776 Iso 27001 Jobs - Page 19

Job Title - Application Security Engineer About Tazapay Tazapay is a cross border payment service provider. They offer local collections via local payment methods, virtual accounts and cards in over 70 markets. The merchant does not need to create local entities anywhere and Tazapay offers the additional compliance framework to take care of local regulations and requirements. This results in decreased transaction costs, fx transparency and higher auth rates. They are licensed and backed by leading investors. www.tazapay.com Whats exciting waiting for you This is an amazing opportunity for you to join a fantastic crew before the rocket ship launch. It will be a story you will carry with you through your life and have the unique experience of building something ground up and have the satisfaction of seeing your product being used and paid for by thousands of customers. You will be a part of a growth story in securing critical financial applications that handle cross-border payments. We believe in a culture of openness, innovation great memories together. About the Application Security Engineer Role As an Application Security Engineer, you will be responsible for ensuring the security of our payment applications throughout their entire development lifecycle. You will work closely with development teams to identify, assess, and remediate security vulnerabilities in web applications, mobile apps, and APIs that process sensitive financial data across 70+ markets. Key Responsibilities Application Security Assessment Testing Conduct comprehensive security assessments of microservices-based applications built with GoLang, Java, or Scala Perform security reviews of Vue.js and ReactJS frontend applications and their interaction with backend services Execute manual and automated web application penetration testing using industry-standard methodologies (OWASP Testing Guide, PTES) Conduct vulnerability scoring and risk assessment using CVSS framework and custom business impact metrics Utilize govulncheck for Go-specific vulnerability detection and dependency analysis in GoLang microservices Deploy Semgrep/OpenGrep for static code analysis across multiple programming languages and frameworks Integrate Gitleaks for automated secret detection and credential scanning in source code repositories Execute static application security testing (SAST) and dynamic application security testing (DAST) across the entire stack Conduct penetration testing and vulnerability assessments on payment processing applications and microservices Perform web application penetration testing including authentication bypass, authorization flaws, injection attacks, and business logic vulnerabilities Review and analyze code for security vulnerabilities with focus on microservices communication patterns and frontend security Assess API gateways, service meshes, and inter-service authentication mechanisms Implement and maintain automated security testing tools in CI/CD pipelines for both frontend and backend components Secure Development Lifecycle (SDLC) Integrate security practices into the software development lifecycle Collaborate with development teams to implement secure coding practices Conduct security architecture reviews and threat modeling sessions Provide security requirements and guidelines for new application features Establish and maintain application security standards and best practices Vulnerability Management Identify, prioritize, and track application security vulnerabilities across multiple technologies Implement comprehensive vulnerability scoring using CVSS v3.1, OWASP Risk Rating, and custom business impact assessments Develop risk scoring matrices that incorporate technical severity, business impact, and exploitability factors Utilize govulncheck for proactive Go vulnerability management and dependency tracking Deploy Gitleaks for continuous secret detection and credential exposure prevention Implement Semgrep/OpenGrep for custom vulnerability pattern detection and policy violations Create detailed penetration testing reports with executive summaries, technical findings, and remediation roadmaps Establish vulnerability SLA metrics and track remediation timelines based on risk scores Work with development teams to remediate identified security issues Maintain vulnerability management processes and ensure timely resolution Perform risk assessments and provide recommendations for vulnerability mitigation Monitor and respond to emerging application security threats Create and maintain security metrics and KPIs for vulnerability remediation Security Tools Automation Implement and manage application security scanning tools (SAST, DAST, IAST) Deploy govulncheck for continuous Go vulnerability monitoring in GoLang microservices Integrate Gitleaks for automated secret scanning across development workflows and CI/CD pipelines Configure Semgrep/OpenGrep rules for custom security pattern detection and policy enforcement Develop and maintain security automation scripts and tools Integrate security tools into development workflows and CI/CD pipelines Evaluate and recommend new application security technologies and solutions Create custom security rules and policies for language-specific vulnerabilities Automate security testing for containerized applications and microservices Compliance Documentation Ensure applications comply with financial industry regulations (PCI DSS, PSD2, etc.) Maintain security documentation, procedures, and incident response plans Support compliance audits and security assessments Create and deliver application security training for development teams Required Qualifications Experience 4+ years of experience in application security, with focus on web and mobile applications Strong experience securing microservices architectures, particularly those built with GoLang, Java, or Scala Hands-on experience with frontend security for modern JavaScript frameworks (Vue.js, ReactJS) Extensive experience in web application penetration testing including OWASP Top 10, business logic flaws, and authentication/authorization bypasses Proven expertise in vulnerability scoring and risk assessment using CVSS, OWASP Risk Rating, and custom scoring methodologies Proven experience with security automation tools: govulncheck (Go vulnerability scanning), Gitleaks (secret detection), Semgrep/OpenGrep (static analysis) Experience with application security testing tools (Burp Suite, OWASP ZAP, Veracode, Checkmarx, etc.) Hands-on experience with penetration testing and vulnerability assessment Experience with secure code review and static/dynamic analysis tools Knowledge of common web application vulnerabilities (OWASP Top 10) and microservices-specific security challenges Technical Skills Proficiency in backend programming languages with strong focus on GoLang, Java, or Scala for microservices architecture Experience with frontend frameworks, particularly Vue.js and ReactJS for modern web applications Advanced proficiency with security tools: govulncheck (Go-specific vulnerability detection), Gitleaks (credential scanning), Semgrep/OpenGrep (multi-language static analysis) Expert-level web application penetration testing skills using tools like Burp Suite Professional, OWASP ZAP, Nuclei, and custom exploitation frameworks Comprehensive knowledge of vulnerability scoring frameworks including CVSS v3.1, OWASP Risk Rating Methodology, and FAIR (Factor Analysis of Information Risk) Experience with automated penetration testing tools and frameworks for continuous security validation Strong understanding of microservices security patterns and inter-service communication Experience with API security testing and assessment (REST, GraphQL, gRPC) Knowledge of mobile application security (iOS/Android) Familiarity with cloud security (AWS, Azure, GCP) Understanding of database security and secure data handling Experience with containerized applications and orchestration platforms Security Knowledge Deep understanding of application security principles and best practices Expert knowledge of web application penetration testing methodologies (OWASP Testing Guide, PTES, NIST SP 800-115) Advanced understanding of vulnerability scoring and risk quantification using industry-standard frameworks Knowledge of security frameworks and standards (OWASP, NIST, ISO 27001) Experience with threat modeling and risk assessment methodologies Understanding of cryptography and secure communication protocols Knowledge of authentication and authorization mechanisms Expertise in manual testing techniques for complex business logic vulnerabilities Experience with penetration testing reporting and executive communication of security risks Nice to Have Certifications Relevant security certifications (CISSP, CEH, CSSLP, GWEB, OSCP) Cloud security certifications (AWS Security, Azure Security) Additional Skills Experience with DevSecOps practices and tools Advanced proficiency in securing distributed microservices ecosystems Experience with modern frontend build tools and security (Webpack, Vite, npm/yarn security) Expertise in Go ecosystem security including govulncheck integration and dependency management Advanced configuration and customization of Semgrep/OpenGrep rules for organization-specific security policies Experience with Gitleaks integration across multiple Git workflows and CI/CD platforms Advanced web application penetration testing including thick client applications and complex multi-tier architectures Experience with custom exploit development and proof-of-concept creation for business logic vulnerabilities Expertise in creating comprehensive risk scoring models that align technical findings with business impact Knowledge of container security (Docker, Kubernetes) Experience with financial services and payment processing security Familiarity with regulatory compliance (PCI DSS, GDPR, PSD2) Experience with bug bounty programs and responsible disclosure Knowledge of machine learning/AI security Experience with service mesh security (Istio, Linkerd) and API gateway security Key Abilities and Traits Technical Excellence: Demonstrated ability to identify and remediate complex application security vulnerabilities across diverse technology stacks. Collaboration: Strong ability to work effectively with development teams, translating security requirements into actionable development practices. Communication: Excellent verbal and written communication skills, capable of explaining security concepts to both technical and business stakeholders. Problem-Solving: Strong analytical and problem-solving skills with the ability to think like both a defender and an attacker. Continuous Learning: Commitment to staying current with emerging application security threats, tools, and best practices. Detail-Oriented: Meticulous attention to detail when reviewing code and assessing application security. Project Management: Ability to manage multiple security assessments and projects simultaneously while meeting deadlines.

Introduction Welcome to Gallagher a global leader in insurance, risk management, and consulting services. With a growing team of more than 52,000 professionals worldwide, we empower businesses, communities, and individuals to thrive. At Gallagher, you can build a career whether it s with our brokerage division, our benefits and HR consulting division, or our corporate team. Experience The Gallagher Way, a culture fueled by shared values and a collective passion for excellence. Join one of our dynamic teams, where youll play a pivotal role in shaping Gallaghers future and unlocking unparalleled opportunities for both clients and yourself. We believe that every candidate brings something special to the table, including you! So, even if you feel that you re close but not an exact match, we encourage you to apply. Overview The Business Information Security Officer (BISO) India is responsible for managing the Gallagher Cyber Information Security (GCIS) program of works for the Indian region. This includes identifying, evaluating, and reporting on information security risks across all Gallagher divisions in India, in a manner that meets compliance and regulatory requirements, as well as aligning with the companys risk appetite. In addition to reporting on a regular basis to the UK - based EMEA BISO, this role will work closely with: IT Directors of India and Local CTO for Gallagher India and Gallagher Centre of Excellence The India Senior Business Leaders for IT and QA Transition GCIS Colleagues globally who have global remits (application security, identity management etc) The India division s ISMS manager in maintaining their ISO27001 certification GCIS Project Managers delivering both new and enhanced capabilities. This is a hybrid role, in office 2-3 days per week, and can be based out of either our Pune or Bangalore offices, with some travel between the two expected. How youll make an impact Continue to develop and prioritise the information security strategy and roadmap for India that aligns with the GCIS security strategy. Monitor and manage security incidents, vulnerabilities, and threats that affect the various Indian divisions, and work with Gallagher s global security teams to ensure effective response and remediation. Ensure compliance with applicable laws, regulations, and contractual requirements related to information security throughout India. Work with the Global SOC in the co-ordination and escalation of security incidents to the appropriate Indian authorities when appropriate. Develop and maintain relationships with key stakeholders across India, including business leaders, IT teams, and external partners to ensure effective communication and collaboration on information security matters. Conduct periodic security risk assessments and audits of information systems, networks, applications and suppliers in India to identify and mitigate potential security risks. Lead and coordinate the implementation of security policies, standards, and procedures in India. Ensure security awareness and training programs are in place and effective in India. Manage the security budget for India, ensuring efficient and effective use of resources. Represent India in the appropriate security governance forums and ensure alignment with the region security strategy. Brokerage clients will have time-sensitive due diligence security audits and questionnaires that will need to be managed and responded to. Business suppliers and IT supply chain vendors must be managed to ensure they do not introduce risk to Gallagher. Confidential participation in the Merger and Acquisition process with external companies, lawyers and security consultant About you Bachelors degree in computer science, information systems, or a related field. A masters degree is preferred. At least 8-10 years of experience in information security, with a minimum of 5 years in a leadership role. Strong knowledge of security frameworks and standards such as ISO 27001, NIST, PCI-DSS, and GDPR. Demonstrated experience in the management of staff and small teams. Experience in managing security incidents and crises. Excellent communication and stakeholder management skills are required. Familiarity with security technologies such as firewalls, intrusion detection systems, and SIEMs. Knowledge of cloud security and Insurance practices is a plus. Relevant certifications such as CISSP, CISM, or CRISC are preferred. Lead auditor experience in ISO27001 is preferred. #LI-DK3 Additional Information We value inclusion and diversity Inclusion and diversity (ID) is a core part of our business, and it s embedded into the fabric of our organization. For more than 95 years, Gallagher has led with a commitment to sustainability and to support the commu nities where we live and work. Gallagher embraces our employees diverse identities, experiences and talents, allowing us to better serve our clients and communities. We see inclusion as a conscious commitment and diversity as a vital strength. By embracing diversity in all its forms, we live out Th e Gallagher Way to its fullest. Gallagher believes that all persons are entitled to equal employment opportunity and prohibits any form of discrimination by its managers, employees, vendors or customers based on race, color , religion, creed, gender (including pregnancy status), sexual orientation, gender identity (which includes transgender and other gender non-conforming individuals), gender expression, hair expression, marital status, parental status, age, national origin, ancestry, disability, medical condition, genetic information, veteran or military status, citizenship status, or any other characteristic protected (herein referred to as protected characteristics ) by applicable federal, state, or local laws. Equal employment opportunity will be extended in all aspects of the employer-employee relationship, including, but not limited to, recruitment, hiring, training, promotion, transfer, demotion, compensation, benefits, layoff, and termination. In addition, Gallagher will make reasonable accommodations to known physical or mental limitations of an otherwise qualified person with a disability, unless the accommodation would impose an undue hardship on the operation of our business. ","

Job Title Services Owner - Security Job Description About Signify Through bold discovery and cutting-edge innovation, we lead an industry that is vital for the future of our planet: lighting. Through our leadership in connected lighting and the Internet of Things, were breaking new ground in data analytics, AI, and smart solutions for homes, offices, cities, and beyond. At Signify, you can shape tomorrow by building on our incredible 125+ year legacy while working toward even bolder sustainability goals. Our culture of continuous learning, creativity, and commitment to diversity and inclusion empowers you to grow your skills and career. Join us, and together, we ll transform our industry, making a lasting difference for brighter lives and a better world. You light the way. More about the role This is an exciting job opportunity for you to light the way as a Services Owner - Cyber Security in Bangalore with Signify. This role will be responsible to collaborate closely with Corporate Security Function, implement policies and tools to improve Security Footprint for Signify. Responsibilities includes Maintain and optimize security configurations across endpoints, networks, servers, cloud platforms, and OT systems where applicable. Lead the implementation of cybersecurity projects, including tooling deployment, infrastructure security upgrades, and technical remediation efforts, in alignment with risk priorities. Work with Corporate Security team to define / understand security policies, protocols, and procedures to protect organizational assets, data, and personnel. Work with Corporate Security and Audit teams to define reassessment calendar, coordinate for regular assessments and audits to identify vulnerabilities and ensure compliance with security standards. Ensure security changes are executed safely and in line with ITIL or equivalent change processes. Work with Application Services, Backbone Services and Architecture teams to clearly define Operational procedure to implement and monitor security controls across infrastructure and application landscape. Drive Security maturity scores for Cloud infrastructure like M365, Azure, AWS and Private Cloud. Enable security awareness, policies, and procedures sessions for employees Budget Management: Manage the security budget, including equipment, personnel, and expenses. Coordinate with relevant stakeholders to develop and maintain emergency response plans. Conducting regular security audits of physical and IT infrastructure. Developing and implementing robust operational procedures around security to protect the company s assets, employees and facilities. Assessing potential risks and vulnerabilities, investigating security breaches and reinforcing appropriate measures to mitigate them. Leading and managing a team of security operational personnel, including hiring, training and performance management. Collaborating with cross-functional teams to ensure integration of security requirements into business processes and projects. More about you While we value and appreciate all applicants, we believe that the following experience and skills will be needed to shine brightly in this job opening: Qualifications: Education: Bachelors degree in Computer Science, Information Systems, Cybersecurity, or related field. Certifications: Relevant certifications such as CISSP, CISM, GSEC, or vendor-specific certifications (e.g., Microsoft/AWS Security, Palo Alto, etc.). Experience: 8-12 years in cybersecurity operations or infrastructure security, including 2-3 years in a managerial or team lead role. Technical Skills: Experience managing enterprise security tools (SIEM, EDR, firewalls, etc.) Strong understanding of Windows, Linux, and cloud platform security (Azure/AWS) Familiarity with patching, system hardening, secure configuration baselines (e.g., CIS Benchmarks) Soft Skills: Strong execution focus, project delivery skills, and ability to manage competing priorities Excellent communication and collaboration skills with both technical and business stakeholders Preferred Qualifications: Experience in the electronics or manufacturing industry, including OT/ICS security exposure Familiarity with regulatory frameworks and controls (e.g., NIST, ISO 27001, SOX) Hands-on experience with automation tools (e.g., Ansible, SOAR platforms) Everything we ll do for you You can grow a lasting career here. We ll encourage you, support you, and challenge you. We ll help you learn and progress in a way that s right for you, with coaching and mentoring along the way. We ll listen to you too, because we see and value every one of our 30,000+ people. We believe that a diverse and inclusive workplace fosters creativity, innovation, and a full spectrum of bright ideas. With a global workforce representing 99 nationalities, we are dedicated to creating an inclusive environment where every voice is heard and valued, helping us all achieve more together. List the benefits here Come join us, and together we can light the way. Play a crucial role in the secure execution of digital operations across a global, technology-driven enterprise Collaborate with leading experts in cybersecurity, infrastructure, and risk management Be part of a high-impact team where operational excellence meets innovation and global scale

We are seeking a for a Senior IAM Engineer is responsible for the development, implementation, and maintenance of the FA s IAM program. The successful candidate will have experience with SOX & FTC compliance specifically around IAM controls. To be successful in this role, a good candidate should have experience in Microsoft Purview and Entra Identity Management & Application Integration. Good experience in knowledge of SOX compliance (User Access Review, UAR), knowledge and experience in 3rd party product integration to the current FA environment and experience in handling and managing data protection of products (specifically email protection) What We Do: We are on the frontline of recruitment enabling organizations to Hire Smarter. Onboard Faster First Advantage is an HR Tech company delivering innovative solutions and insights to enable our clients to manage risk and hire the best talent. Leveraging an advanced technology platform, First Advantage builds fully scalable, configurable screening programs that meet the unique needs of over 33,000 clients. Headquartered in Atlanta, GA and with an internationally distributed workforce spanning 19 countries with about 5,500 employees, First Advantage performs over 93 million screens in over 200 countries and territories annually. Who You Are: You are self-motivated and ready to roll up your sleeves." While you are an independent contributor, you are also collaborative. You can spearhead a project and see it through from start to completion. As a team player, you navigate cross-functional teams and work well with team members in other business units and departments toward a common goal. An Innovator you see gaps in current processes or workflows as an opportunity to improve and try something new. A lifelong learner and always seeking out opportunities to learn and upskill, you understand the importance of thorough and secure screenings and are interested in the Human Capital sector and the confluence of people, process, and technology. Senior IAM Engineer What Youll Do Responsibilities for Senior IAM Engineer: - Define and drive the IAM security architecture strategy, roadmap, and vision, ensuring alignment with business objectives, risk appetite, and regulatory requirements (e.g., NIST, ISO 27001, GDPR, SOC 2). Lead the design and continuous evolution of scalable, secure, and resilient IAM solutions across on-premises, cloud (Azure, AWS), and hybrid environments. This encompasses authentication, authorization, identity governance, privileged access management, and directory services. Provide deep technical expertise and guidance on a wide range of IAM technologies and protocols, including: Single Sign-On (SSO) and Federation (SAML, OAuth 2.0, OpenID Connect) Multi-Factor Authentication (MFA) architectures and implementations Leading Identity Governance and Administration (IGA) solutions (e.g., SailPoint, Zilla, Vesa) Privileged Access Management (PAM) tools (e.g., Britive, CyberArk, Delinea, BeyondTrust) Directory Services (Active Directory, Azure AD, LDAP) API security as it relates to IAM Champion and architect Zero Trust principles within the IAM domain, focusing on continuous verification, risk-based access controls, and adaptive authentication mechanisms. Drive the automation of IAM processes and ensure seamless integration of IAM solutions with other security tools, applications, and infrastructure to enhance efficiency and security. Work closely with Governance, Risk, and Compliance (GRC) teams to ensure IAM solutions meet compliance requirements, support audit activities, and contribute to a robust control environment. Collaborate with security engineering, application development, infrastructure, and business teams to embed security best practices throughout the Software Development Life Cycle (SDLC). Mentor and guide junior architects and engineers. Research, evaluate, and recommend emerging IAM technologies and security innovations, assessing their potential impact and value to the organization. Provide architectural guidance and support during security incidents related to identity and access, facilitating rapid identification, containment, and remediation. Assist in developing and implementing policies, procedures, and guidelines related to IAM. Implement and manage access controls, including role-based access control (RBAC), segregation of duties (SoD), and least privilege principles. Establish identity governance frameworks and conduct periodic access reviews to ensure compliance with SOX, SOC, CJIS, and ISO 27001 regulations. Collaborate with internal and external auditors to provide documentation, evidence, and support during SOX, SOC, CJIS, and ISO 27001 audits. Oversee user lifecycle management processes, ensuring timely provisioning and de-provisioning of user access rights. Why First Advantage is Your Next Big Career Move First Advantage is going through a technology transformation! We are looking for experts who are excited to work with advanced technologies and provide best-in-class user experiences, drive the development and deployment of scalable solutions, and smoothly guide our agile teams and clients through meaningful changes as we continue to expand our impact. What Are You Waiting For? Apply Today! You have learned a little about us today we want to learn about you! If you think this position and our company are a great fit for your areas of interest and expertise, tell us about you by applying now! EMPLOYEE BENEFITS India Region: Most of the roles are enabled with the ability to work remotely with occasional business travel. Hybrid working model Comprehensive employee Leave policy Career progressions through Internal job opportunities and Global Talent mobility programs Career Development: Mentoring Program, People Management Program, cross-functions training, soft skills training. Continuous learning and development opportunities. Upskilling and reskilling opportunities mobilized through e-learning platforms Training and Certification reimbursement programs Medical Insurance coverage for employees and parental insurance benefits available. Calendarized Employee Wellness programs Quarterly Rewards and Recognition program to recognize exemplary performance Other attractive allowances Weekend working, Holiday pay, Relocation assistance, Maternity bonus, Creche allowance & Other allowance etc.

You are self-motivated and ready to roll up your sleeves." While you are an independent contributor, you are also collaborative. You can spearhead a project and see it through from start to completion. As a team player, you navigate cross-functional teams and work well with team members in other business units and departments toward a common goal. An Innovator you see gaps in current processes or workflows as an opportunity to improve and try something new. A lifelong learner and always seeking out opportunities to learn and upskill, you understand the importance of thorough and secure screenings and are interested in the Human Capital sector and the confluence of people, process, and technology. Senior IAM Engineer What Youll Do Responsibilities for Senior IAM Engineer: - Define and drive the IAM security architecture strategy, roadmap, and vision, ensuring alignment with business objectives, risk appetite, and regulatory requirements (e.g., NIST, ISO 27001, GDPR, SOC 2). Lead the design and continuous evolution of scalable, secure, and resilient IAM solutions across on-premises, cloud (Azure, AWS), and hybrid environments. This encompasses authentication, authorization, identity governance, privileged access management, and directory services. Provide deep technical expertise and guidance on a wide range of IAM technologies and protocols, including: Single Sign-On (SSO) and Federation (SAML, OAuth 2.0, OpenID Connect) Multi-Factor Authentication (MFA) architectures and implementations Leading Identity Governance and Administration (IGA) solutions (e.g., SailPoint, Zilla, Vesa) Privileged Access Management (PAM) tools (e.g., Britive, CyberArk, Delinea, BeyondTrust) Directory Services (Active Directory, Azure AD, LDAP) API security as it relates to IAM Champion and architect Zero Trust principles within the IAM domain, focusing on continuous verification, risk-based access controls, and adaptive authentication mechanisms. Drive the automation of IAM processes and ensure seamless integration of IAM solutions with other security tools, applications, and infrastructure to enhance efficiency and security. Work closely with Governance, Risk, and Compliance (GRC) teams to ensure IAM solutions meet compliance requirements, support audit activities, and contribute to a robust control environment. Collaborate with security engineering, application development, infrastructure, and business teams to embed security best practices throughout the Software Development Life Cycle (SDLC). Mentor and guide junior architects and engineers. Research, evaluate, and recommend emerging IAM technologies and security innovations, assessing their potential impact and value to the organization. Provide architectural guidance and support during security incidents related to identity and access, facilitating rapid identification, containment, and remediation. Assist in developing and implementing policies, procedures, and guidelines related to IAM. Implement and manage access controls, including role-based access control (RBAC), segregation of duties (SoD), and least privilege principles. Establish identity governance frameworks and conduct periodic access reviews to ensure compliance with SOX, SOC, CJIS, and ISO 27001 regulations. Collaborate with internal and external auditors to provide documentation, evidence, and support during SOX, SOC, CJIS, and ISO 27001 audits. Oversee user lifecycle management processes, ensuring timely provisioning and de-provisioning of user access rights. Why First Advantage is Your Next Big Career Move First Advantage is going through a technology transformation! We are looking for experts who are excited to work with advanced technologies and provide best-in-class user experiences, drive the development and deployment of scalable solutions, and smoothly guide our agile teams and clients through meaningful changes as we continue to expand our impact. What Are You Waiting For? Apply Today! You have learned a little about us today we want to learn about you! If you think this position and our company are a great fit for your areas of interest and expertise, tell us about you by applying now! EMPLOYEE BENEFITS India Region: Most of the roles are enabled with the ability to work remotely with occasional business travel. Hybrid working model Comprehensive employee Leave policy Career progressions through Internal job opportunities and Global Talent mobility programs Career Development: Mentoring Program, People Management Program, cross-functions training, soft skills training. Continuous learning and development opportunities. Upskilling and reskilling opportunities mobilized through e-learning platforms Training and Certification reimbursement programs Medical Insurance coverage for employees and parental insurance benefits available. Calendarized Employee Wellness programs Quarterly Rewards and Recognition program to recognize exemplary performance Other attractive allowances Weekend working, Holiday pay, Relocation assistance, Maternity bonus, Creche allowance & Other allowance etc.

Ericsson is seeking an experienced GRC Specialist with 8 to 15 years of expertise in Governance, Risk, and Compliance to join our team in Noida or Bangalore. The ideal candidate will have a strong background in managing risk frameworks, compliance programs, and governance processes within large enterprises, preferably in telecom or IT sectors. Key Responsibilities: Develop, implement, and maintain governance, risk, and compliance frameworks aligned with global standards and Ericsson policies. Perform comprehensive risk assessments and compliance audits to identify gaps and recommend remediation actions. Ensure adherence to regulatory requirements such as ISO 27001, GDPR, NIST, COBIT, and ITIL. Manage and monitor compliance controls and policies to mitigate organizational risks. Collaborate with internal stakeholders and external auditors to facilitate audit readiness and compliance reporting. Drive continuous improvement initiatives for GRC processes and tools. Support incident response and business continuity planning from a GRC perspective. Lead awareness programs and training sessions on governance, risk, and compliance topics. Utilize and optimize GRC platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC) for automated risk management and reporting. Required Skills and Qualifications: Bachelor s or Master s degree in Information Technology, Cybersecurity, Business Administration, or related field. 8 to 15 years of experience in Governance, Risk, and Compliance roles. In-depth knowledge of GRC frameworks and standards (ISO 27001, NIST, COBIT, GDPR, ITIL). Practical experience with GRC tools and platforms. Strong understanding of cybersecurity risk management and control frameworks. Excellent analytical, organizational, and communication skills. Ability to work collaboratively across teams and influence senior stakeholders. Relevant certifications such as CISA, CISM, CRISC, CISSP, or similar preferred. Preferred Qualifications: Experience in the telecommunications or IT industry. Knowledge of cloud security and compliance frameworks. Familiarity with data privacy regulations and telecom-specific compliance requirements. Why join Ericsson? What happens once you apply? Primary country and city: India (IN) || Noida Req ID: 768424

Ericsson is seeking an experienced IAM Engineer with a strong background in Identity Management (IDM) and Public Key Infrastructure (PKI) to join our team in Noida or Bangalore. The ideal candidate will bring 8 to 15 years of hands-on experience in designing, implementing, and managing enterprise IAM solutions, ensuring secure and seamless identity lifecycle management and robust cryptographic security. Key Responsibilities: Design, implement, and support enterprise Identity and Access Management (IAM) solutions, focusing on IDM and PKI components. Manage identity lifecycle processes including provisioning, de-provisioning, authentication, authorization, and access governance. Deploy and maintain PKI infrastructure, including certificate lifecycle management, CA operations, and secure key management. Integrate IDM and PKI systems with various applications, cloud platforms, and network services. Collaborate with security teams to enforce access controls, policies, and compliance requirements. Troubleshoot and resolve IAM and PKI related incidents and performance issues. Develop automation scripts and tools to optimize IAM and PKI processes. Participate in security audits and assessments related to IAM and PKI. Document architecture, configurations, and operational procedures. Stay updated with emerging IAM and PKI technologies, trends, and best practices. Required Skills and Qualifications: Bachelor s or Master s degree in Computer Science, Information Technology, Cybersecurity, or related field. 8 to 15 years of experience in Identity and Access Management engineering roles. Strong hands-on experience with IDM platforms such as SailPoint, Oracle Identity Manager, IBM Security Identity Manager, or similar. Expertise in PKI technologies including CA management, certificate issuance, revocation, and integration with applications. Experience with directory services (LDAP, Active Directory) and federation technologies (SAML, OAuth, OpenID Connect). Proficiency in scripting languages (Python, Shell, PowerShell) for automation. Knowledge of security standards and compliance frameworks (ISO 27001, NIST, GDPR). Strong troubleshooting, problem-solving, and communication skills. Ability to work collaboratively in cross-functional and global teams. Preferred Qualifications: Certifications such as CISSP, CISA, CISM, or relevant IAM/PKI certifications. Experience in telecom or large-scale enterprise environments. Familiarity with cloud IAM solutions (Azure AD, AWS IAM) and hybrid identity architectures. Exposure to DevOps practices and CI/CD pipelines related to IAM deployments.

About this opportunity: Ericsson is seeking an experienced GRC Specialist with 8 to 15 years of expertise in Governance, Risk, and Compliance to join our team in Noida or Bangalore. The ideal candidate will have a strong background in managing risk frameworks, compliance programs, and governance processes within large enterprises, preferably in telecom or IT sectors. Key Responsibilities: Develop, implement, and maintain governance, risk, and compliance frameworks aligned with global standards and Ericsson policies. Perform comprehensive risk assessments and compliance audits to identify gaps and recommend remediation actions. Ensure adherence to regulatory requirements such as ISO 27001, GDPR, NIST, COBIT, and ITIL. Manage and monitor compliance controls and policies to mitigate organizational risks. Collaborate with internal stakeholders and external auditors to facilitate audit readiness and compliance reporting. Drive continuous improvement initiatives for GRC processes and tools. Support incident response and business continuity planning from a GRC perspective. Lead awareness programs and training sessions on governance, risk, and compliance topics. Utilize and optimize GRC platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC) for automated risk management and reporting. Required Skills and Qualifications: Bachelor s or Master s degree in Information Technology, Cybersecurity, Business Administration, or related field. 8 to 15 years of experience in Governance, Risk, and Compliance roles. In-depth knowledge of GRC frameworks and standards (ISO 27001, NIST, COBIT, GDPR, ITIL). Practical experience with GRC tools and platforms. Strong understanding of cybersecurity risk management and control frameworks. Excellent analytical, organizational, and communication skills. Ability to work collaboratively across teams and influence senior stakeholders. Relevant certifications such as CISA, CISM, CRISC, CISSP, or similar preferred. Preferred Qualifications: Experience in the telecommunications or IT industry. Knowledge of cloud security and compliance frameworks. Familiarity with data privacy regulations and telecom-specific compliance requirements. Primary country and city: India (IN) || Noida Req ID: 768424

About this opportunity: Ericsson is seeking an experienced IAM Engineer with a strong background in Identity Management (IDM) and Public Key Infrastructure (PKI) to join our team in Noida or Bangalore. The ideal candidate will bring 8 to 15 years of hands-on experience in designing, implementing, and managing enterprise IAM solutions, ensuring secure and seamless identity lifecycle management and robust cryptographic security. Key Responsibilities: Design, implement, and support enterprise Identity and Access Management (IAM) solutions, focusing on IDM and PKI components. Manage identity lifecycle processes including provisioning, de-provisioning, authentication, authorization, and access governance. Deploy and maintain PKI infrastructure, including certificate lifecycle management, CA operations, and secure key management. Integrate IDM and PKI systems with various applications, cloud platforms, and network services. Collaborate with security teams to enforce access controls, policies, and compliance requirements. Troubleshoot and resolve IAM and PKI related incidents and performance issues. Develop automation scripts and tools to optimize IAM and PKI processes. Participate in security audits and assessments related to IAM and PKI. Document architecture, configurations, and operational procedures. Stay updated with emerging IAM and PKI technologies, trends, and best practices. Required Skills and Qualifications: Bachelor s or Master s degree in Computer Science, Information Technology, Cybersecurity, or related field. 8 to 15 years of experience in Identity and Access Management engineering roles. Strong hands-on experience with IDM platforms such as SailPoint, Oracle Identity Manager, IBM Security Identity Manager, or similar. Expertise in PKI technologies including CA management, certificate issuance, revocation, and integration with applications. Experience with directory services (LDAP, Active Directory) and federation technologies (SAML, OAuth, OpenID Connect). Proficiency in scripting languages (Python, Shell, PowerShell) for automation. Knowledge of security standards and compliance frameworks (ISO 27001, NIST, GDPR). Strong troubleshooting, problem-solving, and communication skills. Ability to work collaboratively in cross-functional and global teams. Preferred Qualifications: Certifications such as CISSP, CISA, CISM, or relevant IAM/PKI certifications. Experience in telecom or large-scale enterprise environments. Familiarity with cloud IAM solutions (Azure AD, AWS IAM) and hybrid identity architectures. Exposure to DevOps practices and CI/CD pipelines related to IAM deployments.

The Technical IT Auditor is responsible for evaluating and assessing the effectiveness of an organization's information systems, security protocols, internal controls, and compliance with applicable regulations. This role involves detailed technical reviews of IT infrastructure, applications, databases, and networks to ensure integrity, confidentiality, and availability of data and systems. Plan and execute end-to-end IT audits, including risk assessments, scoping, testing, and reporting. Evaluate IT general controls (ITGCs), application controls, and system development lifecycle (SDLC) processes. Assess network infrastructure, databases, and cloud environments for vulnerabilities and compliance. Conduct audits on cybersecurity controls, data privacy mechanisms, and incident response preparedness. Review and assess controls related to identity and access management (IAM), change management, and backup/recovery. Utilize automated tools and scripts for vulnerability scans and data analysis. Ensure compliance with frameworks such as ISO 27001, HITRUST, GDPR, HIPPA, SOC and SOX. Collaborate with IT, security, and business stakeholders to identify risks and recommend mitigation strategies. Develop corporate Information Security policies and standards and continually monitoring the information security controls, KRIs/KPIs and technical landscape. Providing ISMS awareness trainings Responding to the Client SIG questionnaires

Job : Network Security Architect Jobs in Banglore, Bangalore, Chennai, Hyderabad, Mumbai, Noida, Pune (J49120)- Job in Banglore, Bangalore, Chennai, Hyderabad, Mumbai, Noida, Pune Network Security Architect (Job Code : J49120) Job Summary 9 - 18 Years Banglore, Bangalore, Chennai, Hyderabad, Mumbai, Noida, Pune Network Security Architect BE-Comp/IT, BE-Other, BTech-Comp/IT, BTech-Other, MBA, MCA IT-Software/Software Services IT Software - Other Key Skills: Network Security Architect Job Post Date: Thursday, June 12, 2025 Company Description Our client is a global leader in Consulting, Technology and Outsourcing Business in the SW Services Product arena. Client has impressive customers list in over 30 countries this includes some of the best known names across globe. With offices in every continent and development centres in practically every developed country, our client is known for their successful Delivery model. Our client is structured into Business Units and caters to the BFSI, Manufacturing, Infrastructure, System Integration, Retail, Engineering Services Industries/domains. Their foray into Banking Software products and Intellectual property has differentiated them from their competitors. Job Description Key Responsibilities: Design and develop secure network architectures for on-premises, cloud, and hybrid environments. Evaluate and recommend security solutions, tools, and technologies. Conduct risk assessments and vulnerability analyses of network infrastructure. Define and enforce security policies, standards, and procedures. Collaborate with IT and DevOps teams to integrate security into system and application design. Monitor network traffic for unusual activity and respond to security incidents. Lead penetration testing and red/blue team exercises. Ensure compliance with regulatory requirements (e. g. , ISO 27001, NIST, GDPR, HIPAA). Provide technical guidance and mentorship to security engineers and analysts. Stay current with emerging threats, vulnerabilities, and security trends. Required Qualifications: Bachelor s or Master s degree in Computer Science, Information Security, or related field. 8+ years of experience in network security or cybersecurity roles. Strong knowledge of firewalls, VPNs, IDS/IPS, SIEM, and endpoint protection. Experience with cloud platforms (AWS, Azure, GCP) and their security models. Familiarity with Zero Trust Architecture and Secure Access Service Edge (SASE). Proficiency in scripting and automation (Python, PowerShell, etc. ). Relevant certifications (e. g. , CISSP, CCSP, CISM, CEH).

Identifying, assessing, and mitigating potential risks across various areas of the organization, including IT security, business processes, and regulatory compliance. Developing, implementing, and maintaining GRC programs and processes to support compliance and risk management efforts. Assisting with internal and external audits, responding to audit findings, and ensuring corrective actions are implemented. User Access review Creating and maintaining policies and procedures related to governance, risk, and compliance. Conducting gap analysis and implementing frameworks and standards such as ISO 27001, GDPR, NIST, and SOX. Developing and revising policies, standards, processes, and guidelines for the organization. Conducting vendor risk assessments against organizational security requirements. Continually testing and monitoring the effectiveness of security controls. Conducting research to aid threat assessment or risk mitigation activities. Assist the department in responding to inquiries from the business units about ongoing operational compliance Working with various teams and departments to ensure GRC practices are integrated into business operations. Required Skills and Qualifications: Technical Skills & Experience: 5+ years of direct experience in information security, with a main emphasis on risk and compliance 3+ years of expertise conducting ISO 27001 and SOC 2 audits, as well as handling audit responses Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC 2 , NIST, PCI, GDPR, etc.) Preferred Certification : CISA Knowledge of identity management standards, storage, and disaster recovery in the cloud and On-Premise Knowledge of GRC tool techniques and best practices Proven track record of organizing and carrying out several risk and compliance projects Ability to successfully manage third-party audits, compile evidence, and organize audit responses Effective written communication skills to develop & maintain the policies and procedures; the capability to communicate with cross-functional teams. Proven analytical and problem-solving abilities for managing initiatives that advance corporate goals Education Bachelors degree in computer science, information systems, or Cybersecurity

We are looking for a highly experienced Senior Vulnerability Management Consultant (9+ years) to lead and mature our vulnerability management program. This role requires a deep understanding of cybersecurity risks, vulnerability assessment methodologies, and enterprise-scale risk prioritization. You will work cross-functionally with IT, cloud, application, and third-party teams to drive measurable improvements in our security posture. Key Responsibilities. Lead the enterprise-wide vulnerability management function, including strategy, tooling, and execution. Perform advanced vulnerability assessments across infrastructure, cloud, endpoints, and applications. Correlate vulnerability data with asset criticality, threat intelligence, and exploitability to drive risk-based prioritization. Work with stakeholders to define remediation SLAs and ensure timely issue resolution. Oversee the integration of scanning tools (e.g., Tenable, Qualys, Rapid7) into CI/CD pipelines, cloud platforms, and enterprise systems. Regularly produce executive-level dashboards and technical reports with trends, KPIs, and risk heatmaps. Advise on security architecture and control enhancements to prevent recurring vulnerabilities. Partner with GRC teams to ensure compliance with standards (ISO 27001, NIST, PCI-DSS, etc.). Evaluate and implement emerging technologies and AI-driven solutions to optimize the program. Mentor junior consultants and lead cross-team security improvement initiatives. Required Skills Experience. 9+ years of experience in cybersecurity, with at least 5+ years focused on vulnerability management. In-depth knowledge of CVSS scoring, threat intelligence integration, and vulnerability lifecycle management. Expertise with tools like Qualys, Tenable, Nessus, Nexpose, Burp Suite, or similar. Strong experience with cloud platforms (AWS, Azure, GCP) and container security (Docker, Kubernetes). Proficient in scripting (Python, PowerShell, or Bash) for automation of scanning and reporting tasks. Familiarity with enterprise IT environments: servers, endpoints, networks, firewalls, web apps. Solid understanding of patch management, asset inventory, secure configuration, and remediation governance. Effective communication and stakeholder management skills, from technical teams to executive leadership. Hands-on experience with security frameworks (e.g., NIST CSF, MITRE ATTCK, OWASP). Experience managing third-party assessments and coordinating with external vendors. Soft Skill. Good experience working with numerous external teams to track and deliver solutions. Strong detail-oriented individual able to efficiently analyze and resolve problems. Strong verbal, communication, and diplomacy skills with all levels of the business. Must be self-motivated, able to work independently, and multi-task effectively. Preferred Certifications. CISSP, OSCP, CISM, GIAC (GCIH, GSEC), CEH, or equivalent. Your benefits. We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroa. We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location. From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostere. Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teachAbout Allianz Technology. Allianz Technology is the global IT service provider for Allianz and delivers IT solutions that drive the digitalization of the Group. With more than 13,000 employees located in 22 countries around the globe, Allianz Technology works together with other Allianz entities in pioneering the digitalization of the financial services industry.We oversee the full digitalization spectrum from one of the industrylargest IT infrastructure projects that includes data centers, networking and security, to application platforms that span from workplace services to digital interaction. In short, we deliver full-scale, end-to-end IT solutions for Allianz in the digital age. DI statement . Allianz Technology is proud to be an equal opportunity employer encouraging diversity in the working environment. We are interested in your strengths and experience. We welcome all applications from all people regardless of gender identity and/or expression, sexual orientation, race or ethnicity, age, nationality, religion, disability, or philosophy of life. Join us. Let\u00B4s care for tomorrow. You. IT.

Job Description:- Information Security Risk Specialist Experience: 7 to 9 years Location: Bengaluru Key Responsibilities: Develop, implement, and maintain an enterprise-wide information security risk management program. Identify, assess, and document information security risks, ensuring alignment with business objectives. Perform risk assessments, vulnerability analyses, and impact evaluations on IT systems and processes. Collaborate with cross-functional teams to establish risk mitigation strategies and action plans. Monitor, track, and report on risk metrics and key performance indicators (KPIs). Stay updated on regulatory requirements and ensure compliance with standards such as ISO 27001, NIST, GDPR, etc. Develop and maintain comprehensive process documentation and generate reports tailored to the needs of various stakeholders. Drive security awareness programs and train employees on risk management practices. Prepare and present detailed risk assessment reports to senior management. Lead incident response planning and participate in cybersecurity investigations when necessary. Qualifications: Education: Bachelor s degree in Information Security, Cyber Security, Computer Science, Information Science, or a related field. Advanced degrees (e.g., Master s) or certifications (e.g., CISSP, CRISC, CISM, CEH) are a plus. Experience: 5+ years of experience in information security, risk management, or related domains. Skills and Competencies: Comprehensive understanding of frameworks such as ISO 27001, NIST Cybersecurity Framework, COSO, and COBIT. Proven analytical expertise in evaluating and prioritizing risks effectively. Advanced proficiency in utilizing security tools for risk assessment and mitigation. Strong preference for candidates with certifications like CISSP, CISM, CRISC, or equivalent. Exceptional communication and presentation skills, with a proven ability to collaborate effectively across diverse teams. Demonstrated problem-solving capabilities, including critical thinking and informed decision-making under pressure. Skilled in leading security initiatives and managing projects across global teams. A strategic mindset paired with keen attention to detail. Resourceful and decisive under high-pressure situations. An effective team player with exceptional interpersonal and collaboration skills.

Job Description We are looking for an experienced Project Manager - Cybersecurity & Internal Audit to lead and coordinate audit-related projects with a focus on SOX compliance, IT controls, and Cybersecurity. This role requires strong project management capabilities, exceptional stakeholder management, and the ability to work seamlessly with cross-functional teams. The ideal candidate will possess deep knowledge of SOX IT control audits, cybersecurity risk frameworks, and have strong communication and coordination skills to drive successful audit engagements and ensure organizational compliance. Key Responsibilities: Manage and oversee internal audit projects, particularly focused on IT general controls, SOX compliance, and cybersecurity audits. Lead end-to-end project planning, including scope definition, resource allocation, timelines, issue tracking, and status reporting. Collaborate with internal audit, IT, Product & Engineering, Cybersecurity, Finance, and Business teams to ensure effective execution of audit plans and remediation activities. Coordinate SOX ITGC (IT General Controls) and process-level control testing, working with internal and external auditors as required. Facilitate the identification, assessment, and remediation of cybersecurity risks, ensuring alignment with frameworks such as NIST, ISO 27001, and COBIT. Develop and maintain stakeholder relationships to ensure transparency and alignment on audit priorities and expectations. Provide clear, concise project status updates to senior leadership and executive stakeholders. Drive continuous improvement in audit processes and control environments through feedback and lessons learned.. Qualifications Bachelor s degree in Information Systems, Business Administration, Accounting, Cybersecurity, or related field. 3 - 7 years of experience in project management,

Ericsson is seeking an experienced GRC Specialist with 8 to 15 years of expertise in Governance, Risk, and Compliance to join our team in Noida or Bangalore. The ideal candidate will have a strong background in managing risk frameworks, compliance programs, and governance processes within large enterprises, preferably in telecom or IT sectors. Key Responsibilities: Develop, implement, and maintain governance, risk, and compliance frameworks aligned with global standards and Ericsson policies. Perform comprehensive risk assessments and compliance audits to identify gaps and recommend remediation actions. Ensure adherence to regulatory requirements such as ISO 27001, GDPR, NIST, COBIT, and ITIL. Manage and monitor compliance controls and policies to mitigate organizational risks. Collaborate with internal stakeholders and external auditors to facilitate audit readiness and compliance reporting. Drive continuous improvement initiatives for GRC processes and tools. Support incident response and business continuity planning from a GRC perspective. Lead awareness programs and training sessions on governance, risk, and compliance topics. Utilize and optimize GRC platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC) for automated risk management and reporting. Required Skills and Qualifications: Bachelors or Masters degree in Information Technology, Cybersecurity, Business Administration, or related field. 8 to 15 years of experience in Governance, Risk, and Compliance roles. In-depth knowledge of GRC frameworks and standards (ISO 27001, NIST, COBIT, GDPR, ITIL). Practical experience with GRC tools and platforms. Strong understanding of cybersecurity risk management and control frameworks. Excellent analytical, organizational, and communication skills. Ability to work collaboratively across teams and influence senior stakeholders. Relevant certifications such as CISA, CISM, CRISC, CISSP, or similar preferred. Connect with me over LinkedIn at : https://www.linkedin.com/in/nitin-tushir-abc0048/

The Role: A Compliance Engineer will contribute to the Plan, complete, report, and manage, program, follow-up, and ad-hoc internal audits for all areas of the business making recommendations and suggestions to staff, process owners, and the board of directors wherever applicable. Create, define and improvise processes and procedures as per industry standards and audit requirement Roles and Responsibilities: Develop, implement and maintain internal audit policies and procedures in accordance with local regulations, legal requirements, PCI DSS and ISO 27001, and any other standard that the company opts to follow. Assist compliance manager to administer all processes and procedures and ensure working within the regulatory framework and develop and implement all policies and recommend ways to minimize risk. Keep current with legal and regulatory information relative to business operations Audit and monitor data, systems, and processes for compliance to policies and laws Contribute to planning and executing information security awareness programs Prepare for and participate in process-led internal, and external vendor audits, at planned intervals and to provide suitable reporting on whether the management systems conform to Legal and regulatory requirements Our own quality and information security management system requirements. The requirements of PCI-DSS Level 1, ISO 27001:2013 and GDPR: Follow up constantly with internal stakeholders in gathering required evidence and organize them in a folder structure at the defined location Identify if the management systems are effectively implemented and maintained Plan and complete ad-hoc audits as required (Vendor Audits). Produce reports for all audits undertaken identifying: Audit criteria and scope Deficiencies and non-conformities Corrective action required (after agreement with process owner) Those responsible Achievable target dates for follow-up audits Update and record the standard specific clauses and controls covered, post audit Monitor progress on corrective actions to ensure they are concluded without undue delay Assist in the preparation of new documented information as well as updates to current ones. Comply with legal and regulatory, contractual and business requirements Mandatory Qualifications: ISO 27001:2013 Internal Auditor (Good to have) Good understanding of the International Standards Basic technical understanding of information security concepts 3-5 years of experience in compliance-related activities Good interpersonal skills Familiar with industry standards such as ITIL, PCI DSS, ISO 27001 Self-starter and willing to roll up the sleeves and work with the team

HI All, Immediate opening for Lead Support Analyst- Third Party Cyber Risk Location: Mumbai locals only. 5 days office mandated Experience: 6-8 years Budget: Open Competitive Market rate [always keep it low] Interview Mode: 1st Round -Virtual, 2nd/3rd -compulsory face to face, may have more than 3 rounds. JD: Essential: Knowledge of regulatory frameworks and experience with regulatory compliance Familiarity with security standards (e.g., CRI, ISO 27001, NIST) In-depth understanding of information security principles and practices Knowledge of current cyber threats and mitigation strategies Strong collaboration skills along with the ability to effectively communicate complex security-related information to a business audience, including risk identification, assessment, and remediation activity. Excellent communication skills with the ability to articulate complex cyber threat information to technical and non-technical audiences. Demonstrable ability to create and maintain collaborative relationships in a large, multinational organization. Strong understanding of cyber security principles and technologies.

Third Party Cyber Risk Management at N Consulting Ltd HI All, Immediate opening for Lead Support Analyst- Third Party Cyber Risk Location: Mumbai locals only. 5 days office mandated Experience: 6-8 years Budget: Open Competitive Market rate [always keep it low] Interview Mode: 1st Round -Virtual, 2nd/3rd -compulsory face to face, may have more than 3 rounds. JD: Essential: Knowledge of regulatory frameworks and experience with regulatory compliance Familiarity with security standards (e.g., CRI, ISO 27001, NIST) In-depth understanding of information security principles and practices Knowledge of current cyber threats and mitigation strategies Strong collaboration skills along with the ability to effectively communicate complex security-related information to a business audience, including risk identification, assessment, and remediation activity. Excellent communication skills with the ability to articulate complex cyber threat information to technical and non-technical audiences. Demonstrable ability to create and maintain collaborative relationships in a large, multinational organization. Strong understanding of cyber security principles and technologies.

Role Overview: As a Compliance Specialist, you will: Support the management of the corporate assurance and audit calendar by helping coordinate internal and external audit activities. Assist in the development, maintenance, and communication of Information Security Management System (ISMS) documentation and policies. Gather and organize evidence required for various audits and certifications (such as ISO 27001, SOC 2, PCI-DSS, and others). Work with internal teams to ensure audit readiness and assist with audit follow-ups. Contribute to periodic reporting on compliance status to security and business leadership and governance forums. Your Responsibilities Assist in executing and monitoring Information Technology General Controls (ITGCs). Support user access reviews across infrastructure, applications, and systems, ensuring timely and accurate completion. Help coordinate removal of access for terminated employees or users with changed roles, working closely with HR and IT. Participate in reviewing IT change management, incident tickets, and other control activities to ensure compliance with defined procedures. Support Process Owners, Control Owners, and Operators by providing guidance and documentation related to ITGCs. Collaborate with cross-functional teams to drive operational efficiency and support maturing internal compliance processes. Communicate effectively with stakeholders to ensure clear understanding of compliance requirements and timelines. Qualifications Skills: Bachelor s degree OR High School diploma with 4+ years of experience in IT Audit, IT Compliance, IT Risk Management, or a related field. Experience supporting audits such as ISO 27001, SOC 2, or FedRAMP is preferred. Familiarity with cloud environments and common DevOps tools (e.g., GitLab, Jenkins) is a plus. Detail-oriented with strong analytical, documentation, and organizational skills. Comfortable working in a fast-paced and evolving global environment. Strong communication skills, with the ability to convey technical compliance issues to a wide range of audiences. Company Benefits and Perks: We believe that the best solutions are developed by teams who embrace each others unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees. Medical, Dental and Vision Coverage Support for Community Involvement Were serious ab out our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

At Johnson Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at Job Function: Technology Product Platform Management Job Sub Function: Platform/Cloud Engineering Job Category: Scientific/Technology All Job Posting Locations: Bangalore, Karnataka, India Job Description: Johnson Johnson is looking for a Senior Software Engineer within the Digital Surgery Platform (DSP) Core Platform Services team who will join a team of hard working Infrastructure Engineers, tasked with maintaining and deploying the underlying infrastructure needed to support DSP applications and services. Our team is on a journey to create an automated infrastructure deployment capability that is highly predictable and repeatable, eliminating many of the common difficulties to scale infrastructure on demand. We are seeking a candidate motivated by challenges, who strives to build a collaborative and cohesive environment within the Core Platform Services team and Digital Surgery Platform as a whole. As the worlds most comprehensive MedTech business, JJ Medical Technology Companies are building on a century of experience, merging science and technology, to shape the future of health and benefit even more people around the world. With our unparalleled breadth, depth and reach across surgery, orthopedics and interventional solutions, were working to profoundly change the way care is delivered. We are in this for life. For more information, visit https: / / www.jnjmedtech.com / en-US . The DSEP team places a large emphasis on improving individual strengths to not only accelerate delivery but propel career growth forward. As a team, we are committed to encouraging a supportive environment and will provide many opportunities for learning new skills. We invite you to be part of our lasting impact on patient lives by joining a ground-breaking team in the world of surgical innovation. Key Responsibilities Development of Infrastructure as Code (IaC) Terraform Modules used to deploy and update Infrastructure in Azure Work with Product Owners and Technical Leads to implement infrastructure designs that follow JJ and External regulatory requirements Design, develop, deploy and monitor development tools on Azure in support of DSP Application and Tenant development Support RBAC and security strategy in collaboration with ISRM partners Lead Core Platform Services Infrastructure Engineering efforts Qualifications Education Bachelors Degree or equivalent experience in IT (or related degree) Experience and Skills Mandatory: At least 5 years of IT experience, specifically on Azure with a focus on Infrastructure deployments via IaC Sound understanding of Terraform and ability to demonstrate alignment to Terraform recommended practices Experience developing within an Agile methodology Preferred Relevant Azure certification (e.g. Azure Fundamentals, Azure Developer) Demonstrated experience working with Azure Compute Services (Especially Azure Kubernetes Services) Experience working with Terragrunt Familiar with Jenkins as a tool to automate IaC Deployments HIPAA, HITRUST, GDPR, ISO 27001 familiarity Excellent written and verbal communication skills Johnson Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com .

Job Title: Assistant Manager - Security Engineering Location: UniOps Bangalore ABOUT UNILEVER: Every individual here can bring their purpose to life through their work. Join us and you ll be surrounded by inspiring leaders and supportive peers. Among them, you ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we ll work to help you become a better you. ABOUT UNIOPS: Unilever Operations (UniOps) is the global technology and operations engine of Unilever offering business services, technology, and enterprise solutions. UniOps serves over 190 locations and through a network of specialized service lines and partners delivers insights and innovations, user experiences and end-to-end seamless delivery making Unilever Purpose Led and Future Fit Business Context and Main Purpose of the Role Unilever is one of the world s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3. 4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann s, Wall s, Ben & Jerry s, Marmite, Magnum, and Lynx. Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That s why our purpose as Unilever is to make sustainable living commonplace . At Unilever, we re determined to achieve a culture where everyone can thrive, a culture where all individuals are treated fairly and respectfully, and where their uniqueness is celebrated. We re taking a holistic approach that focuses on how we can use the scale and reach of our business to have the greatest impact in our own workplace and beyond. We ve set clear goals to eliminate any bias and discrimination in our policies and practices, accelerate diverse representation in our leadership, and remove barriers for people with disabilities. At the same time, we re setting out to spend more with diverse businesses and increasing representation of diverse groups in our advertising. Find out more about our commitment to equity, diversity, and inclusion. Unilever s Cyber Security organization is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organization runs a 24x7 Security Operations Centre (SOC), has a robust cyber technology landscape, provides Risk Advisory to our business, and assesses the security of our vast technology estate, including office, factories, R&D, platforms, etc. Cyber Security is tasked with elevating, reporting on and influencing enterprise cyber security risk across Unilever. Role Purpose: The Security Engineering Assistant Manager role is tasked with delivering world class cyber security tools & services in partnership with our Business Owners (who operate these capabilities) and our partners. This partnership will generate value by ensuring that our key risks are appropriately managed, and we are continuously developing our capabilities to meet the needs of the business. Role Summary: The Security Engineering Assistant Manager is responsible for deploying and managing the cyber security technology stack to ensure our key cyber risks are being appropriately managed. This requires collaboration between our Business Owners (i. e. who operate these capabilities), our suppliers and our partners - all with the common goal of continuous improvement. This position will report to the Security Engineering Manager. Key areas under this role includes: Managing our Cyber Security capabilities (in partnership with the relevant Business Owner) including SIEM, SOAR, CSPM, NDR, EDR / XDR, IDP, DAM, NAC, WAF, TVM, Email Security, Threat Intelligence Platforms, Security Validation Platforms, Penetration testing platforms, etc. Defining (in partnership with the relevant Business Owner) the requirements for our capability and identifying any gaps that require addressing. Partnering our Security Architecture colleagues in defining the capability roadmap. Supporting any Proof-of-Concept (POC) projects by providing expertise / advice, supporting the testing, and assisting in collating the results (including the creation of the business case where required). Being accountable for the deployment of our capability and ensure its adoption in all areas of the business including IT infrastructure, Hybrid Cloud, IT applications, OT, and IoT. Responsible for Service Management of our cyber security capabilities through our defined framework (e. g. ITIL). Collaborating with our Business Owners (e. g. SOC, Threat Intelligence, etc) and our suppliers to identify areas of improvement, optimisation, or opportunity - driving continuous improvement through our demand funnel. Responsible for raising incidents and issues with our suppliers and ensuring a quick resolution. Becoming a trusted advisor within the organisation that identifies areas of risk and provides technology-based solutions. Main Accountabilities Being the Service Owner for all your assigned cyber capabilities and being responsible for the Service Governance of these capabilities. Responsible for overseeing the demand funnel and ensuring a continuous stream of improvement through each sprint cycle. Responsible for the deployment of our cyber capabilities against the architectural design (even if responsibility is delegate to project teams or suppliers) and adoption with our business owners. Responsible for compliance against Unilever policies, guidelines and standards especially those associated with platform / service ownership (cyber, CMDB, ITIL, etc). Partnering with our Business Owners (e. g. SOC, Threat Intelligence, Engagement, etc. ) and our suppliers to ensure we drive value from every technology investment to reduce our Cyber Risk. Holding our technology suppliers and strategic partners (e. g. our Managed Security Services Provider or MSSP) to account. Responsible for supporting Security Architecture in developing their cyber technology roadmap. Responsible for supporting in Proof-of-Concept implementation, testing, analysis, and reporting. Self-skilling yourself to an appropriate technical level to perform your role and be continuous informed of evolving risks, technology trends, etc. Qualifications, Skills, and Experience Qualification and Skills: A strong technical background in IT, IoT and OT. Excellent written and verbal communication skills including the ability to be understood by both technical and non-technical personnel. Stakeholder management and interpersonal skills at both a technical and non-technical level. Ability to manage conflicting priorities and multiple tasks. Ability to lead and deliver through others. Ability to work both independently and in collaboration with international teams. Outstanding analytical, critical thinking and problem-solving skills. Customer-orientated, whether responding to queries or delivering new services. Skills in Programme and Project Management. Understanding of security principles, frameworks, and technologies Knowledge in public cloud environments, network and system security concepts. Knowledge of current cybersecurity trends, threats, and best practices. Relevant certifications such as CISSP, CISM, or SANS GIAC are highly desirable. Basic experience with programming languages such as Python, Bash, PowerShell, etc is desirable. Familiarity with various security frameworks and standards (e. g. , ISO 27001, NIST, MITRE, CIS). Experience: Previous experience in deploying Service Management models (e. g. ITIL, COBIT, CMMI, etc). Previously held a role in Security Engineering, or IT Platforms. Experience with managing cloud, on-premise, OT, and / or IoT environments A working knowledge of Cyber Security capabilities including SIEM, SOAR, CSPM, NDR, EDR / XDR, IDP, DAM, NAC, WAF, TVM, Email Security, Threat Intelligence Platforms, Security Validation Platforms, Penetration testing platforms, etc. Experience with security governance, risk, and compliance standards and requirements. Experience in developing, deploying, and maintaining security solutions. Extensive experience in providing thought leadership, and driving a complex change agenda, and an ability to challenge the status quo . Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues, and constraints of digital businesses. Behaviours Candidates would be required to demonstrate the Unilever Standards of Leadership & live the Values through showing the following behaviours: Agility - Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, has a healthy dissatisfaction with the status quo. Personal Mastery - Actively builds wellbeing and resilience in themselves and their team. Has emotional intelligence to take feedback, manage mood and motivations, and build empathy for others. Sets high standards for themselves and always brings their best self. Passion for High Performance - Inspires the energy needed to win, generating intensity and focus to motivate people to deliver results at speed. Talent Catalyst - Develops and magnifies the power of people. Creates an inclusive climate, empowering everyone to be at their best. Investing in people, coaching individuals, and teams to realise their full potential. Continually inspires powerful collaboration.

We re seeking a future team member for the role of Vice President to join our Information Security team. This role is located in Pune, Maharashtra -HYBRID BNYM is seeking an initiative-taking professional to join its Cyber Security Third Party Governance (CTPG) team. The successful candidate will work in a technically diverse and dynamic environment with a team of Cyber Security professionals responsible for the assessment, analysis and governance of cyber security for third party vendors. The successful candidate will have deep technical and assessment skills to identify vendor cyber vulnerabilities that puts the BNYM at risk. The individual works closely with the Cyber TPG Security Leader, Business Sourcing Leads (BSL), enterprise sourcing, technology risk management, engagement managers, business teams and vendors on identified cyber risks in vendor environments. This requires both good oral and written communications skills and the ability to negotiate. Must be able to keep sensitive information confidential and know how to use appropriately. In this role, you ll make an impact in the following ways: Assess the cyber security risk of third party vendors with an appropriate level of detail Travel to vendor locations for on-site assessments Interface with enterprise sourcing, technology risk management, business teams and engagement management on vendor cyber security issues identified Review and challenge vendor evidence for issue closure Assist in the design and implementation Cyber TPG related processes and tools Define and create relevant metrics, presentations and reports Review the cyber related attestations by third parties such as SOC2 and ISO 27001 and report any observations for further review and tracking Review vendor risk reports created by internal and external entities for impacts to cyber security Keep up to date on the latest trends, methodologies and tools related to third party Interface with industry coalitions working on third party cybersecurity issues To be successful in this role, we re seeking the following: Bachelors degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred. Industry certifications such as CISSP or CISM a plus 17+ years of experience in cyber security related activities required Firsthand experience in performing control-level technical cyber risk assessments In-depth technical knowledge in 1-2 cyber domains Experience in the securities or financial services industry is a plus Experience in third party governance and related tools is strongly desired but not required Ability to manage multiple projects and priorities Familiarity with various global regulations and industry standards concerning cyber security Strong verbal and written communication skills

Job Title: Lead Information Security Analyst Job Code: 10047 Country: IN City: Mumbai Skill Category: IT\Technology Description: Background Information: Information Security Third Party Cyber Risk Management team conducts security assessment on vendor/third party supporting Nomura business teams for all of Nomura globally. There are various trigger points which ensure Information Security team is involved in the end to end lifecycle of Third Party engagement process and can perform necessary due diligence on the Third Party from Cyber Security perspective on information access and handling in line with Nomura policies and standard requirements. Position Specifications: Corporate Title Associate Functional Title Lead Support Analyst Experience 7 9 Years Qualification Bachelor s Degree in Engineering (Computer / Telecommunication), Computer Science / Information Technology or equivalent Duties & Responsibilities: Job Overview: Responsibilities: Maintain strong governance on the thirdparty cyber risk assessment (TPCRM) process in terms of complying with regional and global requirements. Work in a strategic and operational capacity to enhance the Third Party Cyber Security Risk Management process in align with CISO goals. Identify noncompliances in Third Party Cyber Security control landscape and create and discuss the assessment reports with stakeholders. Perform Third Party Cyber Security assessments by coordinating with various business departments and Third Parties. Provide recommendations to the Third Party to remediate identified noncompliances and document remediation plans. Periodically track noncompliances reported to the Third Parties for closure and validate the evidences shared by Third Parties. Ensure periodic reporting on all the open items and completed assessments. Liaise with stakeholders such as business owner, technology owner, legal team etc. to include the Information Security requirements in the contracts with third party vendor Maintain and update inventory of assessments and define reassessment calendars. Carry out reassessments based on defined reassessment calendars. Generate daily/weekly/monthly KRI & KPI reports for internal and senior management consumption. Work in a strategic and operational capacity to enhance the Third Party Cyber Security Risk Management process based on various international regulatory requirements and industry best practices. Work with various stakeholders to automate the assessment and risk management process. Work in a strategic and operational capacity to identify the overall Supplier Threat and Risk posture for the firm. Foster a close partnership with our Firm wide Cybersecurity Threat Intelligence team (to interpret and manage risk as well as evolve processes and function). Knowledge, Skill, Experience Required: Essential: Knowledge of regulatory frameworks and experience with regulatory compliance Familiarity with security standards (e.g., CRI, ISO 27001, NIST) Indepth understanding of information security principles and practices Knowledge of current cyber threats and mitigation strategies Strong collaboration skills along with the ability to effectively communicate complex securityrelated information to a business audience, including risk identification, assessment, and remediation activity. Excellent communication skills with the ability to articulate complex cyber threat information to technical and nontechnical audiences. Demonstrable ability to create and maintain collaborative relationships in a large, multinational organization. Strong understanding of cyber security principles and technologies. Beneficial: Specialist training or skills in one or more of the following: Security certification (CISA/CISM/CISSP/CRISC/ISO27001 etc.). Cloud Security Certifications. Personal Characteristics: Strong communication skills, ability to work comfortably with different regions Good team player, ability to work on a local, regional and global basis and as part of joint cross location initiative. Strong analytical and problemsolving abilities Ability to work independently and as strong team player in global team Ability to run with multiple tasks concurrently and manage expectations appropriately .

Minimum 6+yrs experience in Information Technology Infrastructure, Information Security, IT Audits etc Experience in managing Information Security Management, GRC, Cyber, System & ISO Audits. Good knowledge of SEBI Cyber Security & NCIIPC guidelines. Required Candidate profile Exposure on ISO 27001, ISO 22301, ISO 9001, NIST framework. Good interpersonal,communication, documentation & presentation skills. Track compliance /regulatory requirements & ensure on time reporting. Perks and benefits To be disclosed post interview