839 Cissp Jobs - Page 13

: Job TitleApplication Security Specialist Corporate TitleAssistant Vice President LocationPune/Bangalore India Role Description DWS is evolving and expanding its internal information security team. In the CSO Information Security Assurance division, your role will involve assessing the implementation of controls to ensure adherence to Information Security Policies and Procedures. This verification process utilizes the most advanced compliance data sources (i.e., compliance evaluation based on operational data, self-assessment, and independent reviews) to determine whether the necessary information security controls have been established in DWSs applications, infrastructure, and IT processes, including EUDA/EUMA. In this context, it evaluates associated risks and identifies vulnerabilities related to unimplemented controls. The service also offers guidance on training and the application of security controls. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Your main responsibility will be to adhere to the Information Security roadmap for the applications (ensuring information security compliance) based on IS principles (confidentiality, integrity, and availability), and to verify their alignment with DWS/DB policies. Assist application team with the applications that are scheduled for migration/re-migration projects ensuring that its IS Criticality ratings are updated according to the DWS/DB IS criticality methodology. Take part in CSO assurance meetings associated with secure architecture design, new product approvals or other risk review discussions to prevent any delays or escalations arising from non-compliance. Assist the DWS CSO in executing the hybrid model as outlined for decisions related to the Aurora Operating Model, ensuring proper alignment with DB CSO ORR controls. Perform security assurance tasks on DWS CSO solutions, business applications, and IT infrastructure located within the Proteus environment. Conduct a security assessment when retiring business applications or IT applications in the Proteus environment. Aid in resolving regulatory findings and guarantee that there are no outstanding audit issues. Act as a liaison among key role holders such as ITAOs and TISOs to create a secure environment by assessing the Information Security needs. Provide support for the governance of EUDA within a DWS Unit. Contribute to the creation, testing, and management of IS Security Compliance campaigns in accordance with business needs (including documentation and training). Oversee Assurance processes and evidence evaluations throughout DWSs application portfolio to aid in reducing risks linked to non-compliant controls for all DWS entities. Assist in ensuring consistency with all other Control Functions for Operational Readiness. Security compliance reporting is a crucial aspect of the security assurance team. Therefore, you are required to work on the promptness of reporting, the precision of the content, and the comprehensiveness of risk and controls. Ensure automation in reporting and delivering value. Your skills and experience Clear understanding of information security risk and compliance framework. Experience in application security assessment activities. Minimum 8-14 years experience in Information security management area. Understanding on how application security policies, standards, requirements and controlsare defined. Strong Microsoft office (excel macro), automation and analytics experience. Experience in working with information security governance solutions. Experience in CISO Application Security Governance process design Proven experience with Information Security Standards implementation (e.g. ISO27001, ) Proven experience in implementing Risk management standards Any globally recognized information security certification (highly preferred) Graduation and above (preferably IT, Computer science) Understanding of current industry and agency standards, best practices, and/or frameworks i.e.MITRE ATT&CK, NIST, DORA, ENISA, ISO27001, SOC2, SoX, PCI, etc. Dedicated to undertaking any assigned tasks or projects related to CSO. Ability to explain, document and present Information Security risks in a clear, concise and understandable manner, ability to present a big picture and connect the dots Detailed oriented, collaborative and team oriented, ability to manage conflicts with Senior stakeholders Must work independently and can collaborate comfortably in a matrix organization with international teams. Excellent verbal and written communication skills, including the ability to effectively participate in and sometimes lead discussions and meetings with internal and/or executive management and other groups involved in Physical Security/technology control assessments. Structured and reliable work style How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-7 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L1 Analyst has responsibility to closely track the incidents and support for closure. 10.Escalate more complex incidents to L2 analysts for deeper analysis. 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Handle XDR alerts and followup with customer team for agent updates Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Preferred technical and professional experience Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.2 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques.Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications"

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L1 Analyst has responsibility to closely track the incidents and support for closure. 10.Escalate more complex incidents to L2 analysts for deeper analysis. 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Handle XDR alerts and followup with customer team for agent updates Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.2 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Job Summary Network Security Architect Responsibilities Key Responsibilities Review and approve firewall requests in line with risk appetite Review and analyse firewall rules to ensure they are effective and in line with security best practices Ensure all firewall rules are recertified by owners in the specified timeframe Where no owner is made available ensure an owner is found and that necessary information is updated Perform firewall ruleset review Validate the rule compliance report of the firewalls generated from the automated firewall review solution and share with the respective stakeholders Perform ACL ruleset management add update remove optimize to remove defunct duplicate rules Follow the change management process for creationmodificationremoval of rules with necessary approvals Clearly document all changes to firewall rules including the reason for the change the details of the change the requestor and the date and time of the change Periodically reviewing existing firewall rules to ensure they are still necessary and appropriate Remove outdated or redundant rules Regularly assess rule effectiveness Adjust rules based on issues identified Experience Qualifications Should have 16 to 20 years of experience in setup configuration and ongoing management of firewall devices like Palo Alto F5 Zscaler Cisco ISE Azure DDoS Strong in Network Architecture and has to design and develop the architecture framework Should have experience in preparing HLD and LLD documents Should have experience in managing endtoend delivery Should have excellent communication skills Strong leadership and team management skills Ability to work collaboratively with crossfunctional teams Good to have CISSP Certified Ethical Hacker CEH CISM certifications

Position Summary We are seeking an experienced SOC Analyst to join our Security Operations team. This role demands an individual with a strong technical background in incident analysis, SIEM administration, and rule fine-tuning. The ideal candidate will have experience working with diverse environments, including Windows, Linux, and network security, and will be well-versed in ELK stack management and troubleshooting beats agents. Key Responsibilities 1. Incident Detection and Analysis: o Conduct deep-dive analysis on security incidents, assessing root causes, and recommending solutions. o Proactively monitor and respond to security alerts, managing incident escalation and resolution processes. o Prepare detailed reports and document incidents to support future analysis and security measures. 2. SIEM Administration and Rule Fine-Tuning: o Oversee SIEM configurations, including tuning rules to optimize alerting and reduce false positives. o Conduct SIEM platform upgrades, troubleshoot performance issues, and ensure platform availability. o Collaborate with IT teams to integrate new data sources into SIEM and enhance visibility. 3. System and Network Security: o Perform continuous monitoring and analysis across Windows and Linux systems and network infrastructures. o Utilize tools for traffic analysis, anomaly detection, and threat identification. o Support configurations and policies within the IT and network environment to strengthen security. 4. ELK Stack and Beats Agent Management: o Manage and troubleshoot ELK Stack components (Elasticsearch, Logstash, and Kibana) to ensure seamless data flow. o Perform regular maintenance and troubleshooting of beats agents, ensuring reliable log ingestion and parsing. 5. Security Policies and Compliance: o Contribute to policy updates, ensuring adherence to organizational and industry compliance standards. o Document and enforce security controls aligned with best practices and regulatory requirements. Skills and Qualifications Education: Bachelors degree in Information Security, Computer Science, or a related field. Experience: o Minimum of 5+ years in SOC operations or a similar cybersecurity role. o Proven experience in SIEM administration, incident analysis, and configuration fine-tuning. o Proficiency in monitoring and troubleshooting Windows and Linux systems and managing network security protocols. o Hands-on experience with the ELK Stack, with expertise in troubleshooting beats agents. Technical Skills: o Familiarity with SIEM tools (e.g., Splunk, QRadar) and network protocols. o Strong command of incident response processes, security frameworks, and best practices. o Knowledge of communication protocols and system integrations for data protection. Certifications (preferred): CISSP, CompTIA Security+, CEH, or similar security certifications. Competencies Strong analytical skills with attention to detail. Excellent verbal and written communication abilities. Ability to work independently and collaboratively in a fast-paced environment. Additional Preferred Skills Knowledge of regulatory compliance standards. Experience in using EDR solutions. Ability to document processes and create incident playbooks. This role offers an opportunity to work on advanced cybersecurity initiatives within a dynamic SOC environment, contributing to enhanced organizational security.

Job Summary As a Cyber Security Specialist you will play a critical role in safeguarding our organizations digital assets. With a focus on Cyber Threat Intelligence Services you will work to identify and mitigate potential threats. Your expertise in Cyber Security and Cloud along with experience in CrowdStrike will be essential in ensuring the security of our systems. This hybrid role offers the flexibility of working both remotely and on-site during day shifts. Responsibilities Lead the development and implementation of advanced cyber threat intelligence strategies to protect organizational assets. Oversee the monitoring and analysis of security threats using CrowdStrike and other advanced tools. Provide expert guidance on cloud security best practices to ensure data integrity and confidentiality. Collaborate with cross-functional teams to design and implement robust security architectures. Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements. Develop and maintain incident response plans to effectively manage and mitigate security breaches. Coordinate with external partners and stakeholders to enhance threat intelligence capabilities. Implement security policies and procedures to comply with industry standards and regulations. Analyze security incidents and provide detailed reports to senior management. Train and mentor junior security team members to build a strong security culture within the organization. Stay updated with the latest cyber security trends and technologies to proactively address emerging threats. Support the integration of security solutions into existing IT infrastructure to enhance overall protection. Drive continuous improvement initiatives to optimize security operations and reduce risk exposure. Qualifications Possess a deep understanding of cyber threat intelligence services and their application in a corporate environment. Demonstrate proficiency in using CrowdStrike for threat detection and response. Exhibit strong knowledge of cloud security principles and practices. Have a proven track record of conducting security assessments and audits. Show experience in developing and implementing incident response plans. Display excellent communication skills for effective collaboration with cross-functional teams. Hold a relevant degree in Cyber Security Information Technology or a related field. Certifications Required Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP)

FICO (NYSEFICO) is a leading global analytics software company, helping businesses in 100+ countries make better decisions. Join our world-class team today and fulfill your career potential! The Opportunity " The Security Engineer is a highly visible and critical role, collaborating on complex cloud and corporate service edge protection technologies and oversight. With your proven history of technical knowledge of identity and access management systems and services you will be working on a variety of different challenges facing the organization. You will provide both guidance and direct input to help ensure a secure, well-protected environment that complies with all applicable security standards ". Director, Cyber Security. What Youll Contribute Assist with implementation of security tools and services to enhance the oversight and governance of all company identities. Assist with implementation of identity governance and administration (IGA) solutions for the company. Implement identity security detections using next-gen Identity Threat Detection and Response (ITDR) and Non-Human Identity (NHI) platforms and tools. Create automated tooling to test identity systems to ensure detections work as designed. Create automation to produce automated policy and posture collection and reporting, to allow for identity-specific proofs managed within Infrastructure as Code. Create pipelines to deploy and manage IAM solutions and tooling. Provide engineering and technical guidance for supporting the automation of interacting with security tools and services that support the IAM program within the company. Keep current on emerging security technologies and tools and provide recommendations. Support our compliance and certification initiatives and design with those in mind. Collaborate with other engineers on design, analysis, architecture, implementation, pen-testing, security reviews and process enhancements. What Were Seeking 2-4 years in a security role, preferably in financial services or technology. Experience in securing hybrid network infrastructure services. Expertise in security, identity, architecture, and design. Hands-on experience with AWS, Azure, or other cloud platforms and IAM best practices. 2-4 years of experience with privileged access management tools (CyberArk, SailPoint, Delinea). Experience with Okta preferred. Proficiency in identity-related technologies and protocols (LDAP, SAML, OAuth, OIDC). Experience with identity provider services (Active Directory, AWS IAM, Okta). Familiarity with Zero Trust security models (Zscaler, AWS networking). Knowledge of Identity Governance Administration services. Experience with automation scripting and API integrations. Familiarity with DevOps concepts, IaC tools, and CI/CD pipelines. Proficiency in at least one high-level language (e.g., Python). Understanding of compliance frameworks (PCI-DSS, ISO 27001, NIST). Certifications like CISSP, AWS Security Specialty, or Azure SC-300 preferred. Our Offer to You An inclusive culture strongly reflecting our core valuesAct Like an Owner, Delight Our Customers and Earn the Respect of Others. The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences. Highly competitive compensation, benefits and rewards programs that encourage you to bring your best every day and be recognized for doing so. An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie. Why Make a Move to FICO At FICO, you can develop your career with a leading organization in one of the fastest-growing fields in technology today Big Data analytics. Youll play a part in our commitment to help businesses use data to improve every choice they make, using advances in artificial intelligence, machine learning, optimization, and much more. FICO makes a real difference in the way businesses operate worldwide Credit Scoring FICO Scores are used by 90 of the top 100 US lenders. Fraud Detection and Security 4 billion payment cards globally are protected by FICO fraud systems. Lending 3/4 of US mortgages are approved using the FICO Score. Global trends toward digital transformation have created tremendous demand for FICOs solutions, placing us among the worlds top 100 software companies by revenue. We help many of the worlds largest banks, insurers, retailers, telecommunications providers and other firms reach a new level of success. Our success is dependent on really talented people just like you who thrive on the collaboration and innovation thats nurtured by a diverse and inclusive environment. Well provide the support you need, while ensuring you have the freedom to develop your skills and grow your career. Join FICO and help change the way business thinks! Learn more about how you can fulfil your potential at www.fico.com/Careers FICO promotes a culture of inclusion and seeks to attract a diverse set of candidates for each job opportunity. We are an equal employment opportunity employer and were proud to offer employment and advancement opportunities to all candidates without regard to race, color, ancestry, religion, sex, national origin, pregnancy, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Research has shown that women and candidates from underrepresented communities may not apply for an opportunity if they dont meet all stated qualifications. While our qualifications are clearly related to role success, each candidates profile is unique and strengths in certain skill and/or experience areas can be equally effective. If you believe you have many, but not necessarily all, of the stated qualifications we encourage you to apply. Information submitted with your application is subject to theFICO Privacy policy at https://www.fico.com/en/privacy-policy

- Information Security Manager shall be primarily responsible to : - Run and manage the BAU security infosec operations - Create and maintain ISMS Policy and Process documents - Ensure Infosec compliance with RBI and other regulatory agencies - Participate in IT Infosec Audits and ensure closure of observations within given timeliness - Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations - Identifying and evaluating new IT security technologies and services and implementing it - Ensure cyber security related polices and technologies are in place - Conducting regular Inforsec Awareness within users in the organization - The person needs to work closely with the CISO and other stakeholders Risk, IT and Audit teams. - The position will based at CreditAccess Grameen HQ in Bangalore, and may require short term travel on need basis to other CAGL offices. Key Accountability: - Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security - Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level - Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness -Tracking and reporting key risk indicators defined for IT processes - Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements - Create Review ISMS policy and process - Implement Strategic IT Infosec projects to strengthen the overall IT Security posture at CAGL

Very good knowledge on Automotive CYS Domain with hands on expertise in ISO21434 Hand on experience on TARA Development experience with Debugging on C++ Should have 5+ years of experience Key Responsibilities: -Automotive Cyber Security: Apply deep knowledge of the Automotive CYS Domain to develop, implement, and manage robust cybersecurity measures for automotive systems. -ISO 21434 Compliance: Ensure all cybersecurity practices adhere to ISO 21434 standards. Develop and maintain processes and documentation to support compliance. -Threat Analysis and Risk Assessment (TARA): Conduct comprehensive threat analysis and risk assessments. Identify, analyze, and mitigate potential security risks and vulnerabilities. -Development and Debugging: Utilize C++ for the development and debugging of secure automotive software systems. Ensure software is resilient against cyber threats.

New requirement - JD for Cybersecurity risk manager: Key responsibilities As a Cyber Risk & compliance Professional in our Group CISO office, you will be occupied in the following domainsa) Risk management b) Compliance.This role is responsible for planning, managing and coordinating various cybersecurity risk management activities focused on identifying, assessing, and mitigating risks for the enterprise from a business perspective. Skill requirement: Degree, or equivalent, in Information Security or Cyber Security or Computer science or similar course Self-motivation to continuously develop in the areas of cybersecurity Ability to prioritize and complete multiple complex projects under tight deadlines Ability to translate security issues into business risks Excellent interpersonal skills and ability to work effectively within a team at all hierarchical levels Willingness to research client inquiries and emerging issues, including regulations, industry practices, and new technologies Experience, knowledge and strong interest in information and cyber security domains are essential for this role Experience Cyber / technology risk assessments & management methodologies Hands on with assessment report preparation and presenting to senior technical and business stakeholders Articulative and confident in presentation to senior stakeholders Knowledge of use of and risks related to modern and emerging technologies Cybersecurity audit Advanced knowledge and understanding of ITGC, NIST 800-53, NIST CSF controls and Risk management frameworks Expertise in complex business processes and technological risks Deep understanding of security technologies including firewalls, proxies, SIEM, XDR, CSPM, IGA, PAM, Data protection Experience8 12 years. Applications from people with disabilities are explicitly welcome.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No PerformanceParameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index >7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Applications from people with disabilities are explicitly welcome.

Manager (IT) Compliance & Audit The ZS IT Governance, Risk & Compliance (GRC) team is a global function that plays a critical role in aligning with ZS' business strategy and operating model. The team's mission is to empower ZS' 13,000+ employees and their clients with the tools, insights, and frameworks needed to effectively manage operational risk and meet compliance requirements in an increasingly complex regulatory landscape. The GRC team is responsible for ensuring that ZS maintains the highest standards of compliance by managing a diverse portfolio of certifications and audits across multiple domains, including Information Security, Privacy, and Environmental, Social & Governance (ESG) . The team's scope of work includes maintaining compliance with industry-recognized standards such as ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and ESG , providing comprehensive oversight on risk management, security, and privacy practices. By offering independent assurance to both internal stakeholders and external parties, the GRC team ensures that ZS consistently adheres to globally established compliance frameworks, controls, policies, and industry standards. This stewardship strengthens ZS' ability to mitigate risks, meet client and regulatory expectations, and uphold its reputation as a trusted partner across industries. Additionally, the GRC team fosters continuous improvement, not only by responding to evolving regulations but by driving proactive initiatives that embed a culture of compliance and risk awareness throughout ZS operations. This holistic approach helps safeguard ZS assets, data, and relationships in a fast-paced and increasingly interconnected business environment. Manager (IT) Compliance & Audit The Manager, IT Compliance & Audit will be a seasoned leader in the information security compliance domain, driving projects related to critical certifications like ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and others. The individual will play a pivotal role in managing and ensuring compliance with regulatory and operational security standards while collaborating with various stakeholders, including the CISO, CRO, DPO, Head of Cloud Engineering, IT Stakeholders, and other senior leaders. The role requires hands-on technical and functional expertise, along with the ability to manage and develop teams, oversee compliance programs, and report to leadership committees. Key Responsibilities: Compliance & Audit Management: Lead and manage the implementation, maintenance, and certification processes for ISO 27001, 27701, 27017, HITRUST, SOC 2, SOC 3, and similar standards. Oversee and manage internal and external audits, identifying gaps, and ensuring timely closure of audit findings. Collaborate with cross-functional teams, including IT, security, legal, and risk management, to ensure alignment on security compliance initiatives. Drive continuous improvement initiatives to enhance compliance posture, developing and enforcing security policies, procedures, and controls. Stakeholder Collaboration & Communication: Act as the primary liaison between teams and external auditors, certification bodies, and regulators. Build and maintain strong working with key stakeholders, including the CISO, CRO, DPO, Head of Cloud Engineering, IT, and legal teams, to ensure compliance objectives are met. Provide expert advice on compliance issues and support various departments with technical and policy-driven . People Management & Leadership: Lead, mentor, and develop a team of professionals, fostering a high-performance culture. Manage team workload, project , and career development, ensuring that the team is up-to-date with industry standards and compliance practices. Oversee team training programs to ensure sharing and skills development in compliance and audit. Project Management & Reporting: Lead compliance projects, including forecasting, resource planning, and reporting progress to leadership committees. Develop project timelines, track, and ensure timely delivery of compliance and audit activities. Provide regular reports and updates to management, including dashboards and key performance indicators (KPIs) to assess the organizations compliance and risk posture. Collaborate with internal teams to ensure smooth integration of compliance requirements into new and existing technologies, including AI, cloud services, and data privacy technologies. Strategic Planning & Operational Compliance: Contribute to the development of the organizations broader compliance strategy, aligning with industry trends and emerging regulations. Proactively identify potential risks and vulnerabilities and develop risk mitigation strategies. Lead operational compliance efforts across various functions, ensuring comprehensive coverage of security, privacy, and data protection requirements. Qualifications & Experience: Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field. A masters degree or MBA is preferred. Minimum 10-12 years of experience in IT compliance, audit, and information security, with specific experience managing ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and related certifications. Proven track record of managing compliance programs and leading audits across large, complex organizations. Strong leadership and people management experience, with a demonstrated ability to lead, develop, and motivate high-performing teams. Excellent project management skills with the ability to manage budgets, forecasts, timelines, and complex stakeholder requirements. Deep understanding of cloud security (Azure, AWS, GCP) and privacy standards, with experience working with cloud engineering and DevSecOps teams. Strong problem-solving skills with the ability to influence and engage with C-level executives and senior stakeholders. Certifications (Preferred): CISA (Certified Information Systems Auditor) CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) ISO 27001 Lead Auditor/Lead Implementer HITRUST Certified CSF Practitioner Certified Cloud Security Professional (CCSP) PMP (Project Management Professional) or equivalent certification Skills: Strong technical knowledge in information security standards and frameworks. Exceptional communication and presentation skills, with the ability to articulate complex compliance issues to technical and non-technical audiences. Experience with AI and its implications n compliance, security, and data privacy will be an advantage. Proficiency in GRC (Governance, Risk, and Compliance) tools and software. Why Join Us? ZS is a global consulting firm; fluency in English is required. Candidates must possess work authorization for their intended country of employment. An on-line application, including a cover letter expressing interest and a full set of transcripts (official or unofficial), is required to be considered. ZS offers a competitive compensation package with salary and bonus incentives, plus an attractive benefits package. Opportunity to lead and shape the compliance landscape of a forward-thinking organization. Work with cutting-edge technologies in a collaborative, dynamic environment. Competitive compensation and benefits package.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No PerformanceParameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index >7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: Akamai WAF. Experience8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No PerformanceParameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index >7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: Forgerock Access Manager. Experience8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No PerformanceParameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index >7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: SailPoint Identity Mgmt and Governance. Experience8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No PerformanceParameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index >7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: Privilege Password Management CyberArk. Experience8-10 Years.

Exp. SDWAN Engineer to join the network & security team. Resp. for designing, implementing, & managing SDWAN solutions to optimize & secure the org wide-area network ensuring high availability, performance & connectivity across distributed locations. Required Candidate profile Expert in Cisco Catalyst SDWAN 5 years exp in network security CCNP & CCNA Certifications In-depth understanding of protocols such as BGP, OSPF Done projects on architecture build design

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Network Security Operations Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture in the cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Monitor and evaluate the effectiveness of implemented security measures and recommend improvements. Professional & Technical Skills: - Must To Have Skills: Proficiency in Network Security Operations.- Strong understanding of cloud security principles and frameworks.- Experience with security compliance standards and regulations.- Ability to design and implement security architectures for cloud environments.- Familiarity with incident response and threat management processes. Additional Information:- The candidate should have minimum 12 years of experience in Network Security Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 15 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitate the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in strategic discussions to enhance security protocols and provide guidance on best practices, contributing to a secure cloud environment that supports the organization's growth and innovation. Roles & Responsibilities:- Expected to be a Subject Matter Expert with deep knowledge and experience.- Should have influencing and advisory skills.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team understanding of cloud security practices.- Evaluate emerging security technologies and recommend improvements to existing security frameworks. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).- Strong understanding of cloud security principles and best practices.- Experience with security incident response and management.- Knowledge of compliance frameworks such as ISO 27001, NIST, or GDPR.- Familiarity with risk assessment methodologies and tools. Additional Information:- The candidate should have minimum 15 years of experience in Security Information and Event Management (SIEM).- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Experience: 6-7 Years Job Location - Bangalore and UAE Managing GRC Projects – Risk Management Specialist Any one Relevant certification is mandatory: CISSP, CISA, CISM, CRISC, CGEIT, GRCP, GRCA Should have team lead experience

Cybersec Security Advisor Job description: Are you passionate about tackling complex data problems? Do you thrive on using your analytical and cybersecurity skills to solve large-scale challenges? Are you intrigued by the intersection of complex business processes and data-driven approaches? If so, we'd love to hear from you! At Schneider Electric, we are undergoing a transformative journey by leveraging Artificial Intelligence & Automation technologies to empower users with Machine Learning and Cognitive computing, driving business value. Simultaneously, as the number of cybersecurity threats continues to grow, we recognize the importance of having a comprehensive cybersecurity approach across our solutions to safeguard our business and customers. We seek a cybersecurity professional to join our AI Digital Risk Leader & Data Officer team to drive the implementation of Secure development process in our AI organization. To ensure a cohesive cybersecurity strategy implemented throughout our AI HUB, you will collaborate closely with AI Cybersecurity teams but also Autonomous spokes team in NAM and GSC. The role The Security Advisor is responsible for the adoption and implementation of the SDL framework following the Schneider Electric SDL V2 process and in compliance to the SE SDL Policy and other cybersecurity policies, procedures, and best practices, and to advise on cybersecurity technical requirements for the development of secure products and systems. The Security Advisor regularly interacts with key stakeholders (including representatives from marketing, R&D offer development, technical leaders, and leadership team members) as well as stakeholders from the Business Unit Security Team and the corporate Product Security Office (PSO) to ensure that cybersecurity guidelines and processes are executed in an efficient and effective manner. Key Responsibilities for the Role • Act as Subject Matter Expert, serve as a consultant and advisor for cybersecurity topics within AI development teams. Provide guidance, coaching and expertise to execute SDL practices such as threat modelling, secure design practices, secure coding and implementation, and security testing. • Gather SDL and Cybersecurity metrics to contribute to data driven strategies and plans to aid in the deployment of SDL and cybersecurity functionality as required by cybersecurity standards such as IEC62443, and to further improve SDL and Cybersecurity effectiveness and efficiency. • Ensure that their assigned development teams abide with risk-driven cybersecurity processes and controls. • Support development teams to manage vulnerability triage and resolution • Support internal SDL audits and Formal Cybersecurity Reviews (FCSRs) and other supported Schneider data security and privacy processes. • Conduct training and presentations to build cybersecurity competencies within teams. • Track organizational maturity using cybersecurity maturity frameworks and track other SDL-related goals as directed. Qualifications - External Key skills and requirements • Ability to align operational/information security policies with business requirements. • Process driven with attention to detail, ability to translate operational/information security requirements into security controls in coordination with architects. • Ability to effectively adapt to and apply rapidly changing technology and security requirements to business needs. • Knowledge of static code analysis tools, secure coding standards, fuzz and penetration testing, and formal security reviews. • Working knowledge of security and privacy standards, regulations, and legislation. • Demonstrated ability to develop threat models, analysing threats, and rate threat severity using established industry practices • Experience with AI and ML technologies and services (Machine Learning, Conversational AI, Computer Vision, No Code / Low Code AI) Qualifications & Experience • Customer-oriented with a service-oriented attitude (flexible, personable, and approachable) • Certification in Cybersecurity Management such as CISSP, CSSLP; and/or IEC 62443 Certified Specialist. • Experience of working in an Engineering/R&D group following a Secure Development Lifecycle based on standards such as IEC 62443, ISO 21434, or Microsoft SDL; with a proven ability to engage with management and development teams. • Experience guiding and assisting organizations in implementing security product/system development practices. • Experience in driving corporate programs using influence, negotiation, and persuasion soft skill set. • An understanding of domain appropriate communication mechanisms protocols • Strong communication skills, including the ability to render concise reports, summaries, and presentations. • Project management or technical leadership skills preferred.

Risk Management: Identify, assess, and mitigate risks related to compliance, security, and other relevant areas Compliance Programs: Develop and implement compliance programs to ensure adherence to regulations and standards Audit Support: Assist with internal and external audits, providing documentation and evidence Policy Development: Create and maintain clear, concise policies and procedures Regulatory Change Management: Stay abreast of regulatory changes and adjust policies and procedures accordingly Reporting and Documentation: Prepare detailed reports on compliance findings and security gaps Training and Communication: Provide training to employees on compliance and security policies Collaboration: Work with cross-functional teams to achieve compliance goals Skills and Knowledge: Analytical skills: Analyze data to identify risks and compliance gaps Communication skills: Communicate findings and recommendations effectively Problem-solving skills: Identify and resolve compliance issues Understanding of GRC tools and software: Proficiency in using GRC tools for audits, risk assessments, and compliance management Requirements Bachelors degree in a related field Minimum of 5 years of experience in governance, risk management, and compliance roles Strong knowledge of regulatory frameworks and compliance standards , GDPR, SOX, ISO 27001) Excellent analytical, problem-solving, and decision-making skills Proven ability to communicate effectively with stakeholders at all organizational levels Professional certifications such as CISA, CRISC, CISSP, or similar are highly desirable Experience conducting audits and assessments, and developing compliance documentation

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : ForgeRock Access Management Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will be responsible for defining the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will document the implementation of the cloud security controls and transition to cloud security-managed operations. Your typical day will involve designing and implementing security solutions, collaborating with cross-functional teams, and ensuring the integrity and confidentiality of data in the cloud environment. Roles & Responsibilities:- Expected to be an SME, collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Design and implement security solutions for cloud environments.- Collaborate with cross-functional teams to ensure the integrity and confidentiality of data.- Develop and maintain cloud security policies, standards, and procedures.- Conduct risk assessments and vulnerability scans to identify potential security issues.- Stay up-to-date with the latest security trends and technologies.- Implement and manage access controls and identity management systems.- Monitor and respond to security incidents and breaches.- Provide guidance and support to junior security professionals. Professional & Technical Skills: - Must To Have Skills: Proficiency in ForgeRock Access Management.- Good To Have Skills: Experience with cloud security technologies.- Strong understanding of cloud security frameworks and architectures.- Experience in documenting and implementing cloud security controls.- Knowledge of security best practices and industry standards.- Familiarity with risk assessment methodologies and vulnerability management.- Ability to analyze and interpret security logs and reports.- Excellent problem-solving and decision-making skills. Additional Information:- The candidate should have a minimum of 5 years of experience in ForgeRock Access Management.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and facilitating the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Develop and maintain comprehensive documentation of cloud security policies and procedures.- Conduct regular assessments of cloud security controls to ensure effectiveness and compliance. Professional & Technical Skills: - Must To Have Skills: Proficiency in Managed Cloud Security Services.- Strong understanding of cloud security frameworks and best practices.- Experience with risk assessment and management in cloud environments.- Familiarity with compliance standards such as ISO 27001, NIST, and GDPR.- Ability to design and implement security solutions tailored to cloud architectures. Additional Information:- The candidate should have minimum 3 years of experience in Managed Cloud Security Services.- This position is based at our Nagpur office.- A 15 years full time education is required. Qualification 15 years full time education