82 Crisc Jobs - Page 4

Domain Certifications CISSP, CISA, CRISC, ISO 27001 Responsibilities Own and lead the governance program at account level for a large Financial services account with 700 + head count and multi country locations having high security Offshore Delivery Centres & Work from home teams Develop, implement and monitor Account level Information security governance program; meeting client compliance requirements proactively Perform contract reviews, cyber security risk assessments and drive compliance programs to meet contractual and organizational cyber security requirements within the client offshore delivery centres. Experience in Application security and code reviews which can be leveraged to guide and work with delivery teams on covering the cyber security risks associated with Application security, development and maintenance projects. Work closely with different teams internally like IT, business, HR, facilities, cyber security which operate at Organization level to translate client requirements and assess residual risk if required Give directions and monitor the compliance and operations activities within the account through dedicated team and work closely with account team on ensuring the compliance within account team Develop account level procedures, metrics and review programs to maintain and enhance the governance model within the account Be a single point of contact for client interactions during third party audits and liaise within the organization Prepare the account for certification and internal audit requirements based on industry standards like PCI DSS and ISO 27001 requirements Focus and objective driven to demonstrate ongoing improvements; identify early indicators of non compliance and able to draw mitigation actions Hold technical skills to participate in technical discussions for delivery centre setup, connectivity models Excellent communication skills and have demonstrated effective CXO level reviews

ROLE & RESPONSIBILTY: Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. REQUIREMENTS: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

Role & responsibilities Implement and maintain security tools (firewalls, IDS/IPS, antivirus, encryption). Conduct vulnerability assessments and manage patching efforts. Lead internal/external security audits for compliance and risk mitigation. Investigate and respond to security incidents (NIST/CSF aligned). Monitor threat intelligence and update security controls accordingly. Develop and enforce security policies and procedures. Deliver security awareness training to employees. Qualifications & Experience: Bachelors/Masters degree in Information Security, Computer Science, or a related field. 12+ years of experience in cybersecurity. In-depth knowledge of security frameworks, tools, and technologies. Core Skills: Strong analytical and problem-solving skills. Proficient in SIEM (Splunk, QRadar), EDR (CrowdStrike, SentinelOne), and vulnerability scanners (Nessus, Qualys). Experience with firewalls (Cisco, Palo Alto), IDS/IPS (Snort, Suricata). Knowledge of cloud security (AWS, Azure) and network protocols. Skilled in log analysis, malware analysis, and penetration testing. Interested candidates share your cv to recruitment@gokaldasexports.com

Security Service Operations,IT Security Technologies,CISSP, CISM, CRISC, CISA,SIEM, EDR, Email Security Gateways, Vulnerability Management Software, Firewalls,security systems, user authentication and management

The Senior Information Security Analyst reports to the Information Security Manager of the Risk Analytics and Compliance team within the Information Security Governance, Risk, and Compliance (GRC) department. Responsibilities: Subject Matter Expertise: Acts as a subject matter expert on disaster recovery compliance. Exposure and Knowledge Building: Gains exposure to UPS information security and disaster recovery program and mission, focusing on building knowledge and experience in business continuity and disaster recovery (DR) services Compliance Understanding: Understands the disaster recovery compliance requirements within the UPS Standard Practice Manual Application Team Collaboration :Works with application teams to assist in developing complete and high-quality disaster recovery planning (DRP) assessments Strategic Planning: Engages in strategic planning to improve and mature the disaster recovery program Operational Support: Supports the DR program by performing operational activities, including developing understanding of DRP assessments and exercise assessment templates Training and Awareness: Manages training and awareness campaigns, design, develop, and executes IT disaster recovery awareness campaigns and associated training to ensure compliance and quality of materials produced Compliance Reporting: Generates reports on DR compliance metrics by performing daily system operational audits Issue Investigation: Investigates issues and escalates as appropriate to support effective resolutions Audit Checks: Conducts audit checks, reviews completed DRP assessments and exercise assessments, assigns risk based on assessment review findings, re-audits previously reviewed plans with assigned risks, and conducts review meetings with plan respondents to provide appropriate guidance Internal Customer Support: Assists IT teams in developing clear, concise, and executable plans for recovery to ensure resiliency, investigates recovery plan resiliency issues and gaps, escalates as appropriate, tracks and manages remediation of risks and deficiencies identified during audits, and provides guidance and best practices in planning for exercises Customer Inquiries: Handles internal customer inquiries and concerns received via emails, Teams, and phone calls related to OneTrust GRC platform, Disaster Recovery Plan Assessments, general DR policies, and DR best practices Qualifications: Bachelors degree in Computer Science, Computer Engineering, Information Security, or related field 3 years experience in Information Security role and/or Information security certification e.g, CISA, CRISC, CISM, GSEC, CBCP - Certified Business Continuity Professional

The Team The OSTTRA Technology teamis composed of Capital Markets Technology professionals, who build,supportand protect the applications that operate our network. The technology landscapeincludeshigh-performance, high-volume applications as well as compute intensive applications,leveragingcontemporary microservices, cloud-based architectures. The Impact: Together, we build, support, protect and manage high-performance, resilient platforms that process more than 100 million messages a day. Our services are vital to automated trade processing around the globe, managing peak volumes and working with our customers and regulators to ensure the efficient settlement of trades and effective operation of global capital markets. Whats in it for you: We are seeking a highly motivated and experienced Information Security person to join our growing security team. In this role, you will be responsible for managing and optimizing our Data Loss Prevention (DLP) solutions, ensuring compliance with relevant security standards i.e. ISO 27001, NIST and implementing and maintaining robust Identity and Access Management (IAM) and Privileged Access Management (PAM). You will play a crucial role in protecting our sensitive data and ensuring the security posture of our organization. This is an excellent opportunity to be part of a team based out of Gurgaon and to work with colleagues across multiple regions globally. Responsibilities Data Loss Prevention (DLP) Management: Implement, Manage, and optimize DLP tools policies to prevent data leaks and ensure data protection. Develop and maintain DLP policies and procedures. Regularly update and fine-tune DLP rules to adapt to evolving data protection needs. Monitor and analyse DLP alerts and incidents and perform incident response. Provide training and guidance to users on DLP best practices. Implement real-time monitoring and logging for data movement and access patterns. Generate detailed reports on data loss attempts, policy breaches, and user behavior anomalies. Evaluate and recommend improvements to existing DLP solutions. Develop playbooks for quick response to DLP-related threats and incidents. Perform regular data flow assessments to identify unprotected data paths Identity and Access Management (IAM) and Privileged Access Management (PAM): Manage requirements around IAM and PAM security, including user provisioning, access control, and privileged access management. Develop and enforce IAM and PAM policies and procedures. Conduct regular access reviews and audits. Generate compliance reports for internal and external audits (e.g., SOX, GDPR, PCI-DSS). Troubleshoot IAM and PAM issues together with the respective Infrastructure teams. Integrate IAM/PAM systems with other security and business applications. Regularly evaluate IAM/PAM solutions to keep pace with emerging threats and technologies. Information Security Compliance: Ensure compliance with relevant security standards and regulations, including ISO 27001, NIST Standard Conduct internal security audits and assessments. Develop and maintain security documentation and procedures. Assist with external security audits and assessments. Stay up to date on the latest security threats and vulnerabilities. Other Duties: Provide security consulting and support to other teams. Knowledge on Application Pen testing would be an added advantage Evaluate and recommend new security technologies and solutions. Participate in security awareness training and initiatives. Understanding on Technology & Security Risk Management and Vendor Risk Management Framework What Were Looking For Qualifications 7 to 8 years experience working in IT Security & GRC in multiple capacities. Bachelors in IT, Computer Science, Cyber Security, or equivalent experience required. Proven experience with DLP tools and technologies (e.g., Symantec DLP, Forcepoint DLP, Microsoft Information Protection, Zscaler etc.) and certification on these tools would be added advantage Strong understanding of IAM and PAM concepts, tools and technologies and certification on these tools would be added advantage In-depth knowledge of ISO 27001 and other relevant security standards and regulations. Certification like ISO 27001, CISA, CRISC, CISM etc. would be an added advantage. Competencies: The ability to multitask, act under pressure and quickly identify and deal with priority matters under tight deadlines. Attention to detail is essential. The ability to handle multiple inquiries at any one time, often under considerable deadline pressure. The ability to work both independently and as part of a team. Desired Skills: Excellent written and spoken English. Detail oriented with excellent research, analytical and critical thinking skills. Strong documentation, oral and written communications, and interpersonal skills.

6+ yrs of exp in Cyber Security consulting, with min 3 yrs in leadership role Expertise in cybersecurity frameworks & standards such as NIST, ISO 27001, GDPR, DPDPA, PCI DSS, etc. Exp in GDPR, VAPT, App security. Must have exp in consulting