2559 Information Security Jobs - Page 5

: Paytm is India's leading mobile payments and financial services distribution company. Pioneer of the mobile QR payments revolution in India, Paytm builds technologies that help small businesses with payments and commerce. Paytm’s mission is to serve half a billion Indians and bring them to the mainstream economy with the help of technology. About the role: As a Vendor Risk Operations team member, you will play a critical role in safeguarding Paytm from potential risks associated with our vendor ecosystem. You will be responsible for conducting comprehensive vendor risk assessments, ensuring compliance with internal policies and regulatory requirements, and actively contributing to the continuous improvement of our vendor risk management framework. This role requires a keen eye for detail, strong analytical skills, and the ability to collaborate effectively with various stakeholders. Conduct end-to-end vendor risk assessments across various risk domains (e.g., Vendor deduplication, information security, financial stability, business continuity, regulatory compliance, data privacy). Collaborate with business units to understand their vendor requirements and associated risks. Review vendor-provided documentation, certifications, and audit reports to identify potential vulnerabilities. Conduct Mystery-shopping wherever required Track and monitor vendor remediation efforts to ensure timely closure of identified risks. Maintain accurate and up-to-date vendor risk profiles and assessment records. Assist in the development and enhancement of vendor risk assessment methodologies, tools, and processes. Contribute to the ongoing development and implementation of Paytm's vendor risk management framework. Generate regular reports on vendor risk posture and assessment progress for internal stakeholders. Participate in ad-hoc projects and initiatives related to vendor risk management as required. Expectations/: Educational QualificationBachelor's degree in Business Administration, Finance, IT, Risk Management, or a related field. Experience2-5 years of experience in vendor risk management, third-party risk management, internal audit, compliance, or a similar risk-focused role. Domain KnowledgeStrong understanding of various risk domains, including information security, data privacy (e.g., GDPR, local data protection laws), financial risk, operational risk, and regulatory compliance. Understanding of Technology and User ExperienceAn appreciation for how technology solutions are built and how they impact user experience will be valuable in assessing vendor capabilities and potential risks. Analytical & Problem-Solving Skills: Excellent analytical and problem-solving skills with the ability to conduct deep dives, identify, assess, and mitigate risks effectively. Advanced Knowledge of Excel is required for data analysis and reporting. Basic knowledge of MySQL would be an added advantage for data retrieval and manipulation. Communication & Interpersonal Skills: Good communication and interpersonal skills, with the ability to present complex information clearly and concisely to diverse audiences. Strong written communication for documentation and reporting. High level of drive, initiative, and self-motivation. Ability to work independently, prioritize tasks, and manage multiple assessments simultaneously in a fast-paced environment. A willingness to experiment, learn quickly, and continuously improve processes and personal skills. Certifications (Preferred but not mandatory)CISA, CRISC, CISM, or other relevant certifications in risk management or information security. Why join us: A collaborative output driven program that brings cohesiveness across businesses through technology Improve the average revenue per use by increasing the cross-sell opportunities A solid 360 feedbacks from your peer teams on your support of their goals CompensationIf you are the right fit, we believe in creating wealth for you with enviable 500 mn+ registered users, 21 mn+ merchants and depth of data in our ecosystem, we are in a unique position to democratize credit for deserving consumers & merchants – and we are committed to it

6 -8 Years experience on creating Design documents, Implementation/ Change Management Plans or Optimization of reports (beyond day-to-day routine operations) is a must. Expertise in Implement &/or design (design is must) of one of the following - Priority is Firewall and good if candidates have hands on exp on Identity solutions, Email Security, Web Security/Proxy, Cloud Security. Cisco ISE is a plus

Bravura’s Commitment and Mission At Bravura Solutions, collaboration, diversity and excellence matter. We value your ideas, giving you room to be curious and innovate in an exciting, fast-paced, and flexible environment. We look for many different skills and abilities, as well as how you can add value to Bravura and our culture. As a Global FinTech market leader and ASX listed company, Bravura is a trusted partner to over 350 leading financial services clients, delivering wealth management technology and products. We invest significantly in our technology hubs and innovation labs, which inspire and drive our creative, future-focused mindset. We take pride in developing cutting-edge, digital first technology solutions that support our clients to achieve financial security and prosperity for their customers. About The Team/Project The Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will support security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the analysts will enable security controls aligning with client contractual obligations, regulatory requirements, and industry best practices. The analyst will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges What You’ll Do The position is within the Information Security team. Main activities will include but are not limited to: Internal Audit & Assurance: Support the implementation and operations of the ISMS within the region. Support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Support continuous assessment and improvement of security controls and processes. Information Security Risk Management Support, identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Information Security Policy & Standards Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit & Compliance Support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training & Awareness Support the delivery of security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Support the assessment and management of security risks associated with third-party vendors and suppliers. Support security requirements are included in vendor contracts and SLAs. Enable regular security assessments of critical suppliers, considering the impact on client services. Security Operations & Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. Qualifications and Experience • Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). • 3+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. • Good understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. • Experience in security risk management, audits, compliance, and client security assurance. • Knowledge of security operations, incident response, and managed security services. • Familiarity with supply chain security and third-party risk management. • Good communication and stakeholder management skills, with experience working with clients on security matters. • Ideally security certifications such as CISSP, CISM, or CRISC are preferred. Working at Bravura Our people are the heart of our business. We work hard to provide a rich employee experience and a robust framework for ongoing career development. Competitive salary and employee benefits scheme. Flexible working hours, we value work-life balance. Maternity/ Parental (including secondary) leave policy. Cab facility available in Delhi/NCR. Meal facility available Free Medical Insurance So, what’s next? We make hiring decisions based on your experience, skills and passion so even if you don’t match every listed skill or tick all the boxes, we’d still love to hear from you. Please note that interviews are primarily conducted virtually and if you require any reasonable adjustments or would like to note which pronouns you use, please let us know. All final applicants for this position will be asked to consent to a criminal record and background check. Please note that people with criminal records are not automatically barred from applying for this position. Each application will be considered on its merits. Youtube Video

Bravura’s Commitment and Mission At Bravura Solutions, collaboration, diversity and excellence matter. We value your ideas, giving you room to be curious and innovate in an exciting, fast-paced, and flexible environment. We look for many different skills and abilities, as well as how you can add value to Bravura and our culture. As a Global FinTech market leader and ASX listed company, Bravura is a trusted partner to over 350 leading financial services clients, delivering wealth management technology and products. We invest significantly in our technology hubs and innovation labs, which inspire and drive our creative, future-focused mindset. We take pride in developing cutting-edge, digital first technology solutions that support our clients to achieve financial security and prosperity for their customers. Position Overview The Senior Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will drive security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the ISO will ensure that security controls align with client contractual obligations, regulatory requirements, and industry best practices. The ISO will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges. The position is within the Information Security team. Main activities will include but are not limited to: Responsibility Internal Audit & Assurance: Oversee the implementation and operations of the ISMS within the region. Ensure and support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Continuously assess and improve security controls and processes. Information Security Risk Management Identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Information Security Policy & Standards Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit & Compliance Lead and support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training & Awareness Develop, support deliver security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Assess and manage security risks associated with third-party vendors and suppliers. Ensure that security requirements are included in vendor contracts and SLAs. Perform regular security assessments of critical suppliers, considering the impact on client services. Security Operations & Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. In addition to the above position-specific responsibilities, all employees are required to undertake any other reasonable duties and responsibilities within your capability and skills, when requested to do so. Qualifications and Experience Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). 5+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. Strong understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. Experience in security risk management, audits, compliance, and client security assurance. Knowledge of security operations, incident response, and managed security services. Familiarity with supply chain security and third-party risk management. Excellent communication and stakeholder management skills, with experience working with clients on security matters. Security certifications such as CISSP, CISM, or CRISC are preferred. Working at Bravura Our people are the heart of our business. We work hard to provide a rich employee experience and a robust framework for ongoing career development. Competitive salary and employee benefits scheme 2 paid volunteering days and a range of community-based initiatives to get involved in Parental (including secondary) leave policy Free meals and transport So, what’s next? We make hiring decisions based on your experience, skills and passion so even if you don’t match every listed skill or tick all the boxes, we’d still love to hear from you. Please note that interviews are primarily conducted virtually and if you require any reasonable adjustments or would like to note which pronouns you use, please let us know. All final applicants for this position will be asked to consent to a criminal record and background check. Please note that people with criminal records are not automatically barred from applying for this position. Each application will be considered on its merits. Youtube Video

Position Purpose RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 PolesRISK ORM Framework, RISK ORM Technology & Transversal Risks and RISK ORM Network. Under the authority of the Poles Manager, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Groups operational entities (Poles, Business Lines, Functions, Transversal Activities). The below requirement is for Operational Risk Officer- ICT Controls Testing role which part of the Common ICT LoD2 Controls Execution Platform (CICEP) under Group RISK ORM Network team. The candidate will be part of The Banks 2nd line of defense function, and they will be responsible for testing the deployment, and effectiveness of the IT and Cyber controls globally. The position is based in India Solutions Pvt. Ltd. (ISPL), Mumbai and reports to the Head of CICEP (India CoE), plus functionally to Group Head of ICT Controls Testing. Key success of the CICEP relies on building trusted partnerships with stakeholders and particularly with the ORM Network community and globally, with all entities of the Group. Responsibilities Direct Responsibilities Perform the independent testing of ICT controls (ITGC controls testing) to determine the design effectiveness, and operating effectiveness of IT and Cyber controls. Contribute to the industrialization and automation of RISK ORM ICT control testing services by development of methodologies / tools for the achievement of assignments. Draft high-quality reports containing the assessors opinion on the ICT control gaps, and recommendations for improvement, post completion of an assignment. Review and assist with the evaluation of control deficiencies and provide practical recommendations for remediation. Identify areas of improvement for ICT control testing and assist with the enhancement of the methodologies / tools for carrying out the ICT controls testing assignments. Ensure completion of the testing and adherence to the internal timelines. Provide IT and cyber risk management consultancy (specific to ICT controls) to business and IT stakeholders. Work in collaboration with other stakeholders from business and RISK ORM teams to contribute towards influencing the ICT risk culture of The Bank. Improve the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities Contributing Responsibilities Collaboration at the India CoE level with Head of India CoE, including but not limited to the CoE level reporting requirements Effectively contribute to the CoE, RISK India Hub and ISPL on Group mandates, Objectives and priorities Help and contribute to build the CoE as a positive place to work Technical & Behavioral Competencies S, EXPERIENCE AND COMPETENCIES Skills Required 3-6 years of experience in IT audit / ITGC controls testing / technical assessments, preferably in the areas of Cyber and Technology domains in a financial institution. Must be able to interface and coordinate work efficiently, and effectively with business partners. Excellent analytical skills being able to come to a thoughtful and business focused conclusion quickly. Good communication, listening and influencing skills, including ability to articulate complex issues and incorporate feedback. Ability to manage their workload independently to meet their targets, and priorities set in conjunction with management. Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done. Being rigorous and thorough especially when logging and tracking issues through to conclusion. Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business. Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework. Team player focus on the success of the whole team. Working well both with others, as well as individually. Ability to work under strict timelines and at pressure situations to manage the delivery. Open to work under global time zones as required for workshops or stakeholder discussions. Skills Preferred Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements. Is self-aware, anticipates problems, adapts and meets them head on. Strong stakeholder management, relationship building, influencing, facilitating and presenting skills. Is solutions focused measures their output on whether issues, problems or challenges are resolved as a criteria for success. Competencies: University degree (technical), and/or certification such as ISO27001, CISA. Professional qualifications/trainings relevant to technology and/or cyber risk (e.g. change management, outsourcing, vulnerability management, cloud security etc.). Conduct: Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure. Specific Qualifications (if required) University degree (technical), and/or certification on Risk Management Skills Referential Behavioural Skills(Please select up to 4 skills) Attention to detail / rigor Ability to deliver / Results driven Ability to synthetize / simplify Ability to collaborate / Teamwork Transversal Skills: (Please select up to 5 skills)Ability to anticipate business / strategic evolutionAbility to develop and adapt a processAbility to set up relevant performance indicatorsAnalytical AbilityAbility to develop and leverage networksEducation Level:Bachelor Degree or equivalentExperience LevelAt least 3 years Other/Specific Qualifications (if required) Professional qualifications/trainings relevant to Information Security, Risk Management (ISO 27001, ISO 3100, CISA) preferred

Job Family : Coding OP (India) Travel Required : None Clearance Required : None Responsibility Accurately transforms medical diagnoses and procedures into designated alphanumerical codes in ICD-10-CM , CPT and HCPCS codes. Ensure that the daily coding volumes for the team are turned around accurately within the specified Turnaround Time. Checking input volumes allotted by TL Coding reports as per client guidelines and coding guidelines by maintaining operational quality and productivity. Regular interaction with TL and getting feedbacks. This position requires that one performs well independently and in a collaborative manner with their entire coding team. Understands in detail the workflow, procedures and specific criteria for the assigned client. Ensures he/she meets the monthly target with above 95% accuracy consistently Attend the Weekly QA / Team meetings without fail and respond in two way communication with the Quality analyst/Team Lead. Shall understand and abide by the organizations information security policy and protect the confidentiality, integrity and availability of all information assets. Shall report incidents related to security of information to concerned authorities. What You will do: Accurately transforms medical diagnoses and procedures into designated alphanumerical codes in ICD-10-CM , CPT and HCPCS codes. Ensure that the daily coding volumes for the team are turned around accurately within the specified Turnaround Time. Checking input volumes allotted by TL Coding reports as per client guidelines and coding guidelines by maintaining operational quality and productivity. Regular interaction with TL and getting feedbacks. This position requires that one performs well independently and in a collaborative manner with their entire coding team. Understands in detail the workflow, procedures and specific criteria for the assigned client. What You will need Minimum Qualification Any Life science, Paramedical Graduates and Postgraduates Minimum Experience and skills Minimum Experience: 1-2 years experience. A valid certification from AAPC or AHIMA Basic Skill set: Strong ability to interpret medical records of the patients in different specialties. What Would be Nice to Have Ability to communicate, have excellent interpersonal, listening skills and organizational skills. Ability to work with speed and accuracy. Good analytic skills and expertise to be proficient in accurately coding medical records utilizing ICD-10-CM and CPT conventions especially emergency room coding, exposure to radiology , ancillary work types, Denial work types.

Job Family : Coding OP (India) Travel Required : None Clearance Required : None Responsibility Accurately transforms medical diagnoses and procedures into designated alphanumerical codes in ICD-10-CM , CPT and HCPCS codes. Ensure that the daily coding volumes for the team are turned around accurately within the specified Turnaround Time. Checking input volumes allotted by TL Coding reports as per client guidelines and coding guidelines by maintaining operational quality and productivity. Regular interaction with TL and getting feedbacks. This position requires that one performs well independently and in a collaborative manner with their entire coding team. Understands in detail the workflow, procedures and specific criteria for the assigned client. Ensures he/she meets the monthly target with above 95% accuracy consistently Attend the Weekly QA / Team meetings without fail and respond in two way communication with the Quality analyst/Team Lead. Shall understand and abide by the organizations information security policy and protect the confidentiality, integrity and availability of all information assets. Shall report incidents related to security of information to concerned authorities. What You will do: Accurately transforms medical diagnoses and procedures into designated alphanumerical codes in ICD-10-CM , CPT and HCPCS codes. Ensure that the daily coding volumes for the team are turned around accurately within the specified Turnaround Time. Checking input volumes allotted by TL Coding reports as per client guidelines and coding guidelines by maintaining operational quality and productivity. Regular interaction with TL and getting feedbacks. This position requires that one performs well independently and in a collaborative manner with their entire coding team. Understands in detail the workflow, procedures and specific criteria for the assigned client. What You will need Minimum Qualification Any Life science, Paramedical Graduates and Postgraduates Minimum Experience and skills Minimum Experience: 3-7 years experience. A valid certification from AAPC or AHIMA Basic Skill set: Strong ability to interpret medical records of the patients in different specialties. What Would be Nice to Have Ability to communicate, have excellent interpersonal, listening skills and organizational skills. Ability to work with speed and accuracy. Good analytic skills and expertise to be proficient in accurately coding medical records utilizing ICD-10-CM and CPT conventions especially emergency room coding, exposure to radiology , ancillary work types, Denial work types.

Job Family : Coding OP (India) Travel Required : None Clearance Required : None Responsibility Accurately transforms medical diagnoses and procedures into designated alphanumerical codes in ICD-10-CM , CPT and HCPCS codes. Ensure that the daily coding volumes for the team are turned around accurately within the specified Turnaround Time. Checking input volumes allotted by TL Coding reports as per client guidelines and coding guidelines by maintaining operational quality and productivity. Regular interaction with TL and getting feedbacks. This position requires that one performs well independently and in a collaborative manner with their entire coding team. Understands in detail the workflow, procedures and specific criteria for the assigned client. Ensures he/she meets the monthly target with above 95% accuracy consistently Attend the Weekly QA / Team meetings without fail and respond in two way communication with the Quality analyst/Team Lead. Shall understand and abide by the organizations information security policy and protect the confidentiality, integrity and availability of all information assets. Shall report incidents related to security of information to concerned authorities. What You will do: Accurately transforms medical diagnoses and procedures into designated alphanumerical codes in ICD-10-CM , CPT and HCPCS codes. Ensure that the daily coding volumes for the team are turned around accurately within the specified Turnaround Time. Checking input volumes allotted by TL Coding reports as per client guidelines and coding guidelines by maintaining operational quality and productivity. Regular interaction with TL and getting feedbacks. This position requires that one performs well independently and in a collaborative manner with their entire coding team. Understands in detail the workflow, procedures and specific criteria for the assigned client. What You will need Minimum Qualification Any Life science, Paramedical Graduates and Postgraduates Minimum Experience and skills Minimum Experience: 3-6 years experience. A valid certification from AAPC or AHIMA Basic Skill set: Strong ability to interpret medical records of the patients in different specialties.

Grade H - Office/ CoreResponsible for supporting software / platform engineering activities (depending on specialism), working with users to capture requirements, using sound technical capabilities to lead the design, development and maintenance of the relevant systems and ensuring compliance with the relevant standards. Specialisms: Software Engineering; Platform Engineering. Entity: Technology IT&S Group Job Description: Work location Pune Experience- 8- 10 years (excluding internship), Required 4-5 years of experience in Azure You will work with A multi-disciplinary squad, engaging enterprise platform teams, data platform teams, vendors, third party resources in resilient and optimal operations of one or more business critical platform. Let me tell you about the role As a site reliability engineers, we will be responsible for building, maintaining and operating the software solutions, infrastructure and services that powers technology platforms. In this role, we work with a team of engineers and team members to ensure that the digital solutions are highly available, scalable, and secure and will be responsible for automating routine tasks, improving the solutions performance, and providing technical support to other teams. What you will deliver Ensure the reliability, performance, and scalability of large-scale, cloud-based applications and infrastructure. Creating automated solutions to improve operational aspects of the site. Ensure that applications and websites run smoothly and efficiently. Detect issues and automatically managing failures to keep systems up and running. Work with software developers, engineers, and operations teams to improve system performance. Analyse incidents to prevent future disruptions. What you will need to be successful (experience and qualifications) Technical skills A bachelors degree in computer science, engineering, or a related field or equivalent work experience. Relevant certifications (e.g., Azure cloud engineering, fundamentals, DevOps, architect certifications) can be helpful. Knowledge of networking concepts, protocols, and tools, willingness to learn new technologies and adapt to changing environments. Skilled in managing configuration, deployments, observability, handling and resolving incidents, including root cause analysis, managing and operating complex systems for scalability, availability and performance. Proficient in communication and collaboration skills to work effectively with development and operations teams. Software skills Skilled in languages like Python, Go, Java, or Ruby, and scripting skills in Bash or PowerShell. Skilled in software engineering practices for full SDLC, including coding standards, code reviews, source control management, continuous deployments (e.g., Jenkins, GitLab CI, or CircleCI), testing, and operations. Skilled in building complex software systems end-to-end which have been optimally delivered and operated in production, should understand security and privacy standard methodologies as well as how to properly monitor, log, and alarm production systems. Infrastructure skills Skilled knowledge of Linux/Unix systems, including system configuration, networking, and debugging. Expert in building and scaling infrastructure services using Microsoft Azure Skilled with infrastructure tools like Ansible, Puppet, Chef, or Terraform for infrastructure as code, monitoring tools (e.g., Prometheus, Grafana) and logging systems (e.g., ELK stack). Skilled in the understanding of using core cloud application infrastructure services including identity platforms, networking, storage, databases, containers, and serverless Skillful knowledge of databases, such as relational, graph, document, and key-value, including performance tuning and improvement Skills that set you apart Possess a passion for mentoring and coaching engineers in both technical and soft skills About bp Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner! We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Additional Information We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. Even though the job is advertised as full time, please contact the hiring manager or the recruiter as flexible working arrangements may be considered. Travel Requirement Negligible travel should be expected with this role Relocation Assistance: This role is eligible for relocation within country Remote Type: This position is a hybrid of office/remote working Skills: Agility core practices, Agility core practices, Analytics, API and platform design, Business Analysis, Cloud Platforms, Coaching, Communication, Configuration management and release, Continuous deployment and release, Data Structures and Algorithms (Inactive), Digital Project Management, Documentation and knowledge sharing, Facilitation, Information Security, iOS and Android development, Mentoring, Metrics definition and instrumentation, NoSql data modelling, Relational Data Modelling, Risk Management, Scripting, Service operations and resiliency, Software Design and Development, Source control and code management {+ 4 more}

Position Purpose RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 PolesRISK ORM Framework, RISK ORM Technology & Transversal Risks and RISK ORM Network. Under the authority of the Poles Manager, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Groups operational entities (Poles, Business Lines, Functions, Transversal Activities). In this context, theCommon Outsourcing Controls Execution Platform (COCEP),whose missions are presented below, reports hierarchically to theGroup Head of ICT Controls Testing. He/she: Contributes to protect the Bank by securing the oversight of the completeness and quality of the outsourcing register (360 RiskOp Arrangement module) to guarantee an accurate oversight of outsourcing arrangements and their characteristics, Assures the accuracy and data quality of regulatory reporting (e.g., CASPER) and notifications (e.g., IMAS), Ensures the homogeneity, the robustness and effectiveness of the outsourcing controls executed by the LoD1 by implementing LoD2 controls execution platform across Poles and Functions, Facilitate and pilot outsourcing operational risk management framework.Key success of the COCEP relies on building trusted partnerships with stakeholders and particularly with the RISK ORM Framework, TPRM and Network community and globally all entities of the Group. Responsibilities Direct Responsibilities The COCEP Outsourcing Risk Officer contributes to identify and reduce risks on activities delegated to third-party service providers and thus improves the efficiency of the overall activities for the Bank. Key missions of role - Outsourcing Risk (COCEP) Oversee the process of the outsourcing register data quality of regulatory reporting:o Define the process to remediate data quality anomalies for CASPER regulatory reporting,o Perform cross-business consistency analysis to identify inconsistencies or incorrect qualifications in the register,o Identify any inconsistencies between the outsourcing register critical outsourcing arrangements data and IMAS portal,o Build a process to ensure consistency between the outsourcing register and the exit strategy standard documentation (e.g., alignment between the exit plan and the outcome of assessment of the service providers substitutability, the substitutability modality, and the time-of-service providers substitutability). Verify the compliance of outsourcing regulatory documentation:o Build a process and perform the verification, with the related OROs, of the alignment between the draft record in IMAS portal and the content of the notification template submitted at the Validation Committee,o Build a process and perform the verification, with the related OROs, that the exit strategy documentation is available and compliant with the Group format. Execute LoD2 controls on outsourcingGCL (RISK0418):o Define a process to industrialise the LOD2 control reviews on outsourcing.o Perform the defined LoD2 controls plan, share the results with the related OROs and ensure that the related potential permanent control actions plans are recorded in 360 RiskOp. Facilitate and pilot outsourcing operational risk management framework:o Define a process to industrialise the periodic report analysing the outsourcing operational risk management including the data quality indicators improvements and the LoD2 controls results analysis,o Monitor indicators results, and cascade as appropriate to ORO Poles and Functions,o Define and produce operational reporting (link with RISK ORM COE ISPL reporting stream).TheCOCEP Outsourcing Risk Officer reports totheGroup Head of ICT Controls Testing, and locally to the Head of RISK ORM India CoE. He/she actively collaborates with RISK ORM Framework and Technology & Transversal risks teams and works with the operational risk officers (ORO), outsourcing coordinators, operational permanent controllers (OPC), and subject matter experts (SME). Scope covered and organisation. The scope applies to all entities for which RISK ORM acts as a second line of defence.In addition to the elements of this document, the outsourcing framework, generic control libraries (GCL) and the operational role of the OROs, are notably described in the procedures, "Second line of defences roles and responsibilities on the operational risk management framework (RISK0401), LoD2 control activities on the LoD1 control framework (RISK 0414), Group Policy pertaining to Outsourcing Risk Management Framework (RISK0417), Generic Control Library relating to outsourcing risks (RISK0418) and ORO Role and Responsibilitiesin the outsourcing process(ORM0005).Lastly, the legal and regulatory requirements of third-party risk management are notably, EBA guidelines on Outsourcing Arrangements, EU DORA, UK PS7/21, UK SS2/21, Solvency II, US FDIC-OCC guidance on third party relationship risk management. Contributing Responsibilities Collaboration at the India CoE level with Head of India CoE, including but not limited to the CoE level reporting requirements Effectively contribute to the CoE, RISK India Hub and ISPL on Group mandates, Objectives and priorities Help and contribute to build the CoE a positive place to work Technical & Behavioral Competencies S, EXPERIENCE AND COMPETENCIES To meet the requirements of this position, theCOCEP Outsourcing Risk Officerwill be expected to have a good fluency in risk analysis and monitoring, acquired through professional experience in a team in charge of operational processes or executing operational risk activities in the first or second line of defence.oreover, general knowledge of LoD2 control management, third-party risk management, analysis and monitoring will be sought given the importance of technology in Group's business processes.We expect theCOCEP Outsourcing Risk Officerto have good relationship skills to efficiently work in a group / a team / a community, qualities of communication to be able to bring his/her interlocutors to decision-making and relay key messages, the ability to mobilise his/her direct and indirect network, and a good sense of responsibility and commitment.Last, a good analytical skills, a solid critical mind, the capacity to synthesize / simplify, to communicate orally and in writing, to animate meetings and committees, to challenge the existing and propose solutions (change management), to be pragmatic in analysis and action, to work in collaborative mode in a changing environment with respect of the deadlines, to be rigorous, will allow the newcomers in the COCEP team to take on his/her new appointment in the best conditions.Skills Preferred Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements. Is self-aware, anticipates problems, adapts and meets them head on. Strong stakeholder management, relationship building, influencing, facilitating and presenting skills. Is solutions focused measures their output on whether issues, problems or challenges are resolved as a criteria for success. Conduct: Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure. Specific Qualifications (if required) University degree (technical), and/or certification on Risk Management Skills Referential Behavioural Skills(Please select up to 4 skills) Attention to detail / rigor Ability to deliver / Results driven Ability to synthetize / simplify Ability to collaborate / Teamwork Transversal Skills: (Please select up to 5 skills)Ability to anticipate business / strategic evolutionAbility to develop and adapt a processAbility to set up relevant performance indicatorsAnalytical AbilityAbility to develop and leverage networksEducation Level:Bachelor Degree or equivalentExperience LevelAt least 3 years Other/Specific Qualifications (if required) Professional qualifications/trainings relevant to technology and/or Outsourcing Risk, Risk Management ,Information Security, Operational Risk, Cloud Security)

Vice President (VP1) - Head of Common ICT LOD2 Controls Execution Platform - CICEP Position Purpose RISK Operational Risk Management (RISK ORM), created early 2021 to oversee operational risks within the mandate of the RISK function, is organised, under the responsibility of the Group Chief Operational Risk Officer (Group CORO), around 3 Poles: RISK ORM Framework, RISK ORM Technology Transversal Risks and RISK ORM Network. Under the authority of the Poles Managers, RISK ORM Network is made up of all the Operational Risk Officers (OROs) acting as the second line of defence (LoD2) within the Groups operational entities (Poles, Business Lines, Functions, Transversal Activities). In this context, the Common ICT LOD2 Controls Execution Platform (CICEP), reports hierarchically to the Group Head of ICT Controls Testing. The Head of CICEP, India CoE, ensures the homogeneity, the robustness and effectiveness of the ICT controls executed by the LoD1 by implementing LoD2 controls execution platform across Poles and Functions. The position is based in India Solutions Pvt. Ltd. (ISPL), Mumbai and reports to Head of RISK ORM Network, India CoE, plus functionally to Group Head of ICT Controls Testing. Responsibilities Lead the delivery of the COE CICEP India team (including his/her missions) dedicated to: o Performing the LOD2 check and challenge on the execution of ICT controls (verification, re-performance, direct controls testing) requiring technical and business expertise. o Determining the design effectiveness, and operating effectiveness of IT and Cyber controls. o Review and assist the team with the evaluation of control deficiencies and provide practical recommendations for remediation. o Drafting high-quality reports containing the risk assessors opinion on the ICT control gaps, and recommendations for improvement, post completion of an assignment. o Ensuring completion of the testing LOD2 reviews and adherence to the validated internal timelines. Contribute to the maturity of the services provided by the CICEP platform by: o Enhancing the CICEP methodology and tools required to perform the ICT control reviews. o Identifying the areas of improvement (lessons learned) for ICT control reviews and proactively working with the relevant stakeholders to implement these enhancements. o Proactively supporting the standardisation of practises (workpapers, reports, templates etc.) across the CICEP platform (India and Portugal). Proactively contributes to the usage and enhancement of Group methodologies and tools for LOD2 control testing reviews. Provides upon request of business or the Operational Risk Officer(s), provides advice on ICT controls related to IT and cyber risk management. Actively participates in the monitoring of the LOD2 ICT control results, and their reporting to senior management. Works in collaboration with other stakeholders from business and RISK ORM teams to contribute towards influencing the ICT risk culture of The Bank. Improves the effectiveness of the Internal Controls programme by reviewing the control environment, risk assessment process, control activities, information and communication and monitoring activities. Deliver quarterly CICEP KPI report in a timely and accurate manner, working in conjunction with the functional and the CoE managers. Manage the growth, productivity and efficiency of the CICEP platform and ensure a good continuity of its services. Provide, at least once a year for the European Supervisor, a regular and complete analysis and of the ICT Lod2 control highlighting key messages for the General Management. Contributing Responsibilities Collaborates at the India CoE level with Head of India CoE, including but not limited to the CoE level reporting requirements. Effectively contributes to the CoE, RISK India Hub and ISPL on Group mandates, objectives and priorities. Lead by example, demonstrating effective Leadership in the CICEP team leading to CoE as a positive place to work in conjunction with the Head of India CoE. Participates to the recruitment for the CoE. Technical Behavioral Competencies SKILLS, EXPERIENCE AND COMPETENCIES Skills Required 7+ years of experience in IT audit / ITGC controls testing / technical assessments, preferably in the areas of Cyber and Technology domains in a financial institution. Ability to manage the team and its workload independently to meet their targets, and priorities set in conjunction with management. Must be able to interface and coordinate work efficiently, and effectively with business partners. Excellent analytical skills being able to come to a thoughtful and business focused conclusion quickly. Good communication, listening and influencing skills, including ability to articulate complex issues and incorporate feedback. Demonstrating a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Adapting personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done. Being rigorous and thorough especially when logging and tracking issues through to conclusion. Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business. Ability to express views clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate. Works iteratively, delivering quickly and frequently to produce high quality documents and outputs which require little to no rework. Team player focus on the success of the whole team. Working well both with others, as well as individually. Ability to work under strict timelines and at pressure situations to manage the delivery. Open to work under global time zones as required for workshops or stakeholder discussions. Skills Preferred Team management capabilities. Has the proven ability to think outside of the box, challenge industry norms and adapt quickly to evolving requirements. Is self-aware, anticipates problems, adapts and meets them head on. Strong stakeholder management, relationship building, influencing, facilitating and presenting skills. Is solutions focused measures their output on whether issues, problems or challenges are resolved as a criteria for success. Competencies: University degree (technical), and/or certification such as ISO27001, CISA. Professional qualifications/trainings relevant to technology and/or cyber risk (e.g. change management, outsourcing, vulnerability management, cloud security, etc.). Conduct: Consider the implications of your actions on colleagues, partners and clients before making decisions, and escalate issues to your manager when unsure. Specific Qualifications (if required) Bachelors degree, and certification in Information Systems Skills Referential Behavioural Skills : (Please select up to 4 skills) Attention to detail / rigor Ability to deliver / Results driven Ability to deliver / Results driven Ability to collaborate / Teamwork Transversal Skills: (Please select up to 5 skills) Ability to develop others improve their skills Ability to inspire others generate people's commitment Ability to set up relevant performance indicators Analytical Ability Ability to develop and leverage networks Education Level: Bachelor Degree or equivalent Experience Level At least 12 years Other/Specific Qualifications (if required) Professional qualifications/trainings relevant to Information Security, Risk Management is a strong plus (ISO 27001, ISO 31000, CISSP, CRISC, CISM, CISA, CCSP) preferred.

Position Purpose The BNP Paribas Fortis IT department is working in Agile mode, which offers a challenging and motivating environment where teams and employees are empowered to manage their own technical domain. You will work in the IT Security Production Tribe, within the squad Responsibilities Direct Responsibilities The candidate will guarantee the respect of asset information security and ensure correct implementation of the security model. The mission of the IAM Asset Security Consultant is to define and promote the Asset Modeling (AM) frameworks for coordinating and planning a service oriented approach: Taking ownership about the AM process and keeping it updated/improved. Ensuring that the necessary AM procedures exist, are communicated and used by the security community Provide guidance, training and support to the security community in the implementation and operation of the security modelling; Assist and advice the Asset Business responsible and IT developers in defining logical & technical permission management inside the assets (applications, packages, systems, file shares, ). Assess, challenge and validate request to change security on assets according the Information Security Policy Execute daily checks to keep the overall asset models under control Technical & Behavioral Competencies Mandatory: + 2 years experience in security technology and processes (Identity & Access Management aspects, Segregation of Duties, Role Based Access Control) Knowledge of the Information Security Standards & Frameworks Preferable: Expertise in MS Active Directory OR Websphere OR Mainframe OR Linux/Unix OR Oracle OR Cloud computing + experience with MS Excel and SQL requests. Specific Qualifications (if required) Agile environment Follows the Customer processes for projects, incident and change management. Being standalone and team worker, analytical minded, meet commitment, ability to work in a dynamic and multi-cultural environment, flexible, customer-oriented, understand risk awareness. Motivated self-starter, process-oriented with high attention to detail Quick self-starter, pro-active attitude. Good communication skills, Good analytical and synthesis skills. Autonomy, commitment, and perseverance. Ability to work in a dynamic and multicultural environment. Flexibility (in peak periods extra efforts may be required). Open minded and show flexibility in self-learning new technologies/tools. You are customer minded and can translate technical issues into non-technical explanations. You are always conscious about continuity of services. You have a very good team spirit and share your knowledge and experience with other members of the team. Working in collaboration with team. Client-oriented, analytical, initiative oriented and able to work independently. Be flexible and ready to provide support outside of Business hours (on-call). Able to take additional responsibility. Able to work from base location Chennai/Mumbai (Whichever is your base location) during hybrid model. You are flexible and ready to provide support outside of Business hours (on-call). Skills Referential Behavioural Skills : (Please select up to 4 skills) Ability to collaborate / Teamwork Communication skills - oral & written Organizational skills Client focused Transversal Skills: (Please select up to 5 skills) Ability to understand, explain and support change Ability to develop and adapt a process Ability to anticipate business / strategic evolution Analytical Ability Ability to manage a project Education Level: Bachelor Degree or equivalent

Position Purpose This position would be responsible to serve as technical subject matter expert and provide consulting support to architects and engineers on application integration. Also they work with L2 support resources when they need technical help on major issues. Responsibilities Direct Responsibilities Defining technical architecture, process solutions. Providing consultation services for IT risk. Understanding of end to end process of Account/Session/Password management on various platforms such as windows, Unix, database, applications, appliances. Checks to be performed on CPM password failures, plugin Creation/Modification, New Connectors/Dispatchers(Webform/AutoIT/Tool Based) Knowledge on Audit & Monitoring , Backup Restoration User Management, Auto Provisioning/ Deprovisioning Vault and Component Servers Health, Configuration Management, DR Switch/Drill CyberArk Upgrade/Enhancement and Migration Notification Settings, SMTP Management API/Ansible/Automations, Scripts/Jobs/Calls Assisting & Developing the Delivery of complete CyberArk Infrastructure & the corresponding functionalities. Stay Up-to-date with the latest CyberArk features , updates and industry best practices. Document SOP , System configurations and Incident report management. Regular applying of the CyberArk patches as per bulletin. Owning the P1 incidents applying the right RCA approach. Implement Change request with proper ticketing mechanism and stake holder communications. Implement enhancement in monitoring/alerting solutions, develop scripts for house keeping. Contributing Responsibilities Perform trending & root cause analysis of issues Support and management of system outages via the published major incident management process. Analyse automation failures, identify root cause of failure and work internally/with Vendor to fix the issue. Attend Major Incident Management calls related to outages and complex technical issues needing interaction with multiple teams. Attend conference calls opened by applications team for complex technical issues. Understand the urgency, priority and gravity of the situation and accordingly maintain two-way communication. Should be able to take decisions during major incidents, outages on matters related to service degradation and managing communications to impacted stakeholders. Be able to supplement with a rationale for decisions taken. Create and support policies, standards and processes. Technical & Behavioral Competencies a) Should have strong understanding on Plugin and PSM Connector development to manage the password for different applications. b) Integrating various platforms with CyberArk, such as different LDAP providers, Windows Servers, UNIX Servers, Databases and networking Devices; Experience in LDAP directory structures preferably CA Directory c) Experience with Windows/ UNIX platforms in large heterogeneous environment. d) Should also has a strong background in Information Security principles and controls. e) Fluent in English language (verbal, reading and writing) Specific Qualifications (if required) B.E. (Comp/ECE/EEE) / MCA/ MSc IT Skills Referential Behavioural Skills : (Please select up to 4 skills) Ability to collaborate / Teamwork Attention to detail / rigor Client focused Communication skills - oral & written Transversal Skills: (Please select up to 5 skills) Ability to understand, explain and support change Analytical Ability Ability to manage / facilitate a meeting, seminar, committee, training Choose an item. Choose an item. Education Level: Bachelor Degree or equivalent Experience Level At least 10 years

Role & responsibilities Maintain web application security scanning and mitigation/remediation practices Secure Coding practise expertise, dashboarding , Static and dynamic code scanning tools and methodologies Preferred candidate profile Data Analysis, plus basic SOC understanding

About Toast Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. Because our technology is purpose-built for restaurants, our customers trust that we will deliver on their needs today while investing in innovative experiences that will power the future of the industry. About this roll*: We are seeking a strategic and experienced leader to manage our Corporate Security and Governance, Risk, and Compliance functions in India. You will lead and grow both teams, strengthen our security posture, drive compliance with industry frameworks, and support enterprise risk efforts, while partnering closely with global stakeholders on key initiatives. What you will do: Corporate Security: Provide leadership and oversight to the CorpSec team, ensuring the implementation of best practices across endpoint protection, vulnerability management, and threat mitigation. Guide the design and management of a secure enterprise endpoint strategy, ensuring the CorpSec team aligns with policy and compliance requirements. Supervise the CorpSec team in conducting vendor risk assessments and coordinate with global stakeholders to drive remediation activities. Oversee the management of secure email gateway and Data Loss Prevention (DLP) systems, ensuring the CorpSec team enforces data protection and policy compliance across all endpoints (Windows, macOS, Linux). Manage endpoint investigations and root cause analysis, directing the CorpSec team to collaborate with the SOC for integrating telemetry into SIEM platforms (e.g., Splunk, Datadog). Ensure the CorpSec team maintains documentation, SOPs, and training resources, and oversees the delivery of awareness sessions to improve endpoint hygiene. Stay informed on emerging threats to provide strategic guidance to the CorpSec team for enhancing threat detection and response capabilities. Governance, Risk, and Compliance (GRC): Oversee the development and maintenance of GRC frameworks (SOC 2, PCI DSS, ISO 27001), ensuring the Technical GRC team aligns with global standards and maintains ongoing compliance. Manage the review process for third-party security attestations (e.g., SOC 2, ISO 27001) and guide the Technical GRC team in assessing vendors in collaboration with Legal, Procurement, and IT. Supervise periodic vendor risk reviews, ensuring the Technical GRC team identifies gaps and drives remediation plans effectively. Partner with internal audit and external assessors to support security evaluations and regulatory alignment. Provide oversight for regular reporting on compliance posture, risk trends, and incident metrics to senior stakeholders, ensuring the Technical GRC team delivers accurate and timely updates. Team Leadership and Development: Provide leadership and mentorship to the Corporate Security and GRC teams in India, fostering a high-trust, collaborative environment. Recruit, train, and grow security talent to build a resilient, high-performing organization. Set performance goals, conduct evaluations, and support team members' ongoing development. Do you have the right ingredients*? Bachelor’s in Computer Science, InfoSec, or related field (Master’s preferred). Industry certifications like CISSP, CISM, or CEH are strongly preferred. 10+ years in cybersecurity, with hands-on experience in vulnerability management, compliance automation, and GRC. Strong understanding of SOC operations, incident response, and security tooling (SIEM, IDS/IPS, WAF). Proven leadership experience managing distributed security teams in dynamic environments. Skilled in communication, collaboration, and team development. Deep knowledge of compliance frameworks (e.g., SOC 2, PCI DSS, ISO 27001) and regulatory expectations.

Role & responsibilities Job Description: Reporting to the Sr. Manager Insider Risk, the Investigations Analyst is a member of a team responsible for the ongoing assessment, triage and investigation of Insider Risk events within the UEBA platform. The Investigations Analyst is responsible for the identification of events involving training integrity matters, Data Loss, misuse of network access or breaches of the Acceptable Use Policy. The Investigations Analyst will work directly with the Sr. Manager of Insider Risk to assess and escalate incidents identified and collaborate with stakeholder to remediate the issues identified. The Investigation Analyst will also support ethics investigations by identifying and collecting digital forensic evidence within various platforms as required. Accountabilities Identify, assess, and escalate findings relating to insider risk events involving misuse of PwC assets, data exfiltration, mass deletion or aggregation of data. A key area of focus will be on training integrity alerting within the risk tool, which looks at behaviours consistent with answer sharing as well as technical investigation support. Work with the Sr. Manager, Insider Risk to escalate and remediate positive findings, recommend strategic security solutions and security control improvements specific to enhancing the identification of data security events. Major Responsibilities Provide 3 -5 major responsibilities of the role and identify key activities within each area. Indicate the percentage (%) of time normally spent on each major responsibility with the total equaling 100%. Investigation Management (70%) Review, triage and investigation system alerts for Training Integrity matters Review, triage and investigation endpoint alerts in the Insider Risk platform Monitor and assess potential Data Loss incidents as they arise Assess, summarize, and escalate potential breaches to management Assisting with related queries into high-risk employees for potential data loss, nefarious activities Assist with the development of other operational/project documentation Provide support to other teams within the broader Risk Management, as needed Document incidents in PwCs case management system Participate in annual audit and compliance testing Generate monthly/quarterly reports and create dashboards for leadership Support Ethics investigations related to monitoring and evidence collection Project Management (20%) Manage Insider Risk platform and write Jira script for correlation rules as required Develop and improve processes and procedures for data protection activities Provide support on ad-hoc project work Other Tasks and Responsibilities as assigned (10%) Assist with special projects for the team as required

A. Job Qualifications Necessary: Education: Bachelor's degree in Cybersecurity, Computer Science, Information Security, or a related field Experience: 5+ years of experience in information security, including roles as a Security Analyst and/or Security Engineer. Experience with secure coding practices, code reviews, and security testing. Experience with static and dynamic code analysis tools. Experience with CI/CD pipelines and integrating security into DevOps processes. Certifications: Relevant certifications such as CISSP, CEH, OSCP, or similar. Skills: Strong understanding of security principles, protocols, and best practices. Proficiency in security tools and technologies (e.g., Wiz, SonarQube, vulnerability scanners). Knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001, SOC2). Familiarity with the OWASP Top 10 vulnerabilities and mitigation strategies Understanding of NIST cybersecurity standards and frameworks (e.g., NIST CSF, NIST SP 800-53) Excellent analytical and problem-solving skills. Strong communication and collaboration skills. Ability to work independently and as part of a team.

As a Product Security Architect (Software, Hardware/Firmware) , you will be responsible for ensuring the security, integrity, and confidentiality of the hardware, software systems and applications developed by Luminous. You will work closely with development teams, project managers, and other stakeholders to design, implement, and maintain robust security measures and best practices throughout the software development lifecycle. Your primary objective will be to identify potential security vulnerabilities, define security requirements, and implement effective solutions to safeguard sensitive data and protect against cyber threats. Qualification/ Personal Attributes Qualification Bachelors / Master s degree in Computer Science, Information Security or similar Experience 8-10 years of experience in software & firmware security (for Web application, Mobile App in IoT domain) Proven experience as a Software & firmware Security Architect or in a similar role. In-depth knowledge of software security principles, secure coding practices, Database security and common security vulnerabilities. Drafting polices related to product security. Expertise in Cloud Security Experience in DevSecOps Experience with security testing tools and methodologies, including static code analysis, dynamic analysis, and penetration testing. Strong understanding of authentication and authorization protocols (e.g., OAuth, SAML, JWT) and encryption techniques. Familiarity with compliance standards such as OWASP, ISO 27001, NIST, and PCI DSS. Proven experience as an IoT Security Architect or a similar role with a focus on IoT security. Solid understanding of IoT architectures, protocols, and technologies. In-depth knowledge of IoT security principles, secure design patterns, and common IoT vulnerabilities. Experience with IoT security frameworks and industry standards (e.g., IoT Security Foundation, IEC 62443, NIST SP 800-53). Familiarity with IoT device security features (e.g., hardware security modules, Trusted Platform Modules). Strong understanding of network security and encryption technologies Excellent communication and collaboration skills to work effectively with cross-functional teams. Relevant certifications such as CISSP, CSSLP, or CISM are a plus. Team handling experience (with Pen tester, Security analyst & DevSecOps engineer) Skills & Attributes Problem-solving skills with a sharp analytical mind Capability to collaborate with cross functional teams/3rd parties Understanding the business side of the application An ardent researcher of market trends and technology evaluation Job Description Responsibilities 1. Security Architecture Design: Develop and design the security architecture for software applications and systems, taking into consideration various factors like scalability, performance, and usability while ensuring robust security measures. Create and maintain security policies, standards, and guidelines for the development and deployment of software applications. 2. Threat Modeling and Risk Assessment: Perform threat modeling and risk assessments for software projects to identify potential security risks and vulnerabilities. Collaborate with cross-functional teams to prioritize and address security issues based on the severity of risks. 3. Secure Coding Practices: Advise development teams on secure coding practices and conduct code reviews to identify and rectify security flaws. Promote the adoption of security-related best practices and coding standards across the development teams. 4. Security Testing: Plan and oversee security testing activities, including penetration testing, vulnerability scanning, and code analysis. Plan and oversee security testing activities for IoT devices and applications, including penetration testing and vulnerability assessments. Analyze and interpret the results of security testing and work with the development teams to address identified issues. 5. Authentication and Authorization: Design and implement strong authentication and authorization mechanisms to control access to software applications and data. Integrate industry-standard authentication and authorization protocols into the software systems. 6. Encryption and Data Protection: Ensure the appropriate use of encryption techniques to protect sensitive data at rest and in transit. Implement data protection mechanisms to safeguard the confidentiality and integrity of data. 7. Incident Response and Security Monitoring: Collaborate with the incident response team to develop incident response plans and participate in security incident handling and investigations. Implement security monitoring solutions to detect and respond to security incidents proactively. 8. Compliance and Governance: Support compliance audits and assessments related to software security. Stay up-to-date with industry security trends, regulations, and best practices to ensure compliance with relevant security standards. 9. IoT Data Security: Establish data security and privacy measures for IoT data storage, transmission, and processing. Implement encryption and data access controls to safeguard sensitive data collected by IoT devices. 10. Network Security for IoT: Design and implement secure communication protocols for IoT networks, ensuring data confidentiality and integrity. Implement network segmentation and access controls to isolate and protect critical IoT components.

Role: Microsoft Defender/MAC Endpoint Vulnerability Management Specialist Role Summary: He/She will be responsible for managing vulnerability remediation activities using Microsoft Defender, with a strong focus on endpoint security and management. Additionally, should possess expertise in Mobile Device Management (MDM) solutions such as Intune, and demonstrate advanced troubleshooting skills at the Windows OS level. Scripting knowledge is considered a plus. Location: Bangalore Preferred Duration: 3 Months(Extendable Project) Date : Immediate Joining also preferred Key Responsibilities: - Review vulnerabilities report, analyze the solutions available and execute vulnerability remediation activities using Microsoft Defender. - Collaborate with the Security Team to assess vulnerabilities and implement mitigation strategies. - Manage endpoint security configurations and policies through Microsoft Defender. - Implement solutions through Mobile Device Management solutions, Intune/WS1/SCCM. - Develop policies as required in collaboration with Product Owners and Security team. - Provide L3 level support for Windows OS-related issues. - Diagnose complex system problems and work towards resolution swiftly. - Utilize scripting languages (e.g., PowerShell) to automate or deploy solutions as needed. - Develop scripts to enhance monitoring capabilities or streamline solution deployment processes. - Maintain comprehensive documentation of processes, incidents, resolutions, and changes implemented. Qualifications: - Proven experience in managing Microsoft Defender Endpoint solutions. - Expertise in MDM tools like Intune/WS1/SCCM. - Strong troubleshooting skills at the Windows OS level. - Proficiency in scripting languages such as PowerShell. - Excellent analytical skills with attention to detail. - Strong communication skills; ability to collaborate effectively with cross-functional teams. - Ability to work independently while managing multiple priorities efficiently. - Work experience with monitoring tools like Nexthink is an advantage.onsibilities

NAB is looking for Security Assurance Consultant to join our dynamic team and embark on a rewarding career journey Undertake short-term or long-term projects to address a variety of issues and needs Meet with management or appropriate staff to understand their requirements Use interviews, surveys etc. to collect necessary data Conduct situational and data analysis to identify and understand a problem or issue Present and explain findings to appropriate executives Provide advice or suggestions for improvement according to objectives Formulate plans to implement recommendations and overcome objections Arrange for or provide training to people affected by change Evaluate the situation periodically and make adjustments when needed Replenish knowledge of industry, products and field

Company Description As a leading global investment management firm, AB fosters diverse perspectives and embraces innovation to help our clients navigate the uncertainty of capital markets. Through high-quality research and diversified investment services, we serve institutions, individuals, and private wealth clients in major markets worldwide. Our ambition is simple: to be our clients most valued asset-management partner. With over 4,400 employees across 51 locations in 25 countries, our people are our advantage. We foster a culture of intellectual curiosity and collaboration to create an environment where everyone can thrive and do their best work. Whether youre producing thought-provoking research, identifying compelling investment opportunities, infusing new technologies into our business, or providing thoughtful advice to clients, we re looking for unique voices to help lead us forward. If you re ready to challenge your limits and build your future, join us. Job Description Summary Requires full proficiency through job-related training and considerable on-the-job experience to perform a range of work assignments Completes a variety of atypical assignments, may help determine the appropriate approach for new assignments Works with a limited degree of supervision, with oversight focused only on complex new assignments Acts as an informal resource for colleagues with less experience. Team/Group Description Provide a brief overview of the team/group, including the core businesses and business functions and applications the group supports, or, if an enterprise-servicing group, what enterprise functions and applications it supports. Role Description We are seeking a Pune based Security Reference Management Analyst to join our Security Reference Management Team. We re looking for someone who in interested in learning the various attributes that make up a financial security used for investment purposes. Security Reference Management (SRM) provides financial security data on Fixed Income, Equities and Derivatives to internal Departments for the management of clients and fund investment activities. The security data is maintained within a security master system by SRM and then feeds downstream to other systems for trading, investment, risk and compliance used by our internal departments. Applications and business or enterprise functions the role supports The Finance Security Analyst for SRM will maintain two security master systems - CADIS for automated securities and APEX for manual securities. The Analyst will be experienced in using industry know vendors, such as Bloomberg, Interactive Data, CUSIP Web, and DTC. The Analyst will also be exposed to other internal downstream systems, such multiple Accounting Systems and Trading/Order Management systems. The Analyst will support the following internal Departments, but not limited to: Portfolio Management Group, Trade Support, Client Guidelines, Client Reporting, Private Client, Insurance Operations, Pricing & Valuation and Corporate Actions. On a daily basis the Analyst will use Microsoft Excel and Microsoft Office. Key job responsibilities include, but are not limited to Research, input and validate financial security data within SRM security master systems - CADIS and APEX. In doing so, the SRM Analyst will need to understand how and why the data is reflected the way it is in the system and update accordingly based on research they have performed. Maintain multiple workflows, such as Exceptions in CADIS, DART Requests (Direct Access Request Tracking application), E-Mail Requests. Support various accounts systems, such as Portfolio Management System, CAMRA and Global Plus to ensure financial security data is accurately represented. Work with internal Departments, such as Portfolio Management, Trading, Client Reporting, Performance, Research, Legal/Compliance to resolve discrepancies or challenges with our financial security data. Support a number of Quality Control Reports and data cleanup projects that may include credit ratings, industry classifications, accrual information, security identifiers, security description. Can document a process and create formal procedures. Work closely with Management and other Operational areas within AB to ensure integrity, accuracy, and consistency with our security data across multiple systems/databases. What makes this role unique or interesting (if applicable) ? An Analyst in this position will be exposed to every major Financial Instrument under Fixed Income, Equities and Derivatives, they will understand the makeup of the security, and how it impacts the overall business/investment activities. The Analyst will have an opportunity to work closely with various Department that support investment activities (i.e. Operations, front, middle and back office). Professional development value of this role (i.e., what learning and professional growth does the role offer the candidate?) An Analyst will be expected to manage their own career development but will receive Management feedback and learn from new and challenging assignments. They will have the opportunity to engage in Professional Development and Financial courses which will further their growth professionally and knowledge of the Industry. The Analyst, after performing at an expected level, will have the opportunity to engage in more analytical/project level work. Job Qualifications (The ideal candidate should have the following) Qualifications, Experience, Education & Skills Bachelor s degree in Finance, Accounting, Economics or another relevant discipline. Minimum of two years experience processing and validating data with a high level of attention to detail and accuracy. Has experience working with a Team, delivering projects and meeting time sensitive deadlines. Our Team Members typically have track records of outstanding professional performance or academic achievement, along with excellent analytical skills, financial skills, technical skills, strong communication skills. The candidate must be organized, detailed oriented, can interrupt financial security data, have the ability to work well under pressure, can work within in a Team and independently, and able to prioritize and handle multiple tasks in a fast-paced environment. The candidate should have strong ability to work and manage in a collaborative environment and to present results to both expert and non-expert audiences. Pune, India

This position is a member of the STRM - Security Threat and Response Management team which is responsible for Vulnerability Management, security monitoring and response functions for Mastercard, accounting for both physical and cyber security events. This team leads with the mission to provide overall stewardship of enterprise-grade application architecture & design within the context of holistic software development. This includes driving the architecture & design decisions and building consensus around it and supporting existing enterprise-level applications. The team leads the Security implementation related to customer access, employee access, and exploration of software architecture & technology innovations along with enabling excellence in the overall team. Design secure, reliable, and scalable solutions for globally distributed customer facing products. Collaborate closely with the global Solution Architecture & Engineering team to define principles and best practices Engage with wider Mastercard Architecture & Technology teams to ensure alignment on the wider technical strategies and policies within Mastercard Support development teams and work with stakeholders, promoting agile development Research, create and evaluate technical solution alternatives for the business needs using current and upcoming technologies and frameworks They are hands on all the time and collaborate by writing interfaces, tests; unit or acceptance and architecture fitness functions, outside of meeting rooms. Work with business/product owners to architect and deliver on new services to introduce new products and bundles Participate and contribute to team s agile process and decisions. Drive prioritization decisions and trade-offs in working with product partners Drive the architectural design, including dependent services, service interactions, and policies Contribute and lead Squad initiatives by engaging and mentoring Engineers at all levels to improve the craftmanship of Software Engineering Simplify and improve the cost/benefit of a function/service/architecture strategy Consult across teams and across organization lines to identify synergies and reuse opportunities Participate and contribute to Principal review architecture meetings and drive resolutions to enterprise-wide challenges and regulatory needs Conduct technical interviews for hiring engineering staff and raising the performance bar Technologies: - 1. Java, J2EE, micro services, RESTful APIs, Angular, Web Services, JavaScript, Docker 2. Framework - Spring -Spring Boot, Spring Data, Spring Batch, Spring REST, Spring Cloud, AOP, Hibernate 3. UI/UX frameworks and best practices -React, Angular. 4. API tooling and design best practices 5. Cloud and DevOps Architecture, especially via Pivotal Cloud Foundry 6. Databases - Oracle, SQL server, PostgreSQL, Cassandra, ElasticSearch 7. Tools - Eclipse or IntelliJ, Sonar, GIT, Maven, SQL Developer, Jenkins, CI/CD, Gatling. Experience with Software Vulnerabilities tools SCA/SAST/DAST will be plus. About You bachelors degree in information systems, Information Technology, Computer Science or Engineering or equivalent experience. Proficiency in software development languages, including but not limited to Java and Java-based frameworks (Spring, Spring Boot), React or Angular, and JSON. Demonstrated expertise in containerization, container orchestration, microservices, REST services, and cloud technologies, preferably Azure or AWS. Strong understanding of technology selection, system architecture, and full-stack development principles. Proven ability to deliver large-scale, complex software programs with measurable business impact. Skilled in performing code reviews, conducting troubleshooting and debugging, executing root cause analysis (RCA), and resolving coding errors. Practical experience with CI/CD pipelines to streamline development and deployment processes, docker containers & Kubernetes to Cloud platforms. Adept at mentoring developers and coaching teams on best practices, coding standards, and development methodologies. Exceptional analytical, presentation, and problem-solving skills to address challenges effectively. Strong communication abilities to collaborate across teams and articulate complex ideas clearly. Experience in coding Microservices in Java, building UI/UX, frameworks such as React, Angular, spring boot, RDBMS, Oracle and event driven architecture. Knowledge with Pivotal Cloud Foundry or any other cloud platform AWS or Azure or GCP is preferred. Has experience designing and implementing solutions focusing on the non-functional concerns - Performance, Scalability, Availability, Extensibility, Supportability, Usability Operate with urgency, fairness and decency to address challenges and solve for new opportunities. Capable of working under pressure - navigating complex initiatives, competing priorities and customer requirements. Familiar with cutting edge industry trends and thorough understanding of development methodologies and standards. Ability to manage objectives and pipelines, build business cases, define success metrics and interpret P&L to optimize the business. Has skills to promote and coach teams on take on full stack development and facilitate end-to-end service ownership, Has skills to engage engineers across Technology organization to promote standard software patterns and reuse of common libraries and services. Has skills to drive trade-off discussions to set right development capacity based on value drivers eg, regulatory, security, new business, market parity, technical debt Has experience in design and execution of automation across multiple business areas and provides guidance on best methods and tools. Has skills to succinctly articulate architecture patterns of complex systems, with business and technical implications, to executive and customer stakeholders. Experienced in agile and modern SDLC practices: Scrum/Kanban/Continuous Delivery/DevOps/Quality engineering, and the delivery situations they are used for Corporate Security Responsibility

The Senior Information Security Analyst has a significant role in realizing the vision of the strategy and ensuring that products and services are developed with the needs of our customers in mind. This role has significance in system stability analysis and using insight from customers and colleagues worldwide to improve financial services for families, small businesses, multinational corporations, and non-profit organizations. Role Responsibilities The SOC analyst is responsible for activities relating to monitoring and responding to security events. The SOC analyst receives research, triages, and documents all security events and alerts as they are received. This individual supports multiple security-related platforms and technologies, interfacing with others within the IT organization, as we'll as other internal business units and external customers/partners. Events will be generated from endpoints, networks, security information and event management (SIEM) systems, threat intelligence platforms, employees, third parties and other sources. Role Requirements 4+ years of professional experience and 3+ years of information security monitoring and response or related experience. Working experience in SOC s, EDR tool, Endpoint, WAF, Network Security (IPS/Network DDOS Protection/Firewall/Web Proxy). Ability to perform in-depth root cause analysis and co-relation of events to identify APTs and sophisticated attacks. Experience working with SIEM systems, security automation and orchestration solutions (SOAR), Threat intelligence platforms. Experience working in Email Security tools and SSL Certificate management. Knowledge of a variety of Internet protocols. Track record of acting with integrity (excellent work ethics), taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively. Certifications such as CEH/GCIH/CompTIA Security+ certification are preferred. Your specific benefits include: Employees Provident Fund [EPF] Gratuity Payment Public holidays Annual Leave, Sick leave, Compensatory leave, and Maternity / Paternity leave Annual Health Check up Hospitalization Insurance Coverage (Mediclaim) Group Life Insurance, Group Personal Accident Insurance Coverage, Business Travel Insurance Cab Facility Relocation Benefit

Client Impact Provide creative input on projects across a range of industries and problem statements Contribute to the development of analytics strategies and programs for regional and global clients by leveraging data and technology solutions to unlock client value Collaborate with Mastercard team to understand clients needs, agenda, and risks Develop working relationship with client analysts/managers, and act as trusted and reliable partner Team Collaboration & Culture Collaborate with senior project delivery consultants to identify key findings, prepare effective presentations, and deliver recommendations to clients Independently identify trends, patterns, issues, and anomalies in defined area of analysis, and structure and synthesize own analysis to highlight relevant findings Lead internal and client meetings, and contribute to project management Contribute to the firms intellectual capital Receive mentorship from performance analytics leaders for professional growth and development Basic qualifications Undergraduate degree with data and analytics experience in business intelligence and/or descriptive, predictive, or prescriptive analytics Experience managing clients or internal stakeholders Ability to analyze large datasets and synthesize key findings Proficiency using data analytics software (eg, Python, R, SQL, SAS) Advanced Word, Excel, and PowerPoint skills Ability to perform multiple tasks with multiple clients in a fast-paced, deadline-driven environment Ability to communicate effectively in English and the local office language (if applicable) Eligibility to work in the country where you are applying, as we'll as apply for travel visas as required by travel needs Preferred qualifications Additional data and analytics experience in building, managing, and maintaining database structures, working with data visualization tools (eg, Tableau, Power BI), or working with Hadoop framework and coding using Impala, Hive, or PySpark Ability to analyze large datasets and synthesize key findings to provide recommendations via descriptive analytics and business intelligence Experience managing tasks or workstreams in a collaborative team environment Ability to identify problems, brainstorm and analyze answers, and implement the best solutions Relevant industry expertise Corporate Security Responsibility Abide by Mastercard s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard s guidelines.

As a Client Service Specialist, you will be required to be as one of the primary contacts for all communication between Client Service Managers, Client Service Associates, Participants, Plan Sponsors/ Employers etc You will be required to get accustomed with the overall customer journey and help fill in the required GAP/Information that the processing team would require to either Invest, Payout or make correction to their existing 401 K Retirement plan Description % of Time Spent Transaction Processing 68% Consistently meeting Delivery Expectation with set defined Goals Achieving performance benchmark as laid down by Principal Global Service and strive towards meeting the organizational goal Communication Skills 18% Establish seamless communication with both internal & external stakeholders to obtain information and resolve transactional delays Organizational / Team level initiatives & compliance 18% Actively participate in Organizational & team level initiatives Get skilled and upskilled on the less/mid complex work and be part of the capability structure Qualifications 2+ years of experience in financial process or Bank and is familiar with US shifts Graduates in any discipline but not in BE or B-Tech Understands the retirement environments and are accustomed to their instruments Prioritize and process the daily assigned work to meet the customer service goal Communicate through email, chats, or calls about the ongoing progress and request any information that will help obtain the information to process the transaction to logical closure Follow internal procedures to properly document work on contracts Responsible for gathering data related to different reports on a regular basis ensuring accuracy and timeliness Exposure to below tasks will be preferential - SAFO, Excess Deferral, SPD, Customer Enrollment Kits, Custom Fee Disclosures, DIV/Non Div etc The work will involve servicing contracts and monitoring their transactions Fair usage of RIS, Salesforce, Mainframe & Express Inform Client Service Associate/Consultant of customer concerns or potential problems Develop a working knowledge of plans, contract, and retirement documents and the concepts of 401 K Perform other job-related duties and special projects as required Perform assigned work accurately to meet or exceed quality expectations that results in increased client satisfaction and profitability for PFG Adherence to Compliance, Information security, Internal and External statutory and regulatory requirements Candidate will be aligned with a back-office transaction processing team who does the direct email communication with the clients for any information needed for further processing