353 Hitrust Jobs

Cortex is urgently hiring for the role : ''Data Engineer'' Experience: 5 to 8 years Location: Bangalore, Noida, and Hyderabad (Hybrid, weekly 2 Days office must) NP: Immediate to 10days only Key skills: Candidates Must have experience in Python, Kafka Stream, Pyspark, and Azure Databricks Role Overview We are looking for a highly skilled with expertise in Kafka, Python, and Azure Databricks (preferred) to drive our healthcare data engineering projects. The ideal candidate will have deep experience in real-time data streaming, cloud-based data platforms, and large-scale data processing. This role requires strong technical leadership, problem-solving abilities, and the ability to collaborate with cross-functional teams. Key Responsibilities Lead the design, development, and implementation of real-time data pipelines using Kafka, Python, and Azure Databricks. Architect scalable data streaming and processing solutions to support healthcare data workflows. Develop, optimize, and maintain ETL/ELT pipelines for structured and unstructured healthcare data. Ensure data integrity, security, and compliance with healthcare regulations (HIPAA, HITRUST, etc.). Collaborate with data engineers, analysts, and business stakeholders to understand requirements and translate them into technical solutions. Troubleshoot and optimize Kafka streaming applications, Python scripts, and Databricks workflows. Mentor junior engineers, conduct code reviews, and ensure best practices in data engineering. Stay updated with the latest cloud technologies, big data frameworks, and industry trends. If you are interested kindly send your resume to us by just clicking '' easy apply''. This job is posted by Aishwarya.K Business HR - Day recruitment Cortex Consultants LLC (US) | Cortex Consulting Pvt Ltd (India) | Tcell (Canada) US | India | Canada

Title: information Security Lead Location: Gurugram/Work from Home Shift: Night Shift Mandatory skills: 8+ yrs in Information Security, including audits& compliance, certification (any- CISSP, CISA, ISO27001, SOC) Position Summary The Information Security Lead is responsible for designing, implementing, and managing a comprehensive information security program to protect organizational systems, infrastructure, and sensitive data from cyber threats and breaches. This role requires a strong blend of technical expertise, strategic planning, and leadership to ensure regulatory compliance (e.g., HIPAA, HITRUST CSF, PCI-DSS), mitigate risks, and maintain a secure operating environment. The role also includes leading external audit and certification processes, managing security operations, and aligning security strategies with business objectives. Minimum Qualifications - Experience: Minimum of 8 years in Information Security, including audit and compliance - Certifications: CISSP, CISA, ISO 27001, SOC 2 Key Responsibilities - Develop and maintain enterprise-wide information security policies and programs - Ensure compliance with industry standards and regulatory frameworks, including HIPAA, HITRUST, PCI-DSS, ISO 27001, GLBA, - Hands-on experience conducting risk management by identifying gaps and providing strategies for mitigation. - Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards (e.g. GLBA, SOX). Interested individuals can apply here or share the profile to hr@lancetechsolutions.com Job Type: Full-time Pay: ₹2,000,000.00 - ₹2,500,000.00 per year Benefits: Work from home Work Location: In person

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Senior Associate Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " JOB DESCRIPTION ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Purpose of the Job /Role Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Roles And Responsibilities Strong understanding of IT General Controls domains such as Change Management ,User Access Management, IT Operations, Back and Recovery Management etc Strong understanding of the third-party risk management Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts Should understand complete assessment lifecycle from assessment scoping to project deliverables Great communication skills and the ability to break down and explain complex data security problems Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels Education Mandatory Skill Sets ITGC Preferred Skills Sets IT Risk Assessment Years Of Experience Required 4 years Minimum Qualification: BE/ BTech, Postgraduates in any stream would be preferred (not mandatory) Prior Big 4 experience would be an added advantage Experience in IT Risk Advisory/ Assurance for varied industry segments preferred Excellent communication skills - both written and oral Certifications: CIA/CISA/CISM will be added advantage Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology, Master of Business Administration Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills ITGC Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Analytical Thinking, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Creativity, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Embracing Change, Emotional Regulation, Empathy, Financial Accounting, Financial Audit {+ 24 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. The Position We are seeking a knowledgeable and experienced ISO 13485 Quality Management Expert to lead and support the implementation, and maintenance of our Quality Management System (QMS) in compliance with ISO 13485:2016, MDSAP and relevant regulatory requirements. The ideal candidate will play a key role in ensuring that our medical device products meet the highest standards of quality and safety. Lead the development, implementation, and continuous improvement of the QMS in accordance with ISO 13485 and applicable regulatory requirements (e.g., FDA 21 CFR Part 820, MDR) Prepare for and manage internal and external audits (including notified body, regulatory agency) Conduct risk assessments, gap analyses, and process validations Ensure proper documentation, training, and compliance across all quality-related functions Support the creation and revision of SOPs, work instructions, forms, and other quality documents Collaborate with cross-functional teams (engineering, regulatory affairs, Global Q&R etc.) to ensure product and process quality throughout the lifecycle Monitor quality KPIs and prepare reports for management review Identify and lead corrective and preventive actions (CAPAs), non-conformances (NCs), and root cause analyses (RCAs) Provide ISO 13485 and QMS training to employees at all levels Monitor training compliance for the site 5+ Years experience; recognised internally as an expert in own job discipline Bachelor’s / Master degree in Life Science, Data Science, Engineering or related subject or equivalent experience. Experience working in a Software as a Medical Device (SaMD) environment is preferred In-depth knowledge of ISO 13485, ISO 14971, IEC 62304, IEC 82304, FDA, QSR, EU-MDR and legislation for Software as a Medical Device or IVD. Knowledge of ISO 27001 family of standards, HITRUST, HIPAA and GDPR will be an advantage Experience in preparing for and participating in audits and inspections Strong analytical, problem-solving, and communication skills Certification in ISO 13485 auditing (e.g., Lead Auditor) is preferred Familiarity with electronic QMS systems and tools is a plus Has worked in more than one function within quality management and may have worked outside of Quality Management. Can manage highly complex and/or global projects, or equivalent experience Who we are A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact. Let’s build a healthier future, together. Roche is an Equal Opportunity Employer.

Information Security Technical writer team seeks an experienced Senior Technical Writer to drive, create and update IT related documentation. This may include developing new policies and standard operating procedures (SOPs) to comply with industry standards and frameworks, contractual obligations, or local law, updating and maintaining existing procedures, liaising with appropriate personnel to ensure that compliance workflow management systems are configured in accordance with documented procedures, managing the policy lifecycle end to end. This position will work closely with subject matter experts such as software development teams, Enterprise IT, HR, and Legal team leads and stakeholders. What you'll do: Connect with subject matter experts and proactively manage your own learning to become familiar with our technology offerings, internal controls landscape, and internal compliance processes. Work with compliance and audit team members and other subject matter experts and functional leads to implement timely and effective edits until documentation is ready for publication on time. Suggest improvements to documentation and processes whenever possible, eventually demonstrating ownership of the technical writing function. Adhere to design template and company style guide while organizing and writing documentation. Assist with development and maintenance of applicable training and educational material (e.g., byte sized informational modules to educate end users on appropriate use of documented policies) Develop and propose documentation plans and outlines for new procedures, user/training guides and supporting materials; estimating project length and keeping everyone involved on time. Enhance and maintain existing documentation to deadline. Proactively manage the policy lifecycle (development, periodic review and approval, version control, publishing of approved policies and procedures to the company intranet). Work with appropriate personnel to make sure that ZSs compliance workflow management systems are always in sync (configured) with newly documented or updated policies. Perform additional duties as required from time to time. What you'll bring: BS/BA in English, Journalism, Communications, Technical Writing, Computer Science, or other relevant field of study required. 3.5 - 5 yearstechnical writing experience, preferably documenting IT policies and procedures. Experience with Visio or other process flow visualization tool, Snagit tool required. Superior writing, editing, and communication skills required. Excellent command over the English language (especially grammar and sentence composition skills) required. Strong experience using Microsoft Suite (Word, Excel, PowerPoint, OneNote, Outlook etc.). Experience with authoring tools (e.g., MadCap Flare or any other authoring tool) will be an added advantage. Familiarity/working knowledge of various compliance frameworks (e.g., ISO 27001, ISO 22301, ISO 27702, HITRUST, PCI DSS, SOC Audits) preferred. Experience learning about and communicating complex topics. Outstanding organizational/time management, planning and prioritization skills.

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. As a Senior Cloud/DevOps Engineer at Optum, you will be a pivotal force in accelerating our journey towards a more agile, secure, and highly automated cloud-native future. You will leverage your extensive expertise in cloud platforms and DevOps methodologies to design, implement, and maintain robust, scalable, and secure infrastructure and applications. A key focus of this role will be the strategic integration and application of Artificial Intelligence (AI) to enhance automation, streamline operations, and proactively identify and mitigate security threats. You will work within a dynamic and collaborative environment, partnering with development teams, architects, and security professionals to drive best practices, optimize performance, and ensure the reliability of our critical healthcare systems. This role demands a solid understanding of the end-to-end software development lifecycle and a passion for continuous improvement and innovation. Primary Responsibilities: Cloud Infrastructure & Platform Management: Design, implement, and manage highly available, scalable, and fault-tolerant cloud infrastructure within AWS, Azure or Oracle Cloud environments Provision, configure, and operate cloud services such as compute, storage, networking and databases (RDS, Cosmos DB, Cloud SQL) Develop and maintain Infrastructure as Code (IaC) using tools like Terraform, CloudFormation, or ARM templates to ensure consistent and repeatable deployments DevOps and CI/CD Automation: Design, implement, and maintain robust CI/CD pipelines using tools like Jenkins, GitHub Actions or Azure DevOps to automate software delivery from code commit to production deployment Implement advanced deployment strategies (e.g., blue/green, canary, rolling updates) to minimize downtime and mitigate risk Champion and implement DevOps best practices, including continuous integration, continuous delivery, automated testing, and release management Security & Compliance: Implement and enforce robust cloud security best practices, including identity and access management (IAM), network security, data encryption, and security group configurations Conduct regular security audits and vulnerability assessments, working closely with security teams to remediate findings Develop and implement automated security checks and guardrails within the CI/CD pipeline to ensure security by design Ensure compliance with relevant industry regulations (e.g., HIPAA, HITRUST, PCI) and internal security policies Troubleshooting & Support: Provide expert-level support for complex infrastructure and application issues, troubleshooting and resolving production incidents in a timely manner Participate in on-call rotations as needed to ensure 24/7 system availability Conduct root cause analysis for incidents and implement preventative measures Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: 8+ years of experience in Information Technology roles 5+ years of hands-on experience in cloud platforms (AWS, Azure, or Oracle Cloud) with a solid understanding of core services and architectural patterns 3+ years experience in designing, implementing, and managing highly available, scalable, and secure cloud infrastructure 3+ years experience with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation) 3+ years experience in scripting languages (e.g., Python, Bash, PowerShell) for automation 5+ years experience with CI/CD pipeline implementation and management using tools like Jenkins, GitLab CI/CD, or Azure DevOps Preferred Qualifications: Relevant cloud certifications Solid understanding of containerization technologies (Docker) and orchestration platforms (Kubernetes) Experience with monitoring, logging, and alerting tools (e.g., Prometheus, Grafana, Datadog, Splunk) Expertise in cloud security best practices, including IAM, network security, data protection, and compliance frameworks (e.g., HIPAA, SOC 2, PCI) At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone - of every race, gender, sexuality, age, location and income - deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. #NJP #Gen

About The Role As a Senior Consultant, your responsibilities will include standard project execution and client service activities, focused on IT compliance assessments (e.g., SOC 2 and ISO engagements). You will have the opportunity to gain project experience with clients ranging from start-ups to enterprises, across a variety of industries. As an added benefit, A-LIGN does not require Delivery Consultants to report time or sell work! Reports to: Delivery Manager and Senior Manager Pay Classification: Full-Time Responsibilities Plan and execute various IT compliance assessments (e.g., SOC 2, ISO 27001, and other similar engagements), under the direction of a member of the management team Perform IT compliance testing for various IT compliance assessments, under the direction of a member of the management team Create agendas for IT compliance assessments Perform IT compliance testing under the direction of the management team Communicate effectively to the management team, prior to, during, and post fieldwork (i.e., testing phase) Review manager’s planning meeting minutes, and prepare as appropriate for meetings Prepare testing lead sheets throughout the project Review evidence uploaded by the client for appropriateness Provide feedback regarding appropriateness of evidence uploaded by the client Provide detailed project status reports weekly to management Organize client information on A-LIGN’s Shared Drive Proactively communicate any potential issues to the management team Experience Minimum Qualifications At least 3 years of experience in IT audit, preferably with the Big 4 or a mid-tier audit/consulting firm Knowledge of various IT compliance standards including SOC 2, ISO 27001, PCI Experience using Microsoft Office suite including Word, Outlook, PowerPoint, and Excel Skills Ability to meet deadlines with a high degree of motivation Thrives in a fast-paced environment Ability to effectively multitask Ability to work individually as well as collaboratively Demonstrate capabilities with moderate supervision Ability to determine appropriateness of evidence provided by the client Strong interpersonal skills with a service-oriented mindset who can work well within a team as well as independently Must be detail oriented and organized in completing tasks Must be proactive, anticipate roadblocks, and offer solutions Ability to utilize the Microsoft Office suite including Word, Outlook, PowerPoint, and Excel Must have a sense of urgency around completing tasks and the order and priority of tasks based on business needs Strong composition, grammar, and business language skills Strong communication and interpersonal skills with the ability to effectively communicate with the management team and colleagues. Ability to work independently, set priorities and handle multiple tasks with a high level of efficiency About A-LIGN A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com Come Work for A-LIGN! Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on LinkedIn A-LIGN is an Equal Opportunity Employer! Minorities, women, disabled, and veterans encouraged to apply

Job Description #KGS Roles & responsibilities Conduct external audits in accordance with the PCAOB (Public Company Accounting Oversight Board) Auditing Standards Lead team in conducting Process understanding discussions with the Clients as part of assessing risks arising from their use of Technology and identify control gaps within their processes Lead team in evaluating and documenting the design and operating effectiveness of technology controls (GITCs and ITACs) pertaining to Client’s Internal Controls over Financial Reporting Lead team in performing SOC 1 and SOC 2, SOC 2+ (HITRUST), SSAE18 assessments in accordance with the attestation standards established by the AICPA (American Institute of Certified Public Accountants) Demonstrate strong project management skills for all engagements being led Demonstrate the ability to identify opportunities and innovative ways to efficiently deliver on engagements and/or implement internal process improvements / automations Contribute to the Automation agenda of the practice by assisting in developing/testing for different bots and tools Conducting IT audits to assess the effectiveness of internal controls, risk management, and compliance with regulations Collaborating with cross-functional teams to ensure IT controls are integrated into business processes Documenting audit findings, preparing reports and recommendations for the management Provide opportunity to junior team members and coach them on day-to-day tasks Contribute to the Knowledge Management agenda of the practice by assisting in technical knowledge development and trainings Possess knowledge of tools and techniques to drive audits for different industries or sectors Review work of junior team members for quality as per relevant auditing standards Evaluating IT systems, processes, and policies to identify vulnerabilities, weaknesses, and areas for improvement Developing and executing audit plans, including scoping, testing, and reporting Assessing IT risks and recommending controls to mitigate those risks Mandatory technical & functional skills Experience in evaluating and testing Process level manual, automated controls and General IT Controls. Experience in evaluating risks across a variety of IT platforms (including ERPs, UNIX/Linux, Windows, Mainframe, iSeries (AS400), SQL, Sybase, Oracle, DB2 and popular Cloud Hosted solutions) Experience of industry standards and frameworks such as COBIT, COSO, HIPAA etc. preferred. Strong Understanding of different Industry sectors preferred. Preferred Technical & Functional Skills Flair to be abreast with emerging Technology / innovations like Cloud computing, Agile, Blockchain, AI etc. Proficient with MS Office suite of applications [MS Word, MS Exec, MS PowerPoint, Power BI]. Certifications like CISA, CISSP, HITRUST,ISO etc. Key behavioral attributes/requirements Critical thinking and analytical ability. Excellent written and verbal communication skills. Flexibility to adapt to a variety of situations and multitask. Ability to work both independently and as part of a team. Personal drive and positive work ethic. Innovative mindset. Collaborate and build rapport with onshore and offshore teams Uphold the firm’s code of ethics and business conduct Responsibilities Roles & responsibilities Conduct external audits in accordance with the PCAOB (Public Company Accounting Oversight Board) Auditing Standards Lead team in conducting Process understanding discussions with the Clients as part of assessing risks arising from their use of Technology and identify control gaps within their processes Lead team in evaluating and documenting the design and operating effectiveness of technology controls (GITCs and ITACs) pertaining to Client’s Internal Controls over Financial Reporting Lead team in performing SOC 1 and SOC 2, SOC 2+ (HITRUST), SSAE18 assessments in accordance with the attestation standards established by the AICPA (American Institute of Certified Public Accountants) Demonstrate strong project management skills for all engagements being led Demonstrate the ability to identify opportunities and innovative ways to efficiently deliver on engagements and/or implement internal process improvements / automations Contribute to the Automation agenda of the practice by assisting in developing/testing for different bots and tools Conducting IT audits to assess the effectiveness of internal controls, risk management, and compliance with regulations Collaborating with cross-functional teams to ensure IT controls are integrated into business processes Documenting audit findings, preparing reports and recommendations for the management Provide opportunity to junior team members and coach them on day-to-day tasks Contribute to the Knowledge Management agenda of the practice by assisting in technical knowledge development and trainings Possess knowledge of tools and techniques to drive audits for different industries or sectors Review work of junior team members for quality as per relevant auditing standards Evaluating IT systems, processes, and policies to identify vulnerabilities, weaknesses, and areas for improvement Developing and executing audit plans, including scoping, testing, and reporting Assessing IT risks and recommending controls to mitigate those risks Mandatory technical & functional skills Experience in evaluating and testing Process level manual, automated controls and General IT Controls. Experience in evaluating risks across a variety of IT platforms (including ERPs, UNIX/Linux, Windows, Mainframe, iSeries (AS400), SQL, Sybase, Oracle, DB2 and popular Cloud Hosted solutions) Experience of industry standards and frameworks such as COBIT, COSO, HIPAA etc. preferred. Strong Understanding of different Industry sectors preferred. Qualifications This role is for you if you have the below Education Qualification: BE/B.Tech, B.Com, BCA, B.Sc, MBA, M.Sc, MCA, M.Tech, CA. Work Experience: The candidate must have 3-6 years of relevant experience in a similar role, preferably with a Big 4 firm.

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. Primary Responsibilities Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyze business requirements and ensure that solutions meet established security policies and controls Maintain metrics and ensure reporting as appropriate Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Bachelor's degree or higher level of education 6+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Demonstrated auditing skills and the ability to manage risk assessments / projects independently Demonstrated excellent communication skills both verbal and written Demonstrated good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. #njp

Job Description About Us Tsaaro’s prime focus is on Data Privacy and Security. Our team of specialist data privacy consultants, information security consultants, and penetration testers help and advise our clients to make running a secure business easier, with high efficiency. Everything we do is tailored to the individual organizational requirements, aligned with their budget and resource challenges. We take a pragmatic, risk-based approach to provide our clients with real-world, workable advice, guidance, and support that helps them to deal with a wide range of security and privacy-related challenges. Responsibilities As a Senior Data Protection Consultant, you will be entrusted with the following key responsibilities: Design and implement data protection and privacy programs that cater to our clients' specific business needs, ensuring their sensitive information is well safeguarded. Evaluate and assess our clients' data protection and privacy practices, offering valuable insights and actionable recommendations for continual improvement. Demonstrate expertise in various standards, such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc., to assist clients in compliance and governance. Provide guidance and support to clients in adhering to a complex web of national and international laws and regulations, including the EU General Data Protection Regulation (GDPR) and other privacy laws. Assist in preparing policies, reports, and schedules for clients and relevant stakeholders, ensuring clear communication and alignment with industry best practices. Conduct thorough audits of Privacy controls to monitor program effectiveness and compliance, ensuring data protection is at its optimal level. Utilize online tools to facilitate Incident Management and Data Subject Rights processes, ensuring efficient and timely responses to potential data incidents. Foster and maintain productive working relationships with client personnel, promoting effective collaboration and understanding of their specific needs. Demonstrate a strong commitment to adhering to workplace policies and procedures, maintaining the highest standards of professionalism and confidentiality. Contribute to cybersecurity engagements, developing cybersecurity strategies, governance, risk, and compliance activities, and cybersecurity policies in line with ISO 27001 and ISO 27701. Perform Gap Assessments, Risk Assessments, ISMS Documentation, Internal Audits, and support during Certification Audits to strengthen overall security frameworks. Requirements To be considered for this role, the candidate must meet the following requirements: Possess a sound knowledge of fundamentals of information security systems. Have 4+ years of relevant experience in the field. Demonstrate proficiency in standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc. Exhibit a good understanding of GDPR, CCPA, or other privacy laws. Display competence in governance and reporting, as well as a strong grasp of cyber and privacy risks. Hold relevant qualifications such as CIPM, CIPT, CIPP/E. Showcase excellent communication skills, both written and verbal. Benefits Competitive salary and performance-based bonuses. Professional development opportunities, including training and certifications. Flexible working hours. Collaborative and inclusive work environment. Opportunity to work with a passionate team dedicated to making a difference in data privacy and security. Join and hustle with the India's fastest privacy and information security consulting company. check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#6875E2;border-color:#6875E2;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered="">

Location: Gurgaon (Hybrid) Looking for Immediate Joiners only. About the Role This role is critical to ensuring compliance with HITRUST, HIPAA, and other regulatory requirements while securing healthcare operations and mitigating risks across business, IT, and security domains. Responsibilities HITRUST & HIPAA Compliance Management: Establish and oversee a HITRUST CSF and HIPAA-aligned management system across business processes, applications, IT infrastructure, and security technologies. Security & Compliance Documentation: Develop and guide teams in creating security policies, procedures, and controls documentation for HITRUST and HIPAA compliance. Regulatory & Compliance Assessments: Review the organization’s HITRUST CSF and HIPAA Security & Privacy controls posture and manage evidence collection for certification and compliance. HITRUST & HIPAA Audits: Support and manage internal & external audits for HITRUST CSF certification, HIPAA, and healthcare compliance, ensuring IT and security technologies align with regulatory needs. Training & Awareness: Conduct training sessions for internal teams on HITRUST CSF and HIPAA controls, ensuring awareness and adherence to security and privacy regulations. Risk Management & Assessments: Collaborate with business, IT, and security teams to drive risk assessments and ensure compliance with HITRUST and HIPAA across applications, infrastructure, and operations. Continuous Compliance Monitoring: Ensure ongoing compliance with HITRUST & HIPAA controls by regularly evaluating security and privacy measures across business processes, IT systems, and security infrastructure. Contractual & Client Security Compliance: Interpret business contractual security & privacy requirements (Technology & Information Security) to ensure HITRUST & HIPAA-compliant client delivery environments. Client & Regulatory Audits: Respond to client security & compliance audits, regulatory reviews, and HITRUST & HIPAA assessments, ensuring timely and effective resolutions. Security Risk Communication: Communicate security, privacy risks, vulnerabilities, and compliance assessment findings to senior management and stakeholders, ensuring timely mitigation and governance. Qualifications Strong understanding of HITRUST CSF, HIPAA, HITECH, and security/privacy compliance for business applications, IT systems, and security technologies. Good knowledge of IT security technologies. Hands-on experience in SOC1, SOC2, HITRUST, or supplier risk management audits. Working knowledge of NIST, ISO 27001, and security frameworks for IT and business security alignment. 5+ years of experience in security, privacy, and compliance, with preferred 2+ years in HITRUST CSF & HIPAA Compliance. Strong analytical, problem-solving, and stakeholder communication skills. Preferred certifications: CISSP, CISA, CRISC, CISM, HCISPP, CIPP/IT, or equivalent.

The GRC Security Analyst will plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The GRC security analysts will stay up-to-date on the latest cybersecurity intelligence, including hackers' methodologies, in order to modify standards and controls that govern cybersecurity across the corporation. About the Role Essential Duties & Responsibilities: Performing control assessments against corporate cybersecurity frameworks Perform review of policies and supporting procedures/processes Perform assessments of adherence to standards Customer Security Questionnaire assistance Work closely with management on security practices Assess 3rd party vendors for adherence to standards Develop routine reports in accordance with GRC metrics Stay on top of changes in the industry as it relates to security. Other security-related projects that may be assigned according to skills Ensure compliance with policies and procedures Develop and test Disaster Recover Plans Help align company with HITRUST CSF Qualifications Bachelor’s Degree, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity 3+ years of relevant work experience in: compliance/systems engineering/cybersecurity role Experience in a healthcare setting preferred Possess current security certifications (e.g., Security+, CISSP, CEH, SANS) or be willing to obtain within 1 year of assignment. Required Skills 3 – 5 years experience in building an Information Security Risk Management program Experience supporting the development of Disaster Recovery Plans (DRPs). Proven ability to coordinate, execute, and document Disaster Recovery Plan tests, including analysis and reporting of results. Understanding and familiarity with information system standards Understanding and familiarity with cybersecurity frameworks (ISO, NIST, HiTrust, COBIT, etc…) Assist in maturing the Information Security Risk Management Program by helping to define an IS risk register which includes identifying threats and risks to the organization Meet with business stakeholders to identify top security risks Assist in performing IS self-assessments to ensure systems and applications are complying with corporate policies, applicable regulatory and legal requirements, and leading industry practices Assist in developing and driving the implementation of security best practices and standards to mature the overall IS Risk Management Program which includes defining security system and application standards of control Provide solutions to identified issues and risks Work with the CISO to determine the acceptable level of risk for enterprise computing platforms. Coordinate with key functional teams such as HR, IT, Marketing, Finance, Product Management, Development, General Counsel, and the Business to identify new applications and service providers in use and the associated security controls to secure the data. Assist in performing Third Party Risk Assessments for new and existing vendor tools, on premise implementations, and third parties with access to the environment. Assist in maturing the Third Party Risk Management program by defining security controls based on tiers of vendors. Articulating identified risks to the business for remediation, mitigation and sign off. Investigates incidents and events that include potential HIPAA and other data breaches, data leakage, brand reputational risks, malware propagation, system compromises etc. Mature the Data Loss Prevention Program by defining DLP rulesets in existing tools such as Varonis, CASB, Next Generation Firewalls etc. and review outputs to determine the appropriate action required. Assist with maturing the Data Governance Program which includes defining a Data Classification and Handling Program, identifying Data Owners, and assisting with the design and implementation of a Data Classification and Rights Management tool. Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Data Governance Security Program and initiatives. Assist in the management and maintenance of the enterprise wide IS Security Awareness Program which includes phishing simulations, computer based training, proactive communications on latest threats, workshops and newsletters. Assist in developing enterprise and functional team specific presentations to promote a security mindset Work with the CISO to ensure the Information Security team stays abreast of new regulatory, legal and/or compliance data security requirements. Ensure compliance with HIPAA, HITRUST, and applicable legal and regulatory requirements. Strong documentation and communications skills Pay range and compensation package This position is primarily a sedentary job and requires that the associate can work in an environment where they will consistently be seated for the majority of the work day. This role requires that one can sit and regularly type on a keyboard the majority of their work day. This position requires the ability to observe a computer screen for long periods of time to observe their own and others’ work, as well as in-coming and out-going communications via the computer and/or mobile devices. The role necessitates the ability to listen and speak clearly to customers and other associates. The work environment is an open room with other associates and noise from others will be part of the regular work day.

You will be responsible for auditing medical billing, coding, and documentation processes. Your role is vital in identifying billing errors, reducing denial rates, and ensuring adherence to CMS, HIPAA, payer-specific guidelines, and internal SOPs

We are seeking an experienced Engineering Manager to lead and grow a high-performing team of software engineers. This role combines people management with technical leadership. You will be responsible for strategic initiatives, overseeing product delivery, and ensuring high code quality and team productivity. The ideal candidate brings a strong technical background, deep project delivery experience, and a passion for mentorship and team culture. Key Responsibilities Lead a team of 5-10 engineers across one or more product verticals. Own delivery for large-scale, high-impact software projects end-to-end. Collaborate closely with Product Managers, Designers, QA, and other stakeholders to define and execute the roadmap. Participate in hands-on coding if need be Ensure timely delivery, high quality, and scalability of software systems. Conduct regular 1:1s, set goals, perform performance reviews, and support career growth. Drive engineering excellence through code reviews, design discussions, and best practices. Participate in architectural decisions and guide the team on technical direction. Identify and resolve performance bottlenecks and system reliability issues. Influence hiring, onboarding, and team structuring to scale the team effectively. Qualifications 12+ years of total experience in software development, including 3–5 years in engineering management or technical leadership. Strong experience with modern backend technologies such as Java, Spring Boot, REST. Hands-on experience in designing distributed systems, microservices, cloud-native applications (AWS). Deep understanding of SDLC, Agile/Scrum methodologies, CI/CD pipelines, and DevOps principles. Strong interpersonal and communication skills; ability to influence cross-functional teams. Proven track record of building and mentoring high-performing engineering teams. Nice to Have Experience in the [Healthcare / FinTech / SaaS] domain. Exposure to frontend frameworks (React). Familiarity with data platforms (Kafka, Spark, MongoDB, Elasticsearch). Prior experience in scaling teams from startup to mid-sized orgs. Knowledge of compliance and security frameworks like HITRUST, SOC2, GDPR.

Risk and Compliance Sr. Analyst Location: USI Hyderabad Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte Technology. We are curious and life-long learners focused on technology and innovation. Work you will do This role supports audits and assessment programs of the Deloitte Technology Cyber Security Risk & Compliance team which includes risk management, audits, and assessments for on premises as well as cloud hosted IT applications and infrastructure. This position is specifically responsible for helping drive SOC 1 and SOC 2 audits and manage the day-to-day responsibilities of gathering evidence, scheduling resources, coordinating with business owners and external auditors, and identifying potential audit issues/operational improvements. Role is to also have an understanding of and ability to assess technology and operational risks related to internal and cloud technology solutions and at times, provide input to ITS personnel on appropriate controls to address audit risks. The position will also work with external and internal auditors, serving as liaison between ITS and non-ITS auditees, gathering and presenting evidence as required. Key Tasks / Essential Job Functions: Understand technology controls, testing of controls, and supporting evidence. Understand technology controls that impact on premises and cloud technology, operational risk to the Information Technology Services organization as well as related laws, regulations, and industry standards, specifically related to internal and cloud technology solutions. Recommend policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the information technology environment for on premises as well as cloud hosted IT applications and infrastructure. Manages audit gaps; identifies those within the organization responsible for remediating or closing audit findings, negotiate dates for closure, and track/report progress. Represent Information Technology related to internal and external assessments and/or audits of information technology systems and processes, interpret results, and develop and communication recommendations to management. Work with the appropriate Information Security, Office of General Counsel, Risk Management, and engagement leaders to determine scope of onsite visits, audits, and assessments as defined by contracts and regulatory requirements. Develop and recommend appropriate information security policies, standards, procedures, checklists, and guidelines using generally recognized security concepts tailored to meet the requirements of the organization for on premises as well as cloud hosted IT applications and infrastructure. Other duties as assigned The team Deloitte Technology helps power Deloitte’s success. It’s the engine that helps to drive Deloitte, which serves many of the world’s largest organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence. The ~3,000 professionals in Deloitte Technology deliver services internally including: Cyber security Technology support Technology & Infrastructure Application development and management Relationship management group Strategy Deployment PMO Financials Basic Qualifications: B.tech/ B.E 3- 5 years of directly related experience in the following: information technology audits, assessments, remediation management, creating risk assessment programs. Minimum 2 years of experience with various industry standard frameworks such as: SSAE 18 SOC 1 and SOC 2, Shared Assessment Program Agreed Upon Procedures, HIPAA, HITRUST, CSA, CCM, and ISO 27001. Preferred Qualifications: Industry certification (e.g., CPA, CISA, CISSP, CISM etc.) Experience leading IT internal audit, external audits, and or service organization control reporting and activities Solid understanding of IT general controls and activities Familiarity with privacy laws, data protection/security regulations, and cloud security frameworks Possess a general understanding of IT security technologies, including network, application and database security, access management and cloud security, Required Licenses, Certifications, and Other Excellent communication, listening, and facilitation skills (preferred) Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues, and obstacles (preferred) Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India. Benefits to help you thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 307457

Summary Position Summary Risk and Compliance Sr. Analyst Location: USI Hyderabad Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte Technology. We are curious and life-long learners focused on technology and innovation. Work you will do This role supports audits and assessment programs of the Deloitte Technology Cyber Security Risk & Compliance team which includes risk management, audits, and assessments for on premises as well as cloud hosted IT applications and infrastructure. This position is specifically responsible for helping drive SOC 1 and SOC 2 audits and manage the day-to-day responsibilities of gathering evidence, scheduling resources, coordinating with business owners and external auditors, and identifying potential audit issues/operational improvements. Role is to also have an understanding of and ability to assess technology and operational risks related to internal and cloud technology solutions and at times, provide input to ITS personnel on appropriate controls to address audit risks. The position will also work with external and internal auditors, serving as liaison between ITS and non-ITS auditees, gathering and presenting evidence as required. Key Tasks / Essential Job Functions: Understand technology controls, testing of controls, and supporting evidence. Understand technology controls that impact on premises and cloud technology, operational risk to the Information Technology Services organization as well as related laws, regulations, and industry standards, specifically related to internal and cloud technology solutions. Recommend policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the information technology environment for on premises as well as cloud hosted IT applications and infrastructure. Manages audit gaps; identifies those within the organization responsible for remediating or closing audit findings, negotiate dates for closure, and track/report progress. Represent Information Technology related to internal and external assessments and/or audits of information technology systems and processes, interpret results, and develop and communication recommendations to management. Work with the appropriate Information Security, Office of General Counsel, Risk Management, and engagement leaders to determine scope of onsite visits, audits, and assessments as defined by contracts and regulatory requirements. Develop and recommend appropriate information security policies, standards, procedures, checklists, and guidelines using generally recognized security concepts tailored to meet the requirements of the organization for on premises as well as cloud hosted IT applications and infrastructure. Other duties as assigned The team Deloitte Technology helps power Deloitte’s success. It’s the engine that helps to drive Deloitte, which serves many of the world’s largest organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence. The ~3,000 professionals in Deloitte Technology deliver services internally including: Cyber security Technology support Technology & Infrastructure Application development and management Relationship management group Strategy Deployment PMO Financials Basic Qualifications: B.tech/ B.E 3- 5 years of directly related experience in the following: information technology audits, assessments, remediation management, creating risk assessment programs. Minimum 2 years of experience with various industry standard frameworks such as: SSAE 18 SOC 1 and SOC 2, Shared Assessment Program Agreed Upon Procedures, HIPAA, HITRUST, CSA, CCM, and ISO 27001. Preferred Qualifications: Industry certification (e.g., CPA, CISA, CISSP, CISM etc.) Experience leading IT internal audit, external audits, and or service organization control reporting and activities Solid understanding of IT general controls and activities Familiarity with privacy laws, data protection/security regulations, and cloud security frameworks Possess a general understanding of IT security technologies, including network, application and database security, access management and cloud security, Required Licenses, Certifications, and Other Excellent communication, listening, and facilitation skills (preferred) Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle events, issues, and obstacles (preferred) Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 307457

Information Security Analyst Job Description: Position Summary: The position will support the organizational initiatives and activities on Cyber Security/Information Security. This involves the development, im plementation, and support of various security programs, processes, best practices and controls across the organization. It also requires to continuously monitor, review and report of the compliance & security posture of the organization. Responsibilities: . Conduct Risk assessments, information security internal audits . Provide consultation on remediating controls and follow up . Perform reviews and conduct internal security audits on Cyber Security/Information security and ensure the organizational security controls are appropriate and effective . Ensure compliance to client security requirements . Provide support for obtaining and maintaining Security Certification and Assurance programs like ISO 27001, PCI DSS, HITRUST, TISAX, SOC 2, etc. . Participate in various organizational initiatives and activities to maintain the Information Security Management System (ISMS) based on ISO 27001 . Develop and maintain Information Security policies, procedures, standards and guidelines . Coordinate response to information security incidents . Provide awareness and training in relevant areas . Collaborate with IT, Finance, HR and other departments for various security related activities . Conduct security research and keep abreast of latest security trends and issues Desired Skills/Experience: . 4+ years of experience in Information Security . Knowledge of Information security standards & best practices (e.g., ISO 27001, NIST, etc.), and regulations related to information security and privacy . Strong analytical and problem solving skills . Excellent communication and interpersonal skills . Knowledge of security tools, techniques and methodologies . Professional/Technical Certifications (Security +, ISO 27001 LA, CISA, CISSP, CCSE, CCSP, etc.) desirable

Role Overview As a Compliance Manager, you will oversee and manage the implementation, maintenance, and monitoring of compliance frameworks — including HIPAA , SOC 2 , ISO 27701 , and HiTrust . You’ll collaborate across engineering, legal, operations, and security to ensure our platform and internal practices meet industry, regulatory, and partner standards. This is a critical, cross-functional role for someone who thrives at the intersection of regulation, systems thinking, and fast-moving tech environments. Responsibilities Compliance Program Management: Own the strategy, execution, and tracking of compliance across frameworks like HIPAA, SOC 2, ISO 27701, and HiTrust Audit & Certification Readiness: Lead internal readiness efforts for audits and certifications, partnering with third-party assessors and internal stakeholders Policy Development: Draft, maintain, and implement policies, procedures, and controls aligned with regulatory and industry standards Risk Management: Conduct risk assessments, control gap analyses, and incident investigations to identify compliance weaknesses and mitigate risk Cross-Functional Collaboration: Work closely with engineering, product, security, and legal to ensure new features and systems are compliant by design Security & Privacy Oversight: Support the security team in managing vendor reviews, access controls, data handling policies, and encryption practices Employee Training & Awareness: Develop and lead internal compliance education programs, including onboarding, role-based training, and refreshers Regulatory Monitoring: Stay up to date with changes in relevant laws and standards and proactively adjust company practices to stay in alignment Reporting: Prepare reports for leadership and external stakeholders demonstrating compliance posture, audit findings, and remediation efforts Qualifications 5+ years of experience in compliance, privacy, or security-related roles, ideally within tech, SaaS, or healthcare organizations Deep understanding of HIPAA, SOC 2, ISO 27701, and HiTrust frameworks and certification processes Strong knowledge of data privacy laws (e.g., GDPR, CCPA) and IT security principles Experience working cross-functionally with product, security, legal, and engineering teams Excellent writing, policy drafting, and documentation skills High integrity and attention to detail, able to manage sensitive information and operate with discretion Bonus: Certifications such as CIPP, CISA, CISSP, or HiTrust CCSFP Bachelor’s degree in a related field (Information Security, Law, Business, or equivalent experience)

About Us We are the independent expert in assurance and risk management. Driven by our purpose, to safeguard life, property, and the environment, we empower our customers and their stakeholders with facts and reliable insights so that critical decisions can be made with confidence. As a trusted voice for many of the world’s most successful organizations, we use our knowledge to advance safety and performance, set industry benchmarks, and inspire and invent solutions to tackle global transformations. About Business Assurance We help companies ensure compliance, build high-performing management systems, and meet competence needs within a wide range of industries. DNV helps companies understand Working with us, you can be involved in technically challenging and innovative projects worldwide demanding a broad variety of expertise. Our strong focus on research and innovation opens an array of opportunities, and allows you to engage in projects which develop next generation solutions. and manage their risk picture through our management system certification and training portfolios. About The Role DNV is seeking Assessment manager – TISAX for our Management System Certification (MSC) service line. We prefer already qualified candidates, but we are open for candidates with sufficient background. Perform 3rd-party audits and trainings according to TISAX, ISO/IEC 27001, ISO 9001, ISO 27701 Provide timely and accurate reviews of client’s corrective action and closure Provide customers with timely, complete, and accurate reports of their current level of conformity / implementation of their management system x Maintain schedule of audit activity with Management System clients Maintain appropriate auditor credentials and pursues advancement of those credentials and other related credentials as needed. Ensuring compliance with accreditation rules /ENX rules and other internal or external requirements. Ability to manage Key Customers. Supporting the sales team on technical aspects. Familiarity with use of digital tools What we offer Flexible work arrangements for better work-life balance Generous Paid Leaves (Annual, Sick, Compassionate, Local Public, Marriage, Maternity, Paternity, Medical leave) Medical benefits ( Insurance and Annual Health Check-up) Pension and Insurance Policies (Group Term Life Insurance, Group Personal Accident Insurance, Travel Insurance) Training and Development Assistance (Training Sponsorship, On-The-Job Training, Training Programme) Additional Benefits (Long Service Awards, Mobile Phone Reimbursement) Company bonus/Profit share. *Benefits may vary based on position, tenure/contract/grade level* DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity. About You Bachelor’s degree in computer science, Mechanical, Automobile, or equivalent & ideally a higher-level qualification Lead auditor Qualifcation in ISO 27001:2022(CQI- IRCA) and Lead Assessor Training on TISAX Overall, 10 Years of experience in which at least 4 years FTE of working experience (as direct employee, consultant, etc.) within companies of automotive manufacturing or direct supply chain and 6 years in IT Audit experience in automotive sector (manufacturing or direct supply chain): in the following standards: TISAX, ISO 9001, IATF 16949, A-Spice, ISO26262. Great attitude, Analytical skills and communication skills. Preferred: ITIL Certified, ISO 22301, ISO 20000-1, CISA, CISM, CISSP, MCSE, MCSA and/or MBA Good understanding of relevant regulations and industry standards (e.g. GDPR, ITIL Framework, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, HiTrust and GLBA), best practices and methodologies and the ability to apply these requirements to organizational internal control frameworks.

About RISA Labs Cancer patients face not just a disease, but a broken system where delays in treatment are common due to outdated, error-prone workflows. RISA Labs is changing that with our Business Operating System as a Service (BOSS) - a powerful platform built for the vertical complexity of healthcare, that transforms healthcare operations. Unlike simple automation tools, BOSS breaks down complex workflows into small tasks, managed by smart AI agents like LLMs, digital twins, and reinforcement learners. This creates a digital workforce that doubles the efficiency of healthcare teams, letting a 1,000-person institution operate like it has 2,000 staff overnight. Founders RISA was founded by Kshitij Jaggi and Kumar Shivang, IIT Kanpur alumni with a proven track record from their previous healthcare startup, Urban Health. Their vision is to streamline oncology care through cutting-edge technology. Funding RISA Labs is backed by $3.5 million in seed funding, led by Flipkart co-founder Binny Bansal, with support from Oncology Ventures, General Catalyst, z21 Ventures, Odd Bird VC, and angel investor Ashish Gupta. Role Overview As a Compliance Manager, you will oversee and manage the implementation, maintenance, and monitoring of RISA Labs’ compliance frameworks — including HIPAA , SOC 2 , ISO 27701 , and HiTrust . You’ll collaborate across engineering, legal, operations, and security to ensure our platform and internal practices meet industry, regulatory, and partner standards. This is a critical, cross-functional role for someone who thrives at the intersection of regulation, systems thinking, and fast-moving tech environments. Responsibilities Compliance Program Management: Own the strategy, execution, and tracking of compliance across frameworks like HIPAA, SOC 2, ISO 27701, and HiTrust Audit & Certification Readiness: Lead internal readiness efforts for audits and certifications, partnering with third-party assessors and internal stakeholders Policy Development: Draft, maintain, and implement policies, procedures, and controls aligned with regulatory and industry standards Risk Management: Conduct risk assessments, control gap analyses, and incident investigations to identify compliance weaknesses and mitigate risk Cross-Functional Collaboration: Work closely with engineering, product, security, and legal to ensure new features and systems are compliant by design Security & Privacy Oversight: Support the security team in managing vendor reviews, access controls, data handling policies, and encryption practices Employee Training & Awareness: Develop and lead internal compliance education programs, including onboarding, role-based training, and refreshers Regulatory Monitoring: Stay up to date with changes in relevant laws and standards and proactively adjust company practices to stay in alignment Reporting: Prepare reports for leadership and external stakeholders demonstrating compliance posture, audit findings, and remediation efforts Qualifications 5+ years of experience in compliance, privacy, or security-related roles, ideally within tech, SaaS, or healthcare organizations Deep understanding of HIPAA, SOC 2, ISO 27701, and HiTrust frameworks and certification processes Strong knowledge of data privacy laws (e.g., GDPR, CCPA) and IT security principles Experience working cross-functionally with product, security, legal, and engineering teams Excellent writing, policy drafting, and documentation skills High integrity and attention to detail, able to manage sensitive information and operate with discretion Bonus: Certifications such as CIPP, CISA, CISSP, or HiTrust CCSFP Bachelor’s degree in a related field (Information Security, Law, Business, or equivalent experience)

Location: Hyderabad-WFO Number of roles: 2 Experience: 2–4 years or 5-8 years Notice Period: Immediate preferred; 30 days We're looking for a privacy-savvy professional to drive compliance with global and regional data protection regulations including GDPR , DPDPA (India) , and HITRUST . You'll work with cross-functional teams to ensure robust privacy practices across systems, policies, and vendor relationships. What You’ll Do: Manage privacy programs under GDPR, DPDPA, and HITRUST frameworks Conduct DPIAs and respond to data subject requests Build privacy and security policies aligned to ISO 27001 and HIPAA Guide business teams on privacy risks and best practices What We’re Looking For: 2–8 years in privacy, IT compliance, or security consulting Working knowledge of GDPR and HITRUST; DPDPA experience is a strong plus Familiarity with ISO 27001, HIPAA, and data security regulations Certifications like CIPP/E, CIPM, CCSFP are advantageous Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.

Information Security Analyst Job Description Position Summary: The position will support the organizational initiatives and activities on Cyber Security/Information Security. This involves the development, im plementation, and support of various security programs, processes, best practices and controls across the organization. It also requires to continuously monitor, review and report of the compliance & security posture of the organization. Responsibilities  Conduct Risk assessments, information security internal audits  Provide consultation on remediating controls and follow up  Perform reviews and conduct internal security audits on Cyber Security/Information security and ensure the organizational security controls are appropriate and effective  Ensure compliance to client security requirements  Provide support for obtaining and maintaining Security Certification and Assurance programs like ISO 27001, PCI DSS, HITRUST, TISAX, SOC 2, etc.  Participate in various organizational initiatives and activities to maintain the Information Security Management System (ISMS) based on ISO 27001  Develop and maintain Information Security policies, procedures, standards and guidelines  Coordinate response to information security incidents  Provide awareness and training in relevant areas  Collaborate with IT, Finance, HR and other departments for various security related activities  Conduct security research and keep abreast of latest security trends and issues Desired Skills/Experience  4+ years of experience in Information Security  Knowledge of Information security standards & best practices (e.g., ISO 27001, NIST, etc.), and regulations related to information security and privacy  Strong analytical and problem solving skills  Excellent communication and interpersonal skills  Knowledge of security tools, techniques and methodologies  Professional/Technical Certifications (Security +, ISO 27001 LA, CISA, CISSP, CCSE, CCSP, etc.) desirable

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Cyber Risk Compliance and Resilience – Senior Manager As part of our EY-Cyber Security Risk and Compliance Consulting team, you’ll contribute technically to Cyber Security client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. The opportunity We’re looking for Senior Manager who should have Deep technical understanding of risk and compliance solutioning for enterprise including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your Key Responsibilities Reporting to the competency leader for Cyber Risk, Compliance, Resilience and Emerging Technology and will be responsible for: Defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in region. Own end-to-end sales opportunity qualification and pursuit, including drafting RFP responses, proposal defence during Orals, drafting State of Work (SoW) leveraging expertise in scoping, solutioning and costing for Enterprise and Cloud security solutions. Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Support refinement of service approach and service delivery methodology for Enterprise and Cloud security solutions. Identify and pursue strategic opportunities for partnerships and acquisitions. Develop and rollout branding and marketing strategy including items such as solution brochures, sales videos, thought leadership, community engagement etc. Inspire and motivate direct and in-direct reporting professionals while fostering an environment of collaboration and participation. Manage engagements across the client and ensure teams delivers value to the customers and ensure horizontal growth in the accounts. Skills And Attributes For Success Deep knowledge of services and service delivery approach and methodology for Cyber Risk, Compliance and resilience including governance and operating models. Proven track record and success in collaborative sales bringing together internal and external stakeholders across Cyber competencies, Digital & Technology practices (Engineering, Analytics, Automation etc.) and business functions (Branding & Marketing, Legal, HR etc.). Proven track record in building and maintaining trusted relationships with key internal and external stakeholders. Deep technical understanding of architecture and solutioning of risk and compliance including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. Willingness to travel and flex work timings as and when required. Ability to change and adapt in a hyper-growth environment. Self-starter and strategic thinker. Cyber Strategy & Governance, Cyber Transformation and co-sourcing, Cyber Cost Optimization, Cyber Operating Model Compliance Management - Regulations/standards such as ISO 27001, PCI DSS, HITRUST, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, NIST- CSF, HIPPA, GDPR Cyber Risk management Cyber Resilience, Business Continuity & Disaster Recovery Application security and Threat Modelling Vendor Risk Management/Supplier Security To qualify for the role, you must have At least 15 years of overall experience At least 10 years architecture and solutioning for enterprise and cloud security Bachelor or college degree in related field or equivalent work experience MBA (Good to have) Ideally, you’ll also have Project management skills CISSP/CISA/CISM ITIL of Equivalent What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Cyber Risk Compliance and Resilience – Senior Manager As part of our EY-Cyber Security Risk and Compliance Consulting team, you’ll contribute technically to Cyber Security client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. The opportunity We’re looking for Senior Manager who should have Deep technical understanding of risk and compliance solutioning for enterprise including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your Key Responsibilities Reporting to the competency leader for Cyber Risk, Compliance, Resilience and Emerging Technology and will be responsible for: Defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in region. Own end-to-end sales opportunity qualification and pursuit, including drafting RFP responses, proposal defence during Orals, drafting State of Work (SoW) leveraging expertise in scoping, solutioning and costing for Enterprise and Cloud security solutions. Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Support refinement of service approach and service delivery methodology for Enterprise and Cloud security solutions. Identify and pursue strategic opportunities for partnerships and acquisitions. Develop and rollout branding and marketing strategy including items such as solution brochures, sales videos, thought leadership, community engagement etc. Inspire and motivate direct and in-direct reporting professionals while fostering an environment of collaboration and participation. Manage engagements across the client and ensure teams delivers value to the customers and ensure horizontal growth in the accounts. Skills And Attributes For Success Deep knowledge of services and service delivery approach and methodology for Cyber Risk, Compliance and resilience including governance and operating models. Proven track record and success in collaborative sales bringing together internal and external stakeholders across Cyber competencies, Digital & Technology practices (Engineering, Analytics, Automation etc.) and business functions (Branding & Marketing, Legal, HR etc.). Proven track record in building and maintaining trusted relationships with key internal and external stakeholders. Deep technical understanding of architecture and solutioning of risk and compliance including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. Willingness to travel and flex work timings as and when required. Ability to change and adapt in a hyper-growth environment. Self-starter and strategic thinker. Cyber Strategy & Governance, Cyber Transformation and co-sourcing, Cyber Cost Optimization, Cyber Operating Model Compliance Management - Regulations/standards such as ISO 27001, PCI DSS, HITRUST, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, NIST- CSF, HIPPA, GDPR Cyber Risk management Cyber Resilience, Business Continuity & Disaster Recovery Application security and Threat Modelling Vendor Risk Management/Supplier Security To qualify for the role, you must have At least 15 years of overall experience At least 10 years architecture and solutioning for enterprise and cloud security Bachelor or college degree in related field or equivalent work experience MBA (Good to have) Ideally, you’ll also have Project management skills CISSP/CISA/CISM ITIL of Equivalent What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Cyber Risk Compliance and Resilience – Senior Manager As part of our EY-Cyber Security Risk and Compliance Consulting team, you’ll contribute technically to Cyber Security client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. The opportunity We’re looking for Senior Manager who should have Deep technical understanding of risk and compliance solutioning for enterprise including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your Key Responsibilities Reporting to the competency leader for Cyber Risk, Compliance, Resilience and Emerging Technology and will be responsible for: Defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in region. Own end-to-end sales opportunity qualification and pursuit, including drafting RFP responses, proposal defence during Orals, drafting State of Work (SoW) leveraging expertise in scoping, solutioning and costing for Enterprise and Cloud security solutions. Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Support refinement of service approach and service delivery methodology for Enterprise and Cloud security solutions. Identify and pursue strategic opportunities for partnerships and acquisitions. Develop and rollout branding and marketing strategy including items such as solution brochures, sales videos, thought leadership, community engagement etc. Inspire and motivate direct and in-direct reporting professionals while fostering an environment of collaboration and participation. Manage engagements across the client and ensure teams delivers value to the customers and ensure horizontal growth in the accounts. Skills And Attributes For Success Deep knowledge of services and service delivery approach and methodology for Cyber Risk, Compliance and resilience including governance and operating models. Proven track record and success in collaborative sales bringing together internal and external stakeholders across Cyber competencies, Digital & Technology practices (Engineering, Analytics, Automation etc.) and business functions (Branding & Marketing, Legal, HR etc.). Proven track record in building and maintaining trusted relationships with key internal and external stakeholders. Deep technical understanding of architecture and solutioning of risk and compliance including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. Willingness to travel and flex work timings as and when required. Ability to change and adapt in a hyper-growth environment. Self-starter and strategic thinker. Cyber Strategy & Governance, Cyber Transformation and co-sourcing, Cyber Cost Optimization, Cyber Operating Model Compliance Management - Regulations/standards such as ISO 27001, PCI DSS, HITRUST, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, NIST- CSF, HIPPA, GDPR Cyber Risk management Cyber Resilience, Business Continuity & Disaster Recovery Application security and Threat Modelling Vendor Risk Management/Supplier Security To qualify for the role, you must have At least 15 years of overall experience At least 10 years architecture and solutioning for enterprise and cloud security Bachelor or college degree in related field or equivalent work experience MBA (Good to have) Ideally, you’ll also have Project management skills CISSP/CISA/CISM ITIL of Equivalent What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.