Partner with IT, development teams, and external vendors tointegrate security best practices into cloud and infrastructure environments. Providetraining and awareness programs to staff on security policies and procedures. Qualifications: 2-5 years of experience in information security, risk management, compliance, and healthcare security. Expertise in cybersecurity analytics, secure application design, andarchitectural security best practices. Strong knowledge of HIPAA, GDPR, DPDPA, and other healthcare-related compliance regulations. Hands-on experience with cloud security (AWS, Azure, GCP) and infrastructure security. Proficiency in SAST/DAST tools and vulnerability management. Experience with cyber emergency preparedness, incident response, anddisaster recovery planning. Knowledge of electronic surveillance systems and corporate security measuresto protect both physical and digital assets. Ability to document and maintain security policies, procedures, and standards. Strong analytical, communication, and problem-solving skills. Certifications (Preferred): CISSP, CISM, CRISC, CEH, AWS Certified Security Specialty, Azure Security Engineer, Certified HIPAA Professional (CHP), Certified Information Privacy Professional(CIPP/US), Certified Business Continuity Professional (CBCP)

ASSOCIATE CONSULTANT Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced Conduct audits to verify the compliance to organizations security standards Assist in Business Continuity Planning and Implementation. Metrics collection & reporting Must Have Skills Excellent communication and presentation skills. Able to effectively interact with various functions. Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security #eviden

ASSOCIATE CONSULTANT Experienced in Information Security Risk Management with experience in implementing and maintaining Risk Management frameworks (ISO 31000 & ISO 27001) Should have executed and managed consulting and audit assignments for clients in the areas such as internal audit, operational risk management and compliance management. Should be adept at conducting gap analysis, risk assessments to identify vulnerabilities. Have worked with organizations to develop Business Continuity Plans and Disaster Recovery related processes. Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Should have Knowledge on information security incident management. Specific Duties and Responsibilities Include: Proactively protect the organizations information by ensuring appropriate information security controls are in existence and enforced Conduct audits to verify the compliance to organizations security standards Assist in Business Continuity Planning and Implementation. Metrics collection & reporting Must Have Skills Excellent communication and presentation skills. Able to effectively interact with various functions. Good to have Skills / Certification Minimum: ISO27001:2013 Lead Auditor course Good to have: CISSP, CISA, CISM, ISO22301QualificationBE/ BTech, MCA, MBA with specialization in Information Security #eviden

Policy & Framework Management: Define, review, and update cybersecurity policies, procedures, and standards to align with business and regulatory requirements.Regularly review and update Security Configuration Documents (SCDs).Drive the adoption and alignment of the NIST Cybersecurity Framework.Implement and manage the Unified Compliance Framework to streamline regulatory mapping.Security Controls & Automation: Conduct configuration reviews across critical systems and platforms.Lead initiatives to automate policy management and control validation.Evaluate and recommend risk management solutions and security technologies.Risk & Change Management: Perform third-party/vendor risk assessments, including onboarding, periodic review, and offboarding processes.Collaborate with IT and operations teams for firewall rule lifecycle management.Participate in and govern the Change Management process to ensure security reviews and approvals.Compliance & Audit: Ensure continuous compliance with RBI, IRDAI, UIDAI, ISO 27001, IT Act 2000, and other applicable regulatory and industry standards.Prepare, maintain, and manage documentation for internal and external audits.Track, report, and drive mitigation for audit findings and exceptions.Implement and maintain continuous compliance monitoring tools and practices.Reporting & Governance: Develop and report on cybersecurity posture to senior leadership and key stakeholders.Maintain and deliver Service Level Agreements (SLA) reports and performance metrics.Design and manage Key Risk Indicators (KRI) dashboards to support informed decision-making.Conduct periodic exception reviews and manage approval workflows. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field.6+ years of experience in cybersecurity governance, risk, and compliance (GRC).Strong understanding of NIST, ISO 27001, UCF, and regulatory standards (RBI, IRDAI, UIDAI, IT Act).Proven experience in policy lifecycle management, audit coordination, and risk assessment.Familiarity with firewall rule governance, change management, and automated compliance tools.Excellent communication, analytical, and stakeholder management skills. Preferred technical and professional experience CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CGEIT

& Summary . Why PWC & Summary We are looking for an experienced Cloud Security Lead with deep technical expertise in Zscaler (ZIA/ZPA) and Fortinet security solutions. The ideal candidate will play a key role in architecting, implementing, and managing secure cloud onprem and internet access strategies, supporting enterprisewide digital transformation and security posture enhancement. s Zscaler Security Operations Design, implement, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) solutions. Configure SIPA (Secure Internet & Private Access) policies for optimized secure remote and internet access. Perform regular reviews, audits, and optimization of Zscaler configurations to align with industry best practices. Provide technical support and guidance to L1 and L2 teams for Zscalerrelated issues. Stay up to date on Zscaler enhancements, threat intelligence, and security features to ensure proactive defense. Fortinet and Network Security Implement and manage Fortinet firewall and security solutions for perimeter and cloudbased infrastructure. Configure Fortinet firewalls to support SDWAN, secure edge, and hybrid cloud environments. Work closely with networking teams to design secure network topologies integrating Fortinet technologies. Cloud Security and Compliance Design and assess cloudnative security architectures for AWS, Azure, or GCP environments. Conduct cloud security assessments, vulnerability scans, and risk remediation. . Assist in external security audits and privacy assessments related to cloud workloads. Collaboration and Strategy Collaborate with crossfunctional teams (Security, IT, DevOps, Engineering) to embed security into cloud and network initiatives. Act as a Subject Matter Expert (SME) for Zscaler and Fortinet technologies in solution design and customer engagements. Maintain documentation on security controls, configurations, SOPs, and incident response playbooks. Required Skills and Qualifications Experience in network and cloud security domains. Proven handson experience with Zscaler ZIA/ZPA design, implementation, and operations. Strong working knowledge of Fortinet firewalls and FortiManager, FortiAnalyzer. Experience with SDWAN, SDN, VPNs, and secure web gateway technologies. Strong understanding of network security principles, SIEM, threat intelligence, and incident response. Knowledge of cloud compliance standards and risk frameworks (NIST, CIS, ISO). Excellent communication skills and ability to work in crossfunctional environments. Strong documentation, presentation, and stakeholder management skills. Experience in SOC environment will be a plus Mandatory skill sets Zscaler ZIA / ZPA / SIPA Fortinet FortiGate / FortiManager / FortiAnalyzer SIEM platforms (Splunk, QRadar, etc.) Firewall platforms Fortinet, Palo Alto, Check Point, Juniper Security Frameworks ISO 27001, NIST, CIS Controls, HIPAA, GDPR Preferred skill sets Zscaler Certified Professional ZIA/ZPA Fortinet Certified Professional (FCP) CISSP / CCSP / CISM Cloud Security certifications (AWS/Azure/GCP Security Specialty) Years of experience required 58 Years of experience Education qualification Graduate Engineer or Management Graduate Education Degrees/Field of Study required Master Degree, Bachelor Degree Degrees/Field of Study preferred Required Skills Splunk Administration Accepting Feedback, Accepting Feedback, Active Listening, Analytical Reasoning, Analytical Thinking, Application Software, Business Data Analytics, Business Management, Business Technology, Business Transformation, Communication, Creativity, Documentation Development, Embracing Change, Emotional Regulation, Empathy, Implementation Research, Implementation Support, Implementing Technology, Inclusion, Intellectual Curiosity, Learning Agility, Optimism, Performance Assessment, Performance Management Software {+ 16 more} Travel Requirements Available for Work Visa Sponsorship

You will be responsible for conducting third-party risk assessments in alignment with ISO 27001:2022 and ISO 22301:2019 frameworks. Your duties will include identifying, assessing, and mitigating risks related to information security, business continuity, and third-party vendors. Collaboration with cross-functional teams and external stakeholders to drive risk mitigation strategies will be a key aspect of your role. Additionally, drafting and reviewing policies, procedures, and audit reports will be part of your responsibilities. As a TPRM Consultant / Senior Consultant, you will need to effectively communicate complex risks and findings to both technical and non-technical audiences. Strong verbal and written communication skills will be essential for this. Furthermore, you will be expected to solve complex problems using structured critical thinking and issue-resolution approaches. Ensuring adherence to internal standards and client requirements at every phase of the engagement will be crucial. Excellent stakeholder management, critical thinking, and problem-solving abilities are key skills required for this role. Language proficiency in English is mandatory for this position. Additionally, fluency in Tamil and Hindi would be considered a plus. Certifications in ISO 27001:2022 or ISO 22301:2019 are mandatory for this role. Possessing certifications such as CEH, CISA, CISM, CompTIA Security+, or GISF would be advantageous.,

As an organization focused on re-imagining agricultural insurance through the innovative integration of Public Cloud, GIS, Remote-sensing, and cutting-edge AI-based algorithms, we at Kshema are dedicated to empowering the future of agricultural insurance. Leveraging the latest advancements in Mobile and Geospatial technologies, we are committed to revolutionizing the industry. We are currently seeking a Chief Information Security Officer (CISO) who will play a pivotal role in driving our cyber security strategy and ensuring strict compliance with regulatory and statutory guidelines pertaining to information and cyber security. As the CISO, you will be entrusted with the responsibility of enforcing policies aimed at safeguarding the organization's information assets and coordinating all information/cyber security-related matters internally and externally. **Key Responsibilities:** - Develop a comprehensive Information Security Roadmap for the organization with a forward-looking perspective. - Establish and oversee an enterprise-wide information security and IT risk management program. - Lead the implementation and review of Hardware, Network, and Software Security Standards and Controls to fortify systems, data, and assets against internal and external threats. - Implement Security Assessment and Testing Processes, including Penetration Testing, Secure Software Development, and Vulnerability Management. - Identify and deploy cutting-edge Security Products/Tools for various purposes. - Proactively monitor and address security issues, potential threats, and vulnerabilities to enhance security standards continually. - Conduct Information Security awareness training for all employees. - Execute Security Assessment practices such as Audits and Reviews. - Provide strategic guidance and consultation for IT Projects, including security risk assessments. - Conduct real-time analysis, investigations, and forensics when necessary to enhance security measures. - Develop strategies to manage security incidents and conduct investigations. - Maintain regular communication with stakeholders on Information and Data Security Practices and Activities. - Implement a strategy for deploying information security technologies to mitigate cyber-attack risks. - Continuously evaluate current IT security practices and systems for enhancement. - Ensure compliance with the latest regulations and requirements. - Develop and implement business continuity plans. **Desired Skills and Experience:** - Engineering Graduate/Post-Graduate in fields such as Computer Science, IT, Electronics, Communications, or Cyber Security. - Minimum of 15 years" experience in risk management, information security, or cyber security. - Profound knowledge of information security management frameworks like ISO/IEC 27001 and NIST. - Familiarity with DevSecOps, Secure SDLC, Security Automation, Security Testing, DR & BCP Concepts. - Experience in financial forecasting and budget management. - Understanding of Industry Security Standards, Protocols, and Data Privacy Regulations. - Ability to navigate ambiguity and devise solutions for complex problems. - Experience in contract and vendor negotiations and management. - Proficiency in Agile software development practices. - Collaboration skills to work effectively with cross-functional teams. - Relevant certifications such as CISSP, CEH, CISA, and CISM are advantageous. - Hands-on experience in designing, implementing, and operating security in public clouds like AWS, Azure, Oracle, or GCP. - Strong written and verbal communication skills with a high level of integrity. - Excellent presentation skills. Join us at Kshema and be a part of our mission to redefine agricultural insurance through innovation and technology.,

As an Information Security professional in our organization, you will be responsible for various key tasks related to ensuring the security of our third-party suppliers and information systems. Your role will involve assessing and managing the security risks associated with our suppliers, interpreting security assurance reports such as SOC2 and pen test reports, as well as reviewing security requirements in contracts. Your responsibilities will also include understanding outsourced solutions and the information classification associated with them, assessing supplier security controls based on ISO27001/2 standards, and identifying and documenting security risks. Additionally, you will be expected to suggest recommendations to address the identified security risks and potentially perform information classification assessments. To excel in this role, you should hold relevant security certifications such as ISO27001 auditor/implementation, CISSP, CRISC, CISM, or CISA. Your experience of at least 4 years in Information Security along with a strong understanding of security policies, processes, and standards will be valuable in this position. If you are a proactive professional with a keen eye for detail and a passion for enhancing information security practices, we encourage you to apply for this position. Please note that the location of this role is in Mumbai (Andheri East) and the ideal candidates should be able to join within an immediate to 30 days" notice period. Interested candidates are requested to share their updated resumes with us at manasa.chilla@visionyle.com.,

Summary Implements the information security, governance and strategy per the information management framework through business partnering. Perform ISRM compliance activities for a specific area or technology within TT. About the Role Major accountabilities: Deep understanding of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST, GDPR, NIS2. Hands-on experience in GRC tools such as ServiceNow to configure, build and automate controls / assessments logic for the compliance management. Provide input to GRC team on risk and control register business requirements. Aptitude for technology, open-mindedness towards picking up new skills and working in various trending areas such as AI, GenAI, OT, Mobile, Cloud technologies etc. Basic knowledge on industry regulations e. g. SOX, GxP etc. Deliver effective security training and awareness programs and coordinate delivery across functions and countries. Experience in designing and implementing controls and policy framework, laws and regulations and best in class industry standards. Work experience in risk, control, and governance disciplines (e. g. , Risk Management, Audit, Information Security, Regulatory Compliance). Establish close collaboration with stakeholders to facilitate alignment with policies, risks as well as internal and external audits. Strong communication to manage various levels of collaboration/working relationship with global teams. Desirable Skills: 8-10 years of experience in various industry framework and GRC tools. Strong presentation, analytical and communication skills. Ability to, influence, work collaboratively and contribute to high performing teams. CISA/CISM and Big 4 experience preferred.

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY-Cyber security, the EKM Team owns the Public Key Infrastructure (PKI) and is responsible for certificate lifecycle management, distribution, and key management. The Lead Info Security engineer will be a part of a team of subject matter experts to facilitate the protection of data at rest, in-transit, or in-use by providing systems of processes, technologies, and policies. We're looking for Security Analysts in the Risk Consulting team to work on various privacy/data protection related projects for our customers across the globe. As an influential member of the team, you will help create a positive learning culture, coach and counsel junior team members, and assist in their development. **Your key responsibilities include:** - Designing, developing, integrating, and deploying encryption and key management solutions both on-premises and in the cloud. - Defining business/technical strategies to reduce risk and improve the overall security posture of applications, platforms, and infrastructure. - Collaborating with stakeholders at all levels to understand security needs and prioritize the roadmap accordingly. - Ensuring projects are completed on time, within budget, and with high quality. - Supporting necessary compliance activities and developing runbooks, SOPs, and troubleshooting guides. - Continuously validating the team's products/solutions against policies, guidelines, procedures, and regulations to ensure compliance. - Supporting the client's team by acting as an interim team member (e.g., security officer, security manager, security analyst). **Skills and attributes for success:** - Being a good team player with excellent verbal and written communication skills. - Proficient in documentation and PowerPoint skills, with good social, communication, and technical writing skills. - Ability to prioritize tasks, work accurately under pressure, and follow workplace policies and procedures. - Strong analytical/problem-solving skills and the ability to work independently on projects with minimal oversight. **To qualify for the role, you must have:** - Bachelor's or master's degree in Computer Science, Information Systems, Engineering, or a related field. - At least 7+ years of experience in Information Security with subject matter expertise in PKI, CLM, HSM. - Excellent scripting skills and experience with developing SOPs, runbooks, CP/CPS. - Technical experience with a combination of CLM, KMS, and PKI services, along with Linux and Windows systems. - 2+ years of working experience in cloud technologies such as AWS, Azure, and Google Cloud Platform. - Knowledge of security technologies like Venafi, AppViewX CERT+, Luna HSM, Fortanix DSM, MS-PKI, Sectigo. **Ideally, you'll also have:** - Experience with data tokenization/data masking and leading high performing technical teams. - Security certifications such as CISSP, CISM, CRISC, AWS, Azure, SANS, etc. - Ability to provide strong customer service and willingness to work weekends and travel as required. **What we look for:** - A team of people with commercial acumen, technical experience, and enthusiasm to learn in a fast-moving environment with consulting skills. - An opportunity to be part of a market-leading, multi-disciplinary team of professionals, working with leading businesses across various industries. **What working at EY offers:** - Inspiring and meaningful projects with a focus on education, coaching, and personal development. - Support, coaching, and feedback from engaging colleagues. - Opportunities to develop new skills, progress your career, and handle your role in a way that suits you. EY exists to build a better working world, creating long-term value for clients, people, and society, and building trust in the capital markets. Join EY's diverse global teams to provide assurance, help clients grow and transform, and find new answers to complex issues facing the world today across assurance, consulting, law, strategy, tax, and transactions.,

As a professional in IT Risk, Compliance, and security, you will play a crucial role in ensuring the security and integrity of core IT projects. Your responsibilities will include assessing audit findings and control weaknesses, collaborating with stakeholders to develop management action plans, and implementing security classification, change controls, and SDLC. Your expertise in industry frameworks such as ISO standards, GDPR, NIST, and PCI DSS will be essential in identifying and mitigating cyber security risks. In addition to your technical skills, you will also utilize your project management experience to plan and execute multiple IT Risk, Compliance, and security operations. You will contribute to the planning of SOX programs, conduct follow-ups on security control implementations, and develop project plans and resource plans to meet client needs. Your ability to communicate effectively and provide regular project updates to clients and leaders will be crucial in ensuring the success of GRC and Security engagements. Your primary skills in Governance, Risk and Compliance (GRC), Security Frameworks, and ISMS Implementation will be instrumental in driving the security initiatives forward. Additionally, possessing certifications such as CISA, CISM, CRISC, or CISSP will further enhance your expertise in the field. Joining Capgemini will provide you with the opportunity to work alongside a collaborative community of colleagues from around the world and contribute to building a more sustainable and inclusive world through technology. Capgemini is a global leader in business and technology transformation, with a strong legacy of over 55 years. As part of a diverse team of 340,000 members in more than 50 countries, you will have the chance to make a tangible impact on enterprises and society. Leveraging your skills in IT Risk, Compliance, and security, you will help unlock the value of technology for clients and address their business needs with innovative solutions. If you are passionate about technology and seeking to shape your career in a dynamic and supportive environment, we invite you to join us at Capgemini.,

As a Cyber Assurance Assistant Vice President (AVP) at Barclays in Pune, you will play a crucial role in partnering with the bank to provide independent assurance on control processes and offer advice on enhancements to ensure the efficiency and effectiveness of the bank's internal controls framework. Your responsibilities will include collaborating across the bank to maintain a robust control environment by conducting ad-hoc assessments and testing the design and operational effectiveness of internal controls aligned with the bank's policies and standards. You will develop detailed test plans and procedures to identify weaknesses in internal controls and other initiatives within the bank's control framework to mitigate potential risks and issues that could disrupt bank operations, lead to losses, or impact reputation. In this role, you will communicate key findings and observations to relevant stakeholders and business units to enhance overall control efficiency and provide corrective actions to senior managers. You will work closely with other control professionals to address complex issues and ensure consistent testing methodologies across the bank. Additionally, you will establish a knowledge center containing detailed documentation of control assessments, testing results, findings, and distribute material on internal controls to train and upskill colleagues within the bank. As an Assistant Vice President, you are expected to advise and influence decision making, contribute to policy development, and take responsibility for operational effectiveness. You will lead a team in performing complex tasks, set objectives, coach employees, appraise performance, and determine reward outcomes. If the position involves leadership responsibilities, you will demonstrate a clear set of leadership behaviors to create an environment for colleagues to excel. Your role may involve collaborating on assignments, guiding team members, identifying new directions for projects, and consulting on complex issues. You will identify ways to mitigate risks, develop new policies and procedures to support the control and governance agenda, and take ownership of managing risk and strengthening controls related to your work. Furthermore, you will engage in complex data analysis, communicate complex information effectively, and influence stakeholders to achieve desired outcomes. It is essential for all colleagues to uphold the Barclays Values of Respect, Integrity, Service, Excellence, and Stewardship, as well as demonstrate the Barclays Mindset of Empower, Challenge, and Drive in their behavior.,

As a Presales Consultant at Netenrich, you will play a crucial role in the sales process, specializing in advanced cybersecurity solutions with a focus on SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) technologies. Your deep understanding of these technologies will enable you to tailor solutions to meet the unique security needs of our clients. Your responsibilities will include collaborating with the sales and marketing teams to drive sales by presenting and demonstrating comprehensive security solutions that incorporate SIEM and SOAR capabilities. You will oversee partner support for Netenrich partners, managing account management, pricing and quoting support, and identifying opportunities to drive growth in partner accounts. To excel in this role, you must become intimately familiar with partner businesses, work closely with the sales team to identify growth opportunities, and assist partners with day-to-day requirements such as pricing, quoting, and solution development. You will be responsible for presenting and demonstrating cybersecurity solutions to clients, addressing technical queries, and ensuring a high-quality customer experience throughout the partner/customer lifecycle. Qualifications and Requirements: - Ability to quickly understand client business structures and needs - Professional certifications in cybersecurity such as CISSP, CISM, or CISA preferred - Strong understanding of various cybersecurity concepts, technologies, and best practices - Sales acumen and the ability to understand client needs - Experience in working with US channel partners preferred - Proficient at communicating with US sellers and professionals - Ability to develop and execute efficient and repeatable business processes - Comfortable interacting with senior executives, sales technical, engineering, and operations teams - Efficient multitasking and prioritization skills - Prior experience in Security Services, Information Technology, and Management Services If you are a self-motivated individual with a passion for cybersecurity and a track record of success in presales roles, we invite you to join our team at Netenrich and make a significant impact on our partner relationships and revenue growth.,

At Alight, we believe a company s success starts with its people. At our core, we Champion People, help our colleagues Grow with Purpose and true to our name we encourage colleagues to Be Alight. Our Values: Champion People - be empathetic and help create a place where everyone belongs. Grow with purpose - Be inspired by our higher calling of improving lives. Be Alight - act with integrity, be real and empower others. It s why we re so driven to connect passion with purpose. Alight helps clients gain a benefits advantage while building a healthy and financially secure workforce by unifying the benefits ecosystem across health, wealth, wellbeing, absence management and navigation. With a comprehensive total rewards package, continuing education and training, and tremendous potential with a growing global organization, Alight is the perfect place to put your passion to work. Join our team if you Champion People, want to Grow with Purpose through acting with integrity and if you embody the meaning of Be Alight. Learn more at careers.alight.com . As a Senior Cloud Security Analyst , you will play a critical role in ensuring the security and compliance of our cloud infrastructure. You ll collaborate with cross-functional teams to design, implement, and maintain robust security measures across our cloud platforms. Your expertise will be instrumental in safeguarding our systems, data, and applications. You will assist in the wider operational activities including but not limited to validating and addressing identified security risks, Data Security, SOC1/SOC2 Audits, Client Audits, security certifications, vulnerability testing and support management teams during security incident events. You should be confident and capable of explaining the risk and remediation positions for threats as part of the global security incident management process related to cloud security. Duties & Responsibilities Cloud Security Posture Management (CSPM): Drive remediation of open security risks. Collaborate with the Information Security and compliance team to develop global cloud security architecture and maturity standards. Evaluate and respond to alerts and events from security tools, fine-tuning configurations to minimize false positives. Develop event response documentation and processes for the Security Operations Center. Work closely with Cloud Operations teams to define and implement security standards and best practices. Maintain documentation and diagrams for security tools, system environments, and cloud operations. Host Configuration Management: Conduct regular scans of host configurations to identify configuration violations and ensure compliance with security policies and CIS Benchmarks. Develop and implement remediation plans for identified violations. Collaborate with IT and DevOps teams to ensure secure configurations are maintained. Cloud Workload Protection: Perform vulnerability assessment on container images and containerized environments using industry standard tools. Identify, assess, assign, and report vulnerabilities throughout the container lifecycle. Work with development teams to ensure vulnerabilities are addressed in a timely manner. Implement security controls and best practices for container orchestration platforms. Combine security assessment tools with automation to proactively identify and remediate vulnerabilities. Collaborate with functional-area architects and security specialists to ensure adequate controls are in place. Incident Response Monitoring: Monitor and analyze security logs and events. Respond promptly to security incidents, investigating and containing threats. Work within a DevOps security model to automate incident response. Serve as a subject matter expert (SME) for security tools and processes. Position Requirements: Bachelor s or Master s degree in Computer Science, Engineering, Information Security, or similar boot camp certifications. Relevant certifications (e.g., AWS, CISSP, CCSP, CISM, GSEC) are highly desirable. Proven experience in cloud security, vulnerability management, and/or incident response. Strong knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud-optional). Familiarity with security assessment tools (e.g. Host Configuration Management, Cloud Security Posture Management (CSPM), cloud native tools, Vulnerability scanners, etc). Experience with developing and managing software application(s), APIs, or cloud infrastructure Familiarity with one to many programing languages and infrastructure as Code (IAC) Ability to collaborate effectively with cross-functional global teams. Alight requires all virtual interviews to be conducted on video. Flexible Working So that you can be your best at work and home, we consider flexible working arrangements wherever possible. Alight has been a leader in the flexible workspace and Top 100 Company for Remote Jobs 5 years in a row. Benefits We offer programs and plans for a healthy mind, body, wallet and life because it s important our benefits care for the whole person. Options include a variety of health coverage options, wellbeing and support programs, retirement, vacation and sick leave, maternity, paternity & adoption leave, continuing education and training as well as several voluntary benefit options. By applying for a position with Alight, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Alight s employment policies. Background checks may include some or all the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position. Our commitment to Inclusion We celebrate differences and believe in fostering an environment where everyone feels valued, respected, and supported. We know that diverse teams are stronger, more innovative, and more successful. At Alight, we welcome and embrace all individuals, regardless of their background, and are dedicated to creating a culture that enables every employee to thrive. Join us in building a brighter, more inclusive future. As part of this commitment, Alight will ensure that persons with disabilities are provided reasonable accommodations for the hiring process. If reasonable accommodation is needed, please contact alightcareers@alight.com . Equal Opportunity Policy Statement Alight is an Equal Employment Opportunity employer and does not discriminate against anyone based on sex, race, color, religion, creed, national origin, ancestry, age, physical or mental disability, medical condition, pregnancy, marital or domestic partner status, citizenship, military or veteran status, sexual orientation, gender, gender identity or expression, genetic information, or any other legally protected characteristics or conduct covered by federal, state, or local law. In addition, we take affirmative action to employ, disabled persons, disabled veterans and other covered veterans. Alight provides reasonable accommodations to the known limitations of otherwise qualified employees and applicants for employment with disabilities and sincerely held religious beliefs, practices and observances, unless doing so would result in undue hardship. Applicants for employment may request a reasonable accommodation/modification by contacting their recruiter. Authorization to work in the Employing Country Applicants for employment in the country in which they are applying (Employing Country) must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the Employing Country and with Alight. Note, this job description does not restrict managements right to assign or reassign duties and responsibilities of this job to other entities; including but not limited to subsidiaries, partners, or purchasers of Alight business units. We offer you a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization. DISCLAIMER: Nothing in this job description restricts managements right to assign or reassign duties and responsibilities of this job to other entities; including but not limited to subsidiaries, partners, or purchasers of Alight business units. .

We are currently looking for an ambitious and dynamic IT SOX/Internal Auditor to join our Global SOX Team based in Bangalore. The main purpose of the role is to assess the adequacy of IT controls design and complete the test of effectiveness covering all aspects of Visa s in-scope key financial systems and applications. It is expected that this position will include responsibility for the understanding of complex IT areas in accordance with plan. The Analyst should expect to assume supporting role in the completion of the SOX 404 testing stage for several IT controls under the direction of managers. Skills Strong problem-solving skills, with demonstrated ability to identify and resolve issues and risks, including root cause analysis. Ability to anticipate and identify opportunities to establish standards and controls, as well as develop and recommend solutions. Effective communication, interpersonal and influencing skills and ability to drive effective change at all levels of the organization. Detailed, conscientious and highly responsible team player. Responsibilities Review and assess adequacy of walkthrough documentation, perform test of effectiveness through review of supporting documents, meeting control owners and report control issues identified. Attend and support IT controls meetings with control owners, external auditors and SOX team members. Document test results in Visa s work papers template ready for review by SOX team members and external auditors. Interacts with management to assess control exceptions. Keep control owners and SOX team informed of exceptions and assist the IT teams with the development of Management Action Plans to mitigate issues, and evaluate adequacy of managements actions. Possess good written and oral communication skills, demonstrate these skills during meeting with control owners and IT teams. To be a key member of the SOX team and contribute to the planning and execution of the annual SOX program for IT controls. Provide best practice expertise to management and the SOX team on the COSO and IT SOX internal control frameworks. Handling day-to-day relationships with the external auditors on control matters and related issues. Professional 3 - 5 years of experience in SOX, internal audit, or risk with focus on IT controls (ITGC/ITAC) Experience in financial services or payments industry preferred . Big 4 experience preferred Qualification . Bachelor of Technology/ Commerce degree . CISA/CISM certification preferred

Detailed job description - Skill Set: Technically strong hands-on Self-driven Good client communication skills Able to work independently and good team player Flexible to work in PST hour(overlap for some hours) Past development experience for Cisco client is preferred.

About this role Job Description . This mission would not be possible without our smartest investment the one we make in our employees. It s why we re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive. Your team Join our distributed team of cyber security experts, protecting our business and developing exciting capabilities on the frontline of cyber defense! Apply your passion and knowledge of cyber security to improve the security of internal and external business workflows by supporting optimal cybersecurity control alignment and empower all employees to protect information our clients and investors entrust us with, and the systems and technology that enable our mission. Your Responsibilities This individual will join the Cyber Diligence team that is responsible for: Providing consultative advice to information security customers that enables them to make informed risk management decisions Identifying appropriate controls to effectively handle information risks as needed Finding opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk Maintaining strong working relationships with individuals and groups involved in handling information risks across the organization Identifying and assessing the severity and potential impact of risks and communicate/assess/implement solutions in a way that influences optimum risk mitigation Supporting the documentation of Information Security Policies and Standards Assessing the risk and providing governance of high-risk security related requests Assisting with pre-M&A information security reviews Reviewing of security components of technology changes, and other security risk related areas BlackRock is committed to building great Cyber Security careers for our people, and we are looking for an individual with a passion for cyber security defense to continue the growth of our exceptional team. You have Experience in coordinating and leading all aspects of complex Technology projects The ability to effectively influence others to account for the plans and collaborative behaviors for results Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner Ability to identify and assesses the cybersecurity threats, risks and controls to cost-effectively mitigate risks Ability to react to high pressure dynamic changing environments Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part. Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one s network within an organization. Ability to apply original and innovative thinking to produce new ideas and create innovative products, solutions, or approaches. A discipline and interpersonal skills to work well in a global environment, complementing teams in multiple remote locations Degree in Business, Computer Science, Information Security, or a related field 4+ years Information Security experience 2+ years with risk advisory Experience with information security management frameworks (e. g. , IS027000, COBIT, NIST 800, etc. ) Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) Our benefits . Our hybrid work model BlackRock s hybrid work model is designed to enable a culture of collaboration and apprenticeship that enriches the experience of our employees, while supporting flexibility for all. Employees are currently required to work at least 4 days in the office per week, with the flexibility to work from home 1 day a week. Some business groups may require more time in the office due to their roles and responsibilities. We remain focused on increasing the impactful moments that arise when we work together in person aligned with our commitment to performance and innovation. As a new joiner, you can count on this hybrid model to accelerate your learning and onboarding experience here at BlackRock. At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being. Our clients, and the people they serve, are saving for retirement, paying for their children s educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress. This mission would not be possible without our smartest investment the one we make in our employees. It s why we re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive. For additional information on BlackRock, please visit @blackrock | Twitter: @blackrock | LinkedIn: www. linkedin. com/company/blackrock BlackRock is proud to be an Equal Opportunity Employer. We evaluate qualified applicants without regard to age, disability, family status, gender identity, race, religion, sex, sexual orientation and other protected attributes at law.

Name of the Post: Deputy Chief Information Security Officer (Dy. CISO) Type of the Post: Contractual on full time basis . No. of Posts: 01 (one) Place of Posting: Tobacco Board - Guntur, Andhra Pradesh Scope of Work The Dy. CISO will be responsible for the following: a) Define information security roadmap for the organization with a futuristic vision b) Lead, implement and review hardware, network and software security standards and security controls within the organization, to protect systems, data and assets from both internal and external threats and prevent information and data loss/frauds. c) Identify and implement security assessment and testing processes across the organization, including but not limited to penetration testing, secure software development, vulnerability management etc. d) Identify best security products/tools for various purposes and implementation of same e) Lead security automation efforts for the organization f) Proactively monitor and identify security issues and potential threats, new vulnerabilities/threats and continuously improve security standards within the organization. g) Managing the daily operation of CSOC and implementation of the IT security strategy h) Implement and lead Security Assessment practices including Security Audits, Information Security Reviews, etc. i) Provide strategic risk guidance and consultation for IT Projects, including security risk assessment of Implementation Architecture, technical standards, and protocols j) Real-time analysis, investigations, and forensics, if a need arises and ensure to avoid and strengthen security measures. k) Developing strategies to handle security incidents and trigger investigation l) Regular Stakeholder communication on Information and data security practices and activities m) Develop a strong security team and enable employees be security aware with continuous training on security awareness n) Creating and implementing a strategy for the deployment of information security technologies and solutions to minimize the risk of cyber-attacks o) Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement p) Conducted network audit of all sites to study network response and performance. Running security audits and risk assessments q) Directed significant effort into IT asset management, involving hardening, tagging, tracking and auditing all IT assets across the companies r) Ensuring compliance with the latest regulations and compliance requirements s) Developing and implementing business continuity plans. t) Lead security automation efforts for the organization Eligibility Criteria / Age Limit: The candidate should not be more than 50 years old as on November 30, 2022 . Educational Qualification Engineering Graduate/ Post-Graduate in related field such as Computer Science, IT, Electronics and Communications or a Cyber Security related field OR MCA or equivalent qualification from recognized University. Note: Candidates having following professional certifications/ qualifications shall be preferred: Certified Information Systems Security Professional (CISSP) / Certified Information Security Manager (CISM)/ Certified Chief Information Security Officer (CCISO) / Certified Information Systems Auditor (CISA). Experience 8 - 10 years of relevant experience, including five years in a leadership / Senior Management role Demonstrated leadership, versatility and integrity Demonstrated broad management knowledge to lead project teams in one department. Skill Requirement Experience in Information Security Risk Management and Cybersecurity Technologies and strategy Knowledge of SIEM, PIM and NAC Solutions etc. Should have practical experience in implementing these solution Deep understanding and Knowledge of EDR, MDR, XDR, WAF solutions Expertise in Cloud based Security Solutions Expertise in FIM, DAM, IAM, Access control Solutions Expertise in Linux, Virtualization, Networking Concepts & OS, Data, Application Security Concepts and Tools Familiarity with Industry Security Standards and Protocols, Information and Data Privacy Regulations Good understanding of DevSecOps, Secure SDLC, Security Automation, Security testing concepts, DR & BCP concepts Strong in leadership skills and excellent interpersonal communications skills, stakeholder and vendor management Capable to understand and articulate impact of InfoSec Operations to the leadership

Hiring TPRM (third party risk management) risk assessment In a world of growing cyber threats and regulatory demands, role of a TPRM Analyst has never been more vital We are seeking Governance, Risk, and Compliance (GRC) to implement robust frameworks that integrate risk management, compliance, and governance processes into our business strategy. Experience - 4 -7Years Location - Bengaluru Work Mode - Hybrid Certifications: ISO 27001 LA/LI, ISC2 CC, Security+, CTPRP, CTPRA, CISA, CISM, CRISC, CISSP (any one is preferable ) Information Security Governance, Compliance and Security Assessment, experience, with a focus on IT and IS Risk Assessments and program reviews / establishment. Familiarity with and demonstrated experience assessing against the BS ISO/IEC/SIG 27002:2005 BS 7799 standard domains, BS 25999 including Risk Assessment; Security policy; Organization of Information Security; Asset Management; HR Security; Physical and Environmental Security; Communications and Operations Management; Access Control; IS Acquisition, Development and Maintenance; IS Incident Management; Business Continuity Management; and Compliance. Broad understanding of Information Security trends, services and disciplines and experience applying them in dynamic environments. Were ready to fast-track your application if youre available to start! Think youre a perfect fit? Drop your resume bhumika.soni@weareams.com or Share this with someone you know who fits the bill.

Position Overview Job Title - Divisional Risk & Control Specialist CB, VP Location Mumbai, India Role Description CB Divisional CISO (D-CISO) Office The Divisional CISO has the ultimate responsibility for the operational aspects of ensuring compliance to Deutsche Banks Information Security Principles. The Divisional CISO Office supports the Div. CISO in this task. In this role the candidate will assist all of our business divisions by evaluating and mitigating information security risks in order to meet both audit and regulatory requirements. What Well Offer You As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your Key Responsibilities Information Security Officer (ISO) The ISO is a manager aligned to an application (Application ISO) both together hereafter referred to as area of responsibility. The ISO has the responsibility for ensuring the compliance with the Group Information Security requirements in their area of responsibility. Key responsibilities comprise but not limited to: ISO: Understand and analyze business setting from an information security perspective Perform risk assessments on complex applications, vendors, processes and projects from an information security perspective Identify security gaps, evaluate options for remediation, define and implement check points and compensating controls. Provide sufficient information related to the business context, information sensitivity and nature of usage of an application, including identification and implementation of controls for identified Information Security risks in their area of responsibility To cooperate with the D-ISO / D-CISO to address requests for policy interpretation, guidance and advice, to ensure creation of divisional policies in accordance with the IS Policy Governance and to support policy authors by raising questions to the policy advisory team Present assessments results and options to the business and discuss steps for resolution. Initiate and track risk acceptance process if required. Analyze and redesign access management processes (request and approval). Define and implement Segregation of Duties rules (details outlined below) Identifying applications and roles which allow access to PSI and assess appropriateness of access controls. Review of roles and application role concepts. Support on inquiries from internal and External Audit, regulators and clients. Advisory and support projects on information security questions. Advisory vendor relationships. Interact with and educate the business on information security risks and controls and handling sensitive data. Assist in assessing and determining appropriate controls on unstructured data hosted on internal and external data rooms. Conduct information security awareness sessions for stakeholders in CB. Assist in designing and implementing control framework for third party applications. Analyze the root cause for delays or incorrect processing and propose sustainable solutions Generate MIS for multiple IS topics and to assist senior management identify risks Support the wider D-CISO office where required including any adhoc analysis and presentations The Segregation of Duties (SoD) Manager acts as the single point of contact for the Divisions or Functions or other stakeholders with regard to any SoD related questions or issues in their area of responsibility. Key responsibilities of the SoD Manager comprise: To design and implement SoD Rules (for applications) in close collaboration with the ISO as well as other SoD Managers or stakeholders who may be affected by these rules. This includes the regular review of these rules and any necessary amendments To assess and remediate any SoD violations detected within their area of responsibility by either revoking inappropriate access or ensuring adequate compensating controls or exception handling procedures To assess the impact of inappropriate access on business operations and identify if there are indications for improper use of this access To act as the single point of contact for the Divisions or Functions or other stakeholders with regard to any SoD related questions or issues in their area of responsibility Liaise and coordinate with Central SoD Governance team and attend SoD forums Special Projects support on ongoing remediation projects. Your Skills And Experience Skills Profile: Experience as IT and/or IS analyst ideally in a Corporate Banking environment Proficiency in Microsoft Office applications (Excel, PowerPoint, Word, etc.) Excellent communication skills in English (verbal and written) with ability to articulate / engage with Senior management stakeholders (a must) Strong analytical skills and ability to transform complex issues into efficient solutions Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs Management Skills: Strong operational and people management skills, including the ability to operate within a diverse team. Excellent partnering skills and stakeholder management. The ability to successfully navigate a complex organisation, build strong relationships and work collaboratively with business and management teams and with other control functions. Comprehensive management / leadership skills, including the ability to motivate teams through demonstrable commitment to CB and DBs success. Experience/qualifications: Good university graduate or post-graduate degree with Information Security, Risk Management and Governance Prior experience in a risk environment (e.g. in BISO, ORM, Audit, Data Privacy) Good understanding of major business and operational risk processes. Certifications such as ISO27001-LA/LI, CISM, CISSP etc. Experience in banking industry with a strong sense of accountability and integrity Advanced presentation/interactive skills sufficient to convey complex conceptual information/ideas on issues requiring interpretation and opinion. Desire to work in a fast paced, challenging multi-cultural environment and with ability to work in a global team Self-motivated, critical thinking and good understanding of major business and risk processes How Well Support You Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About Us And Our Teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.,

As a candidate for this position, you should hold a Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field, with a preference for a Masters degree. Your role will involve leading and mentoring the SOC team to promote a culture of continuous improvement and collaboration. Overseeing the day-to-day operations of the SOC is crucial, ensuring efficient incident detection, response, and recovery processes. Collaboration with IT and business units is essential to integrate cybersecurity measures into existing and new technology deployments. Your responsibilities will also include managing cybersecurity projects, selecting and implementing cutting-edge security tools and technologies. Regular security assessments, penetration testing, and proactive threat hunting are key tasks to identify and mitigate potential security vulnerabilities. Relevant cybersecurity certifications such as CISSP, CISM, CEH, or GIAC are desired, along with at least 10 years of experience in cybersecurity, including a minimum of 3 years in a leadership role within an SOC environment. In-depth knowledge and experience with cybersecurity regulations and standards are expected. Proficiency in managing and configuring security technologies such as SIEM, firewall, IDS/IPS, EDR, and vulnerability management tools is required. You should have a demonstrated ability to lead and develop high-performing teams. Additional responsibilities include preparing lab/demo environments, conducting research and development on security tools and best practices, and being flexible to work in US Shift. Excellent problem-solving, communication, and presentation skills are necessary for this role.,