We are looking for a highly skilled and experienced Associate Consultant to join our team in Pune. The ideal candidate will have 2-5 years of experience in IT controls, ITGCs, ITACs, SOX 404 controls testing, and IT auditing. ### Roles and Responsibility Conduct comprehensive IT audits to ensure compliance with established controls and regulatory requirements. Identify and review IT General Controls (ITGCs) and IT Application Controls (ITACs) to safeguard organizational assets and ensure accuracy of financial reporting. Execute SOX compliance activities, including risk assessments, controls testing, and remediation efforts. Prepare and assess Service Organization Control Reports (SOCR) to validate the effectiveness of IT controls objectives. Conduct IT process reviews through stakeholder interviews, data validations, and document analysis. Apply IT-related and internal control knowledge to deliver high-quality engagements. Review Change Management processes, ensuring changes are thoroughly reviewed, tested, and approved. Review Access Management procedures to ensure proper access levels and permissions. Evaluate and address Segregation of Duties (SOD) concerns to prevent unauthorized access and potential conflicts. Collaborate with cross-functional teams to identify control gaps and develop effective remediation plans. Stay updated on industry trends, regulatory changes, and emerging technologies related to IT controls and compliance. Prepare and communicate audit findings, recommendations, and status updates to key stakeholders and management. ### Job Requirements Bachelor's degree in Computer Science, Statistics, or M.C.A. Proven experience in IT controls, ITGCs, ITACs, SOX 404 controls testing, and IT auditing. Strong knowledge of Change Management, Access Management, SOD, business process IT controls, and ICFR principles. Familiarity with Service Organization Control Reports (SOCR) and related frameworks. Familiarity with ERPs such as SAP, Oracle, Dynamics 365, etc. Excellent analytical and problem-solving skills with attention to detail. Effective communication and interpersonal skills for collaborating with internal teams and external auditors. Relevant professional certifications such as CISA, CISSP, or equivalent are preferred. Ability to adapt to a fast-paced environment and manage multiple priorities.

We are looking for a highly skilled and experienced Supervising Analyst to join our team in Bengaluru. The ideal candidate will have 3 to 8 years of experience in risk management, compliance, or quality assurance. ### Roles and Responsibility Serve as part of the GDS Account Data Risk - Independent Control Monitoring team, executing independent testing of controls related to data protection at the client account level. Execute control testing in line with EY's global data protection framework. Consult and collaborate effectively across key data protection stakeholders on testing activities. Evaluate and summarize test results, proposing remediation activities. Document findings and observations to contribute to continuous learning and improvement. Support the development and maintenance of reporting, such as regional/area risk leaders, service line leaders, and account leaders. ### Job Requirements Bachelor's degree and approximately 3+ years of related work experience. Experience or background in quality, risk management, compliance, cybersecurity, or familiarity with data protection law. Strong understanding of metrics and reporting. Ability to work independently and collaboratively within cross-functional teams. Excellent communication and problem-solving skills. IAPP certifications (CIPP/E, CIPP/US, CIPM) are preferred; CISA, CISM, CISSP, or equivalent certifications are also desirable.

We are looking for a skilled Security Consultant Lead with 9 to 14 years of experience in information security, preferably in cloud security. The ideal candidate will have advanced knowledge of computer science and experience in managing significant Information Security risk management functions. ### Roles and Responsibility Review security architectures and provide pragmatic security guidance that balances business benefits and risks. Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on implementation. Perform threat modeling and risk assessments of information systems, applications, and infrastructure. Maintain Information Security Policies and Compliance standards and enhance InfoSec risk assessment and certification methodologies. Define security configuration standards for shared and multi-tenant platforms and technologies. Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit. Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders. Provide knowledge sharing and technical assistance to other team members, acting as a Subject Matter Expert (SME) in responsible technologies with a deep technical understanding of services and technology portfolios. ### Job Requirements Advanced degree in Computer Science or a related discipline; or equivalent work experience. Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM, or CISA, or similar cloud-security oriented certifications. Minimum 9 years of experience in managing a significant Information Security risk management function. Experience in managing communication of security findings and recommendations to IT project teams, business leadership, and technology management executives. Strong working knowledge of cloud security, infrastructure security, application security, Agile & DevSecOps methodologies, and operational security. Knowledge of common information security standards such as ISO 27001/27002, CSA and CIS Controls, NIST CSF, PCI/DSS, FEDRAMP is preferred. Experience with Azure Active Directory (AAD) based Identity and Access Management and Authorization design and integration with API, IDaaS, and Federation technologies is preferred.

We are looking for a highly motivated and detail-oriented individual with 2 to 7 years of experience to join our team as a Portfolio Compliance Enablement Specialist in Bengaluru. The ideal candidate will have a strong foundation in Cyber Security, Information Security, or a related field. ### Roles and Responsibility Support projects aimed at improving EY's risk posture and adherence to Information Security policies. Assist in the development and execution of compliance strategies and remediation plans under the guidance of more experienced team members. Contribute to the delivery of processes and/or solutions, focusing on quality and effective risk management. Document and translate technical vulnerabilities into business risk terms for stakeholder communication. Participate in the use and improvement of compliance assessment toolkits under supervision. Support assessments for technology infrastructure, applications, and third-party dependencies. ### Job Requirements At least 2 years of experience in Cyber Security, Information Security, or a related field. A degree in Cyber Security, Information Security, Computer Science, or a related discipline. Certifications such as Security+, Network+, or an interest in pursuing relevant certifications like CRISC, CISSP, CISM, CISA. Basic knowledge of information security standards like ISO 27001/27002, NIST, PCI DSS. Understanding of regulatory requirements such as PCI, SOX, HIPAA, GDPR. Strong communication skills and technical writing skills, and the ability to work effectively within a team environment.

We are looking for a highly skilled and experienced Consultant to join our team in Gurgaon. The ideal candidate will have 2-3 years of experience in IT Audits, preferably with experience working on FS clients. ### Roles and Responsibility Conduct IT audits, including statutory and internal audits, to ensure compliance with regulatory requirements. Develop and implement effective IT General Controls (ITGC) testing procedures to identify areas for improvement. Collaborate with cross-functional teams to design and execute IT Application Controls (ITAC) testing and Automated Business Controls testing. Perform IT Infrastructure risks and control assessments to identify potential vulnerabilities. Assist in SOC1, SOC2 audits and reporting, as well as IT Compliance and regulatory reporting. Develop and maintain expertise in emerging technologies such as cloud, RPA, AI/ML, and Blockchain. ### Job Requirements Bachelor's degree in Computer Science, Statistics, or M.C.A; Master's degree preferred. Minimum 2-3 years of relevant experience in IT Audits, with a focus on client-facing roles managing audits. Strong knowledge of ITGC, ITAC, and IT Automated Business Controls testing. Experience with IT SOX 404, SOC1, SOC2 audits, and reporting. Familiarity with risk and control assessments considering emerging technologies. Preferred certifications include CISA, CISSP, CISM, CRISC, CCSK, and others relevant to the role.

We are looking for a skilled Email Security Engineer with 5 to 10 years of experience to join our team in Bengaluru. The ideal candidate will have a strong focus on Microsoft Defender for Office 365 (MDO) technologies and be able to enhance email security, optimize delivery, and integrate various security technologies and protocols. ### Roles and Responsibility Architect, implement, and manage solutions with a focus on Microsoft Defender for Office 365 (MDO), including anti-phishing policies, safe links, and attachments. Configure and optimize MDO services and integrate with other security solutions such as Cisco, Proofpoint, and Fortra. Implement and manage protections for Microsoft Teams, SharePoint, and OneDrive. Manage email authentication protocols (SPF, DKIM, DMARC) and implement encryption solutions like S/MIME and Office 365 Message Encryption. Handle L4 email security incidents, develop incident response plans, and provide technical guidance. Monitor systems, analyze metrics, and optimize for performance and compliance. Conduct proof of concepts (PoCs), product evaluations, and manage requests for comment (RFCs). Prepare and deliver presentations to leadership and support the security awareness training program. Work independently on projects from conception to completion and manage vendor relationships. ### Job Requirements Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent work experience. Minimum 5 years of experience in email security engineering, with proven experience in incident response and managing security solutions. Strong analytical, problem-solving, and communication skills. Ability to collaborate effectively with diverse teams and deliver presentations to senior leadership. Proficiency in PowerShell, Python, and understanding of network protocols (TCP/IP, SMTP, etc.). Expertise in Microsoft Exchange Online and Defender for Office 365. Proficient in email security tools and platforms, anti-spam, malware detection, phishing prevention, encryption, and DLP. Experience with SPF, DKIM, DMARC, and email security solutions from Cisco, Proofpoint, and Fortra. Knowledge of MDO protections for Teams, SharePoint, and OneDrive. Desired Certifications: CISSP, CESS, or Microsoft 365 Certified: Security Administrator Associate. ### Additional Information Occasional on-call support or off-hours work may be required. Join our team and play a vital role in safeguarding our organization's email communication against emerging threats. If you are passionate about email security, possess strong technical skills, and are committed to maintaining a secure digital environment, we encourage you to apply.

We are looking for a skilled Senior Manager TPRM with 10 to 12 years of experience to join our team in Bengaluru. The ideal candidate will have a strong background in information security, risk management, and controls concepts. ### Roles and Responsibility Provide guidance and share knowledge with team members on complex, judgmental, and specialized issues. Brief the engagement team on client's environment and industry trends, maintaining relationships with client management to manage expectations of service. Demonstrate a thorough understanding of complex information systems and apply it to client situations, using extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Manage client engagements, determining and deploying the right team with adequate skill sets for executing engagements and periodically reviewing status updates. Contribute to thought leadership documents and develop new methodologies, facilitating discussions/knowledge sharing with key client personnel. Plan and schedule client engagements, staying abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Identify buyers, influencers, and stakeholders in existing client engagements and build strong relationships. Display teamwork, integrity, and leadership, working with team members to set goals and responsibilities for specific engagements and fostering teamwork and innovation. Drive performance management for self and team, managing the performance management process for direct reportees as per organizational policies. Train and mentor project resources, participating in organization-wide people initiatives. ### Job Requirements Strong knowledge of information security concepts, risk, and controls is required. Knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc., and regulations like FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, OSI layer, networking, and security concepts, along with sound familiarity with OWASP and Secure SDLC standards/frameworks. Experience in LAN/WAN architectures and reviews, cryptography, physical and environmental security, asset security, and identity and access management. CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer certifications are preferred. A BE/BTech degree with a sound industry experience of 10 to 12 years is required.

We are looking for a highly skilled and experienced Chartered Accountant (CA) or Master’s degree in management, Information Systems/Technology, Computer Science, Business Analytics, Cybersecurity, or a related discipline with 5 to 10 years of experience to join our team as a Senior Manager in Risk Consulting - Protect Tech. The ideal candidate will have a passion for technology and an ardent desire to work in risk management. ### Roles and Responsibility Consistently deliver quality client services, driving high-quality work products within expected timeframes and on budget. Foster relationships with client personnel to analyze, evaluate, and enhance information systems, developing and improving security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues, communicating this information to the engagement team and client management through written correspondence and verbal presentations. Demonstrate deep technical capabilities and professional knowledge, quickly assimilating new knowledge. Identify strategic, IT, and business risks, control gaps, weaknesses, and areas of improvement. Design IT Risk Controls frameworks and RACMs, and implement IT general controls, application controls, and business process controls. Conduct IT internal control reviews and review SOC1 or SOC2 reports. Perform IT Risk and Controls assessment with exposure to technologies such as SAP, Oracle, Workday, MS Dynamics, or emerging technologies like Cloud, RPA, AI/ML. Possess knowledge of IT risk, information security, or cyber security frameworks such as COSO, COBIT, ISO, NIST, etc. Understand IT regulatory compliances such as IT SOX, GDPR, ISO, PCI DSS, etc. Have strong exposure working in client-facing roles and collaborating with cross-functional teams including internal audits, IT security, and business stakeholders to assess control effectiveness and facilitate remediation activities. Exhibit excellent communication, documentation, and report writing skills. Relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001 are a plus. ### Job Requirements A Chartered Accountant (CA) or Master’s degree in management, Information Systems/Technology, Computer Science, Business Analytics, Cybersecurity, or a related discipline is required. Minimum 5 years of experience in risks & controls, preferably in a Big 4 or professional firm. Passion for technology and a desire to work in risk management. Strong understanding of IT risk, information security, or cyber security frameworks such as COSO, COBIT, ISO, NIST, etc. Experience in conducting IT internal control reviews and reviewing SOC1 or SOC2 reports. Excellent communication, documentation, and report writing skills are essential. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001.

We are looking for a highly skilled and experienced Cyber Security Consultant to join our team in Bengaluru. The ideal candidate will have 5-8 years of experience in supporting Data Security Technology, with a strong background in Information Security concepts related to Governance, Risk & Compliance. ### Roles and Responsibility Build and deploy DATA PROTECTION solution concepts and deployment requirements. Deploy and administer endpoint protection tools. Collaborate with vendors to support DATA PROTECTION technology, including troubleshooting and upgrades. Monitor and respond to alerts from Data Protection systems and other technologies. Follow incident response processes through event escalations. Respond to escalations by the Incident Response Team. Maintain leading DATA LOSS PREVENTION/CASB systems. Assist clients in privacy-related incident response activities and support their teams as an interim member (e.g., security officer, security manager, security analyst). ### Job Requirements Bachelor's or master’s degree in Computer Science, Information Systems, Engineering, or a related field. At least 5-8 years of experience in supporting Data Security Technology. Experience in administering DLP, CASB tools, including configuring policies, upgrading, and patching for leading vendors such as Digital Guardium, McAfee, Forcepoint, Netskope, Symantec CloudSOC, MCAS, etc. Technical/Vendor certification is an added advantage. Knowledge of core Information Security concepts related to Governance, Risk & Compliance. Ability to work independently and adapt to a changing environment. Demonstrated integrity in a professional setting. Strong analytical and problem-solving skills. Excellent verbal and written communication skills. Proficient in documentation and PowerPoint. Good social, communication, and technical writing skills. Ability to interface with internal and external clients. Flexible to work on rotational shifts and some weekend work may be required based on job needs. Professional certificate or active pursuit of related professional certifications such as CompTia Security+, CEH, CISSP, or Vendor/Technical certification; certified candidates are expected to complete one of the business-required certifications within 12 months of hire.

Purpose and Scope: As a Foundation Data Engineer, you will play a crucial role in designing, building, and maintaining our data infrastructure. Your expertise in Databricks, PySpark, SQL and other related technologies, will be instrumental in driving data-driven decision-making across the organization. You will play a pivotal role in building maintaining and enhancing our systems across the organization. This is a fantastic global opportunity to use your proven agile delivery skills across a diverse range of initiatives, utilize your development skills, and contribute to the continuous improvement/delivery of critical IT solutions. Essential Job Responsibilities: Data Pipeline Development: Design, build, and optimize data pipelines using Databricks and PySpark. Ensure data quality, reliability, and scalability. Application Transition: Support the migration of internal applications to Databricks (or equivalent) based solutions. Collaborate with application teams to ensure a seamless transition. Mentorship and Leadership: Lead and mentor junior data engineers. Share best practices, provide technical guidance, and foster a culture of continuous learning. Data Strategy Contribution: Contribute to the organizations data strategy by identifying opportunities for data-driven insights and improvements. Participate in smaller focused mission teams to deliver value driven solutions aligned to our global and bold move priority initiatives and beyond. Design, develop and implement robust and scalable data analytics using modern technologies. Collaborate with cross functional teams and practices across the organization including Commercial, Manufacturing, Medical, DataX, GrowthX and support other X (transformation) Hubs and Practices as appropriate, to understand user needs and translate them into technical solutions. Requirements Qualifications: Required Bachelor's degree in computer science, Information Technology, or related field (Masters preferred) or equivalent experience. 5+ years experience in data engineering with a strong understanding of PySpark and SQL, building data pipelines and optimization. 5+ years experience in data engineering and integration tools (e.g., Databricks, Change Data Capture) 5+ years experience of utilizing cloud platforms (AWS, Azure, GCP). A deeper understanding/certification of AWS and Azure is considered a plus. Experience with relational and non-relational databases. Any relevant cloud-based integration certification at professional level. For example: AWS certified DevOps engineer (Professional), AWS Certified Developer (Professional) DataBricks Certified Engineer Mulesoft Certified integration architect Level 1 (Essential), Microsoft Certified Azure Integration and Security. Proficient in RESTful APIs AWS, CDMP, MDM, DBA, SQL, SAP, TOGAF, API, CISSP, VCP (any relevant certification MuleSoft Understanding of MuleSoft's Anypoint Platform and its components Experience with designing and managing API-led connectivity solutions Knowledge of integration patterns and best practices Proficiency in network architecture and security concepts AWS Experience provisioning, operating, and managing AWS environments Experience developing code in at least one high-level programming language Understanding of modern development and operations processes and methodologies Ability to automate the deployment and configuration of infrastructure using AWS services and tools Experience with continuous integration and continuous delivery (CI/CD) methodologies and tools Microsoft Azure Fundamental understanding of Microsoft Azure and its services Experience with Azure services related to computing, networking, storage, and security Knowledge of general IT security principles and best practices Understanding of cloud integration patterns and Azure integration services such as Logic Apps, Service Bus, and API Management Preferred Subject Matter Expertise: possess a strong understanding of data architecture/ engineering/operations/ reporting within Life Sciences/ Pharma industry across Commercial, Manufacturing and Medical domains. Other complex and highly regulated industry experience will be considered across diverse areas like Commercial, Manufacturing and Medical. Data Analysis and Automation Skills: Proficient in identifying, standardizing, and automating critical reporting metrics and modelling tools Analytical Thinking: Demonstrated ability to lead ad hoc analyses, identify performance gaps, and foster a culture of continuous improvement. Technical Proficiency: Strong coding skills in SQL, R, and/or Python, coupled with expertise in machine learning techniques, statistical analysis, and data visualization. Agile Champion: Adherence to DevOps principles and a proven track record with CI/CD pipelines for continuous delivery. Working Environment At Astellas we recognize the importance of work/life balance, and we are proud to offer a hybrid working solution allowing time to connect with colleagues at the office with the flexibility to also work from home. We believe this will optimize the most productive work environment for all employees to succeed and deliver. Hybrid work from certain locations may be permitted in accordance with Astellas Responsible Flexibility Guidelines.

We are looking for a self-motivated Senior Cybersecurity Analyst to join the R1 Cybersecurity Operations Team. We have a relentless focus on driving results for our customers and enabling them to invest more into patient care; in turn, this allows us to continue to grow our company and your career. The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. They will serve as an expert and be responsible for providing network and security operations technical analysis, assessment, and recommendations in the areas of real-time security situational awareness, operational network system and applications systems security monitoring. Responsibilities: Monitor various security tools to identify potential incidents, network intrusions, and malware events, etc., to ensure the confidentiality, integrity, and availability of R1s architecture and information systems are protected. Generate trouble tickets and perform initial validation and triage to determine whether incidents are security events using open-source intelligence (OSINT). Review and analyze log files to report any unusual or suspect activities. Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalating. Follow established incident response procedures to ensure proper escalation, analysis, and resolution of security incidents. Analyze and correlate incident event data to develop preliminary root cause and corresponding remediation strategy. Provide technical support for new detection capabilities, recommendations to improve upon existing tools/capabilities to protect R1s network, and assessments for High Value Assets. Research Threat Intelligence sources on the latest malware, trends, patches to keep the Security Program up to date. Document and maintain SOPs/Runbooks related to investigating security incidents. Perform case management throughout the incident lifecycle for moderately complex security incidents. Understand and assist with compliance and enterprise change management policies and procedures. Attend and participate in cybersecurity projects and the change management process. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning. Maintain metrics & reports on the status of the R1 cybersecurity operations program. Required Qualifications: A bachelors degree in a technical discipline (e.g., Computer Science, Business Analyst, etc.) A minimum of 3-5 years of professional experience in an IT-related field. Intermediate knowledge of security, monitoring, and networking technologies, tools, protocols, and standards. Intermediate or advanced security, networking, or audit certification or equivalent professional experience in security operations. Knowledge of security policy, programs, process, and metrics. Understanding/Experience on Network Security, Firewall Security, and Web Security (including web application firewalls and proxies). Experience on SIEM, PIM, Content Filtering, and Firewalls. Experience on Change Management Review and Security Audits/Reviews. Understanding/Experience on Linux and pen testing tools. Experience on Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends. Experience administering Security Tools. Experience Threat Hunting and searching for malicious activity. Strong drive and passion to deliver distinctive end-products, a quick learner with a strong attention to detail and quality. Excellent interpersonal and communication skills. Self-driven, with attention to detail and the ability to think outside the box for solutions to issues. Knowledge of IT Industry standards such as ISO 27001, HIPAA, SOX. Good knowledge of security programs, process, and metrics. Good knowledge of IT Security Infrastructure and related applications and toolsets. Examples include firewalls & Network, Active Directory, DNS. Desired Qualifications: Certification (or ability to obtain certification) in at least one of the following areas: General Security (CISSP), Cloud Security (GCLD, Cloud+, CCSK), and Ethical Hacking (CEH). Experience with advanced cybersecurity tools, network topologies, intrusion detection, and secured networks. In-depth understanding of NIST SP 800-61,?SOC 2 AICPA controls, and frameworks. Recent experience with static and/or dynamic code review process. Experience with forensic data analysis. Leadership experience and qualities.

About the Role: As a Risk & Control Assurance Analyst, you will: Support the assurance of robust risk and control measures by aiding in the development and implementation of strategies compliant with SOX requirements and industry best practices Contribute to a team specializing in controls assurance. Depending on your experience and skills, your role might focus on assessing and monitoring IT system controls in alignment with established standards or ensuring regulatory compliance in our business operations and helping to streamline processes. As we expand our risk and control practices beyond SOX, you'll have the opportunity to broaden your expertise and take on new challenges in different areas. Collaborate with international teams and cross-functional partners to align risk management practices and controls initiatives Utilize data analytics and automation tools to enhance our team's capabilities and support the organization's control improvement by driving automation and streamlining control processes Promote initiatives to increase awareness and understanding of internal controls and SOX requirements throughout the organization About You: 3 or more years of relevant work experience, or equivalent combination of education and experience, preferably within a regulated industry Familiarity with control assurance principles in technology and/or business processes Relevant professional certifications such as CISA, CIA, CISSP or others is a plus Experience with data analytics and automation tools is a plus Problem-solving abilities, adaptability, a learning mindset, and a team-player attitude Excellent communication skills, with the ability to work effectively with international teams.

IS Specialist OT Security What you will do Let’s do this. Let’s change the world. In this vital role you will [responsible for developing and implementing security strategies that protect industrial control systems (ICS), SCADA networks, and other manufacturing infrastructure components. This role ensures the integrity, availability, and confidentiality of OT environments by integrating security monitoring, risk management, and compliance efforts into industrial operations. The OT Security Engineer works closely with Security Operations, Engineering and Infrastructure, and Operations to safeguard systems against cyber threats. Key responsibilities include implementing security best practices for OT, managing vulnerabilities, and collaborating with stakeholders to enhance the security posture of OT environments. . Roles & Responsibilities: Define, lead, and implement security strategies for OT environments, focusing on Industrial Control Systems (ICS) and SCADA. Implement and manage OT-specific security monitoring tools, ensuring real-time detection and response to cyber threats. Collaborate with engineering and operational teams to integrate security measures into OT network architectures. Assess and mitigate vulnerabilities in OT environments, ensuring compliance with industry standards (e.g., NIST 800-82, IEC 62443). Support security incident response efforts, including forensic analysis and remediation of threats in industrial environments. Coordinate with vendors, partners, and government agencies to address OT cybersecurity challenges. Develop security policies, procedures, and guidelines tailored to OT environments. Provide training and awareness programs to operational teams regarding OT cybersecurity best practices. Maintain relationships with vendors and strategic partners to enhance security capabilities. What we expect of you We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications. Basic Qualifications: Master’s degree with 4- 6years of experience in Information Systems or related field OR Bachelor’s degree with 6- 8years of experience Information Systems or related field OR Diploma with 10– 12years of experience in Information Systems or related field Preferred Qualifications: Must-Have Skills: Solid understanding of ICS, SCADA, and OT security principles Experience with network segmentation, firewalls, and intrusion detection systems in OT environments Knowledge of industrial protocols (e.g., Modbus, DNP3, BACnet, OPC, CIP) and their security implications Understanding of risk management frameworks (e.g., NIST 800-82, IEC 62443, NERC CIP) Experience with security monitoring and detection in OT environments Good-to-Have Skills: Experience with security assessments and penetration testing for OT networks Proficiency in security tools (e.g., Nozomi Networks, Dragos, Claroty, Armis) Knowledge of cloud security and how it integrates with OT environments Scripting and automation skills (e.g., Python, PowerShell) Familiarity with compliance and regulatory requirements for critical infrastructure Professional Certifications (please mention if the certification is preferred or required for the role): GICSP (Global Industrial Cyber Security Professional) – Preferred CISSP (Certified Information Systems Security Professional) – Preferred ISA/IEC 62443 Cybersecurity Certificate – Preferred CompTIA Security+ – Preferred Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. AtAHEAD, we prioritize creating a culture of belonging,where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD. We are an equal opportunity employer,anddo not discriminatebased onan individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, maritalstatus,or any other protected characteristic under applicable law, whether actual or perceived. We embraceall candidatesthatwillcontribute to the diversification and enrichment of ideas andperspectives atAHEAD. Requirements: Proficient with Active Directory and related concepts Familiar with access control methods (RBAC/ABAC) Working knowledge of identity lifecycle management processes and challenges Hands-on experience with cybersecurity tools that function in the following spacesPAM / PIM / IAM, DLP, SOAR (XSIAM), Microsoft Security, AWS Security, Red Teaming / AppSec, Isolated Recovery Environments (IREs) Experience with identity federation and SSO solutions PAM experience or familiarity with specific vendor tools Able to speak to PAM best practices Understanding of the principle of least privilege, separation of duties Experience with REST API and app integration Experience configuring, guiding, or overseeing access review and certification, role management Past participation in identity steering committee Understanding of PIM, JIT, conditional access Familiarity with US compliance and regulatory frameworks that inform identity requirements Qualifications: 6+ years of working knowledge of one or more Identity-Based Security SolutionsOkta, Sailpoint, Delinea, BeyondTrust, CyberArk, etc. Any of the following preferred but not required Security+, CISSP, any vendor-specific certifications related to Identity products Willingness to travel to support client projects and shadowing opportunities (50+ % of the time) Why AHEAD: Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between. We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning. USA Employment Benefits include - Medical, Dental, and Vision Insurance - 401(k) - Paid company holidays - Paid time off - Paid parental and caregiver leave - Plus more! See benefits https://www.aheadbenefits.com/ for additional details. The compensation range indicated in this posting reflects the On-Target Earnings (OTE) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidates relevant experience, qualifications, and geographic location.

Title: Information Security Cyber Security Data Loss Prevention - About Us : Paytm Payments Services Limited houses the Paytm payment gateway business which enables thousands of online merchants to offer world class frictionless payment experience to their customers. We are present across large enterprises and startups including well known unicorns alike. We strive to take payments beyond an enabler and an instrument to drive revenue and user growth for our merchants. Online Payment Gateway is Paytms B2B Business regulated by RBI as it allows only authorized entities to conduct PA PG (Payment Aggregator Payment Gateway) business. This business is responsible for growing the penetration of Paytms PA PG business in the Indian merchants. About the Team: - The Information Security team at Paytm Payments Services limited plays a critical role in shaping the companys information security strategy, infrastructure, and capabilities. The team helps the organization to identify current cybersecurity risks, threats, and vulnerabilities. To effectively implement the cybersecurity GRC program, PPSL is planning to add dedicated resources for information security Tool/Technologies like Data loss prevention, Cloud Security and SOC (Security operations) etc. About the Role: - PPSL's Cyber Security team is looking for Data Protection Engineer who will be responsible for configuring and improving DLP policies on multiple tools, working towards increasing DLP Program coverage, crafting and maintaining DLP Program process documentation, defining new processes and controls to further mature the DLP Program, and addressing gaps that impact the DLP process. You must have prior experience implementing cross-organizational DLP solutions and willing to go beyond the routine. Expectations/ Requirements: - Serves as SME for Forcepoint DLP tools. Establish data discovery, classification, tagging and content inspection solutions to help mitigate the risk of data loss and minimize the risks of data breaches. Define new and enhance existing DLP policies in multiple tools and have good knowledge on Forcepoint, AIP and other DLP tools Tune DLP policies on a continuous basis to maintain a mature set of policies within the scope of the DLP Program. Execute discovery scans and drive incident remediation as per defined processes. Partner with teams as needed to enhance DLP monitoring / response processes on an ongoing basis. Provide support in defining and building upon metrics and reporting to enhance understanding of DLP Program development and maturity. Scheduled maintenance activities to keep the infrastructure components robust with latest patches and updated versions of software running in the infrastructure stack. Support the DLP team in further expanding upon the established DLP Program by defining additional processes / controls for continuous risk reduction purposes and to meet the program objectives. Participate and contribute in Risk Management and Internal Audit discussions, actively document process and technology evidence to support Risk partners. Daily ticket management (change/service request) Handling the DLP incident as per defined SLA DLP Solution Implementation: Deploying and configuring Forcepoint DLP solutions and tools to monitor and protect data across an organization's network, endpoints, and cloud environments. Policy Development: Developing DLP policies and rules that define how data should be handled and protected, including identifying sensitive data types and their allowable use. Data Discovery: Scanning and identifying sensitive data within an organization, classifying it, and creating an inventory of sensitive data assets. Incident Detection and Response: Monitoring data flows and traffic for policy violations and security incidents, and responding to incidents by taking necessary actions, such as blocking data transfers. User Education and Training: Providing training and guidance to employees on data protection policies and best practices to prevent data breaches. Compliance and Regulations: Ensuring that the organization complies with data protection regulations and industry-specific standards by implementing DLP controls. Risk Assessment: Identifying data security risks and vulnerabilities and developing strategies to mitigate them. Security Awareness: Staying up to date with the latest threats, vulnerabilities, and trends in data security and DLP technologies. Qualifications: - 3-5+ years of relevant work experience with a bachelors degree Superpowers/ Skills that will help you succeed in this role: - Relevant security certifications such as Forcepoint DLP, CEH, CISSP etc. are a major plus. Experience with Forcepoint DLP, implementing endpoint and network security solutions in an enterprise and strong experience with DLP platforms and controls. Have excellent communication and interpersonal skills. Should be a team player Excellent understanding of cyber security concepts. Why join us: - A collaborative output driven program that brings cohesiveness across businesses through technology Improve the average revenue per use by increasing the cross-sell opportunities A solid 360 feedback from your peer teams on your support of their goals Respect, that is earned, not demanded from your peers and manager Compensation: If you are the right fit, we believe in creating wealth for you With enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants and we are committed to it. Indias largest digital lending story is brewing here. Its your opportunity to be a part of the story!

6+ yrs of exp in Cyber Security consulting, with min 3 yrs in leadership role Expertise in cybersecurity frameworks & standards such as NIST, ISO 27001, GDPR, DPDPA, PCI DSS, etc. Exp in GDPR, VAPT, App security. Must have exp in consulting

5+ years of hands-on experience in Operational Technology (OT) and Industrial Automation and Control Systems (IACS) cybersecurity, NIST 800-53/82, IEC 62443 standards. Preferred certifications: CISSP, GCIP, GISCP, or equivalent.

Roles & Responsibilities: Conduct Data Inventory exercises, Privacy Threshold Assessments, Privacy Impact Assessments, and Data Protection Impact Assessments to identify and mitigate privacy risks related to new projects, products, or services. Develop, implement, maintain, and communicate privacy policies, processes, and procedures that comply with data privacy protection laws, regulations, and industry best practices. Participating in internal design discussions to ensure data protection requirements are clearly defined early and throughout the development life cycle for new projects. Ensuring data privacy and protection obligations are met. Monitoring changes in relevant data privacy and protection laws and regulations to ensure ongoing compliance. Manage and respond to Data Subject Access Requests (DSAR) to ensure compliance with data privacy protection laws, regulations, and guidance. Work cross-functionally with employees at all levels across the firm to ensure efficient integration of the Data Privacy Program into business processes. Guide functional departments in following the process for intake, verification, processing, analysis, and answering data subjects questions and requests under the GDPR, CPRA, and other regulations. Monitor and update (as necessary) the companys data map, which includes company and third-party managed personal information Collaborate with IT, HR, Operations, and other functional teams to ensure data protection and privacy initiatives are understood and implemented. Track and monitor updates and developments to applicable data privacy laws and regulations, as necessary. Grow and develop the privacy team, including conducting training sessions to ensure all employees are aware of and comply with data privacy policies and procedures Knowledge, Skills, Other Qualifications: Bachelors in law required - Any Specialization. Strong knowledge of U.S., EU, & Indian data privacy laws and regulations and related compliance processes. Familiarity with Canadian data privacy laws and regulations and related compliance processes. Privacy certifications in at least one of the following: CDPSE, CISA, CIPM, CIPP, CISSP, CIPT. Excellent communication (both verbal and written) and interpersonal skills. Strong decision-making, critical thinking, and organizational skills. Ability to work in a cross-functional, cross-cultural matrix environment. Experience working with cybersecurity and data forensic teams, including supporting data governance initiatives and data incident management. Ability to work independently and multitask effectively in a fast-paced environment. Minimum 8-10 years of experience working as part of an internal legal and regulatory compliance function in multinational organizations. Demonstrable privacy and data protection experience is preferable , ideally gained in a services environment or a digital business.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NA Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will be responsible for defining the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve documenting the implementation of cloud security controls and transitioning to cloud security-managed operations. You will play a crucial role in safeguarding the organization's data and infrastructure. Roles & Responsibilities: Expected to be an SME in Security Architecture Design. Collaborate and manage the team to perform effectively. Responsible for team decisions and ensuring adherence to security best practices. Engage with multiple teams and contribute to key decisions. Expected to provide solutions to problems that apply across multiple teams. Ensure the implementation of robust security controls. Conduct risk assessments and vulnerability testing. Develop and maintain security policies and procedures. Professional & Technical Skills: Must To Have Skills:Proficiency in Security Architecture Design. Strong understanding of cloud security principles and best practices. Experience in designing and implementing security controls for cloud environments. In-depth knowledge of security frameworks and standards (e.g., ISO 27001, NIST). Hands-on experience with security tools and technologies. Good To Have Skills:Experience with cloud platforms such as AWS or Azure. Additional Information: The candidate should have a minimum of 12 years of experience in Security Architecture Design. This position is based in Mumbai. A 15 years full-time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityNow Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : BE or MCA or MSc with Good Computer Science Background with good academic record. Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will document the implementation of the cloud security controls and transition to cloud security-managed operations. Be a key player in shaping the security landscape of the organization. SailPoint IdentityIQ Roles & Responsibilities: Expected to be an SME, collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Lead the design and implementation of security solutions. Conduct security assessments and provide recommendations for improvements. Develop security policies and procedures. Stay updated on the latest security trends and technologies. Professional & Technical Skills: Must have Skills:Proficiency in SailPoint IdentityNow. Strong understanding of cloud security principles. Experience with security architecture design and implementation. Knowledge of industry standards and best practices in cloud security. Hands-on experience with security tools and technologies. Good To Have Skills:CISSP certification. Experience with cloud platforms such as AWS or Azure. Additional Information: The candidate should have a minimum of 5 years of experience in SailPoint IdentityNow. This position is based at our Bengaluru office. A BE or MCA or MSc with Good Computer Science Background with good academic record is required. Qualifications BE or MCA or MSc with Good Computer Science Background with good academic record.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities: Expected to be an SME, collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Develop and implement security architecture solutions. Conduct security assessments and provide recommendations. Stay updated on the latest security trends and technologies. Lead security architecture design reviews. Professional & Technical Skills: Must To Have Skills: Proficiency in Security Architecture Design. Strong understanding of cloud security principles. Experience with security tools and technologies. Knowledge of risk management and compliance. Good To Have Skills: Experience with cloud security platforms. Additional Information: The candidate should have a minimum of 7.5 years of experience in Security Architecture Design. This position is based at our Chennai office. A 15 years full time education is required. Qualifications 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : ServiceNow Governance, Risk, and Compliance (GRC) Good to have skills : Governance Risk & Compliance (GRC) Tools Minimum 7.5 year(s) of experience is required Educational Qualification : Bachelors degree in computer science, IT, information systems management or equivalent area Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Your typical day will involve designing and implementing security solutions, collaborating with cross-functional teams, and ensuring compliance with governance and risk management standards. Roles & Responsibilities: Expected to be an SME, collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Design and implement security solutions to protect cloud infrastructure and applications. Collaborate with cross-functional teams to ensure security requirements are met. Ensure compliance with governance and risk management standards. Conduct risk assessments and develop risk mitigation strategies. Professional & Technical Skills: Must To Have Skills: Proficiency in ServiceNow Governance, Risk, and Compliance (GRC). Good To Have Skills: Experience with Governance Risk & Compliance (GRC) Tools. Strong understanding of cloud security frameworks and best practices. Experience in designing and implementing security controls for cloud environments. Knowledge of industry standards and regulations related to cloud security. Familiarity with security assessment and auditing tools. Excellent problem-solving and analytical skills. Strong communication and collaboration abilities. Additional Information: The candidate should have a minimum of 7.5 years of experience in ServiceNow Governance, Risk, and Compliance (GRC). This position is based at our Bengaluru office. A Bachelors degree in computer science, IT, information systems management or equivalent area is required. Qualifications Bachelors degree in computer science, IT, information systems management or equivalent area

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Data Privacy Good to have skills : Security Architecture Design Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will document the implementation of the cloud security controls and transition to cloud security-managed operations. Your typical day will involve designing and implementing security solutions, collaborating with cross-functional teams, and ensuring the integrity and confidentiality of data. Roles & Responsibilities: Maintaining the integrity of data and processes in OneTrust Hands-on in data discovery & classification and Data Mapping automation Supporting the team with OneTrust assessments-Hands-on support using Onetrust for Policy & Notice Management and DPIA-Hands-on support using OneTrust for Cookie compliance, including scanning and banner-Hands-on support using OneTrust for Consent compliance and maintain records of consent-Hands-on support using OneTrust for Data Subject Requests to automate request to fulfilment to meet regulatory deadlines-Hands-on Data retention & deletion - Manage and enforce retention policies and data deletion.-Evaluating PIA/DPIA assessments for Risk Management, including Vendors-Need to have hands on experience on Collibra Professional & Technical Skills: Minimum Qualification: 3-4 years of hands-on experience as an OneTrust administrator 3 year of experience with GDPR:DPIA, Data Mapping including assessments in Records of Processing Activity and Vendor Risk Management, Third Party Risk Management.-2 year of experience in Cookie Compliance banner implementation, Consent Management, DSAR & PIA/DPIA, Third Part Vendor Risk Management. Excellent communication skills in English - both written and verbal OneTrust certified Professional (required) OneTrust certified Expert (preferred) Additional Information: The candidate should have a minimum of 7.5 years of experience in Security Data Privacy. This position is based at our Pune office. A 15 years full time education is required. Qualifications 15 years full time education

Accept escalations from the Threat Triage Team Execute incident handling program Co-ordinate with IT, security operations and other teams for remediation and trigger forensics process as appropriate Perform Root cause analysis (RCA) for the incidents and update the knowledge base. Coordination with BANK DKI SOC leadership for communication with Business, Legal, HR, Communications, BCP etc. Provide overall governance to the SOC team Handle the situation during the security breach 6-8 years of experience in SOC monitoring CISSP, CEH

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : One Identity Manager Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud technologies. Roles & Responsibilities: Expected to perform independently and become an SME. Required active participation/contribution in team discussions. Contribute in providing solutions to work related problems. Conduct regular assessments of cloud security measures to identify potential vulnerabilities and recommend improvements. Collaborate with cross-functional teams to ensure alignment of security practices with business objectives. Professional & Technical Skills: Must To Have Skills: Proficiency in One Identity Manager. Strong understanding of cloud security principles and best practices. Experience with identity and access management solutions. Familiarity with compliance frameworks such as ISO 27001, NIST, or GDPR. Ability to analyze security incidents and develop effective response strategies. Additional Information: The candidate should have minimum 3 years of experience in One Identity Manager. This position is based at our Jaipur office. A 15 years full time education is required. Qualification 15 years full time education