92 Infosec Jobs - Page 3

The Global Information Security (GIS) Technology Risk Management Analyst will work with peers in Global Information Security (GIS) and across the Technology Division to ensure that third party technology risks are properly identified, assessed, monitored, and communicated in support of the overall Third Party Risk Management (TPRM) program. The Analyst will assist with the continuous improvement and daily operation of the GIS Third Party Risk Management (GIS TPRM) program. Responsibilities Include: Work with peers to identify and assess Information Security risks Conduct risk assessments using CME Groups established GIS Third Party Risk Management assessment process Collaboratively author and edit various assessment related documents including Deficiencies Observed, Summary of Work, Risk Advisory Memos, exceptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities Participate in and contribute to various working groups across the Technology Division, including, but not limited to, Third Party Risk Management working group, Governance, Risk Management, and Compliance (GRC) working group, etc. Assist the GIS TPRM function with: Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage third party technology risks Providing advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making Assist in the preparation of management reports, presentations, metrics, and other documentation required to support governance functions Assist in compiling and delivering business and operational metrics at regular intervals Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support Problem Solving: Objectively assess the impact, likelihood, and velocity of identified risks Objectively advise on any number of controls that will mitigate risk while not imposing undue burden on those who must implement the controls Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers Rapidly analyze complex technical details Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the company Decision Making: Recommend risk treatment decisions Recommend remediation actions when risk mitigation is desired Recommend improvements to methods, instrumentation, training, documentation, and processes Recommend solutions for automating and streamlining GIS TPRM risk management practices Working Relationships: Interacts with peers across all elements of the Technology Division Communicate regularly with cross-functional peers outside of the Technology Division, including Legal, Information Governance, Global Operations, Global Assurance (Internal Audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership Interact occasionally with industry peers from other Systemically Important Financial MarketUtilities(SIFMUs),research organizations, solution providers, etc. Required Experience: Bachelors Degree or equivalent experience Minimum of 4 to 6 years of relevant experience in publicly traded companies or finance/technology industry operations with third party risk management experience a plus Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, COBIT, etc.) Demonstrable knowledge of a broad range of InfoSec technologies and practices Demonstrable, impeccable writing skills for technical, management, and executive audiences Additional preferred experience: Demonstrable knowledge of InfoSec risk management methods and practices Experience with operating GRC solutions Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.)

The Global Information Security (GIS) Technology Risk Management Analyst will work with peers in Global Information Security (GIS) and across the Technology Division to ensure that third party technology risks are properly identified, assessed, monitored, and communicated in support of the overall Third Party Risk Management (TPRM) program. The Analyst will assist with the continuous improvement and daily operation of the GIS Third Party Risk Management (GIS TPRM) program. Responsibilities Include: Work with peers to identify and assess Information Security risks Conduct risk assessments using CME Groups established GIS Third Party Risk Management assessment process Collaboratively author and edit various assessment related documents including Deficiencies Observed, Summary of Work, Risk Advisory Memos, exceptions from GIS technical policies and standards, and other related output resulting from risk adjudication activities Participate in and contribute to various working groups across the Technology Division, including, but not limited to, Third Party Risk Management working group, Governance, Risk Management, and Compliance (GRC) working group, etc. Assist the GIS TPRM function with: Continuous improvement and maturation of the methods, instrumentation, training, documentation, and processes required to properly manage third party technology risks Providing advisory and consulting services to the Information Technology Management Team related to InfoSec risks, treatment strategies, and decision-making Assist in the preparation of management reports, presentations, metrics, and other documentation required to support governance functions Assist in compiling and delivering business and operational metrics at regular intervals Promoting a culture of risk awareness and accountability through training, education, and risk management consultative support Problem Solving: Objectively assess the impact, likelihood, and velocity of identified risks Objectively advise on any number of controls that will mitigate risk while not imposing undue burden on those who must implement the controls Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers Rapidly analyze complex technical details Synthesize detailed analysis into a big picture view that can be easily understood by non-technical stakeholders in order to support risk-based decision-making for senior managers within the company Decision Making: Recommend risk treatment decisions Recommend remediation actions when risk mitigation is desired Recommend improvements to methods, instrumentation, training, documentation, and processes Recommend solutions for automating and streamlining GIS TPRM risk management practices Working Relationships: Interacts with peers across all elements of the Technology Division Communicate regularly with cross-functional peers outside of the Technology Division, including Legal, Information Governance, Global Operations, Global Assurance (Internal Audit), Enterprise Risk Management, Third Party Risk Management, and other business unit leadership Interact occasionally with industry peers from other Systemically Important Financial MarketUtilities(SIFMUs),research organizations, solution providers, etc. Required Experience: Bachelors Degree or equivalent experience Minimum of 1 to 3 years of relevant experience in publicly traded companies or finance/technology industry operations with third party risk management experience a plus Experience in at least two of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit Experience working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, COBIT, etc.) Demonstrable knowledge of a broad range of InfoSec technologies and practices Demonstrable, impeccable writing skills for technical, management, and executive audiences Additional preferred experience: Demonstrable knowledge of InfoSec risk management methods and practices Experience with operating GRC solutions Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.)

Arcadis is the world's leading company delivering sustainable design, engineering, and consultancy solutions for natural and built assets. We are more than 36,000 people, in over 70 countries, dedicated to improving quality of life. Everyone has an important role to play. With the power of many curious minds, together we can solve the worlds most complex challenges and deliver more impact together. Individual Accountabilities Collaboration Collaborates with domain architects in the DSS, OEA, EUS, and HaN towers and if appropriate, the respective business stakeholders in architecting data solutions for their data service needs. Collaborates with the Data Engineering and Data Software Engineering teams to effectively communicate the data architecture to be implemented. Contributes to prototype or proof of concept efforts. Collaborates with InfoSec organization to understand corporate security policies and how they apply to data solutions. Collaborates with the Legal and Data Privacy organization to understand the latest policies so they may be incorporated into every data architecture solution. Suggest architecture design with Ontologies, MDM team. Technical Skills & Design Significant experience working with structured and unstructured data at scale and comfort with a variety of different stores (key-value, document, columnar, etc.) as well as traditional RDBMS and data warehouses. Deep understanding of modern data services in leading cloud environments, and able to select and assemble data services with maximum cost efficiency while meeting business requirements of speed, continuity, and data integrity. Creates data architecture artifacts such as architecture diagrams, data models, design documents, etc. Guides domain architect on the value of a modern data and analytics platform. Research, design, test, and evaluate new technologies, platforms and third-party products. Working experience with Azure Cloud, Data Mesh, MS Fabric, Ontologies, MDM, IoT, BI solution and AI would be greater assets. Expert troubleshoot skills and experience. Leadership Mentors aspiring data architects typically operating in data engineering and software engineering roles. Key Shared Accountabilities Leads medium to large data services projects. Provides technical partnership to product owners Shared stewardship, with domains architects, of the Arcadis data ecosystem. Actively participates in Arcadis Tech Architect community. Key Profile Requirements Minimum of 7 years of experience in designing and implementing modern solutions as part of variety of data ingestion and transformation pipelines Minimum of 5 years of experience with best practice design principles and approaches for a range of application styles and technologies to help guide and steer decisions. Experience working in large scale development and cloud environment. Why Arcadis We can only achieve our goals when everyone is empowered to be their best. We believe everyone's contribution matters. Its why we are pioneering a skills-based approach, where you can harness your unique experience and expertise to carve your career path and maximize the impact we can make together. Youll do meaningful work, and no matter what role, youll be helping to deliver sustainable solutions for a more prosperous planet. Make your mark, on your career, your colleagues, your clients, your life and the world around you. Together, we can create a lasting legacy. Join Arcadis. Create a Legacy. Our Commitment to Equality, Diversity, Inclusion & Belonging We want you to be able to bring your best self to work every day, which is why we take equality and inclusion seriously and hold ourselves to account for our actions. Our ambition is to be an employer of choice and provide a great place to work for all our people.,

- Information Security Manager shall be primarily responsible to : - Run and manage the BAU security infosec operations - Create and maintain ISMS Policy and Process documents - Ensure Infosec compliance with RBI and other regulatory agencies - Participate in IT Infosec Audits and ensure closure of observations within given timeliness - Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations - Identifying and evaluating new IT security technologies and services and implementing it - Ensure cyber security related polices and technologies are in place - Conducting regular Inforsec Awareness within users in the organization - The person needs to work closely with the CISO and other stakeholders Risk, IT and Audit teams. - The position will based at CreditAccess Grameen HQ in Bangalore, and may require short term travel on need basis to other CAGL offices. Key Accountability: - Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security - Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level - Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness -Tracking and reporting key risk indicators defined for IT processes - Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements - Create Review ISMS policy and process - Implement Strategic IT Infosec projects to strengthen the overall IT Security posture at CAGL

Role & responsibilities Security Program & Project Delivery Lead the planning, execution, and delivery of security initiatives including vulnerability management programs, NAC implementation, SIEM integration, and incident response enhancements. Coordinate cross-functional security projects across IT, infrastructure, compliance, and executive stakeholders. Ensure alignment with security frameworks including NIST, ISO 27001, CIS Controls, MITRE ATT&CK , and regulatory standards like HIPAA and GDPR . Technical Oversight & Reporting Act as the SME across multiple domains including cloud security (AWS, Azure, GCP), endpoint security (Crowdstrike, Symantec), and network security (Fortinet, NAC, IDS/IPS). Translate technical requirements into business-aligned roadmaps and timelines. Own the development of project documentation including scope, timelines, resource allocation, risk logs, and communications plans. Vulnerability & Risk Management Collaborate with vulnerability and threat management teams to prioritize and drive remediation projects. Design and deliver reporting dashboards and metrics (KPIs/KRIs) for executive leadership. Support remediation planning from external assessments (e.g., Red/Purple Team, penetration testing). Incident Response Coordination Partner with SOC and engineering teams to ensure effective execution of the Cyber Incident Response Plan (CIRP). Facilitate tabletop exercises, after-action reviews, and response drills aligned with NIST 2.0 . Vendor & Stakeholder Management Coordinate security vendor evaluations, POCs, onboarding, and performance reviews. Work with 3rd party consultants, auditors, and MDR service providers to ensure timely delivery of contracted services. Act as liaison between technical teams and leadership to manage expectations and ensure strategic alignment. Continuous Improvement & Governance Maintain and update project governance structures to align with industry best practices. Champion continuous improvement by assessing and refining project methodologies, tools, and templates. Contribute to policy updates, compliance audits, and control gap remediation plans. Required Skills & Qualifications: Bachelors degree in Cybersecurity, Information Technology, or related field. 8+ years of IT experience with a minimum of 3–5 years in a dedicated cybersecurity or InfoSec project management role . Proven success delivering complex, cross-functional security projects in manufacturing, healthcare, or enterprise environments . Strong understanding of cybersecurity domains including cloud security, endpoint protection, identity management, and threat detection. Familiarity with GRC processes, compliance audits, and risk frameworks (NIST, ISO, CIS, HIPAA, GDPR). Proficiency in project management tools (e.g., Jira, MS Project, Smartsheet) and reporting dashboards (e.g., Power BI, Tableau). Exceptional written and verbal communication skills , including executive-level presentation and documentation abilities. Preferred Certifications: PMP, PRINCE2, or equivalent Project Management certification CISSP, CISM, or CISA (strongly preferred) Certified ScrumMaster (CSM) or other Agile experience a plus

Information Security Engineers Date: Monday, 7th July 2025 Location for Interview: Bangalore Work Mode: Work From Home (5 Days a Week) Role: Information Security Engineer Experience: 6 to 9 years Required Skill Set: Strong programming skills in Python , Perl , and Java Hands-on experience with cloud platforms (AWS, Azure, or GCP) Solid understanding of cloud security , automation , and secure coding practices Exposure to network security , vulnerability management , and incident response Ability to design, develop, and integrate security tools and systems Eligibility: 6+ years of relevant experience in information security engineering Available for Face-to-Face (F2F) interview on Monday, 7th July 2025 Open to working remotely ( full-time WFH 5 days/week ) Role & responsibilities

Job Profile: Infosec Analyst 4 Location: Bangalore | Karnataka Years of Experience: 7 - 10 ABOUT THE TEAM & ROLE Swiggy is seeking a highly capable and hands-on SaaS Application Administrator to join our dynamic SaaS App IT team. This role is ideal for a technically skilled professional with deep experience in SaaS platforms, automation, and identity and access management (IAM/IDAM). The candidate should be able to manage and optimize SaaS ecosystems, build integrations, and ensure applications are secure, scalable, and aligned with business goals. What qualities are we looking for? Proficient in managing SaaS applications such as Google Workspace, Azure AD/Intune, Oracle, Snowflake, Databricks, GitHub . Strong hands-on experience with IDAM platforms (e.g., Azure AD, Okta, Ping Identity, SailPoint). Skilled in scripting and automation using PowerShell, Python, or similar tools. Deep understanding of IAM protocols and standards: SAML, OAuth, SCIM, LDAP . Familiar with Zero Trust security models and cloud-native security best practices. Analytical and detail-oriented with a process-driven mindset. Strong problem-solving and troubleshooting capabilities. Excellent communicator, able to explain technical details clearly to non-technical stakeholders. Self-starter who thrives in collaborative and fast-paced environments. Qualifications Bachelor’s degree in computer science , Information Technology, Engineering , or a related field. 7+ years of experience in systems engineering, SaaS administration, and cloud integration. Relevant certifications (e.g., Azure Administrator Associate, Okta Certified Admin, Google Workspace Admin ) are a plus. Experience with platforms like Microsoft 365, AWS, Google Workspace, Snowflake, Atlassian . Familiarity with development tools (e.g., Github, Jira ) and CI/CD best practices. Proven track record in security, compliance, automation , and incident resolution. What will you get to do here? SaaS Platform Management: Oversee deployment, configuration, integration, and maintenance of SaaS applications. Automation & Integration: Design and implement automated workflows and API-based integrations using scripting languages (PowerShell, Python, Bash). Identity & Access Management (IDAM): Administer identity platforms (Azure AD, Okta, Google Identity, SailPoint, Ping Identity) and manage SSO, MFA, JIT provisioning, and RBAC. Security & Compliance: Enforce security controls (Zero Trust), monitor threats, and ensure compliance with standards like GDPR, SOC 2, and ISO 27001. Monitoring & Reporting: Track performance, analyze logs, optimize license consumption, and generate stakeholder reports. Technical Support & Enablement: Act as a Subject Matter Expert, resolve complex issues, and mentor junior engineers. Continuous Improvement & Innovation: Stay updated on industry trends and recommend improvements to our SaaS ecosystem. Visit our tech blogs to learn more about some the challenges we deal with: https://bytes.swiggy.com/the-swiggy-delivery-challenge-part-one-6a2abb4f82f6 https://bytes.swiggy.com/swiggy-distance-service-9868dcf613f4 https://bytes.swiggy.com/the-tech-that-brings-you-your-food-1a7926229886 We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, disability status, or any other characteristic protected by the law.

Position Overview: We are seeking a highly experienced and strategic Third-Party Risk Management (TPRM) professional to lead and enhance our enterprise-wide third-party risk program. This role involves overseeing risk assessments, governance, due diligence, monitoring, and issue management for vendors, partners, and service providers across the organization. The ideal candidate will bring 10–12 years of expertise in risk management, information security, compliance, and vendor oversight, with the ability to collaborate across legal, procurement, technology, and business functions to ensure consistent application of third-party risk controls. Roles and Responsibilities Key Responsibilities: Lead the execution and continuous improvement of the Third-Party Risk Management lifecycle, including on boarding assessments, ongoing monitoring, risk reviews, and exit management. Oversee the development and implementation of TPRM policies, frameworks, and procedures, aligned with regulatory standards such as NIST, ISO 27001, SOC 2, GDPR, DORA, and PCI DSS. Conduct and review inherent and residual risk assessments for new and existing vendors across multiple risk domains (information security, compliance, financial, operational, etc.). Collaborate with procurement, legal, IT, business units, and compliance teams to integrate TPRM into sourcing and contract processes. Drive the automation and scalability of the TPRM program through use of GRC platforms (e.g., ServiceNow, Archer, ProcessUnity, OneTrust). Manage third-party due diligence questionnaires (DDQs), control gap analysis, and track remediation efforts for identified issues. Prepare and deliver executive-level reporting and dashboards related to vendor risk posture, risk acceptance, and compliance status. Stay current on emerging regulatory requirements, supply chain risks, and third-party threats to inform program strategy. Support internal/external audits and regulatory reviews involving vendor risk management. Required Qualifications: 10–12 years of professional experience in Third-Party Risk Management, IT Risk, InfoSec, Audit, or related GRC functions. In-depth understanding of third-party risk domains, including cybersecurity, data privacy, business continuity, and compliance. Experience developing or managing TPRM frameworks and governance structures across global enterprises. Hands-on experience with TPRM tools such as ServiceNow GRC, Archer, OneTrust, Prevalent, or ProcessUnity. Strong knowledge of risk and control frameworks including NIST, ISO 27001, SIG, SOC 2, and GDPR. Proven ability to assess and report on third-party risk posture, remediation plans, and contract compliance. Excellent written and verbal communication skills with ability to influence technical and non-technical audiences. Preferred Qualifications: Relevant certifications such as CISA, CRISC, CISSP, CTPRA, CTPRP, or ISO 27001 Lead Auditor. Experience in regulated industries such as financial services, healthcare, or critical infrastructure.

Role & responsibilities: Accountable for driving information security across all digital initiatives of the organization, including Cloud, Automation, Hyper-automation, Analytics, and AI Lead the design and review of end-to-end technology solutions across on-premises and cloud platforms (M365, Azure, AWS), with a focus on building secure and resilient systems . Oversee the security architecture for AI platforms, including internal enterprise adoption of Generative AI and external client-facing AI applications and solutions. Provide strategic security recommendations and implementation guidance to Risk, Information Security, and Enterprise IT leadership teams Manage and maintain oversight of third-party risk management activities. Conduct comprehensive system risk assessments to identify threats and vulnerabilities that could affect IT operations Lead the conceptualization, development, and delivery of managed security service (MSS) offerings across various cybersecurity domains for existing clients. Key Accountabilities Experience: Proven expertise in designing and architecting security solutions, managing cloud security, IT security operations, server and network platforms, cloud environments (M365, Azure, AWS), endpoint security, SOC operations, incident response, cyber threat management, and securing Generative AI solutions. Demonstrated success in delivering Security-as-a-Service for enterprise clients with a strong performance track record. Deep understanding of SOC fundamentals including engineering and operations, incident response, threat intelligence, cyber crisis management, identity, and access management (IAM) lifecycle, and holistic security across cloud, endpoints, servers, and network infrastructure Preferred candidate profile Strong grasp of core IT and security technologies, including Security domains : Active Directory, Group Policy, DNS, DHCP, DLP, Zero Trust, CSPM IT platforms : Servers, Networks, Databases, VPN, Proxy Endpoint security : Desktop, Laptop, Thin Clients Cloud platforms : Microsoft 365, Azure, AWS, Defender for Cloud Relevant Security Certifications : CISSP, CISA, CISM, SANS, OSCP (or equivalent), Cloud certifications (Azure, AWS, GCP), MCSE, CCNA

Role & responsibilities Conduct internal audits and control assessments across frameworks including but not limited to: SOC 2 Type 2 ISO/IEC 27001:2022 PCI DSS HiTrust CSF PIMS (ISO/IEC 27701), AIMS (ISO/IEC 22301) EcoVadis Prepare and maintain audit documentation, evidence collection, and control narratives. Liaise with stakeholders from IT, Security, HR, Legal, and Operations to gather and verify compliance evidence. Support external auditors during SOC, ISO, and PCI assessments by coordinating walkthroughs, follow-ups, and remediation tracking. Perform risk-based control testing and gap analysis against regulatory and contractual obligations. Maintain and update the audit calendar, issue logs, and compliance dashboards. Monitor and track audit findings and assist in developing corrective action plans (CAPAs). Contribute to the development and continuous improvement of the GRC framework and control library. Stay current on updates to standards (e.g., ISO 27001:2022 updates), regulatory developments (e.g., DPDPA, GDPR), and industry best practices. Looking for early Joiners. Interested Candidate can share resume on bhawana.sharma@rsystems.com or can call at 8595575733. Regards, Bhawana

Core Responsibilities Assist with technical control design, implementation and monitoring, support incident responses and assist with providing root cause analysis support for incidents. Monitor for attacks, intrusions, and un-usual, unauthorised or illegal activities when the Security Analysts are finding the instance challenging. Keep an eye on the alerts from systems including SEIM solutions and vulnerability monitoring services and check if the Analysts are able to handle the flow appropriately, if not then jump in and investigate if there are any abnormality in the inflow. Monitor identity and access management, including monitoring for abuse of permissions by authorised systems users if the stats are fluctuating or when you see a spike in the alerts. Assist with Information Security Reporting and metrics, providing input into improving information security reporting and metrics. Identify/recommend improvements on internal investigation capabilities via tool and process building/automation. Provide support to recovering from security breaches; participate in investigation and remediation of security incidents, which may include working as part of a team Assist in perform deep-dive incident analysis, determining if critical systems or data sets has been impacted. Assist with the definition and configuration of compliance policies for security technologies. Conduct research on emerging threats in support of security enhancement and development efforts; recommend security improvements, upgrades, and/or purchases. Support the incident response of minor incidents by advising on remediation actions, escalating major incidents to the designated parties. Recording lessons learnt whilst supporting on improving existing processes and procedures. Providing support of new analytic methods for detecting threats. Continuously seeking to identify potential service and process improvements. Participate in the implementation of technologies and platforms supporting the corporate infrastructure. Ensure that you fully understand and comply with the organisation’s Risk Management Policies as they relate to your area of responsibility. Ensure that you fully understand and comply with the organisation’s Data Governance Policies as they relate to your area of responsibility. Maintain the company’s compliance standards and ensure timely completion of all mandatory on-line training modules and attestations. Monitoring technical controls that are in place Addressing quires raised by the Security Analysts during investigation or other BAU. Assist Security Analysts in decision making and help in setting up standards. Will be responsible to suggest new fine tunings in the environment to the vendor or to the technical counterparts. Process review and upgradation recommendation when required. Setting up simplified and effective steps in BAU that in turn improves the quality of the work Implementation of new process based on business requirements and communicating the same with the team Team building and team management activities will be one of the key responsibility.

Shift: (GMT+05:30) Asia/Kolkata (IST) What do you need for this opportunity? Must have skills required: ISO 27001, SOC 2, AWS, GCP, Azure, public cloud Infosec Engineer As an Information Security Engineer at IDfy, youll support the InfoSec team in ensuring that our systems, policies, and processes meet global compliance standards. From supporting audits to reviewing documentation and responding to customer requests, youll get hands-on experience in what it takes to keep a fast-paced tech company secure. This is the perfect role if youve dabbled in audits, are curious about security frameworks, and want to grow into a well-rounded InfoSec professional. We are the match if you... Have been part of audits (ISO 27001, SOC 2, Customer TPRA) either conducting or surviving them for 2-4 years Have good understanding of ISO 27001, SOC 2, or other security frameworks Experienced in handling ISMS management end to end independently/ as a part of a team Are organized, detail-oriented, and a bit obsessed with checklists Know your way around cloud basics (GCP preferred, others fine too) Can document policies and processes clearly Want to learn how security works in a product and SaaS environment Are eager to work with a team that takes compliance seriously (but not too seriously) Are open to earning certifications down the line (CISA, ISO 27001 LA, etc.) Heres what your day would look like... Assist in maintaining our ISMS for ISO 27001 and SOC 2 including policy review/updates, creating SOPs and executing ISMS activities Support internal and external audit prep and documentation Track and respond to client security questionnaires Face / assist customer third-party risk assessments Collaborate with legal, engineering, and product teams to ensure compliance Assist in monitoring compliance metrics and identifying improvement areas Learn, grow, and eventually take on more ownership within the InfoSec team

Come join Deepwatch’s team of world-class cybersecurity professionals and the brightest minds in the industry. If you're ready to challenge yourself with work that matters, then this is the place for you. We're redefining cybersecurity as one of the fastest growing companies in the U.S. – and we have a blast doing it!. Who We Are. Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatch’s cloud-based security operations platform, Deepwatch provides the industry’s fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.. Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.. Deepwatch Recognition Includes. 2025, 2024, 2023, 2022 and 2021 Great Place to Work® Certified. 2024 Military Times Best for Vets Employers. 2024 US Department of Labor Hire Vets Gold Award. 2024 Forbes' America's Best Startup Employers. 2024 Cyber Defense Magazine, Global Infosec Awards. 2023 and 2022 Fortress Cybersecurity Award. 2023 $180M Series C investment from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners of Vista Equity Partners. 2022 Cybersecurity Excellence Award for MDR. Position Summary. This role is 100% onsite in Bengaluru. The shift for this position is Monday Friday, 7:30AM 3:30 PM.. Deepwatch is looking for a highly motivated, self-driven, technical analyst dedicated to making a difference in global security by protecting organizations against the most advanced attackers in the world. The Deepwatch Squad and Security Operations Center offers opportunities to expand your skill set through a wide variety of experiences, detecting and responding to incidents as they occur in real-time for our customers.. The Deepwatch squad is a unique approach to how we support our customers and ultimately provide an experience not found anywhere else. You’ll be an integral part of supporting our customers by understanding their bespoke environment, needs and challenges. You will be playing a key role in supporting some of the top organizations in the world, and have the opportunity to develop your skills by working with the best responders in the industry, your team and your Squad.. The Analyst I is focused on providing descriptive analysis. They will answer questions such as the who, what, when, and where of events. Analysts are curious individuals who actively work to develop a better understanding of the environments they are assigned. Using cybersecurity best practices, you will monitor and secure complex customer environments utilizing industry leading technology such as Splunk, xSOAR, CrowdStrike and more.. In This Role, You’ll Get To. Support incident handling processes across multiple platforms and security technologies including Windows, Linux and macOS. Monitor a queue of security events generated by the Deepwatch platform SOAR, triage events based on their criticality, and escalate validated security events to customers. Document and manage incident cases in our case management system. Keep up-to-date with information security news, techniques, and trends. Identify and report any gaps in log collection or reporting as soon as possible to the customer and Deepwatch Engineering. Become proficient with Splunk, ServiceNow and other third-party threat intelligence tools as required. Perform security detection analysis and investigations using SIEM and SOAR technologies, leverage Deepwatch proprietary tooling and intelligence and maintain SLA’s. Act as the first line of defense during security events by triaging and investigating alerts within a customer’s environment. Produce high-quality written and verbal communications, recommendations, and findings to customer management in a timely manner. Continue to sharpen your skills and capabilities on the job, and through the Deepwatch development program. To be successful in this role, you’ll need to:. A basic understanding of cyber security principles, concepts and practice with a focus on SOC operations, alert triage and investigations. Know your way around SIEM platforms (Splunk preferred), how to perform queries and leverage various log sources to perform investigations. Articulate the process involved in pivoting to other log sources, cloud systems, or consoles to perform a comprehensive analysis from multiple data sources. Have a basic understanding of modern EDR, email security and cloud identity platforms. Review SIEM alerts and make a determination for what other sources or intelligence is needed to make a determination, relying on peers to help improve your skills and capabilities. A strong understanding of all basic ports and protocols. Familiarity with Windows, Mac, and Linux file path structure.. Familiarity with OSINT, TTPs and IOCs. Strong written and verbal communication skills with the ability to produce well-written reports and analysis that’s thorough, accurate and complete.. Provide the customer with a complete understanding of the investigation. CEH, CySA, GSEC, Sec+, or equivalent certification preferred. A college degree in Information Security or IT, related training, certifications or on-the-job experience. Life At Deepwatch. For employees, Deepwatch fosters a unique, flexible work environment designed with collaboration in mind. The company emphasizes personal and professional. growth, offering benefits such as professional development programs, comprehensive health coverage, and generous parental leave. Deepwatch is also committed to diversity, equity, inclusion, and belonging, aiming to empower underrepresented groups in tech by connecting them with meaningful opportunities, mentors, and sponsors.. In recognition of its supportive workplace culture, Deepwatch earned the Great Place To Work Certification/(TM) in 2025, underscoring its dedication to. creating a positive and inclusive work environment. Deepwatch is a global cybersecurity company with offices in San Francisco Bay Area, CA; Tampa, Florida;. and Bengaluru, India.. What We Offer. At Deepwatch, we are committed to supporting our employees with a comprehensive benefits package designed to enhance your well-being and financial security.. We Partner With Plum Benefits To Provide. ? Group Health Insurance – Comprehensive medical coverage for you and your dependents.. ? Group Accidental Insurance – Financial protection in case of accidental injuries.. ? Group Term Life Insurance – Security for your loved ones in unforeseen circumstances.. For additional details, refer to the benefits guide provided by Plum.. Payroll & Compensation. ? Pay Cycle: Salaries are processed monthly and paid on the last day of each month.. ? Pay Slips & Reimbursements: Delivered via email.. ? Payroll Processing: Managed by BCL Chartered Accountants through GreytHR, which provides tax and payment-related details.. Show more Show less

Desired Candidate The ideal candidate is a proactive and detail-oriented professional with strong leadership skills and a passion for cybersecurity. They should have excellent communication abilities to convey technical concepts to diverse audiences and a proven track record of managing teams and fostering a culture of security awareness. Adaptable and ethical, the candidate thrives in dynamic environments and collaborates effectively to address evolving cyber threats while maintaining the highest standards of confidentiality and integrity. Responsibilities: Strategic Planning: Develop, implement, and maintain a comprehensive cybersecurity strategy aligned with organizational goals. Risk Management: Identify, assess, and mitigate potential cybersecurity risks and vulnerabilities across systems, applications, and networks. Incident Response: Lead and coordinate incident response activities, ensuring quick containment, recovery, and root-cause analysis of security breaches. Compliance and Standards: Ensure adherence to relevant regulatory standards (e.g., GDPR, ISO 27001) and internal security policies. Team Collaboration: Lead and mentor the cybersecurity team, fostering skill development and ensuring alignment with security objectives. Stakeholder Communication: Act as a liaison between technical teams and senior management, translating technical risks into business terms. Continuous Improvement: Monitor and evaluate the effectiveness of security measures, and recommend enhancements to maintain a robust security posture. Tool and Technology Management: Oversee the deployment and management of security tools (e.g., SIEM, firewalls, endpoint protection, etc.) to ensure system integrity and confidentiality. Training and Awareness: Develop and conduct security training programs to promote awareness and compliance across the organization. Requirements: Education: Bachelors or Masters degree in Cybersecurity, Information Technology, Computer Science, or a related field. Experience: 6-10 years of experience in cybersecurity roles with progressive leadership responsibilities. Certifications: CISSP (Certified Information Systems Security Professional)[Ongoing is acceptable]. Additional certifications (e.g., CISM, CEH) are a plus. Technical Expertise: Strong understanding of security architecture, protocols, and best practices. Experience with tools like SIEM, IDS/IPS, endpoint security, firewalls, and vulnerability management systems. Knowledge of cloud security (AWS, Azure, GCP) and securing hybrid environments. Soft Skills: Excellent verbal and written communication skills for technical and non-technical audiences. Strong leadership, project management, and team collaboration abilities. Analytical and problem-solving mindset with attention to detail.

Responsibilities: * Ensure compliance with PCI DSS, NIST, HIPAA & ISO standards. * Design, implement & maintain secure systems using Infosec principles. * Conduct regular security audits & risk assessments. * Experience in SOC and SIEM tools-Qradar

Dear Candidate, Greetings. We are hiring for the role of Biso Helius Technologies Hyderabad. Work mode – Work from office Project – Singlife Exp – 10 to 15 years Please find the below JD for your reference. Role: BISO Work Location: Hyderabad (ODC) Key Responsibilities Focuses on Core BISO activities: Conduct Information Security Business Impact Assessments (ISBIA) for Projects, Applications, and Third-Party Outsourcing arrangements, aligning with Singlife Standards. Collaborate with Technology and Business units to evaluate the impact of control deficiencies. Lead the implementation of IS standards at the business level, ensuring alignment of procedures and practices with established standards. Collaborate in creating Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) using appropriate tools. Engage with Security Incident Response Teams to guide the resolution and closure of incidents, offering proactive recommendations. Generate periodic IS risk management reports, highlighting critical issues and proposing corrective action plans. Ensure adherence to IS standards and best practices across diverse disciplines. Support the business during audit reviews and regulatory inspections related to IS matters. Maintain vigilant oversight of IS programs, encompassing programs, policies, and associated reporting within the business landscape. Collaborate with business units to rectify non-compliance in processes, applications, and outsourcing activities. 1. 2. Act as a Business Partner Regularly communicate and interact with Management and Employees, enhancing understanding of IS-related programs, policies, and standards. Leverage the ISO network to share resources, extract best practices, and enhance operational efficiency. Validate compliance with security controls within business contracts. Evaluate the alignment of IS processes with business needs, particularly concerning software and internet usage. Conduct Information and Cyber Security Awareness training to fortify organizational preparedness. Partner with application managers or the Technology Information Security Officer (TISO) to address specific technical requirements. Stay relevant to evolving cybersecurity regulations (MAS, CSA, GIA, LIA) to provide subject matter expert feedback. Assess the impact of new and updated regulations promptly by partnering with the ISO, Technology & Operations community. 3. Other Requirements Demonstrate skill in delivering compelling presentations and managing complex programs. Display exceptional aptitude in consulting, problem-solving, and analytical capabilities. Exhibit a proactive, assertive, service-oriented demeanour while effectively functioning as a cohesive team player. Demonstrate the ability to manage concurrent tasks and prioritize effectively, even in conflicting timelines. Key Decisions within the Role Be the gatekeeper of the IS business impact assessments (ISBIA) processes and ensure applications within Singlife adhere to IS standards. Team Direct and indirect accountability for Information Security Officers Requirements Experience Minimum 10 years of experience in Information security. In areas such as security governance, risk management, application security design, security project management or security operation. • Professional Certifications CISSP, CISM, CISA, SANS, Cloud would be preferred. Education Bachelor’s degree in IT, Engineering or equivalent Skill Matirx- Skill Candidate's self- assessment (Score 1-5) Primary: InfoSec experience Secondary: Risk/Governance/Assurance framework Experience in conducting Infosec Training Excellent Communication/Presentation skills Infosec Certifications Primary: Cybersecurity regulations Secondary: Creation of Risk Acceptance/Risk Exceptions/CAPs Monetary Authority of Singapore (MAS) regulations Awareness of Security Control . Compliance Security Audits . Please revert with update profile if you find it interesting. Feel free to reach out for any queries. Role & responsibilities Preferred candidate profile

Role & responsibilities Analysis of external vendor questionnaire s to assess the security posture and security controls of a vendor Drafting risk reports which summarize the information security assessment including any risks to the organization. Following up with internal and external (vendor) stakeholders to clarify and validate information related to initiatives Review legal agreements w ith vendors from an information security perspective. Provide security consulting services to Enterprise Services and Business Units. Once the required experience and aptitude has been shown, expectation will be that the Information Security Analyst will start to perform these tasks independently with minimal supervision. Competencies: Bachelor's Degree preferably in Computer Science or related streams Strong verbal communication - able to communicate complex and technical issues in plain English. Advanced writing skills with emphasis on report writing. Strong analytical/problem solving abilities. Strong understanding of existing and emerging Information Security technologies. Strong consulting skills and ability to influence a win - win outcome. Self-starter, strategic thinker, negotiator, and consensus builder. Ability to understand Sun Life's diverse business units and ability to work with diverse groups. Nice to have - Sound knowledge of technologies related to Information Security: encryption, firewalls, intrusion detection/prevention, anti-virus, DDoS, behavioral analysis/advanced malware detection.

3-5 yrs of experience in IS GRC focusing on regulatory compliance. Understanding of security standards and frameworks (E.g. ISO 27001, NIST CSF, PCI DSS, SOX 404, SOC2, NIS2 and PCI DSS. Knowledge of Python PySpark or SparkSQL is an added advantage.

Skill required: Risk & Compliance - Operational Audit & Compliance Designation: Risk and Compliance Senior Analyst Qualifications: BCom/Master of Business Administration/CA Inter Years of Experience: 5 to 8 years About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do You will be aligned with our Risk and Compliance vertical and help us perform compliance reviews, publish reports with actions and provide closure guidance as needed. We design & recommend effective controls to mitigate risks and help service delivery team prepare for upcoming client / external audits.You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans.The Operational Audit & Compliance team focuses on auditing and managing effective implementation and delivery of functional processes within operations to mitigate risks. The role may require for you to have a good understanding of anti-corruption, BCM and infosec policies, records management and contractor controls. The team is responsible for establishing processes to validate the effectiveness and drive improvements wherever required. What are we looking for Risk and Compliance Experience Knowledge of Finance & Accounting processAuditing experience Roles and Responsibilities: In this role you are required to do analysis and solving of increasingly complex problems Your day to day interactions are with peers within Accenture You are likely to have some interaction with clients and/or Accenture management You will be given minimal instruction on daily work/tasks and a moderate level of instruction on new assignments Decisions that are made by you impact your own work and may impact the work of others In this role you would be an individual contributor and/or oversee a small work effort and/or team Please note that this role may require you to work in rotational shifts Qualification BCom,Master of Business Administration,CA Inter

Skill required: Risk & Compliance - Risk Management Designation: Senior Analyst Qualifications: BCom,Master of Business Administration,CA Inter Years of Experience: 5 to 8 About Accenture Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. Visit us at www.accenture.com What would you do You will be aligned with our Risk and Compliance vertical and help us perform compliance reviews, publish reports with actions and provide closure guidance as needed. We design & recommend effective controls to mitigate risks and help service delivery team prepare for upcoming client / external audits.You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans.The Operational Audit & Compliance team focuses on auditing and managing effective implementation and delivery of functional processes within operations to mitigate risks. The role may require for you to have a good understanding of anti-corruption, BCM and infosec policies, records management and contractor controls. The team is responsible for establishing processes to validate the effectiveness and drive improvements wherever required. What are we looking for Risk and Compliance Experience Knowledge of Finance & Accounting processAuditing experience Roles and Responsibilities: In this role you are required to do analysis and solving of increasingly complex problems Your day to day interactions are with peers within Accenture You are likely to have some interaction with clients and/or Accenture management You will be given minimal instruction on daily work/tasks and a moderate level of instruction on new assignments Decisions that are made by you impact your own work and may impact the work of others In this role you would be an individual contributor and/or oversee a small work effort and/or team Please note that this role may require you to work in rotational shifts Qualification BCom,Master of Business Administration,CA Inter

Greetings from Datamark!!! Postion : Information Security Analyst Experience : 5 Yrs in Experience Location: Ambattur Industrial Estate , Chennai Position Overview: The Information Security Analyst is responsible for the administration of the organizations information and data security policies and practices of the overall internal security audit program to ensure that the Company is protected in terms of security, compliance and confidentiality. Primary Responsibilities: Coordinates and assists with security activities for the enterprise Operate, maintain, and validate vulnerability scanning of Infrastructure, Applications, and APIs Review daily threat intelligence. Ensures compliance to security standards for assigned sites Schedules and administers internal security audits for Client and Physical Site Audits Follows up on remediation plans Support the management and maintenance of security tools with an emphasis on Security Information and Event Monitoring (SIEM) tools. Assist with the review of technical deployments for risk prior to deployment across the campus. Recommends risk mitigation solutions based on audit findings Maintains Security and Compliance Metrics monthly Assists in the development and delivery of IT risk and security awareness and compliance training programs Willingness to travel to DATAMARK global sites as necessary Other duties as assigned Minimum Qualifications: Education Requirements: Bachelors degree in Computer Science or related field, experience in lieu of degree can be considered Field Experience: At least four years of experience in Information Security Position Experience: At least four years of experience in an Information Security Analyst position, or similar position Demonstrated experience with traditional vulnerability analysis: identify, categorize, prioritize, track, and validate remediation of known vulnerabilities by accountable IT teams Other Qualifications: Certification in IT Security required Knowledge in Information Security policies and practices Knowledge of third-party auditing and risk assessment methodologies Experience in an IT Security related environment preferred Required Skills: Extremely organized and detail oriented. Capable of holding team members accountable to timely delivery of audit evidences. Practices and methods of IT strategy, enterprise architecture and security architecture Excellent analytical and problem-solving abilities to identify and remediate security risks Team-work mentality to develop security solutions in collaboration with other IT professionals If you are interested please share your updated resume to jagadish.jayavel@datamark.net or contact us 9500681139

Fortinet-Fortigate Firewalls, Data Network Security - Firewalls, VPN, Microsoft Email Security, Zscaler Proxy, Load Balancing. Security exposure, PA, Fortinet, WAF, Email Security, Proxy. All L2 level. 3 years of Exp in Infosec Domain. Should be able to handle Domestic and Global customers both. Key Skills: Firewalls Web Application Firewall Application Delivery Controller (Load Balancer) Virtual Private Network (VPN) Email Security Appliance Proxy Web filtering Important Note: CEH certification is Mandatory

This will be an Individual Contributor role to start and can evolve over time based on how this function matures. You will play a critical role in the companys tech infrastructure, processes which will be fully aligned with regulatory, security and business continuity standards. Key Responsibilities Draft, coordinate monitor IT processes policies to ensure compliance as per IT Act, regulatory bodies (e.g. RBI, SEBI, GDPR, UIDAI etc.), info security (ISM) guidelines and other applicable laws with respect to Technology, in coordination with internal external stakeholders Prepare update business-wise IT infra details required by the Compliance/Legal teams for regulatory filings and 3rd party audits Conduct vendor risk assessment audits ensure identified gaps are proactively filled Introduce new processes policies by conducting market studies surveys relevant to our business Plan, formulate, coordinate, implement monitor the cyber crisis management plan (CCMP) Incident Management and resolution Interface with external auditors and set up processes to ensure all Infosec audits go smoothly Formulate, implement, review monitor BCP Requirements 4-6 years of experience, including being SPOC for Infosec audits In-depth knowledge of technology, security, risk, and compliance best practices Strong capability in interfacing with both technology and business teams Detailed understanding of security monitoring, threat intelligence vulnerability management A self-driven attitude with a strong sense of ownership Experience with RBI and/or SEBI (preferred) audits is a big plus Assisting the team to conduct Technology Committee Assisting the Risk Officer to conduct independent assessments of the business functions Provide timely data for Risk Management Committee

we have a requirement on InfoSec Engineer for one of our clients for contract to Hire role. job Details: skills InfoSecEngineer Experience9+ Years Location:PAN INDIA Job typeContract to Hire Pay roll companyIDESLABS Work ModelHybrid INFOSEC ENGINEER Linux/RHEL/Windows patching and vulnerabilities remediation SSH Keys/Certificate management EOL analysis for Java/Python/Jenkins Libraries Nice to haveScripting for automation

So, what’s t he r ole all about? As a member of the Cloud Security team, a successful Cloud Security Analyst will need to be self-sufficient to collaborate effectively with multiple teams, such as Application Support, Infrastructure Operations, DevOps, Product R&D, Security teams, customers and 3 rd party auditors. This role will hold the responsibility of understanding the Cloud security policies, procedures, practices and technologies and documenting them appropriately as well as demonstrating to auditors and customers the excellent Cloud Security at NICE. A successful candidate in this role will be able to work in production cloud environments to collect and curate evidence and explain it to anyone who asks for it. Experience with Governance, Risk and Compliance (GRC) is a big plus! How will you make an impact? You will directly impact the success of the NICE cloud business by ensuring all customer and auditory security requirements are met and demonstrated. A diverse, merit-driven work environment which rewards a growth mindset and encourages innovation and continued professional development; The opportunity to work in a global, highly skilled, passionate workforce to deliver world-class service and products to market. Competitive pay and excellent benefits. Generous PTO policies. A highly focused security & compliance team which is collaborative, supportive, experienced, and driven to help everyone from the individual to enterprise to our customers realize the success for which they aim. Have you got what it takes? 1-2 years of experience with Information Security & Compliance or GRC University-level degree in InfoSec, Computer Science or other related field. knowledge with major compliance frameworks such as PCI, ISO 27001/17, SOC 2, HITRUST, GDPR. A burning curiosity to learn as much as you can about the NICE cloud environment and the services and products we offer our customers as well as the existing security infrastructure we have in place today; Excellent communications skills along to work collaboratively with security team members and operations and development teams or independently to achieve tactical and strategic security goals; Strong organization and prioritization skills; Education, training or experience with security and compliance fundamentals; Experience working with work tracking tools such as JIRA, Service Now or others. What’s in it for you? Join an ever-growing, market disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr! Enjoy NICE-FLEX! At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere. Requisition ID: 7117 Reporting into: Technical Manager Role Type: Individual Contributor