34 Infosec Jobs - Page 2

Job Purpose: The Security Architect will be responsible for designing, implementing, and maintaining the overall security posture of the NBFC's IT infrastructure, applications, and data. This role involves developing and enforcing security policies, standards, and procedures to protect the organization from cyber threats, ensuring compliance with regulatory requirements, and safeguarding customer data. The Security Architect will work closely with IT, risk management, and business teams to align security strategies with business objectives. Key Responsibilities: Information Security Strategy Develop and implement an organization-wide information security strategy and vision. Align information security initiatives with business goals and objectives. Stay abreast of emerging threats and technologies to adapt the security strategy accordingly. Meeting and Board Presentation Participate in senior management meetings. Present the security strategy and vision to the board. Present risk and mitigation plans to the risk committee. Risk Management Identify, assess, and prioritize information security risks. Develop and implement risk mitigation strategies. Establish risk management frameworks and policies. Security Policies and Procedures Develop, implement, and enforce information security policies and procedures. Ensure compliance with relevant laws, regulations, and industry standards. Promote security awareness and education throughout the organization. Incident Response and Management Develop and maintain an incident response plan. Lead and coordinate responses to security incidents. Conduct post-incident reviews and implement improvements. Security Architecture Design and implement a robust information security architecture. Evaluate and select security technologies and tools. Ensure the integration of security measures into the organization's IT infrastructure. Security Awareness and Training Develop and implement security awareness programs for employees. Provide training to staff on security policies and best practices. Vendor and Third-Party Risk Management Assess and manage the security risks associated with external vendors and third-party relationships. Ensure that third-party contracts include appropriate security requirements. Compliance Monitor and ensure compliance with relevant data protection and privacy laws. Coordinate with legal and compliance teams to address regulatory requirements. Ensure compliance with relevant regulatory requirements (e.g., RBI guidelines, DPDPA, Cert-In, etc.). Security Audits and Assessments Conduct regular security audits and assessments. Prepare and maintain documentation for audits and regulatory inspections. Ensure the effectiveness of security controls and measures. Security Governance Establish and chair a security governance committee. Report regularly to executive leadership and the board on the state of information security. Budget and Resource Management Develop and manage the information security budget. Allocate resources effectively to support security initiatives. Collaboration and Communication Collaborate with other senior executives to integrate security into overall business strategies. Communicate effectively with stakeholders about the importance of information security. Provide guidance and training to employees on security best practices and awareness.

Role Description Divisional Risk and Control is responsible for non-financial risk and control management for the relevant operating Division or Infrastructure function or Dedicated Central Control Unit for the bank. Work includes: Defining the risk management framework Developing process and procedures to report on, manage, and mitigate risks to acceptable levels Maintaining operational control and discipline across the organizational unit Ensuring that business is conducted in accordance with applicable laws, regulations and in adherence to the bank's internal policies Providing thought-leadership around business specific risk taxonomies, assessment methodologies, process and control implementation Developing, tailoring and testing the control infrastructure for the business Communicating regulatory development and implications to the business Executing certain risk-related processes and draft first like risk procedures (e.g. product reviews, issue capture, regulatory change management, vendor management etc.) Managing Risk and Compliance data and information for both first and second lines Coordinating execution of risk and control self-assessment (RCSA) process Driving messaging and information from second line to first line (e.g., policies, procedures, training) Providing a consolidated view of non-financial risks Developing a positive risk culture, whilst assuring strategy alignment among various organizational levels Your key responsibilities Responsible to ensure compliance with the Information Security Policy and the subordinate documents within area of responsibility Establish and document roles/entitlements for each of the application together with the Role owners. Ensure any changes to the roles are supported by documented valid justification/s along with an Impact and Risk assessment as part of business decisions Execute IS Risk assessment and compliance evaluations for assigned IT assets with support from BSO community Review and address quality issues within ISO scope of responsibilities Ensure execution of Information Security risk management in line with DB Information Security Policy/ Guidelines including 1) InfoSec controls 2) Mitigating Control weakness 3) End user access review and recertification 4) provide InfoSec advisory on vendor relationships 5) Support BCM and DR exercise from ISO perspective 6) Providing guidance on control implementation Support Chief ISO delegate on relevant actions and initiatives. Create Segregation of Duties (SoD) rules for IT , assess SoD Rule violations and make exception decisions Participate in Information Security initiatives and programmes, as relevant; Review and assess severity of information security breaches and recommend appropriate follow-up actions, where necessary Advise local business and other partners on CSO solutions and facilitate service adoption in cooperation with Central CSO teams Support in the review and assessment of data leakage incidents relevant to PB Booking Centre. Your skills and experience Education & Experience: Proven experience of working within Information Security / Information Technology environment ideally in Banking Environment Experience working on small to medium scale projects at least within a global environment Professional certification including ISO27001 Lead Auditor/ Lead Implementer, CISM, CRISC University degree. Competencies: Outstanding problem solving, analytical and project management skills Proficiency with Microsoft Office programs; e.g. Excel , Word and PowerPoint Ability to work in pressurised situations Strong work ethic, commitment to excel and proven capacity to work effectively with minimum supervision Strong communication (written and verbal) and relationship skills with excellent command of the English language Very good influencing and management skills to liaise effectively with Business and control functions Personal Characteristics: Proactive attitude and self-initiative Ability to think laterally. Strong Team Player skills as well as working independently Eagerness to learn and adapt to new situations and processes Delivery-focused, able to manage multiple deliverables to deadlines Flexibility with respect to new tasks and the ability to work diligently in stressful situations Ability to learn quickly Driven and able to handle day-to-day routine as well as cope with shifting priorities and changing responsibilities to meet needs and demands.

Primary Responsibilities: Conduct security assessments for new and existing clinical technologies to protect organizational data assets Review and prepare architectural diagrams to ensure secure technology deployment Collaborate with vendors and business partners to obtain and evaluate technical documentation Define security requirements based on corporate policies, best practices, team input, security frameworks, and compliance regulations Document assessment findings and requirements for technology implementation and operation Work with vendors and partners to develop remediation plans for technologies posing unacceptable risks Independently research technologies or topics beyond current expertise Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: Bachelors degree in a technical or scientific discipline, or equivalent experience 5+ years in IT operations 2+ years in cybersecurity Experience identifying security risks in technology Proficiency in creating and interpreting architectural diagrams Security certifications (e.g., CISSP, CCSP, CEH) Solid understanding of network security principles and best practices. Proven critical thinking and problem-solving skills Solid work ethic and attention to detail Ability to work independently and collaboratively Ability to align security requirements with business objectives Solid relationship-building skills with partners, clients, and peers Ability to clearly communicate technical concepts to both technical and non-technical stakeholders Adaptability in a large, fast-paced, and rapidly changing organization Preferred Qualification: Experience in a regulated industry, preferably healthcare

Roles and Responsibilities Develop and implement Third Party Risk Management (TPRM) program to identify, assess, and mitigate risks associated with third-party vendors. Collaborate with stakeholders to establish TPRM policies, procedures, and standards for vendor risk management. Ensure compliance with regulatory requirements related to Information Security, Operational Risk, Reputational Risk. Identify areas for improvement in operational resilience and physical security by analyzing data from various sources. Conduct regular risk assessments of third-party vendors using tools like Infosec or RSA Archer. Desired Candidate Profile 5-10 years of experience in Third Party Risk Management or a related field. Experience working with Vendor Risk Management (VRM) software such as RSA Archer or similar tools. Proven track record of developing effective TPRM programs that drive business value. Strong understanding of Infosec principles and practices.

Implement Information security policies, procedures, regulations, and best practices to ensure the confidentiality, integrity and availability of MHDI information and information asset. Required Candidate profile Conduct Internal Audit with the help of external audit firm to verify the effectiveness of security controls.

Job Title: Information Security and Compliance Manager Location: Thane/Mumbai Experience: 7-8 years in Information Security and Compliance Department: IT Security / Risk Management Job Description: We are seeking an experienced Information Security and Compliance Manager to join our team. This individual will be responsible for ensuring the organizations compliance with relevant regulatory requirements and managing information security risks. The ideal candidate will have a deep understanding of security standards, frameworks, and practices, with a proven track record in compliance, risk management, and security strategy. Key Responsibilities: Lead the development, implementation, and management of the organization’s information security program in alignment with industry standards (ISO 27001, NIST ) and regulatory requirements (GDPR, HIPAA, CCPA, etc.). Perform security risk assessments and identify vulnerabilities, threats, and risks to the organization’s information assets, recommending remediation and mitigation strategies. Oversee and enforce the implementation of security policies, procedures, and controls across all departments to ensure data protection and compliance with applicable laws. Collaborate with IT, legal, and business teams to ensure compliance with data privacy laws, regulatory frameworks, and industry standards. Manage the company’s internal and external audits for security and compliance purposes, ensuring timely resolution of audit findings and the implementation of corrective actions. Monitor and assess new and existing regulations and standards, ensuring the organization adapts to changing compliance requirements and maintains industry certifications. Prepare and present detailed compliance reports and metrics to management, highlighting areas of concern, progress, and risk levels. Develop and deliver security awareness training to employees, ensuring adherence to best practices and security policies. Maintain and update incident response and disaster recovery plans, coordinating actions during security breaches or non-compliance incidents. Lead or support third-party risk assessments and vendor security evaluations to ensure partner compliance with security standards. Manage and optimize compliance-related software tools and technologies, enhancing monitoring and reporting capabilities. Qualifications: Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field. 7-8 years of experience in information security and compliance management, preferably in industries like healthcare, finance, or technology. In-depth knowledge of security frameworks and standards such as ISO 27001, NIST, GDPR, HIPAA, and SOX. Strong understanding of data privacy laws and regulations (GDPR, CCPA, etc.) and their application. Proven experience with risk management, audit management, and security incident management. Familiarity with security tools and technologies used for vulnerability management, monitoring, and reporting. Certifications such as CISSP, CISM, CISA, or equivalent are highly desirable. Strong analytical, problem-solving, and communication skills, with the ability to work effectively with cross-functional teams. Preferred Skills: Experience with cloud security and compliance (AWS, GCP). Knowledge of security automation and scripting languages (e.g., Python, PowerShell). Experience with data encryption and secure data transmission protocols.

Candidates with architectural design and implementation experience. Enterprise network security review and architecture. Experience with Network ACL review, firewall rules, threat modelling, risk assessment, vulnerability management. Required Candidate profile Experience in Firewalls, intrusion detection/prevention systems, VPNs, & other security-related network devices. ISO27001, SOC2, OWASP Relavant certifications such as CCIE, CISSP, CISM, CCSP, etc

Job Title : Business Information Security Officer (BISO) Location : Bengaluru, Titan Company Ltd, Corporate Office Immediate joiners preferred Job Overview : Titan Company Ltd seeks an experienced Business Information Security Officer (BISO) to work alongside the GRCP Lead in ensuring security measures align with business needs. The BISO will be responsible for managing information security risks, developing security strategies, policies, and overseeing security incidents and vendor management. Key Responsibilities : Risk Management : Identify and manage information security risks in collaboration with business teams. Security Incident Management : Lead incident detection, response, and remediation efforts. Compliance & Standards : Ensure compliance with security frameworks, regulations, and best practices. Security Policy Development : Develop and update security strategies and policies. Vendor Management : Evaluate and manage third-party security risks. Collaboration : Work with business units to align security needs with appropriate controls. Qualifications : Education : Bachelors in Computer Science, Information Security, or related field. Certifications (e.g., CISSP, CISM, CISA) preferred. Experience : 5+ years in information security, with expertise in risk assessment, incident management, and policy development. Skills : Strong knowledge of cybersecurity frameworks and risk management. Expertise in incident response, vendor management, and compliance. Strong communication and collaboration skills. Interested candidates Kindly share updated resume on amruthaj@titan.co.in

Skill required: Risk & Compliance - Risk Management Designation: Risk and Compliance Associate Qualifications: BCom,CA Inter Years of Experience: 1 - 3 Years What would you do? You will be aligned with our Risk and Compliance vertical and help us perform compliance reviews, publish reports with actions and provide closure guidance as needed. We design & recommend effective controls to mitigate risks and help service delivery team prepare for upcoming client / external audits.You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans.The Operational Audit & Compliance team focuses on auditing and managing effective implementation and delivery of functional processes within operations to mitigate risks. The role may require for you to have a good understanding of anti-corruption, BCM and infosec policies, records management and contractor controls. The team is responsible for establishing processes to validate the effectiveness and drive improvements wherever required. What are we looking for? Risk Management SOX Compliance Audit Adaptable and flexible Ability to perform under pressure Problem-solving skills Detail orientation Ability to establish strong client relationship Internal Audit Quality Assurance Enterprise Risk Management (ERM) Roles and Responsibilities: In this role you are required to solve routine problems, largely through precedent and referral to general guidelines Your expected interactions are within your own team and direct supervisor You will be provided detailed to moderate level of instruction on daily work tasks and detailed instruction on new assignments The decisions that you make would impact your own work You will be an individual contributor as a part of a team, with a predetermined, focused scope of work Please note that this role may require you to work in rotational shifts Qualifications BCom,CA Inter