9 Cybersecurity Frameworks Jobs

Job description The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level:8 + years. Location: Hyderabad / Bengaluru Required skills: 6 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA

Job description The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level:5 + years. Location: Hyderabad / Bengaluru Required skills: 4 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA

Job description The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments: Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reporting : Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring: Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level: 3+ years. Location: Hyderabad / Bengaluru Required skills: 3 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA

In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology. Your role and responsibilities The SIEM Administrator will be responsible for administering the deployed SIEM service. The candidate is also expected to have hands on experience of deploying a SIEM solution from scratch, where the candidate should have the skills and knowledge to gather all the required information to build the SIEM solution. In-depth knowledge of technical approaches in security analytics, monitoring and alerting. Maintains technical knowledge within areas of expertise. This role is also responsible for identifying, analyzing, developing new or tuning & Refinement of the content or use cases. Strong problem solving and troubleshooting skills including the ability to perform root cause analysis for preventative investigation Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Should have experience in any of the query language i.eAQL ,KQL, SPL, LEQL etc for writing the complex queries & saved search creation. Should have strong knowledge of different cybersecurity frameworks i.e.MITRE, NIST and Cyber kill chain model. Should have understanding of regular expression writing and custom parsing Preferred technical and professional experience Collaborate with key stakeholders within technology, application and cyber security to develop use cases to address specific business needs. Create technical documentation around the content deployed to the SIEM. Creates and develops correlation and detection rules with SIEM solution, reports & dashboards to detect emerging threats

In this vital role, you will collaborate closely with cybersecurity departments to identify and define automation requirements that streamline security processes and incident responses. You will create and refine automation playbooks using low-code platforms, integrate new and existing security tools, and develop custom APIs to ensure seamless inter-connectivity among systems. Additionally, you will engage in the selection and tuning of machine learning algorithms tailored to address specific security challenges faced by the organization. A key component of the role is to maintain up-to-date technical documentation and user guides to support the ongoing use and understanding of automated systems. As the Security Automation Engineer, you must also keep abreast of the latest cybersecurity trends and technologies, sharing insights and best practices with the team to continually enhance the organization's security posture. Roles & Responsibilities Create playbooks using a low-code platform to streamline security operations. Integrate new and existing security tools and platforms; Design, code, and integrate custom APIs. Create technical documentation and user guides. Continuously monitor and maintain the automation platform and ensure that all systems and applications are up to date with the latest security patches and updates. Ensure compliance with relevant regulations (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, NIST). Keep up to date with the latest security threats, trends, and technologies, and provide recommendations for improving security operations. Triage issues found by tools, external reports, and various tests, to accurately assess the real risks. Offer remediation guidance to partners for identified issues and serve as an escalation resource for developers as they reduce issues. Basic Qualifications Education and Experience:Master's degree and 1 to 3 years of directly related experience; OR Bachelor's degree and 3 to 5 years of directly related experience; OR Diploma and 7 to 9 years of directly related experience. Must-Have Skills Proficiency in Python scripting and automation. Experience with REST API technology. Experience with Linux is a MUST. Experience with Security Orchestration Automation and Response (SOAR) tools (e.g., Swimlane, Cortex XSOAR, etc.). Experience with development of automation playbooks and integrating multiple security tools to enhance efficiency and effectiveness. Preferred Qualifications Knowledge of cybersecurity frameworks, technologies, and best practices. Experience in risk management, incident response, and security governance. Knowledge of security architecture frameworks and principles. Professional Certifications CEH (preferred) CompTIA Security+ (preferred) RHCSA (preferred) CISSP (preferred) Soft Skills Excellent analytical and troubleshooting skills. Strong verbal and written communication skills. Ability to work effectively with global, virtual teams. High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team-oriented, with a focus on achieving team goals. Strong presentation and public speaking skills.

What you will do Role Description: In this vital role you will collaborate closely with cybersecurity departments to identify and define automation requirements that streamline security processes and incident responses. The engineer will create and refine automation playbooks using low-code platforms, integrate new and existing security tools, and develop custom APIs to ensure seamless inter-connectivity among systems. Additionally, the engineer will engage in the selection and tuning of machine learning algorithms tailored to address specific security challenges faced by the organization. A key component of the role is to maintain up-to-date technical documentation and user guides to support the ongoing use and understanding of automated systems. The Security Automation Engineer must also keep abreast of the latest cybersecurity trends and technologies, sharing insights and standard processes with the team to continually enhance the organizations security posture. Roles & Responsibilities: Create playbooks using a low-code platform to streamline security operations Integrate new and existing security tools and platforms; Design, code, and integrate custom APIs. Create technical documentation and user guides. Continuously monitor and maintain the automation platform and ensure that all systems and applications are up to date with the latest security patches and updates. Ensure compliance with relevant regulations (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, NIST). Keep up to date with the latest security threats, trends, and technologies, and provide recommendations for improving security operations. Triage issues found by tools, external reports, and various tests, to accurately assess the real risks. Offer remediation guidance to partners for identified issues and serve as a customer concern resource for developers as they reduce issues. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Masters degree and 1 to 3 years of directly related experience OR Bachelors degree and 3 to 5 years of directly related experience OR Diploma and 7 to 9 years of directly related experience. Must-Have Skills: Proficiency in Python scripting and automation Experience with REST API technology Experience with Linux is a MUST Experience with Security Orchestration Automation and Response (SOAR) tools (e.g. Swimlane, Cortex XSOAR, etc.) Experience with development of automation playbooks and integrating multiple security tools to enhance efficiency and effectiveness Preferred Qualifications: Knowledge of cybersecurity frameworks, technologies, and standard methodologies Experience in risk management, incident response, and security governance Knowledge of security architecture frameworks and principles Professional Certifications: CEH (preferred) CompTIA Security+ (preferred) RHCSA (preferred) CISSP (preferred) Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills

ABOUT THE ROLE The Senior Manager Information Security is responsible for leading the security automation product team and driving the development, integration and continuous improvement of a security automation platform. This role combines strong leadership, technical acuity, and product ownership skills to supervise a growing team responsible for automating security workflows, integrating tools, improving operational efficiency, and strengthening the overall cybersecurity posture. As the product owner of the security automation platform and service, the Senior Manager Information Security collaborates with collaborators to deliver impactful automations and maintain a scalable, secure, and resilient automation infrastructure. Key aspects of the role include aligning automation projects with organizational security goals, fostering innovation in machine learning applications, and ensuring the adoption of industry-leading practices by staying ahead of with evolving threats and trends. Roles & Responsibilities: Lead and mentor a team of security automation engineers, data engineers, and data scientists, fostering a collaborative and high-performance culture Oversee the security automation service, ensuring effective operations, prioritization, and continuous alignment with business and security goals Oversee the security automation product team to ensure adherence to SAFe/Agile methodologies and definitions of done, maintaining high-quality standards in deliverables Oversee the seamless operation, scalability, and efficiency of a cloud-based security automation solution, ensuring continuous enhancement of security controls and automation capabilities Develop strategies to streamline incident response, threat detection, and remediation processes using automation capabilities Drive and manage the seamless integration of new and existing security tools, platforms, and workflows to ensure a cohesive and optimized automation ecosystem Ensure compliance with relevant regulations (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, NIST) Collaborate with collaborators to establish and supervise critical metrics related to SAFe implementation Generate and maintain security reports, metrics, and dashboards for management review Keep up to date with the latest security threats, trends, and technologies, and provide recommendations for improving security operations Build and deliver knowledge sharing presentations and documentation to educate developers and operations teams on application security standard methodologies and secure coding techniques Triage and assess findings from tools, external reports, and tests to determine real risks and prioritize remediation efforts Offer remediation guidance to partners for identified issues and serve as a customer concern resource for developers as they reduce issues What we expect of you We are all different, yet we all use our unique contributions to serve patients. The professional we seek is a senior manager with these qualifications. Basic Qualifications: Masters degree and 8 to 10 years of Scrum teams management or related field experience OR Bachelors degree and 8 to 10 years of in Scrum teams management or related field experience OR Diploma and 12 to 14 years of in Scrum teams management or related field experience. Preferred Qualifications: Experience managing and scaling security automation platforms and tools (e.g., SOAR) Demonstrated success in leading high-performing technical teams in an agile environment Strong understanding of integrating security tools and data platforms (SIEM, EDR, IAM, etc.) In-depth knowledge of cybersecurity frameworks, technologies, and best practices Experience in risk management, incident response, and security governance Strong knowledge of security architecture frameworks and principles Strong understanding of common software and web application security vulnerabilities Excellent communication, stakeholder management, and analytical skills. Good-to-Have Skills: Experience with network security, endpoint protection, and incident response Proficiency in scripting and automation (e.g., Python, Bash) is a plus Professional Certifications: CEH (preferred) CompTIA Security+ (preferred) CISSP (preferred) TOGAF (preferred) Certified Scrum Product Owner (CSPO), or equivalent (preferred) Soft Skills: Initiative to explore alternate technology and approaches to solving problems Skilled in breaking down problems, documenting problem statements, and estimating efforts Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team-oriented, with a focus on achieving team goals

The Technology Infrastructure Manager will be a highly experienced IT professional responsible for overseeing the entire technology infrastructure of the organization, including networks, servers, data storage, and security systems, with a focus on planning, implementation, maintenance, and optimization to ensure reliable and efficient operations aligned with all business goals. Strategic Planning and Leadership IT infrastructure planning and roadmap development Budgeting and cost optimization for IT operations Aligning technology with business objectives Cloud Computing Strategy Cloud platforms : AWS, Azure, Google Cloud Hybrid and multi-cloud environments Cloud security best practices Cloud migration strategies Infrastructure as Code (IaC) : Terraform, CloudFormation Security and Compliance Cybersecurity frameworks : NIST, ISO 27001, CIS benchmarks Network security : Firewalls, VPNs, IDS/IPS Identity & Access Management (IAM) : Okta, Azure AD, AWS IAM Regulatory compliance : GDPR, HIPAA, SOX Endpoint security & threat management Vendor Management Experience negotiating contracts and service-level agreements (SLAs) Working with technology vendors and managed service providers (MSPs) Knowledge of licensing and subscription models Technical Expertise Networking : TCP/IP, DNS, DHCP, VLANs, SD-WAN Server Administration : Windows Server, Linux (RHEL, Ubuntu) Virtualization : VMware, Hyper-V, KVM Storage Solutions : SAN, NAS, Object Storage Backup & Disaster Recovery : Veeam, Commvault, Azure Backup Monitoring & Observability : Grafana, Prometheus, Nagios, Splunk Database Management : SQL Server, MySQL, PostgreSQL, NoSQL (MongoDB, Cassandra) Enterprise Applications : Microsoft 365, Active Directory, Exchange, SharePoint Scripting & Automation : PowerShell, Python, Bash Leadership and Management Team leadership & mentoring IT staff Incident management and escalation handling ITIL framework knowledge for service management Business Acumen Understanding of enterprise IT budgeting and cost control Risk management and business continuity planning Stakeholder communication and executive reporting

The role will be expected to : Work with GRC partners to define the working processes and artifact templates for the control event response portion of the CCM program Analyze data to conduct root cause analysis in partnership with SMEs to understand control drift, gaps, outages and other gaps Define and scope control event remediation efforts in cooperation with control owners and implementors Track control event remediations to closure and report status as necessary to stakeholders and leadership Skills Required Excellent problem solving skills Strong verbal and written skills to interact with global teams and customers Strong understanding of GRC to include industry cybersecurity frameworks Good Data analysis skills Good understanding of technology and information security controls such as authentication, data security, logging, application security and change management Skills desired Experience with process design Good understanding of risk management Strong skills with desktop productivity software for data analysis, such as Microsoft Excel Experience with data analysis using query and scripting languages such as SQL and Python