717 Cissp Jobs - Page 25

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Governance Risk Compliance (GRC) Good to have skills : Security Architecture DesignMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with established standards, all while adapting to the evolving landscape of cloud technologies and security threats. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge on security best practices.- Monitor and evaluate the effectiveness of implemented security measures. Professional & Technical Skills: - Must To Have Skills: Proficiency in Governance Risk Compliance (GRC).- Good To Have Skills: Experience with Security Architecture Design.- Strong understanding of risk assessment methodologies and frameworks.- Experience in developing and implementing security policies and procedures.- Familiarity with compliance standards such as ISO 27001, NIST, and GDPR. Additional Information:- The candidate should have minimum 5 years of experience in Governance Risk Compliance (GRC).- This position is based in Pune.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Google Cloud Data ServicesMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :GCP Security Architect Solution Design, Compliance, and Security EngineeringWe are hiring GCP Security Architects with 7+ years of experience in designing secure GCP environments and integrating automated security across deployments. This role emphasizes applied engineering, platform security control implementation, and ensuring audit-ready, secure-by-default environments. Roles & Responsibilities:Design and implement secure, scalable GCP architectures.Configure and maintain IAM (roles, policies, IDP integrations, MFA, SSO).Establish secure configurations for VPCs, VPNs, Data Encryption (KMS), and Cloud Armor.Manage Cloud Security Command Center for visibility, governance, and incident response.Implement Cloud Operations Suite for logging, alerting, and security analytics.Conduct threat modeling, vulnerability assessments, and define remediation paths.Automate security checks and controls using Terraform, Cloud Shell, and CI/CD integrations.Collaborate with platform, DevOps, and risk teams to embed security into development lifecycles.Support audit preparation, policy compliance, and security documentation efforts.Review solution designs and assist with enforcing GCP security guardrails. Professional & Technical Skills: Analytical and detail-oriented with a strong problem-solving mindset.Strong communicator with cross-functional collaboration experience.Continuously stays updated with evolving cloud threat landscapes.Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders.Strong working knowledge of IAM, VPC SC, Cloud Armor, encryption practices, and security policy enforcement.Experience with Terraform, automated auditing, and log analysis tools.- Additional Information:Bachelors degree in engineering or computer science, Information Security, or a related field.Certifications such as Google Cloud Certified Professional Cloud Security Engineer is a must; CCSP preferred.- 7+ years in security roles, with 3+ years in hands-on GCP security delivery.- This position is based at our Bengaluru office- A 15 years full time education is required. Qualification 15 years full time education

Minimum 3 years’ experience working in a large-scale IT environment with focus on Cyber / Information Security. Areas of expertise should include Pre-Sales support, Service & Solution delivery, part of program management (Transition & Transformation) Required Candidate profile Knowledge in SIEM, SOAR, Threat Hunting, EDR, Deception, NTA, NBAD, UEBA. Handson experience on leading analytical platforms like Splunk, IBM QRadar, Hunters, Sumo Logic, Sentinel. Certification:CISSP

Role & Responsibilities The Enterprise Architect Head will lead the Enterprise Architecture function, driving the design and implementation of an integrated technology landscape that aligns with the organizations business strategy and digital transformation goals. This role is responsible for developing a holistic, future-ready architecture roadmap across business, data, application, infrastructure, and security domains to support the organizations growth, agility, and innovation. Enterprise Architecture Strategy and Vision Develop and drive the enterprise architecture vision, strategy, and roadmap to align technology initiatives with business goals. Define and govern architecture principles, frameworks, and standards across business, data, application, infrastructure, and security domains. Lead efforts to modernize and optimize legacy systems, enabling adoption of emerging technologies such as cloud, Industry 4.0, AI/ML, IoT, automation, and composable architecture. Provide strategic guidance for adopting emerging technologies (e.g., AI, cloud, Industry 4.0). Business and IT Alignment Partner with business leaders to understand ELGis strategic goals, challenges, and opportunities, ensuring technology investments deliver measurable business outcomes Translate business strategies into actionable technology roadmaps, ensuring scalability, agility, and cost-effectiveness. Define architecture governance processes to assess and approve technology decisions while balancing innovation and risk. Support enterprise initiatives such as ERP modernization, platform integration, cloud migration, and data-driven transformation. Technology Architecture Leadership Oversee the development of architecture blueprints and reference models across all domains (e.g., business, data, application, and infrastructure). Drive the adoption of cloud-native architectures, microservices, APIs, and event-driven frameworks for modern application design. Partner with data teams to enable enterprise data platforms, master data management, and advanced analytics capabilities. Ensure robust security-by-design practices, collaborating with cybersecurity teams to embed security into the architecture lifecycle. Lead innovation by evaluating emerging technologies, trends, and vendors to assess their applicability to the organizations needs. Develop a future-state technology roadmap aligned with business strategy, considering manufacturing-specific needs like IoT, automation, and supply chain optimization. Monitor technology trends and industry best practices to ensure the architecture evolves with market demands Lead and mentor a team of architects specializing in business, data, application, infra and security domains Advocate for green IT and sustainable technology practices to align with corporate ESG goals. Act as the primary liaison between IT and business stakeholders to drive consensus and manage expectations. Collaborate with external vendors and consultants, as needed, to support the development and implementation of specific aspects of the business architecture. Continuously review and refine the enterprise architecture to ensure its relevance and effectiveness in supporting ELGi'S evolving needs and market dynamics. Lead and support business transformation initiatives driven by changes in the industry, market conditions, or internal strategic shifts. Architecture Governance and Standards Implement architecture governance frameworks and processes to standardize technology adoption across the enterprise. Chair the Enterprise Architecture Review Board (ARB), ensuring alignment of projects with defined architecture principles. Monitor compliance with architecture standards, identifying risks, opportunities, and deviations that require corrective action. Develop metrics and KPIs to measure architecture performance and value delivered to the business. Serve as a strategic advisor to leadership, ensuring technology investments drive innovation, operational efficiency, and business transformation. Establish governance processes to manage architecture compliance and ensure adherence to enterprise-wide standards. Define and oversee the implementation of enterprise-wide architecture standards, frameworks, and guidelines. Leadership and Team Development Lead and mentor a team of domain architects (business, data, applications, infrastructure, and security), fostering collaboration and excellence. Build a high-performing architecture function by upskilling the team and driving the adoption of modern architectural practices. Promote a culture of innovation, experimentation, and continuous learning to stay ahead of technology trends. Collaboration and Stakeholder Engagement Engage with IT leadership, business stakeholders, and external partners to drive alignment on technology strategy and priorities. Collaborate with delivery, operations, and project management teams to ensure seamless execution of technology initiatives. Manage vendor relationships, ensuring technology solutions meet architectural standards and business needs. Preferred Candidate Profile Strong expertise in enterprise architecture frameworks such as TOGAF, Zachman, or equivalent. Experience designing and implementing large-scale enterprise architectures across business, data, application, infrastructure, and security domains. Expertise in cloud architecture (AWS, Azure, or GCP), API management, microservices, and modern application development methodologies. Knowledge of emerging technologies, including AI/ML, IoT, edge computing, composable architecture, and automation. Deep understanding of data platforms, integration strategies, and cybersecurity principles in a modern enterprise landscape. Proven ability to develop enterprise architecture strategies that drive business transformation and operational excellence. Strong leadership skills with experience in managing and developing high-performing architecture teams. Ability to influence senior stakeholders and collaborate with cross-functional teams to achieve enterprise goals. Strong analytical mindset with the ability to assess complex technology environments, identify gaps, and propose innovative solutions. Excellent problem-solving skills with a focus on driving business outcomes through strategic technology initiatives. Exceptional communication, presentation, and interpersonal skills to engage with technical and non-technical stakeholders. Ability to translate complex architectural concepts into clear, actionable insights for business and IT leaders. 15+ of experience in enterprise architecture roles, including at least 5 years in a leadership capacity. Proven track record of driving enterprise-wide technology transformation in a global, complex environment. Experience in large-scale cloud migration, ERP modernization, application modernization, and data-driven initiatives. Exposure to the manufacturing industry or similar domains with diverse and legacy IT landscapes is preferred. Bachelors degree in Computer Science, Information Technology, Engineering or a related field (Masters Degree preferred) Certifications: TOGAF or Zachman certified ITIL Foundation / Expert Certified Information Systems Security Professional (CISSP) or equivalent (preferred) Cloud Certification (AWS, Azure, or GCP Architect) PMP or Agile certifications (e.g., SAFe, Scrum master) will be plus

Evaluates, tests, recommends, develops, coordinates, monitors, and maintains information security policies, procedures and systems, including hardware, firmware and software Ensures that IS security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IS standards and overall IS security Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents Investigates and resolves security incidents and recommends enhancements to improve security Develops techniques and procedures for conducting IS security risk assessments and compliance audits, the evaluation and testing of hardware, firmware and software for possible impact on system security, and the investigation and resolution of security incidents, What Part Will You Play Proactively monitors complex systems and response to known and emerging threats against the Global Payments network via intrusion detection software Completes detailed, comprehensive investigation of security issues by reviewing security log data, interpreting data in support of security event management process from various data feeds and triages on a wide variety of security events, Performs incident handling process by maintaining knowledge in implementation of containment, protection and remediation activities, Keeps up-to-date knowledge of new and emerging threats that can affect the organization's information assets by analyzing of third party software/solutions, IT configuration changes (including access control requests), and network/system architecture from risk perspective Responsible for the design and configuration of security systems, including proxy, remote access, mail gateway, intrusion prevention, wireless networking, data leak prevention, security information and event management and web application firewalls, Provides input in assessing and disseminating threats related to the enterprise in regard to current vulnerability by managing and developing an emerging threat model, Assesses risks based on changes to implementation of ISO(International Organization for Standardization)/BSO(Business Services Online); enhances knowledge of PCI(Payment Card Industry)/Logical Security guidelines and models, HIPPA(health insurance portability and accountability act), PII(Personally Identifiable Information), and Card personalization, Creates cost effective solutions for system/application development regarding Information Security processes and concepts in applicable systems and software, Performs day-to-day Information Security functions pertaining to computer access control on numerous security software products and processes, Enhance understanding of business objectives and helps providing direction based on risk, Corporate Policy, and association and regulatory guidelines, Participates in developing long term strategies for conducting system penetration, vulnerability and web application testing, risk assessments, policy creation, What Are We Looking For in This Role Minimum Qualifications Bachelor's Degree Relevant Experience or Degree in: Bachelor's degree in Computer Science, Info Security, or related field Or related work experience, Typically Minimum 4 Years Relevant Exp Including network operations or engineering or system administration on Unix, Linux, MAC(Message Authentication Code), or Windows; proven experience working with security operations, intrusion detection systems, Security Incident Even Management systems, and anti-virus collection logs; including knowledge of industry standard security compliance programs (PCI, SOX, GLBA, etc ) Preferred Qualifications Professional certifications CISSP(Certified Information System Security Professional),CISM(Certified Information Security Manager) ,CISAKnowledge of industry standard security compliance programs (PCI(Payment Card Industry), SOX(Sarbanes-Oxley) , GLBA(Gramm Leach Bliley Act)) What Are Our Desired Skills and Capabilities Skills / Knowledge A seasoned, experienced professional with a full understanding of area of specialization; resolves a wide range of issues in creative ways This job is the fully qualified, career-oriented, journey-level position, Job Complexity Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors Demonstrates good judgment in selecting methods and techniques for obtaining solutions Networks with senior internal and external personnel in own area of expertise, Supervision Normally receives little instruction on day-to-day work, general instructions on new assignments, Risk Assessment Ability to identify, communicate, and mitigate risk within technical solution designs Industry Knowledge Continued self-education of new and emerging threats and relevant processes, controls, or technologies to mitigate them, Incident Response Knowledge and skills to contribute to all phases of Incident Response,

We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation!? Our IS&T (Information Services and Technology) department provides all the required technology and operational support services to run our business here in BMC! We have over 200 servers on premises to support production, disaster recovery, databases, applications and over 1000 servers in Lab environment. IS&T is transformational not only for BMC but also for the customer experience, because we give a 360 degrees view to the customer about the products they should know, opportunities in the pipeline, and any service issues outstanding with the customer. We use cutting-edge technologies to manage BMC's infrastructure and showcase it to the customers program is called BMC on BMC! We are seeking a highly motivated and detail-oriented Senior Information Security Engineer to join our team. This individual will play a critical role in ensuring the security of our network infrastructure and protecting sensitive data across our systems. The ideal candidate is passionate about cybersecurity, eager to learn, and has excellent problem-solving skills. They will work in a dynamic environment, addressing complex security challenges and continuously staying up to date with new technologies. Here is how, through this exciting role, YOU will contribute to BMC's and your own success: Deploy and maintain security tools and systems. Implement security policy, standards, guidelines, processes, and procedures to ensure ongoing security posture. Design and implement secure network architectures: Collaborate with the IT team to design, build, and maintain secure network topologies, ensuring protection from external and internal threats. Automation and scripting: Use Python and other scripting languages to automate security tasks, improve efficiency, and manage security infrastructure. Security incident response: Investigate and respond to security incidents, identifying the root cause and implementing solutions to prevent future incidents. Collaborate with cross-functional teams: Work with network engineers, software developers, and system administrators to implement security best practices across all layers of the organizations technology stack. Stay updated on the latest security trends and technologies: Continuously research and learn new security tools, trends, and technologies, applying them to the organizations environment. To ensure youre set up for success, you will bring the following skillset & experience: 3+ years of experience in a similar Security Engineering/DevOps role. Curiosity and eagerness to learn new technologies: A passion for exploring new cybersecurity tools, methods, and best practices. Hands-on experience with Linux-based environments, including hardening and securing servers. Proficiency in Python programming for automating tasks and scripting security processes. Excellent troubleshooting and logic skills: Strong analytical and problem-solving capabilities, with the ability to think critically and resolve complex issues. Strong understanding of network architecture and protocols: Ability to design and comprehend complex network topologies, troubleshoot network issues, and optimize security. Ability to work with little supervision as well as being a team player with excellent verbal, written, and interpersonal communication skills. Nice to Have: Experience with firewall configurations, IDS/IPS, and security event monitoring tools. Familiarity with cloud security (AWS, Azure, Google Cloud, OCI) is a plus. Familiarity with cybersecurity frameworks: Experience working with NIST, CIS, ISO 27001, or similar security standards is a plus. Previous experience working with vulnerability management technologies (e.g. Tenable, Rapid7, Qualys) preferred. Security Certifications such as CISSP, CEH, CompTIA Security+, or GIAC.

Position Summary: A Security Officer is responsible for protecting property, assets, and personnel by maintaining a safe and secure environment. Duties include monitoring premises, responding to incidents, and enforcing security protocols. Key Responsibilities: Patrol assigned areas to prevent and detect signs of intrusion. Monitor surveillance equipment and access control systems. Respond promptly to alarms, emergencies, or suspicious activity. Enforce company rules and security policies. Write clear and detailed incident reports. Assist visitors and employees by providing information and directions. Collaborate with law enforcement and emergency personnel as needed. Qualifications: High school diploma or equivalent. Previous experience in security or related field (preferred). Physical fitness and the ability to stand/walk for extended periods. Basic knowledge of first aid and emergency procedures. Strong observational and problem-solving skills. Valid security license or certification (as per local requirements). Warm Regards Lokesh S Contact - 9500549097, 7358273332

Responsibility: Oversee product cyber security in high-complexity development projects from acquisition to start of production (SOP) according to ISO/SAE 21434 or UNECE R-155. Planning & Development: Develop security activities and evaluate development efforts. Evaluation & Approval: Approve security concepts and strategies throughout development phases. QCT Targets: Achieve Quality, Cost, and Time targets related to cyber security work products. Tasks / Areas of Responsibility Planning & Guidance: Independently plan necessary cyber security activities and provide guidance to colleagues. Risk Analysis: Analyze product scope for cyber security risks, considering known weaknesses and vulnerabilities. Coordination: Define a holistic product cyber security concept. Coordinate with customers, suppliers, and subcontractors. Report to customers and obtain information from subcontractors. Support: Assist the development team in selecting security-compliant technologies and cryptographic procedures. Verification Methods: Define verification methods like fuzzing, vulnerability scanning, and penetration testing. Assessments & Training: Prepare cyber security assessments and implement training measures. Communication: Facilitate communication within the global HELLA cyber security network to improve processes. YOUR QUALIFICATIONS Bachelors OR masters degree in engineering ISO-21434 certification OR working experience CISSP certification is preferred Location - Hinjewadi Phase - 1.

Job Description Work with External Auditors as required, including facilitating interactions and documentation requests. Assist with compliance framework assessments including, but not limited to NYDFS, PCI DSS, SOC, SOX, GLBA, CIS, MTL and HIPAA. Coordinate external penetration test(s). Coordinate remediation of observations noted from Audit(s) or Gap Analyses. Conduct Internal Audits each quarter. Conduct New Product Audits. Review and edit policies as necessary, but no less than annually. Develop technical security training programs for application users, site security personnel, IT and HR staff globally. Coordinates audit activities with customers workload and schedule. Maintains the Internal Audit manual and leads updates to audit templates. Conducting investigations on irregularities and errors seen during the Audit. Conduct Table Top exercises including, but not limited to Business Continuity/Disaster Recovery and Incident Response. Update Risk Assessment(s) no less than annually. Complete internal vulnerability scans. Complete new hire training, including but not limited to KnowBe4 and BAI. Work with vendors, banks, partners as required to meet their compliance needs, including but not limited to, Questionnaires, RFPs, and Report Requests. Provide consultation and advisement to the business and project leads around compliance initiatives. Performance of other duties and responsibilities as assigned Comply with and enforce company policies and procedures Provide regular and predictable attendance considering any rights to leaves provided by law or company policy Perform all essential job functions without posing a direct threat of harm to yourself or others Effective written and verbal communication with subordinates, peers and supervisor Preferred candidate profile Demonstrate an ability to work under pressure to meet deliverables accurately and on time Excellent communication, interpersonal, organizational, time management and leadership skills Collaborate effectively with other teams within the Security and Compliance department, IT and the Organization Must be able to resolve problems on a daily basis, handle conflict and make effective decisions under pressure. Determination, Dependability, Integrity, Professionalism

Highest Qualification: Any Full Time Graduate Note: Hands on experience in ISO 27001 Implementation is mandatory for this role Experienced in managing cyber security services like Cyber Risk Compliance consulting. Experience in setting up end to end Cyber Security frameworks, Compliance Standard implementation, including knowledge in testing (VAPT, Web mobiles appsec, secure code review) Should be adept at conducting gap analysis, risk assessments, Impact assessments, governance and strategy development, Have worked with organizations to develop and implement various industry security standards like, IS0 27001, ISO 20000, PCI DSS, SOC2, GDPR, Privacy standards etc... Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Specific Duties and Responsibilities Include: To manage cyber security projects across EMEA region for cyber security services like Cyber security testing cyber consulting Maintaining margins Business development like having presales discussions with various teams Assist in Business development of various security standards Must Have Skills: Excellent communication and presentation skills. Able to effectively interact with various clients/sales teams and manage clients Good to have Skills / Certification: ISO27001:2013 Lead Auditor CISSP, CISA, CISM, ISO22301, OSCP, CEH, SANS, Cloud certifications, Privacy certifications like CIPP/E, CIPM Qualification: BE/ BTech, MCA, MBA with specialization in Information Security

FISERV Location: Thane What does a successful Internal Audit- IT professional do at FISERV? • Efficiently conduct the audit projects as per The Institute of Internal Auditors standards and in accordance with Fiserv global Internal Audit framework and methodologies. What will you do: • Should be able to direct/execute audit project independently (covering planning, fieldwork and reporting stages of audits) • Lead a variety of moderately complex to complex IT focused audits including IT governance, service and project delivery, audits of IT technical domains such as networks, infrastructure, and applications. • Audit Co-ordination & Facilitation - Meetings with key personnel of various work areas • Planning, conducting walkthroughs, drafting process understanding and relevant controls. • Preparing planning memos, risk assessment matrix, risk assessment control matrix (RACM) and Internal controls • Documenting and Reviewing Test of Designs and Test of Effectiveness controls. • Perform analytical procedures/analysis to test the effectiveness of controls. • Document audit procedures and cross reference working papers. • Create management representation letter comments and recommendations and draft audit reports for management review. • Expected to assign variety of audits including operational, compliance or IT focused under a variety of financial or info-security/cyber security regulations in the US and other international locations in APAC, EMEA, LATAM, etc., • Validations of audit issues. • Conducting special reviews. What will you need to know: • Desired qualification: Computer Services engineering/ BSc/MSc-IT / BCA/MCA degree [with an emphasis in information technology or equivalent degree] • Experience: at least 6 to 8 years of IT Audit experience in assessing technology/IT controls and have experience in Internal Audit, Compliance & Risk Advisory services preferably in Banking and Financial services domain. • Experience in auditing IT Internal controls, IT risk mitigation and technology related processes reviews. • Good experience in IT General controls (ITGC) reviews, Cyber security controls, Infrastructure audits, application security audits, Network security control risk reviews. • Good client interfacing skills, drafting skills, communication, and interpersonal skills. • Computer proficiency, specifically Microsoft Office products (Word, Excel, PowerPoint, etc.) What would be great to have: • Desired certifications: CISA / CISSP / CISM / CCNA certified professionals

The Role: The Senior Information Security Engineer is for responsible for implementing industry best security practices, will design, implement, maintain, and document the security measures to protect the organization against cyber threats and attend all ISO audits and requirements. Your Responsibilities: Ensuring that an ISMS system is established, implemented, and maintained in accordance with the ISO 27001:2013 and/or ISO 27001:2022. Lead all ISO and customer security audits/meetings and compliance activity. Contributing to Request for Proposal (RFPs) and supporting IT in CAPA management and Change Controls. Conducting regular internal security audits (Quarterly basis) to assess the effectiveness of security controls and identify areas for improvement. IT tickets handling related to security related incidents. Security Incident Reporting - Generating and presenting regular reports on the organization's security posture(weekly/quarterly/annual), including incidents, vulnerabilities, and risk mitigation efforts. Organization wide Security Awareness - Contributing to and developing security awareness by way of email leaflet/posters on monthly basis and training materials to improve security posture among the organization's staff. Security Policies and Procedures - Developing and implementing security policies, standards, and procedures to safeguard the organization's information assets. Review process documentation to ensure adequacy and consistency is maintained. Risk Assessment - Contribute to the team on regular assessments to identify potential security risks and vulnerabilities in the organization's IT infrastructure. Vulnerability Management - Monitoring and managing vulnerabilities in the organization's systems, including applying patches and updates in a timely manner. Running and automation of vulnerability scans and responsible for closure. Penetration Testing - Gathering penetration test requirements and performing internal pen tests on a scheduled basis. Should be adaptable for 24x7x365 availability for new security related projects/tasks. Preferred Qualifications, Training and Experience: Engineering degree in Computer Science, Information Technology, or a related field. Certifications such as CISSP, CISA/CISM, CEH and ISO 27001 demonstrating expertise in information security management and practices. Minimum of 10 years’ experience in information security roles, with a focus on security architecture, ISO Audits, incident response, and risk management. In-depth knowledge of security technologies such as firewalls, intrusion detection/prevention systems, encryption, and endpoint security solutions. Proficiency in security monitoring tools and techniques for detecting and responding to security incidents in real-time.

Governance: Develop, review, and update information security policies, procedures, and frameworks to align with industry best practices and regulatory requirements. Risk Management: Conduct comprehensive risk assessments, including identifying

We are looking for a highly skilled and experienced Risk Consulting Senior Associate 1 to join our team in Bengaluru. The ideal candidate will have 3-5 years of experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control's design and operating effectiveness. Conduct IT internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to advise clients. Ensure documentation complies with quality standards and collaborate effectively with RSM consulting professionals, supervisors, and senior management. Manage multiple concurrent engagements and provide timely, high-quality client service that meets or exceeds expectations. Utilize problem-solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to best advise our clients. Exercise professional skepticism, judgment, and adhere to the code of ethics while on engagements. Ensure service excellence through prompt responses to internal and external clients. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 3-5 years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role and requires frequent communications with RSM International clients.

We are looking for a highly skilled and experienced IT Due Diligence Manager to join our team in Bengaluru. The ideal candidate will have 4-7 years of experience in the field. Roles and Responsibility Analyze technology implications for active M&A transactions. Review client investment theses, company profiles, and information on business technology environments. Research niche technologies, regulatory obligations, and latest trends to guide analysis. Participate in discussions with company executives to understand business processes and leverage technology strategy. Evaluate commercial off-the-shelf and custom-developed applications for sufficiency, scalability, and maintainability. Assess a company's IT infrastructure for hosting model adequacy, hardware inventory, network architecture, and business continuity procedures. Analyze technology vendor contracts and compute IT spend through contract reviews and financial documents. Develop workbooks and reports to capture diligence observations/analysis. Manage and develop RSM USI team members. Job Requirements Academic Qualification: B.Tech. and MBA from leading technology/business schools. Relevant experience of 4-7 years at a Big 4 or equivalent Advisory Services practice. Knowledge of Microsoft-powered AI products such as Microsoft CoPilot or any other GenAI tools is preferred. Experience with onshore teams, including data room management, document request list preparation, management meeting preparation, workbook analysis, quality of earnings, due diligence reports, client calls, and engagement team calls. Experience with post-acquisition/carve-out integration and separation-related engagements. Preferred industry experience in manufacturing, distribution, consumer products, business services, healthcare, financial services, business services, or technology. Knowledge of US-based regulatory and compliance frameworks such as FFIEC, NERC CIP, PCI DSS, HIPAA, GLBA, and HITECH is a plus. ERP or supply chain application implementation experience; functional expertise in IT and supporting front/back-office operations preferred. IT and cyber-related certifications (CISSP, CISM, HITECH, PCI DSS QSA, CEH, Azure, AWS). Strong skills in critical thinking, problem-solving, and process improvement. Excellent interpersonal and communication skills to interact effectively with internal team members and external clients. Ability to be a self-starter and drive successful client delivery. Demonstrates willingness to invest time in cross-time zone communication with U.S.-based teams. Evaluated as an exceptional performer in current position.

Job Summary : We are seeking a highly skilled NetIQ Engineer with strong Identity and Access Management (IDAM) expertise to design, implement, and maintain identity solutions using NetIQ Identity Manager, Access Manager, and related technologies. The ideal candidate will have deep knowledge of identity lifecycle management, authentication, authorization, SSO, and directory services. Key Responsibilities : - Deploy, configure, and manage NetIQ Identity Manager and Access Manager to support enterprise-wide IDAM solutions. - Integrate identity and access solutions with various applications, directories (Active Directory, LDAP), and cloud environments. - Develop and maintain policies, workflows, and role-based access controls (RBAC) for user provisioning, authentication, and authorization. - Manage identity lifecycle processes (onboarding, access changes, offboarding) in compliance with security policies. - Troubleshoot and resolve IDAM-related issues, including authentication failures, synchronization errors, and performance bottlenecks. - Collaborate with security teams to enforce identity governance and compliance requirements. - Automate identity tasks using scripting languages (PowerShell, Java, or Python). - Stay updated with security best practices and emerging IDAM technologies to enhance existing implementations. Required Skills & Qualifications : - 5+ years of experience in Identity and Access Management (IDAM) with a focus on NetIQ products. - Strong hands-on experience with NetIQ Identity Manager, Access Manager, eDirectory, and iManager. - Expertise in identity federation, SSO (SAML, OAuth, OpenID Connect), and MFA. - Proficiency in Active Directory, LDAP, and directory synchronization. - Knowledge of IAM-related security protocols and standards. - Experience in workflow development and policy configuration within NetIQ. - Scripting experience (PowerShell, JavaScript, or Shell scripting) for automation. - Strong troubleshooting and problem-solving skills. - Industry certifications (CISSP, IAM-related certs) are a plus. Preferred Qualifications : - Experience integrating NetIQ with cloud platforms (AWS, Azure, GCP). - Hands-on experience with Privileged Access Management (PAM) solutions. - Familiarity with CIAM and Zero Trust security models. Location - Bangalore,Chennai,Delhi NCR,Gurgaon/Gurugram,Mumbai

We are looking for a highly motivated and detail-oriented individual with 0 to 3 years of experience to join our team as a Risk Consulting Associate in the IT SOX domain. The ideal candidate will have excellent analytical skills, strong knowledge of financial services, and a passion for delivering high-quality results. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control design and operating effectiveness. Conduct internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions. Ensure documentation complies with quality standards. Collaborate with RSM consulting professionals, supervisors, and senior management in the U.S. daily. Manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients. Provide timely, high-quality client service, coordinating the development and execution of the consulting work plan and client deliverables. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 0-3 years of relevant experience in Information Technology/Security Controls, SSAE18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role requiring frequent communications with RSM International clients.

We are looking for a skilled professional with 8 to 13 years of experience to join our team as an Associate Manager/Manager - RC TRC IT SOX Consulting in Bengaluru. The ideal candidate will have a strong background in Information Technology/Security Controls and experience in Risk Consulting. Roles and Responsibility Develop an understanding of the RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review, document, evaluate control's design and operating effectiveness. Conduct internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to advise clients. Collaborate with the team to provide integrated service delivery and ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 8+ years of relevant experience in Information Technology/Security Controls. Intermediate knowledge of financials, operations, and technology, along with its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills, including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Excellent verbal and written communication skills, as this role requires frequent client interactions. Ability to manage multiple concurrent engagements and ensure service excellence through prompt responses to internal and external clients. Provide timely, high-quality client service that meets or exceeds expectations, including coordinating the development and execution of the consulting work plan and client deliverables. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery. Ensure professional development through ongoing education.

Security Risk and Compliance Expert will be instrumental in shaping the global Information Security Management System (ISMS) within our Group Security team. This role involves engaging with various Business Groups and Corporate Functions to identify and manage information security risks, ensuring compliance and enhancing our security posture. Facilitate risk assessments, develop training, and contribute to the continuous improvement of security policies and tools. Enhance the overall security and compliance of services provided to our customers. You have: Master's or bachelor's degree in computer science, security engineering, or equivalent 5+ years of experience in information security in a multinational organization. Solid understanding of information security processes and technologies Practical knowledge of ISO/IEC 27001:2022 standard implementation Excellent documentation and communication skills It would be nice if you also had: Knowledge of security standards like CSA CCM, NIST CSF, NIS2, and SOC2 Experience delivering information security training Familiarity with RSA Archer and Microsoft Power BI or other GRC tools Certifications in information security (e.g., CRISC, CISSP and ISO 27001 LI/LA) Implement and operate the global Information Security Management System (ISMS) to enhance overall security and compliance Conduct risk assessments with global stakeholders to evaluate and report information security risks Develop and maintain the information security risk register, tracking mitigation progress and presenting reports to stakeholders Provide recommendations for security risk mitigation strategies tailored to different business groups Create, update, and maintain ISMS documentation and a repository of reports and audit records Facilitate training sessions to educate employees on ISMS practices and promote a strong security culture Collaborate with cross-functional teams to identify evolving security trends and compliance requirements Contribute to the continuous improvement of Nokia ISMS and related tools, utilizing KPIs to measure effectiveness

Role & responsibilities: Act as the SME when eliciting Vulnerability management technology changes and Remediation orchestration business process. Support Product & Service owners to validate technology and process changes to ensure Remediation orchestration platform is meeting standard vulnerability management controls. Assess and understand business impact of Vulnerability lifecycle management security policies; procedures; and guidelines. Consolidate remediation progress on application and infrastructure vulnerabilities into one risk focused view to help guide senior management risk and remediation decisions. Manage and influence stakeholders in understanding risk exposure; remediation prioritisation and importance from vulnerabilities the Bank could be exposed to. To provide timely support on initiatives to improve vulnerability remediation service incrementally including reporting; workflow; data processing enhancements. Research and report on latest advancements in the vulnerability management lifecycle tooling and process. Take personal responsibility for embedding the highest standards of ethics; including regulatory and business conduct. Primary skills: Vulnerability Management CISSP Remediation

Domain Certifications CISSP, CISA, CRISC, ISO 27001 Responsibilities Own and lead the governance program at account level for a large Financial services account with 700 + head count and multi country locations having high security Offshore Delivery Centres & Work from home teams Develop, implement and monitor Account level Information security governance program; meeting client compliance requirements proactively Perform contract reviews, cyber security risk assessments and drive compliance programs to meet contractual and organizational cyber security requirements within the client offshore delivery centres. Experience in Application security and code reviews which can be leveraged to guide and work with delivery teams on covering the cyber security risks associated with Application security, development and maintenance projects. Work closely with different teams internally like IT, business, HR, facilities, cyber security which operate at Organization level to translate client requirements and assess residual risk if required Give directions and monitor the compliance and operations activities within the account through dedicated team and work closely with account team on ensuring the compliance within account team Develop account level procedures, metrics and review programs to maintain and enhance the governance model within the account Be a single point of contact for client interactions during third party audits and liaise within the organization Prepare the account for certification and internal audit requirements based on industry standards like PCI DSS and ISO 27001 requirements Focus and objective driven to demonstrate ongoing improvements; identify early indicators of non compliance and able to draw mitigation actions Hold technical skills to participate in technical discussions for delivery centre setup, connectivity models Excellent communication skills and have demonstrated effective CXO level reviews

Core Responsibilities Managing multiple shifts of Security Operations Centre Managers performing security event monitoring and incident identification for 247 Security Operations Centre Provide tactical and strategic direction for the Security Operations Centre staff, program development & maturity roadmap To validate the Incidents reported by SOC operators. To escalate timely when the SLA for alerting is not met. To identify the incidents if there are any missed by SOC operators To interact with external parties to resolve the queries relating to the raised incidents. To manage the SIEM, incidents knowledge base. To generate the daily reports, weekly reports and monthly reports on time. To maintain the timely delivery of reports. To maintain the updated and latest log baselines. The security analyst monitors security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity, escalate to managed service support teams, tier2information security specialist, and/or customer as appropriate to perform further investigation and resolution. Recommend enhancements to SOC security process, procedures and policies. Participate in security incident management and vulnerability management processes. Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems. Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats Communicate effectively with customers, teammates, and management Provide input on tuning and optimization of security systems Follow ITIL practices regarding incident, problem and change management Document and maintain customer build documents, security procedures and processes. Staying up-to-date with emerging security threats including applicable regulatory security requirements. Other responsibilities and additional duties as assigned by the security management team Qualifications Ideal candidates will have as much of the following High-level understanding of TCP/IP protocol and OSI Seven Layer Model. Knowledge of security best practices and concepts. Knowledge of Windows and/or Unix-based systems/architectures and related security. Intermediate level of knowledge of LAN/WAN technologies. Must have a solid understanding of information technology and information security. Certification in at least one industry-leading SIEM product. Preferred Information Security professional designations such as CISSP, CISM, CISA 3-5 years previous Security Operations Centre Experience in conducting security investigations Detail oriented with strong organizational and analytical skills Strong written communication skills and presentation skills Self-starter, critical and strategic thinker, negotiator and consensus builder Good knowledge of IT including multiple operating systems and system administration skills (Windows, Linux) Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products Strong understanding of security incident management, malware management and vulnerability management processes Security monitoring experience with any SIEM technologies and intrusion detection technologies Experience with web content filtering technology -policy engineering and troubleshooting Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP A Bachelors Degree / Diploma in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering Excellent English written and verbal skills. Shift work required After-hours availability required

ROLE & RESPONSIBILTY: Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. REQUIREMENTS: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

Role & responsibilities Implement and maintain security tools (firewalls, IDS/IPS, antivirus, encryption). Conduct vulnerability assessments and manage patching efforts. Lead internal/external security audits for compliance and risk mitigation. Investigate and respond to security incidents (NIST/CSF aligned). Monitor threat intelligence and update security controls accordingly. Develop and enforce security policies and procedures. Deliver security awareness training to employees. Qualifications & Experience: Bachelors/Masters degree in Information Security, Computer Science, or a related field. 12+ years of experience in cybersecurity. In-depth knowledge of security frameworks, tools, and technologies. Core Skills: Strong analytical and problem-solving skills. Proficient in SIEM (Splunk, QRadar), EDR (CrowdStrike, SentinelOne), and vulnerability scanners (Nessus, Qualys). Experience with firewalls (Cisco, Palo Alto), IDS/IPS (Snort, Suricata). Knowledge of cloud security (AWS, Azure) and network protocols. Skilled in log analysis, malware analysis, and penetration testing. Interested candidates share your cv to recruitment@gokaldasexports.com

Security Service Operations,IT Security Technologies,CISSP, CISM, CRISC, CISA,SIEM, EDR, Email Security Gateways, Vulnerability Management Software, Firewalls,security systems, user authentication and management