44 Crisc Jobs

Your Impact Youll be responsible for engaging with senior customer representatives including CISO and other C-suite stakeholders to engage on topics around CyberSecurity, adjacent technical areas, and application of technology and programs in the business. Provides trusted support, advice and guidance on the latest trends and developments in CyberSecurity and how these can be used to provide lasting business value and impact for our customers. Applying your wide and deep experience in solving these challenges elsewhere youll help our customers with their journey, articulating Ciscos unique value proposition and architecture for CyberSecurity and how Cisco can help our customers succeed with their CyberSecurity goals. By establishing yourself as a trusted advisor and building lasting relationships, youll help bridge the communications gap between customer needs and what Cisco can offer. Identifies opportunities for Cisco to provide additional products and services that are aligned to achieving the customers CyberSecurity goals. Results and Outcomes Youll proactively strengthen and expand Ciscos presence and technology leadership in the CyberSecurity domain through externally visible activities such as blog posts, social media posts, papers, external speaking engagements and serving on external forums and boards. Youll continually acquire the knowledge and expertise necessary to pioneer new thinking and approaches. Youll contribute new materials and innovative articles rather than solely parroting existing materials or campaigns. Youll have a strongly accretive impact on Ciscos CyberSecurity business as evidenced by pipeline generation and supporting sales of products. Youll actively contribute to talent development, ensuring the principals of improving inclusion and diversity are honoured and promoted. Minimum Qualifications: * Bachelor or Masters degree in a relevant area, an MBA is preferred * CertificationsCISSP, CRISC, CISA and CISMand advantage. * Telco expertise and hands on implementation * 15+ years relevant experience with at least five (5 )years as: a CISO, Head of Risk or equivalent in a major organization; Partner or Associate, Principal, or Managing Director in a big 4+1 company or other leading consulting organization; or a combination thereof. * Proven experience and recognized as a thought leader in CyberSecurity in one or more industry verticals such as Financial Services; Service Provider; Manufacturing, Mining, Transportation, Oil and Gas, or Utilities; or Technology. * A proven record of business leadership in a technical domain and experience in transformational or strategic programs, with evidence of where past contributions have a significant impact on business. * Proven track record of C-suite engagement with an extensive personal contact base. * Published author, conference speaker and social media presence. Preferred Skills * Proven experience and recognized as a thought leader in CyberSecurity in Service Provider is highly desired * Proven experience in delivering security solutions, knowing cisco security solution is a plus.

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks).

Key Skills: Compliance Strategy, Data privacy, CRISC, CISA, CISM. Roles and Responsibilities: Develop, implement, and maintain cybersecurity policies and procedures in accordance with legal, regulatory, and industry standards such as GDPR, DPDPA, Cert-In, ISO 27001, and NIST. Conduct regular compliance audits and assessments, identifying risks or areas of non-compliance and recommending corrective actions. Provide guidance and training to employees on IT compliance, regulatory mandates, and ethical conduct. Collaborate with IT and cybersecurity teams to establish technical controls to mitigate cyber risks and data breaches. Monitor, investigate, and respond to cybersecurity incidents and breaches, coordinating appropriate remediation efforts. Prepare, submit, and maintain compliance reports for regulatory bodies and internal stakeholders, ensuring accuracy and timeliness. Maintain comprehensive documentation related to audits, risk assessments, compliance activities, and incident response. Experience Requirements: 11 to 17 years of hands-on experience in cybersecurity and IT compliance roles. In-depth understanding of laws, regulatory frameworks, and industry standards governing cybersecurity and data privacy. Strong technical expertise in network security, encryption, access controls, incident response, and cybersecurity best practices. Proven ability to assess compliance risks and implement effective mitigation strategies. Strong collaboration and communication skills with experience working across all levels of an organization. High attention to detail, well-organized, and capable of managing multiple priorities in a fast-paced environment. Strong integrity, ethics, and dedication to upholding compliance standards. Education: B.tech, M.tech, B.com, M.com, MBA, any PG.

Skills: AI, API AWS, Azure, GCP, Go, Java, JavaScript, Cryptography, Graph QL, Palo Alto Python Threat Vulnerability Bachelor's Degree in Computer Science, Information Systems, Business Administration or other related field Certification may be required for specific functions 6-9 years of information security experience Experience with gathering functional requirements, deployment of information security tools, and data analysis In-depth experience with desktop software and office automation tools Experience with information security risk management and process improvement Preferred Qualifications: Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE. Experience with application security controls (Web, API, Mobile, AI). Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS. Experience with Application Security design and DevSecOps Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications. Experience with Java, Javascript and mobile application development. Knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases Experience with Cloud security, architecture, design, implementation, and operations Exposure to IAM Controls (OAuth 2.0, OIDC, JWT) Strong familiarity with Cryptography Controls (Data at rest, in motion). CISSP, CISM, CSSLP, CISA, CRISC, OSCP.

Job ID: 199874 Required Travel :Minimal Managerial - No LocationIndia- Pune (Amdocs Site) Who are we Amdocs helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our employees around the globe are here to accelerate service providers migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $5.00 billion in fiscal 2024. For more information, visit www.amdocs.com In one sentence We are seeking a highly skilled and experienced Senior Governance, Risk, and Compliance (GRC) Specialist to join our dynamic team. The ideal candidate will have a strong background in GRC, with a proven track record of managing and implementing comprehensive risk management and compliance programs, particularly within the EMEA (Europe, Middle East, and Africa) and IMEA (India, Middle East, and Africa) regions. What will your job look like Develop and maintain governance frameworks, policies, and procedures. Ensure compliance with industry standards, regulations, and contractual obligations. Identify, assess, and prioritize security risks, implementing mitigation strategies. Conduct regular risk assessments, audits, and maintain risk registers. Ensure adherence to GDPR, CRA, and other relevant security regulations. Monitor and enforce security compliance across EMEA and IMEA regions. Develop and deliver compliance training programs for employees. Prepare and present security reports to senior management and stakeholders. Collaborate with internal teams and liaise with external auditors and regulators. Communicate security risks and mitigation strategies effectively to stakeholders. All you need is... Bachelor's degree in Business Administration, or a related field. Professional certification (e.g., CISA, CRISC, CISSP) is preferred. Minimum of 6 years of experience in governance, risk management, and compliance. Strong knowledge of relevant laws, regulations, and industry standards, particularly in the EMEA and IMEA regions. Strong understanding of NIST CSF, CIS, ISO 27001, PCI DSS, and Data Protection frameworks. Excellent analytical, problem-solving, and decision-making skills. Strong communication and interpersonal skills, with experience in defending and explaining security risks and mitigations to customers and stakeholders. Ability to work independently and as part of a team. Proficiency in GRC software and tools. Why you will love this job: You will be able to demonstrates an understanding of key business drivers and ensures strategic directions are followed and the organization succeeds You will be able to gathers relevant data, identifies trends and root causes, and draws logical conclusions to develop solutions You will have ability to assess details, systems and other factors as part of a single and comprehensive picture We are a dynamic, multi-cultural organization that constantly innovates and empowers our employees to grow. Our people our passionate, daring, and phenomenal teammates that stand by each other with a dedication to creating a diverse, inclusive workplace! We offer a wide range of stellar benefits including health, dental, vision, and life insurance as well as paid time off, sick time, and parental leave Amdocs is an equal opportunity employer. We welcome applicants from all backgrounds and are committed to fostering a diverse and inclusive workforce

Job Title Senior Manager - Cybersecurity and Cyber Defense Center Direct Supervisor VP - Cybersecurity and Cyber Defense Center Job Purpose To develop, manage, and execute cyber security project across Mashreq to Lead and oversee the strategic operations of the Cyber Defense Center (CDC) to ensure effective monitoring, detection, analysis, and response to advanced cybersecurity threats. Develop and implement security strategies, policies, and procedures to manage and mitigate risks across the organization. Guide and mentor the team in using SIEM platforms (Azure Sentinel & ArcSight preferred) and other security solutions to address complex and critical security events. Coordinate with senior leadership and external stakeholders to enhance the organization's security posture and ensure compliance with regulatory requirements. Dimensions Key Result Areas Strategic Security Management: Develop and implement strategies for monitoring and responding to security events from SIEM systems (Azure Sentinel & ArcSight preferred). Analyze and respond to security events from diverse data sources such as firewalls, IDS/IPS, antivirus solutions, DAM systems, web servers, proxies, and banking applications. Advanced Threat and Incident Management: Create and refine alert rules and logic in SIEM to detect significant events and threats. Perform precise, real-time analysis and correlation of logs/alerts from multiple sources. Utilize established policies, standards, and procedures to classify security alerts as incidents and guide incident response efforts. Leadership and Improvement: Improve incident response times and reduce false positives by refining detection capabilities and processes. Assist in the design, implementation, and execution of security awareness programs and risk-based security controls analysis. Update and enhance processes and policies (SOPs, playbooks, runbooks) with a deep understanding of cybersecurity best practices. Cross-Functional Collaboration: Collaborate with compliance, audit, and regulatory teams to provide necessary information, data, and evidence. Keep up-to-date with industry knowledge and trends to maintain a high level of security proficiency. Key Principles Strategic Leadership: Provide strategic direction and leadership to the Cyber Defense Center, ensuring alignment with organizational goals and cybersecurity best practices. Enhanced Threat Detection and Response: Drive improvements in threat detection and response capabilities, ensuring accurate identification and swift remediation of security incidents. Continuous Process Improvement: Continuously evaluate and enhance security processes and policies to adapt to evolving threats and improve operational efficiency. Effective Communication and Collaboration: Maintain strong communication with internal teams, senior management, and external stakeholders to ensure effective security management and compliance. Ethical and Professional Standards: Uphold high ethical standards in all security practices, ensuring compliance with regulations and protecting sensitive information. Operating Environment, Framework and Boundaries, Working Relationships Information Security / Cyber Security Regulations and Industry best practices. HO (Head Office) and International Regulators and Supervisors across the bank is operating. All business units including LOD 1-3 including LOD1 – Business, Tech GRC, Technology, LOD-2 Group Compliance, Fraud Prevention, Risk Management and LOD-3 Internal Audit. Problem Solving Proactive and Strategic Problem Solving: Lead proactive monitoring and root cause analysis of security incidents to address underlying issues effectively. Provide strategic guidance during incident response activities for complex security incidents. Log Source Management and Optimization: Oversee the onboarding and integration of new log sources, optimizing data accuracy and enhancing threat detection capabilities. Decision Making Authority & Responsibility Evaluation and Innovation: Lead evaluations and Proof of Concept (PoC) for new security solutions and technologies, driving innovation in security practices. Security Metrics and Architecture: Monitor and analyze key security metrics to ensure alignment with security standards and contribute to the development of Security Reference Architecture. Policy and Strategy Development: Guide the creation and refinement of security policies, including scope and control decisions, ensuring alignment with organizational and regulatory requirements. High-Level Collaboration: Collaborate with senior management, vendor personnel, and other teams to achieve security objectives with minimal supervision. Knowledge, Skills, and Experience Educational Background: Graduate/Postgraduate degree in Science, Engineering, or IT. Certifications: Minimum of 2 professional certifications from CISSP, CISM, CRISC, CISA, or equivalent. Experience: Extensive experience in SIEM design and implementation, with a strong background in Cyber Defense Center or Security Operations Center roles. Over 12 years of experience in SOC & CDC, with proven leadership skills and expertise in managing complex security operations. Skills: Proficiency in managing SIEM policies and enhancing security operations. Strong analytical skills for evaluating security requirements and implementing appropriate controls. Excellent documentation and report writing skills. Knowledge of the banking environment is advantageous.

Skills Needed: Ability to analyse an organisations enterprise information technology architecture Ability to apply secure network architectures and security controls into proposed solutions Ability to identify cybersecurity or privacy issues in external or partner connections Ability to design systems and apply security architecture guidelines across On-Premises and Hybrid Cloud environments Ability to partner with Infrastructure, Cloud and Application architects to perform user needs analysis and requirements gathering for large-scale projects. Ability to develop a cyber security strategy and input into detail-oriented operational planning including capability development (People, Processes, Technology, Data). Ability to perform Controls Assurance / Attestation and deliver comprehensive risk treatment plans. Technical depth and sound knowledge in networking, cloud, desktop, server, storage, software-defined-networking, virtualization and application domains Proven communication skills, able to write and verbally communicate complex concepts Proven collaboration skills and can adapt to changing organization changing business needs, technological advances and agile methodology Self-starter and shows empathy towards business requirements and able to influence changes to facilitate security Health Insurance or Health Care Industry experience is a plus Travel required, approximately 10% Qualifications: Bachelors or Masters in Cybersecurity, Computer Science, or Information Security. Qualified candidates will typically have 13+ of professional IT experience work experience, with 8+ years of experience in a security design and development role CISSP, CISM, CCSP, CRISC or similar certifications required Expertise in encryption, network security, cloud security, application security and endpoint protection. Deep knowledge of security risks, data privacy laws, and fraud prevention techniques relevant to Financial Services, FinTech and Health sectors. Experience in data security standards and best practices for Personally Identifiable Information (PII) and Personal Health Information (PHI)Experience and working knowledge of NIST, HIPPA, PCI DSS & ISO 27001 certification is a plus Strong written and spoken English skills, demonstrated ability to communicate at high levels, both verbally and in reporting Strong work ethic, high drive and ability to focus. High stamina. Shows optimism and determination when facing challenges Ability to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role As a System Administrator at Kyndryl, you’ll solve complex problems and identify potential future issues across the spectrum of platforms and services. You’ll be at the forefront of new technology and modernization, working with some of our biggest clients – which means some of the biggest in the world. There’s never a typical day as a System Administrator at Kyndryl, because no two projects are alike. You’ll be managing systems data for clients and providing day-to-day solutions and security compliance. You’ll oversee a queue of assignments and work directly with technicians, prioritizing tickets to deliver the best solutions to our clients. One of the benefits of Kyndryl is that we work with clients in a variety of industries, from banking to retail. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. You’ll also get the chance to share your expertise by recommending modernization options, identifying new business opportunities, and cultivating relationships with other teams and stakeholders. Does the work get challenging at times? Yes! But you’ll collaborate with a diverse group of talented people and gain invaluable management and organizational skills, which will come in handy as you move forward in your career. Your future at Kyndryl Every position at Kyndryl offers a way forward to grow your career, from Junior System Administrator to Architect. We have opportunities for Cloud Hyperscalers that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. One of the benefits of Kyndryl is that we work with clients in a variety of industries, from banking to retail. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Expertise • 7+ years of hands on experience in various security and IAM functions (AD, IAM, PAM, etc.) • 5+ years of experience in project delivery • Extensive practical experience with AD/Azure IAM functions e.g. groups, access policies • Some hands-on experience in PAM/IAM tools as well as user lifecycle management • Project experience in proactively identifying, tracking and closing risks and issues • Comfortable in delivering multiple workstreams accurately and within timelines • Familiarity with Zero Trust principles relating to the Identity pillar Strong analytical skills with high attention to detail and accuracy • Risk management, tracking, and resolution cross functionally (e.g Infrastructure, Cloud, Data) • Organize, prioritize and track project and operational activities on a day-to-day basis • Exceptional verbal and written communication skills at all levels of the organization • Working knowledge of large IT organization operations including change management • Hands on ability to work with AD/Azure and underlying technologies (e.g. MS Windows servers) • Implementation level knowledge of IAM principles: PAM, SSO, SOD, RBAC, Least Privilege, etc • Established ability to interface with architecture in creation of connection kits and patterns • Ability to generate reports (e.g. PowerShell) and perform analysis (e.g. Excel and PowerPoint) • Exceptional analytical abilities, providing IAM lifecycle and risk context to recommendations • Produce and update procedural documents to ensure IAM program success/business continuity • Knowledge of local, cloud and hybrid Directory Service architectures • Experience supporting security administration, operations, or security architecture • Proven clarity in documenting complex problems at senior management level Preferred Technical and Professional Experience • Microsoft certifications on AD/Entra (preferred) • IAM product specific certifications such as Delinea, or SailPoint Certifications in Information Security such as CIAM, CIMP, CIST, CISSP, CISM, CRISC, CC Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

Job Description: IT GRC Analyst I Department: Information Technology Reports To: Senior IT GRC Analyst Location: 100% Remote Experience: 10+ Years Job Summary: We are seeking a dedicated IT GRC (Governance, Risk, and Compliance) Analyst I to join our dynamic IT team. The primary responsibility of this entry-level role is to assist in ensuring that IT operations are in compliance with regulatory requirements and internal policies, with a particular emphasis on supporting Sarbanes-Oxley (SOX) audits. The IT GRC Analyst I will support risk assessments, policy development, compliance monitoring activities, and SOX audit preparations. Key Responsibilities:* Assist in the development, implementation, and maintenance of IT policies and procedures. Conduct regular risk assessments and audits to ensure compliance with regulatory standards and internal policies, with a focus on SOX controls. Support the IT team in identifying, evaluating, and mitigating IT risks. Monitor compliance with security policies and procedures to ensure a secure environment. Collaborate with different departments to ensure integrated risk management practices. Assist in preparing and executing SOX IT control reviews, documenting compliance efforts, and maintaining records of SOX controls. Provide support in responding to internal and external SOX audits and regulatory assessments. Recommend improvements to SOX controls and processes to enhance the overall security posture. Maintain up-to-date documentation of IT GRC activities, compliance reports, and SOX audit evidence. Qualifications: Bachelor's degree in Information Technology, Computer Science, or a related field. Basic understanding of IT GRC principles, regulatory requirements, risk management frameworks, and SOX compliance. Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Ability to work collaboratively in a team environment. Basic knowledge of security standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and SOX compliance requirements is a plus. Relevant certifications (e.g., CISA, CRISC, CISSP) are desirable but not required for entry-level applicants. Experience: Entry level; 0-2 years of experience in IT risk management, compliance, or a related field, preferably with exposure to SOX compliance activities.

The ideal candidate should be responsible for security analysis by connecting the loose ends using security information from various tools and processes to improve the cyber processes and for protecting the Bank from cyber-attacks. To manage Cybersecurity Incident response within the Bank To manage Red/ Blue Team exercises, VAPT of Applications and Infrastructure, review the reports and ensure closure. Creation/ Review of Information Systems Security Policies and procedures Periodic Review of security tools and processes like Firewall / IDS & IPS / WAF / DAM logs / PIM logs / System logs To understand, implement, monitor and review of various regulatory/ compliance frameworks like ISO 27001, PCI DSS, etc., on need basis. To ensure compliance with various Cybersecurity controls as per the regulatory framework. Vendor management periodic MIS & SLA reviews, payments & penalties, renewal of support contracts and licenses in timely manner. recognized university. Desirable: Certifications like: CISM / CISSP / CISA / CRISC / ISO 27001:2013 / PCI DSS / CEH / OSCP/ etc. 8+ years of Experience Knowledge of RBI Guidelines on IS/ Cybersecurity. Prior experience in IT Governance, Policy & procedures, Application security assessment / VAPT (preferably Hands On).

Information Security Risk Analyst - TDI CSO The Technology Data Innovation (TDI) Chief Security Office (CSO) comprises both Corporate Security and Information Security. We run security operations globally to protect the banks people, infrastructure, processes, and information. CSO Governance and Control conducts proactive Information Security (IS) controls assess ability and applicability reviews for the emerging technologies to design adaptable IS assessment framework to appropriately assess the security requirement for relevant applications and infrastructures. The role holder would mainly be working on assessments and remediation across the globe to ensure that the Information Securityrequirements for various assets within the Bank are safeguarded and mitigated from any potential risks which can include - Reputational, Financial & Regulatory. Your key responsibilities: Display strong knowledge of Information Security as this is an SME role for reviewing Risk & Control Assessments as per IS policy and ISO 27001. Work with governance, risk, and compliance (GRC) tools such as ServiceNow, should be familiar with national and international regulatory frameworks like NIST, ISO, SOX, EU DPD, PCI DSS, and GDPR and additional knowledge on Regulatory requirements/controls like MAS, CAM and PSDII to support stakeholder requirement. Display strong knowledge and understanding of Information security controls (ISO) and mitigation/remediation solutions. SME Knowledge on the BAU activities and have mentality to contribute for the daily BAU task as and when required. Take the responsibility/ownership to cover the portfolio end to end. Collaborate with process owners, internal auditors, external auditors, and other stakeholders to assist in reviewing, monitoring, and resolving findings. Ability to successfully manage third-party audits, compile evidence, and organize audit responses. Manage scope of deliverables and expectations and ensure clear and concise communication to onshore team members and other stakeholders. Provide process improvement inputs to various stakeholders. Build strong relationships with various stakeholders, including but not limited to: Portfolio Owners, Divisional ISOs, Business owners, Application & Technology owners, Risk Managers to complete Information Security Risk & Control Assessments and Remediation management. Design strategic programs and solutions to implement effective information security objectives throughout the organization. Proactively seek ways to improve upon existing practices and processes. Display insight and ability in identifying issues and develop successful solutions. Communicates openly with management and the internal stakeholders; keeps them informed of potential risk and escalate problems/delays accordingly to avoid / minimize the impact. Work with multiple, distributed teams (across different locations) Develop key operational procedures and policies where necessary and ensure adherence to all such defined policies. Represent the process in other forums, provide inputs for the monthly and quarterly dashboards with performance and with any challenges faced or suggestions to improve the quality. Proactively develop and maintain professional consultative working relationships with the CSO function, stakeholders and respective support areas and will use a range of approaches to collect relevant information to assess key risks. Your skills and experience: Significant work experience in the Information Technology / Information Security area Proven capabilities / competencies in mitigating the Information Security / Application Governance / IT Control etc. Clear understanding of the relationship between IS risk and how this applies to business processes. Professional / industry recognized certifications (e.g., CISA, CISM, CRISC etc.) are highly beneficial to cover a broad range of Information Security areas where relationship with the business or IT is required. Strong understanding of service delivery and relationship management Project management, Agile methodology, analytical and practical problem-solving skills. Ability to monitor, track and clearly communicate progress, escalate issues when appropriate. Good understanding of data and skillset to produce effective reports using Excel, Macro, or other reporting tools. Experience with data visualization tools like Tableau, Power BI, etc., Proficiency in Data Analytics Skills in Python, added advantage to languages such as SQL for data manipulation and analysis. Ability to understand the latest cybersecurity threats, attack vectors, attack techniques and emerging trends through threat intelligence sources and communities. Experience in global teams across different time zones and within a matrix environment. Professional and strong verbal and written communication skills and the ability to communicate on all hierarchy levels. Self-driven, eager to learn and well-organized team player.

Experience: Minimum of 2-4 years of experience in third-party risk management, information security, or audit programs. Experience with Venminder and other TPRM platforms. Preferred certifications include CISSP, CRISC, CISM, CISA, CTPRP, ISO, SSAE Degree in Management, Finance, Business, Computer Science, Information Systems, or a related field. Skills: Knowledge of industry regulations and compliance standards. Ability to conduct thorough risk assessments and develop mitigation strategies. Strong attention to detail and organizational skills. Strong data entry skills. Excellent communication, customer service and interpersonal abilities. Will be interacting with many areas of the business as well as Senior stakeholders. Proficiency in TPRM Platforms, Microsoft Office Suite and/or other systems. Ability to work independently and collaboratively in a team environment. Ability to work quickly and effectively under pressure and time constraints. Strong English communication skills (written and spoken) with ability to explain issues and remedies.

Cyber Security Senior Advisor (A) - HIH - Evernorth About Evernorth:Evernorth Health Services, a division of The Cigna Group (NYSECI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people.Cyber Security Senior advisorJob Objective:The Information Protection Senior Advisor is responsible for conducting research, conceptualizing, designing, developing, and testing secure technology systems, including on perimeter and cloud-based networks to support to Cignas Information Protection Middle East and Africa (MEA) team. This role directly supports the MEA Portfolio covering 34x operational entities across 22x countries ensuring that security requirements are adequately addressed safeguarding the protection of sensitive policyholder data, claims information, and financial transactions.Reporting to the Head of Cyber Security Middle East & Africa, you will develop and enforce security strategies that mitigate cyber threats, protect against fraud, and ensure business continuity in a highly regulated health insurance environment. You will be required to design, implement, and oversee the security infrastructure for our business platforms in accordance with Cigna Information Protection (CIP) security architecture framework.In this role, you will work closely with CIP Architecture and Engineering, Risk Management, and Compliance teams to build secure architectures that align with internal and regulatory requirements such as SAMA CSF (KSA), ADHICS (UAE), GDPR, HIPAA, and PCI DSS.:13-16 years of experience in a Cyber Security Design and Development role.Partners with the CIP MEA leadership team to develop a regional strategy and operational plan to deliver CIP shared services to the business.Perform security reviews using CIP or Industry standards (NIST, ISO etc) to identify gaps in security architecture and controls as part of a MEA cybersecurity risk management plan.Develop and Integrate cybersecurity designs for systems and networks that require processing of multiple data classification levelsDetermine if systems and architecture are consistent with CIPs Secure Baselines and Global Security Architecture Requirements.Ensure secure third-party vendor integrations (e.g., Fronting Partners, Third Party Administrators, regulatory entities, payment processors and healthcare providers).Advise on security requirements to be included in statements of work for Cigna or JV partners procuring new technology services.Determine and Document the impact of new system and interface implementations on the cybersecurity posture of Cigna or a JV partner.Partners with the business to evaluate and translate functional requirements and integrating security policies into technical solutions.Performs comprehensive technology research to evaluate potential solutions across cyberspace systems relevant for the MEA region including Joint Venture (JV) partners.Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancements.Maintains strong working relationships with individuals and groups involved in managing security architecture engineering and technology risks across the organizationStays abreast of current and emerging security threats and designs security architectures to mitigate themSkills Needed:Ability to analyse an organisations enterprise information technology architectureAbility to apply secure network architectures and security controls into proposed solutionsAbility to identify cybersecurity or privacy issues in external or partner connectionsAbility to design systems and apply security architecture guidelines across On-Premises and Hybrid Cloud environmentsAbility to partner with Infrastructure, Cloud and Application architects to perform user needs analysis and requirements gathering for large-scale projects.Ability to develop a cyber security strategy and input into detail-oriented operational planning including capability development (People, Processes, Technology, Data).Ability to perform Controls Assurance / Attestation and deliver comprehensive risk treatment plans.Technical depth and sound knowledge in networking, cloud, desktop, server, storage, software-defined-networking, virtualization and application domainsProven communication skills, able to write and verbally communicate complex conceptsProven collaboration skills and can adapt to changing organization changing business needs, technological advances and agile methodologySelf-starter and shows empathy towards business requirements and able to influence changes to facilitate securityHealth Insurance or Health Care Industry experience is a plusTravel required, approximately 10%Qualifications:Bachelors or Masters in Cybersecurity, Computer Science, or Information Security.Qualified candidates will typically have 13+ of professional IT experience work experience, with 8+ years of experience in a security design and development roleCISSP, CISM, CCSP, CRISC or similar certifications requiredExpertise in encryption, network security, cloud security, application security and endpoint protection.Deep knowledge of security risks, data privacy laws, and fraud prevention techniques relevant to Financial Services, FinTech and Health sectors.Experience in data security standards and best practices for Personally Identifiable Information (PII) and Personal Health Information (PHI)Experience and working knowledge of NIST, HIPPA, PCI DSS & ISO 27001 certification is a plusStrong written and spoken English skills, demonstrated ability to communicate at high levels, both verbally and in reportingStrong work ethic, high drive and ability to focus. High stamina. Shows optimism and determination when facing challengesAbility to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Hi all, We are hiring for the role Information Security Risk Specialist Experience: 6 -9 Years Location: Bangalore Notice Period: Immediate - 15 Days Skills: Experience: • 5+ years of experience in information security, risk management, or related domains. Skills and Competencies: • Comprehensive understanding of frameworks such as ISO 27001, NIST Cybersecurity Framework, COSO, and COBIT. • Proven analytical expertise in evaluating and prioritizing risks effectively. • Advanced proficiency in utilizing security tools for risk assessment and mitigation. • Strong preference for candidates with certifications like CISSP, CISM, CRISC, or equivalent. • Exceptional communication and presentation skills, with a proven ability to collaborate effectively across diverse teams. • Demonstrated problem-solving capabilities, including critical thinking and informed decision-making under pressure. • Skilled in leading security initiatives and managing projects across global teams. • A strategic mindset paired with keen attention to detail. • Resourceful and decisive under high-pressure situations. • An effective team player with exceptional interpersonal and collaboration skills. Qualifications: Education: • Bachelors degree in Information Security, Cyber Security, Computer Science, Information Science, or a related field. • Advanced degrees (e.g., Masters) or certifications (e.g., CISSP, CRISC, CISM, CEH) are a plus. If you are interested drop your resume at mojesh.p@acesoftlabs.com Call: 9701971793

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education Requirements CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by submitting their request through this form that must be downloaded:click here to access or download the form. Complete the form and then email it as an attachment toFTADAAA@conduent.com.You may alsoclick here to access Conduent's ADAAA Accommodation Policy. At Conduent we value the health and safety of our associates, their families and our community. For US applicants while we DO NOT require vaccination for most of our jobs, we DO require that you provide us with your vaccination status, where legally permissible. Providing this information is a requirement of your employment at Conduent.

Experience: Minimum of 2-4 years of experience in third-party risk management, information security, or audit programs. Experience with Venminder and other TPRM platforms. Preferred certifications include CISSP, CRISC, CISM, CISA, CTPRP, ISO, SSAE Degree in Management, Finance, Business, Computer Science, Information Systems, or a related field. Skills: Knowledge of industry regulations and compliance standards. Ability to conduct thorough risk assessments and develop mitigation strategies. Strong attention to detail and organizational skills. Strong data entry skills. Excellent communication, customer service and interpersonal abilities. Will be interacting with many areas of the business as well as Senior stakeholders. Proficiency in TPRM Platforms, Microsoft Office Suite and/or other systems. Ability to work independently and collaboratively in a team environment. Ability to work quickly and effectively under pressure and time constraints. Strong English communication skills (written and spoken) with ability to explain issues and remedies.

Domain Certifications CISSP, CISA, CRISC, ISO 27001 Responsibilities Own and lead the governance program at account level for a large Financial services account with 700 + head count and multi country locations having high security Offshore Delivery Centres & Work from home teams Develop, implement and monitor Account level Information security governance program; meeting client compliance requirements proactively Perform contract reviews, cyber security risk assessments and drive compliance programs to meet contractual and organizational cyber security requirements within the client offshore delivery centres. Experience in Application security and code reviews which can be leveraged to guide and work with delivery teams on covering the cyber security risks associated with Application security, development and maintenance projects. Work closely with different teams internally like IT, business, HR, facilities, cyber security which operate at Organization level to translate client requirements and assess residual risk if required Give directions and monitor the compliance and operations activities within the account through dedicated team and work closely with account team on ensuring the compliance within account team Develop account level procedures, metrics and review programs to maintain and enhance the governance model within the account Be a single point of contact for client interactions during third party audits and liaise within the organization Prepare the account for certification and internal audit requirements based on industry standards like PCI DSS and ISO 27001 requirements Focus and objective driven to demonstrate ongoing improvements; identify early indicators of non compliance and able to draw mitigation actions Hold technical skills to participate in technical discussions for delivery centre setup, connectivity models Excellent communication skills and have demonstrated effective CXO level reviews

ROLE & RESPONSIBILTY: Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. REQUIREMENTS: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

Role & responsibilities Implement and maintain security tools (firewalls, IDS/IPS, antivirus, encryption). Conduct vulnerability assessments and manage patching efforts. Lead internal/external security audits for compliance and risk mitigation. Investigate and respond to security incidents (NIST/CSF aligned). Monitor threat intelligence and update security controls accordingly. Develop and enforce security policies and procedures. Deliver security awareness training to employees. Qualifications & Experience: Bachelors/Masters degree in Information Security, Computer Science, or a related field. 12+ years of experience in cybersecurity. In-depth knowledge of security frameworks, tools, and technologies. Core Skills: Strong analytical and problem-solving skills. Proficient in SIEM (Splunk, QRadar), EDR (CrowdStrike, SentinelOne), and vulnerability scanners (Nessus, Qualys). Experience with firewalls (Cisco, Palo Alto), IDS/IPS (Snort, Suricata). Knowledge of cloud security (AWS, Azure) and network protocols. Skilled in log analysis, malware analysis, and penetration testing. Interested candidates share your cv to recruitment@gokaldasexports.com

Security Service Operations,IT Security Technologies,CISSP, CISM, CRISC, CISA,SIEM, EDR, Email Security Gateways, Vulnerability Management Software, Firewalls,security systems, user authentication and management

The Senior Information Security Analyst reports to the Information Security Manager of the Risk Analytics and Compliance team within the Information Security Governance, Risk, and Compliance (GRC) department. Responsibilities: Subject Matter Expertise: Acts as a subject matter expert on disaster recovery compliance. Exposure and Knowledge Building: Gains exposure to UPS information security and disaster recovery program and mission, focusing on building knowledge and experience in business continuity and disaster recovery (DR) services Compliance Understanding: Understands the disaster recovery compliance requirements within the UPS Standard Practice Manual Application Team Collaboration :Works with application teams to assist in developing complete and high-quality disaster recovery planning (DRP) assessments Strategic Planning: Engages in strategic planning to improve and mature the disaster recovery program Operational Support: Supports the DR program by performing operational activities, including developing understanding of DRP assessments and exercise assessment templates Training and Awareness: Manages training and awareness campaigns, design, develop, and executes IT disaster recovery awareness campaigns and associated training to ensure compliance and quality of materials produced Compliance Reporting: Generates reports on DR compliance metrics by performing daily system operational audits Issue Investigation: Investigates issues and escalates as appropriate to support effective resolutions Audit Checks: Conducts audit checks, reviews completed DRP assessments and exercise assessments, assigns risk based on assessment review findings, re-audits previously reviewed plans with assigned risks, and conducts review meetings with plan respondents to provide appropriate guidance Internal Customer Support: Assists IT teams in developing clear, concise, and executable plans for recovery to ensure resiliency, investigates recovery plan resiliency issues and gaps, escalates as appropriate, tracks and manages remediation of risks and deficiencies identified during audits, and provides guidance and best practices in planning for exercises Customer Inquiries: Handles internal customer inquiries and concerns received via emails, Teams, and phone calls related to OneTrust GRC platform, Disaster Recovery Plan Assessments, general DR policies, and DR best practices Qualifications: Bachelors degree in Computer Science, Computer Engineering, Information Security, or related field 3 years experience in Information Security role and/or Information security certification e.g, CISA, CRISC, CISM, GSEC, CBCP - Certified Business Continuity Professional

Job Title- Associate Location- Pune, Bangalore India About DWS Group DWS Group (DWS) is one of the world's leading asset managers with EUR 700bn of assets under management (as of 31 March 2020). Building on more than 60 years of experience and a reputation for excellence in Germany and across Europe, DWS has come to be recognized by clients globally as a trusted source for integrated investment solutions, stability, and innovation across a full spectrum of investment disciplines. We offer individuals and institutions access to our strong investment capabilities across all major asset classes and solutions aligned to growth trends. Our diverse expertise in Active, Passive and Alternatives asset management as well as our deep environmental, social and governance focus –complement each other when creating targeted solutions for our clients. Our expertise and on-the-ground-knowledge of our economists, research analysts and investment professionals are brought together in one consistent global CIO View, which guides our investment approach strategically. DWS wants to innovate and shape the future of investing: with approximately 3,500 employees in offices all over the world, we are local while being one global team. We are investors –entrusted to build the best foundation for our clients’ future. What we’ll offer you As part of our flexible scheme, here are just some of the benefits that you’ll enjoy. Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your key responsibilities This role will support India DCO office with activities as outlined below: Lead comprehensive control evaluations and substantive testing to independently assess the design and effectiveness of controls within the newly established Independent Testing Team Assess end to end business processes to identify significant gaps and determine issue root causes. Partners with business units to perform control evaluations, monitoring and testing efforts within Compliance and Operation Risk Framework to identify control gaps as well as opportunities for effectiveness and efficiency improvements. These assessments will include coverage for other regulatory programs including SOX Apply critical thinking skills to substantive testing techniques to thoroughly evaluate the effectiveness of high-risk business processes. Assess and monitor risks, ensuring compliance with firm standards, regulatory requirements, and industry best practices. Collaborate with cross-functional teams and stakeholders to support control design and effectiveness. Foster collaboration with Compliance and Operational Risk Officers on various engagements. This includes developing detailed test scripts, facilitating issue discussions, participating in business meetings, and drafting comprehensive final reports to ensure alignment and clarity. Develop and execute robust control test scripts aimed at identifying control weaknesses, determining root causes, and recommending practical solutions to enhance operational efficiency and control effectiveness. Document test steps and results in a comprehensive and organized manner, ensuring sufficient support and justification for testing conclusions. Maintain a high standard of documentation to facilitate transparency and accountability. Ensure compliance with internal policies, procedures, and external laws, rules, and regulations, while identifying necessary remediation actions. This includes developing and executing testing procedures, meticulously documenting results, drawing informed conclusions, making actionable recommendations, and distributing detailed compliance testing review reports. Lead meetings with business owners at various management levels, delivering testing results and supporting sustainable control enhancements. Identify and capitalize on opportunities to strengthen controls and improve operational efficiency. Your preferred skills and experience Bachelor's degree in information security or related field required, with a preference towards master's degree. Demonstrated ability to analyse complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders. Proficient knowledge of risk management frameworks, regulations, and industry best practices Strong and progressive Auditing or Control Testing experience with current knowledge and understanding of Control testing methodology. Experience developing test scripts, audit programs, or testing templates. 6+ years in information security management and governance, with a focus on control design and testing Detailed experience in ISO 27001, GDPR, COBIT, KAIT, BAIT, etc. and other cyber security frameworks Good to have Certifications: CRISC, CISSP, CISM, CISA, ISO 27001 Lead Implementer/ Auditor Should possess strong communication skills (written/ spoken) Should be skilled to work with minimal supervision. Strong analytical and strategic mindset along with the ability to collaborate with different stakeholders including top management representatives. How we’ll support you Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

In this role, you will: Manage and develop a team of managers, experienced officers, and officers in roles with moderate complexity and risk in accomplishing goals and priorities associated with the functional area Engage and influence corporate heads, business heads, legal, audit, regulators, and industry partners associated with the function, or who are affected by its outcomes Identify and recommend Business Controls opportunities for process improvement and risk control development by managing and directing teams on strategy and execution of activities Determine appropriate strategies and actions of Business Controls functional area to meet moderate to high risk deliverables by ensuring that all business risk issues are proactively identified and addressed appropriately Interpret and develop policies and procedures for functions with moderate complexity within defined scope of responsibility Collaborate with and influence key stakeholders including managers Interact directly with relevant business groups Manage allocation of people and financial resources to ensure commitments are met and aligned with strategic objectives in Business Controls functional area Develop and guide a culture of Business Controls talent development to meet business objectives and strategies Required Qualifications: 6+ years of Risk Management or Business Controls experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education 3+ years of management or leadership experience Desired Qualifications: Manage and develop a team of Managers and/or Sr Officers, Officers, Associates, Specialists from cross-functional teams in accomplishing group strategic priorities. Execute against the key control pillars of Risk Assessment, Control Design, Governance, Control Programs and Issue Management The Control Sr Manager is the responsible risk management leader for control activities within Digital Technology and Innovation (DTI). The control leader is accountable to DTI team leaders for ensuring implementation of key front line risk programs, regulatory and enterprise risk programs. Need to work closely with other leaders in the Digital Technology space in the development and execution of company risk management strategies. Accordingly, critical success factors will include knowledge of risks in Technology, Information security, Software Development Life Cycle (SDLC) and Generative AI (Gen AI) fields and partner with the stakeholders to present opportunities or reflect gaps in the Companys risk management execution/direction. Execute and implements business control priorities and strategy ; drive the control agenda across the business. Act as an advisor to technology leaders in developing risk mitigation strategies for technology release processes to address specific risk across different software development life cycle areas. Evaluate and provide strategic guidance for programs, policies and procedures to ensure alignment with regulatory requirements and risk strategies. Identify, recommend and ensure adherence to Controls in the various stages of software development life cycle. Support the business for the design of business-specific risk controls/processes and development of remediation plans to address any control weaknesses or gaps and identifies opportunities for enhancements. Ensures that business control issues are proactively identified and addressed appropriately, escalating where necessary. Oversees programs or initiatives related to a line of business and/or an Enterprise strategy with considerable impact across the Enterprise and externally and ensure appropriate plans to ensure delivery of the initiative. Key interface and fosters relationships with corporate, business heads, Corporate Risk, Legal, Audit, regulators, and industry partners regarding risk management of business-specific risk programs. Manage allocation of people and financial resources to ensure commitments are met and aligned with strategic objectives in Business Controls functional area Develop and guide a culture of Strong Controls Mindset , talent development to meet business objectives and strategies Job Expectations: B Sc, B Com, BBM, MBA, M Com with Business, Finance, Banking, Accounting or Economics as preferred major subject. Demonstrated knowledge of Technology and Security risk frameworks ISO 27001, COSO, FAIR, COBIT, DevSecOps & Secure Software Development Frameworks, NIST CSF, AI RMF etc One or more industry certifications like CISA/ CISM/ CRISC/ CISSP/ CCSP or equivalent Strong Risk and Control fundamentals. Extensive understanding of Technical, SDLC, Information Security Risk Management in the Financial Services Industry. Experience in assessing risk, reviewing risk ratings, and identifying control deficiencies. Experience in building and managing teams , developing talent, and providing strong, proactive leadership. Proficient at effectively working and collaborating with teams within a matrixed organization. Experienced in building constructive and effective relationships . Delivers on commitments and renegotiates when needed. Strong sense of accountability. Creates and mentors on building constructive and effective relationships. Risk management experience with demonstrated leadership skills and ability to drive improvements. Proficient at influencing and consulting strategically across a large organization and with various levels of leadership/stakeholders. Balance strong, innovative problem-solving skills with the practical ability to implement workable solutions to problems in a fast-paced, deadline driven environment. Effectively communicates in both written and verbal formats with senior executive-level leaders. Demonstrate negotiation skills, especially with difficult topics when partnering with senior management. This includes the willingness and ability to question decisions, understand direction and escalate issues, where necessary. Ability to synthesize data from a variety of sources and deliver results quickly. Demonstrate ability to deliver high quality output from self and team. Demonstrated knowledge of defining and executing risk assessment frameworks focused on novel, emerging and mainstream technologies inclusive of distributed ledger technology, cloud operations, artificial intelligence.

Identifying, assessing, and solving complex business problems for area of responsibility, where analysis of situations or data requires an in-depth evaluation of variable factors Overseeing the development of Security solutions, architecture, design, asset documentation etc. Experience in assessment and implementation of security industry and regulatory compliance standards like ISO 27001, NIST, HIPAA, GDPR, CSA STAR compliance, PCI DSS, GDPR, CCPA, HITRUST Drafting policies, procedures and assist with security process development Experience in cloud assurance. Building security strategy, security operating model for cloud- based solutions, deployments, or migration Leading Security RFP response and security solutioning specific to client needs Experience in Gap, risk and maturity Assessments, Remediation recommendations and drafting To-Be Security architecture for clients Exposure to risk management, risk quantification Helping solve key business problems and challenges by enabling a security architecture transformation, painting a picture of, and charting a journey from the current state to a "to-be" enterprise environment Experience in participating in client presentations & orals for proposal defense etc. Implementing programs/interventions that prepare the organization for the implementation of new business processes Assisting our clients to build the required capabilities for growth and innovation to sustain high performance Managing multi-disciplinary teams to shape, sell, communicate, and implement programs Provide thought leadership to the downstream teams for developing offerings and assets Mentoring and developing our people Professional certifications like CISSP, CISA, CISM, CEH, ISO27001, CRISC, CCSK Qualifications TBC

We are hiring for a tech-enabled global consulting firm specializing in ESG, Accounting, and Reporting Consulting (ARC) . We leverage top global talent to provide expert solutions in governance, risk, compliance, sustainability, and financial reporting . Our focus on cutting-edge technology and deep industry expertise enables businesses to navigate complex regulations and drive sustainable growth. Job Title: Manager / AM / Consultant Governance, Risk, and Compliance (GRC) Location: Gurgaon, Bangalore, Mumbai and Chennai Job Type: Full-time / Consulting Job Overview: We seek an experienced Manager / AM / Consultant GRC to lead risk management, compliance, and governance initiatives. The role involves advising clients on regulatory frameworks, conducting risk assessments, and implementing GRC strategies. Key Responsibilities: Develop & implement GRC frameworks, policies, and controls. Ensure compliance with ISO 27001, NIST, GDPR, SOX, HIPAA, PCI-DSS & other regulations. Conduct risk assessments, internal audits, and compliance gap analyses . Advise on enterprise risk management (ERM) and business continuity strategies. Lead GRC consulting projects, stakeholder engagement, and training sessions. Recommend and implement GRC tools (Archer, ServiceNow, OneTrust). Qualifications & Skills: 8+ years in GRC, risk advisory, compliance, or cybersecurity. Strong knowledge of risk frameworks, regulatory compliance, and industry standards . Experience with GRC tools & process automation . Preferred certifications : CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor . Excellent analytical, leadership, and communication skills . Why Join Us? Lead high-impact GRC projects. Competitive salary & growth opportunities. Work in a dynamic consulting environment. If youre a seasoned GRC professional , wed love to hear from you! Please share resumes- casamenteroconsulting@gmail.com