776 Iso 27001 Jobs - Page 20

Minimum 4+yrs experience in Information Technology Infrastructure, Information Security, IT Audits etc Experience in managing Information Security Management, GRC, Cyber, System & ISO Audits. Good knowledge of SEBI Cyber Security & NCIIPC guidelines. Required Candidate profile Exposure on ISO 27001, ISO 22301, ISO 9001, NIST framework. Good interpersonal,communication, documentation & presentation skills. Track compliance /regulatory requirements & ensure on time reporting. Perks and benefits To be disclosed post interview

Role: As a Product Manager on the Authentication team at ServiceNow, youll shape how every single customer securely accesses our platform from Fortune 500 enterprises to public sector organizations. Youll own products at the heart of our security foundation, including login, MFA, SSO, and zero trust access, influencing billions of secure transactions globally. This is a high-visibility role where your work will directly enhance trust, usability, and compliance across our ecosystem. Youll join a collaborative, mission-driven team that thrives on solving complex security challenges at scale. If you re passionate about building secure, user-friendly authentication experiences that matter, this is your platform to make a global impact. What you get to do in this role: As the Product Manager for User Authentication, you will define and drive the roadmap for core authentication capabilities like login, SSO, MFA, and adaptive authentication. Youll collaborate closely with engineering, design, QE, and documentation teams to deliver secure, seamless user experiences. You ll gather requirements, prioritize features, and ensure timely execution. Youll analyze customer feedback, usage data, and security trends to make informed decisions. Cross-functional alignment and clarity in execution will be central to your day-to-day. Assume leadership responsibilities as an accountable owner who is committed to the outcome regardless of the role or organizational boundaries Work with multiple teams to guide projects through development and bring high-quality products to life Integrate usability studies, research and market analysis into product requirements to enhance user satisfaction Communicate complex problems into easily understood requirements and provide solutions Develop multi-mode communications that convey a clear understanding of the needs of different audiences To be successful in this role you have: Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools,

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also they do preventive work to avoid future over dues with accounts that have a high exposure. The Global Risk & Compliance (GRC) group within American Express is responsible for providing oversight and governance of risks to ensure that the company operates in a safe and sound manner within regulatory expectations. In a world increasingly subject to digitalization and the use of technology, technology risk management has become increasingly significant across organizations, becoming one of the key themes at board meetings. Cyberattacks have become increasingly commonplace and the trend continues to move upward. This individual contributor role is part of the second line technology risk management team within the GRC group, headed by the Chief Risk Officer (CRO) of the company. This is a unique opportunity to work with a team of diverse and talented professionals who are responsible for building the technology risk management program and providing independent risk oversight to the Information Technology (IT), Information Security (IS) and Business Continuity management (BCM) risks. Reporting to the Manager for Cybersecurity, Technology, and Resiliency Risk oversight, this position is responsible for supporting independent assessments and reporting of risks. The risks identified by this team are reported to the Senior Management, Risk Management Committees, Board of Directors, and Regulators. This position will be responsible for effectively collaborating with key stakeholders across lines of business and lines of defense to ensure risks are managed effectively and efficiently in accordance with the company policies and applicable regulatory requirements. Essential Job Functions: Assist in identifying and assessing IT and IS risks across applications, infrastructure, and third-party vendors. Support IT and IS risk assessments and recommend mitigation strategies. Monitor IT and IS risk trends and emerging threats to provide proactive recommendations. Assist in the testing and validation of IT and IS controls. Prepare IT and IS risk reports and dashboards for management review. Support internal and external audits related to IT and IS risk. Support the implementation of IT and IS risk management frameworks, policies, standards, and procedures. Maintain IT and IS risk registers and track remediation efforts for identified risks. Support independent, proactive risk management and oversight of information technology, information security and business continuity management risks generated within business processes or that occur due to use of Technology. Support data-driven reviews focused on technology, cyber security, and business continuity management risks. Support development and enhancement of data-driven key risk indicators and key performance indicators that provide real time and meaningful insights into the risk and performance trends. Stay knowledgeable of relevant regulations, guidelines & industry standards. Support the design of independent Information Technology risk oversight program which defines the engagement and integration with various risk management programs, including Risk and Control Self Assessments, Business Continuity Management, New Product Approval, Mergers & Acquisitions etc. Required Qualifications: Bachelor s Degree in related field. 3 + years of experience in IT and IS risk management across any of the three lines of defense. Proven ability to identify risks, analyze issues and derive meaningful insights about risk trends. by conducting interviews and analyzing large volumes of data. Excellent analytical skills with high attention to detail and accuracy. Excellent critical thinking and problem-solving skills. Excellent verbal, written and interpersonal communication skills. Willingness to challenge traditional thinking by actively engaging in constructive dialogue. Preferred: Educational background: Computer Science or Information Systems. Experience in risk management across cyber security, information technology, third party, business continuity management. Working knowledge of one or more of the data mining tools/technologies (e.g., Microsoft Excel: Pivot Tables SQL, SAS, Python, R). Industry certifications (e.g., CISSP, CISM, CISA, CRISC, ITIL, CBCM, CBCP, CBCI). Understanding of risk assessment methodologies, frameworks, and industry standards (e.g., COSO, COBIT, ISO 27001, ISO/IEC 20000-1, ISO 22301, FAIR or NIST RMF). Knowledge of relevant policies & regulations (e.g., OCC Heightened Standards, FFIEC IT booklets). Experience with Governance, Risk and Compliance tools (e.g., Archer)

Stefanini is a leading provider of cybersecurity solutions committed to protecting our clients from digital threats and ensuring the safety of their data. As our SOC Manager, you will be pivotal in leading our Security Operations Center and driving various specialized squads to enhance our security operations. You will be at the forefront of our security initiatives, safeguarding our clients most valuable asset-their data. Position Summary The SOC Manager will oversee the day-to-day operations of the Security Operations Center, ensuring effective monitoring, detection, and response to security incidents. This role includes managing a comprehensive suite of cybersecurity services, including Managed Detection and Response (MDR), SOC as a Service, CISO Advisory, SOC Advisory, Brand Protection & External Data Leakage, Attack Surface & Vulnerability Management, and Insider Threat Detection. The SOC Manager will also be responsible for SOC gamification and executing strategic squad lab research and development. Key Responsibilities Lead and Manage the SOC Team Supervise and mentor a team of Tier-1 through Tier-3 Security Analysts and Engineers, providing guidance, training, and performance evaluations to ensure effective team management and leadership. Deployment and Oversight Oversee the deployment, configuration, and delivery of core cybersecurity services, ensuring their effective integration and operation within the SOC. Incident Response Manage the detection, investigation, and resolution of security incidents. Coordinate with other departments to mitigate and recover from security breaches. Toolset Management Ensure the effective deployment and use of cybersecurity tools and platforms, including SIEM, endpoint protection, vulnerability assessment tools, and threat intelligence feeds, and integration of Stefaninis SAI Cyber Hub platform. Security Monitoring Continuously monitor security systems and alerts to identify and respond to potential threats, utilizing the full range of managed services. Policy and Procedure Development Develop and maintain SOC policies, procedures, and playbooks to ensure a standardized approach to security operations and consistent service delivery. Reporting and Metrics Generate regular reports on security incidents, team performance, and SOC activities, providing insights and recommendations for improvements across all service areas. Stakeholder Communication Liaison between the SOC and other business units, ensuring clear communication of security issues and their impact and the status and performance of the deployed services. Continuous Improvement Stay current with the latest cybersecurity trends and technologies. Implement best practices and innovative solutions to enhance the SOCs capabilities and service offerings. SOC Gamification Oversight Implement and oversee SOC gamification strategies to enhance team engagement, motivation, and continuous skill development. Track and report on gamification metrics and progress. Strategic Squad Lab R&D Execute and manage the day-to-day operations of strategic squad lab research and development initiatives as directed by the Head of Cybersecurity. Ensure alignment with overall security objectives and innovation goals. Job Requirements Details Required Skills and Qualifications Experience At least 5 years in a service delivery role, with at least 7 years in a SOC management position. Education A Bachelors or Masters degree in Computer Science, Information Security, or a related field is highly desirable. Relevant certifications such as CISSP, CISM, or CEH are also highly desirable. Technical Proficiency In-depth knowledge of SIEM systems, endpoint security solutions, vulnerability management tools, threat intelligence platforms, incident ticketing systems, knowledge management systems, access management solutions, and asset management tools. Leadership Skills Proven ability to lead, manage, and motivate a team of security professionals. Analytical Skills Strong problem-solving and analytical skills, with the ability to think critically and make informed decisions under pressure. Communication Skills Excellent verbal and written communication skills, with the ability to convey complex security concepts to non-technical stakeholders. Attention to Detail High level of accuracy and attention to detail in all aspects of work. Adaptability Ability to work in a fast-paced, dynamic environment and adapt to changing priorities and technologies. IAM Policies and Procedures Knowledge Proficient in developing, implementing, and managing policies and procedures related to Identity and Access Management. Cloud Experience Experience with AWS, Azure, or Google Cloud, along with automation capabilities. Data Security Solid understanding of data security principles. Generative AI Experience Experience with generative AI is a plus. Preferred Qualifications Certifications CISSP, CISM, CEH, or equivalent certifications. Compliance Experience Familiarity with industry standards and regulations such as NIST 2.0, ISO 27001, NIST 800-53, NIST 800-171, HIPAA, and PCI-DSS.

Description Rightpoint, a Genpact company (NYSE: G) is a global experience leader. Over 500 employees work with clients end-to-end, from defining and enabling vision to ensuring ongoing market relevance. Our diverse teams lead with empathy, data and creativity always in service of the experience. From whiteboard to roll-out, we help our clients embed experience across their operations from front to back office to accelerate digital transformation through a human-centric lens. Are you someone who wants to create change in the way business is doneDo you want to work with inspired and like-minded intrapreneursUs too! We take our work very seriously, but we have fun doing it. And we re searching for passionate, talented people to join the Rightpoint team. Our Commitment to You No matter who you are, where you come from, who you love, what you believe, or what you get excited about, we bring people together to make phenomenal work. Thats what makes us Rightpoint! Job Title : Information Security and Compliance Analyst Location : India Introduction Reporting to the IT Security and Compliance lead, the person in this role will support our Information Security Management System and be instrumental in driving and organizing our ongoing SOX and ISO 27001 compliance efforts. This person will help analyze and track vulnerability findings and conduct vulnerability management efforts. The Ideal candidate will have exceptional written communication skills and the ability to manage complex documentation and audit requests. We are looking for a person with a passion for ensuring security best practices are followed consistently across the organization. What You ll Be Doing and the Impact You ll Make: Coordinate and track SOX and ISO 27001 compliance efforts, including control reviews, evidence collection, process documentation, and internal readiness assessments Organize and conduct comprehensive searches to determine the applicability of data security policies to client contracts Serve as the point of contact for auditors and internal stakeholders during compliance reviews, ensuring clear and timely communication Maintain and organize a central repository of compliance documentation, policies, and procedures with a high standard of clarity and accuracy Review, triage, and analyze vulnerability findings from internal scans and external tools; prioritize and categorize based on risk and potential business impact. Work closely with IT and application owners to coordinate remediation efforts, follow up on open vulnerabilities, and ensure timely resolution Assist in developing security policies, procedures, and user guidance aligned with industry best practices Generate concise and meaningful reports and dashboards for internal leadership and auditors Track exceptions, manage control gaps, and help drive risk mitigation strategies Contribute to security awareness and training efforts by preparing clear documentation and guidance materials What We d Love to See: 3+ years of experience in information security, IT compliance, or related roles Demonstrated experience supporting or managing SOX, ISO 27001 or similar compliance activities Familiarity with vulnerability management tools Outstanding written communication skills, especially in drafting audit responses, procedures, and internal documentation Meticulous attention to detail, with a strong ability to manage and organize complex deadline-driven tasks Comfortable working independently in a remote or distributed team environment. Preferred Qualifications Certifications such as CISA, ISO 27001 Implementation, CISSP, or Security+ Experience working with compliance frameworks such as NIST, GDPR, or SOC 2 Prior experience in a multinational or regulated environment. Familiarity with project tracking tools (e.g. JIRA, Confluence, SharePoint). This is a global role requiring frequent flexibility for meetings with US-based colleagues. Role may include occasional after-hours (or before-hours) support during incidents or critical remediation windows. Work Environment and Expectations This is a global role requiring frequent flexibility for meetings with US-based colleagues Role may include occasional after-hours (or before-hours) support during incidents or critical remediation windows Required Education: Bachelors Degree in Computer Science, MIS, or related field. Benefits and Perks at Rightpoint 30 Paid leaves Public Holidays Casual and open office environment Flexible Work Schedule Family medical insurance Life insurance Accidental Insurance Regular Cultural Social Events including Diwali Party, Team Parties, Team outings, etc. Continuous Training, Certifications, and Learning Opportunities First-hand experience dealing with security incidents. EEO Statement Rightpoint, a Genpact Company, is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. We are committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.

Why join usDiversity, Equality and Inclusion at DWF Nurturing talent is very important to us. We are committed to equal opportunities in all areas of work and business. We want people to achieve their best, which will positively impact on our clients and communities in which we live and work. At DWF, we empower people to be themselves within an inclusive and supportive environment, enabling everyone to achieve their full potential in line with their abilities and career aspirations. Responsibilities Key Responsibilities Technical Leadership Management: Provide strong technical leadership to a team of threat hunters, digital forensics experts, and incident responders. Foster a culture of continuous learning, collaboration, and excellence within the SOC team. Ensure the team is well-trained, motivated, and following best practices for security operations. Threat Hunting Intelligence: Oversee the development of proactive threat hunting strategies to identify unknown or evasive threats that may bypass traditional security measures. Gather and analyze threat intelligence from diverse sources to anticipate emerging attacks and hunt for indicators of compromise before they cause harm. Leverage advanced tools and DWF Group - Confidential Data methodologies to continuously search for signs of malicious activity within the network. Incident Response Investigation: Lead the end-to-end incident management process - from detection and containment to eradication and recovery. When security incidents occur, coordinate the team s rapid response to minimize impact and restore operations swiftly. Conduct in-depth investigations of incidents to determine the extent of compromise, root causes, and attack vectors. Guide the team in following incident response playbooks and adapt tactics as needed for complex or novel attacks. Digital Forensics Evidence Handling: Provide expert direction in digital forensics during incident investigations. Ensure that the team properly collects, preserves, and analyzes electronic evidence from affected systems in accordance with legal and regulatory standards. Utilize forensic tools and techniques to uncover artifacts of malicious activity (e.g., malware traces, log data, compromised accounts) and build a clear timeline of events. Maintain chain-of-custody and documentation of evidence for potential legal proceedings or regulatory inquiries, upholding the integrity of the data collected. Reporting Documentation: Prepare comprehensive incident investigation reports detailing the findings, actions taken, and remediation recommendations for each significant incident. Communicate incident status and post-incident analysis to both technical teams and non-technical stakeholders (such as executives or client representatives) in a clear and concise manner. Log all incidents and near-misses in our tracking systems, and use this data to identify trends or recurring issues that can inform improvements in security controls. Cross-Functional Collaboration: Collaborate closely with other teams - including IT infrastructure, applications, compliance, and the broader risk management group - to proactively mitigate risks and respond to incidents. Provide security expertise and actionable recommendations to these teams (for example, advising on patching critical vulnerabilities or improving access controls) to prevent incidents. Work with the Legal and Compliance departments to ensure that incident response and reporting processes meet all legal, regulatory, and client requirements (e.g., breach notifications, evidence handling standards). Serve as an escalation point and subject matter expert for security issues that involve multiple departments or complex technical challenges. Continuous Improvement Strategy: Keep abreast of the latest threat landscape trends, attacker techniques, and vulnerabilities. Continuously update the team s techniques and tools to address new threats. Refine and DWF Group - Confidential Data evolve the SOC s standard operating procedures, playbooks, and response strategies based on lessons learned from incidents and changes in the business. Establish metrics and KPIs (such as incident response times, threat detection rates, etc.) to measure the team s performance and drive improvements. Develop security policies and procedures in line with industry best practices and the firm s needs, and ensure the team and relevant stakeholders are trained on them. MA Security Integration: Support the security aspects of mergers and acquisitions activities. When the firm acquires or merges with other organizations, assess the acquired company s security posture and lead efforts to integrate its IT systems and data safely into our environment. Identify any inherited vulnerabilities or threats during the acquisition process and advise on remediation. This may involve conducting cybersecurity due diligence, aligning disparate security tools or protocols, and establishing unified security standards across the merged entities. Ensure that sensitive data is protected throughout the transition and that the combined operations adhere to our security and compliance requirements. Escalation Incident Command: Serve as the incident commander during critical security events. Provide clear direction to responders, allocate resources, and make quick decisions to contain threats. Act as the primary point of contact for major incidents, briefing senior management and, when appropriate, coordinating with external parties such as cybersecurity consultants, law enforcement, or regulatory bodies. After resolution, conduct thorough post-incident reviews with the team to identify lessons learned and drive process improvements to prevent similar incidents in the future What will help you succeed in this roleQualifications and Experience Education Certifications: Bachelor s degree in Information Security, Computer Science, or a related field (or equivalent experience). While formal education is valued, hands-on experience is paramount. Relevant industry certifications such as GIAC (e.g., GCIH), CISM, or other cybersecurity credentials are highly desirable (nice-to-have) but not mandatory. Experience: Proven experience in cybersecurity with a focus on threat hunting, digital forensics, and incident response (approximately 3+ years overall is preferred). Within this, at least 2 years in a technical lead or managerial role overseeing security operations or incident response teams. Demonstrated history of handling complex security incidents and driving them to resolution. Experience in the legal industry or other highly regulated environments is a DWF Group - Confidential Data plus, as is experience supporting cybersecurity during mergers and acquisitions (e.g., performing security due diligence or integrating acquired IT environments). Technical Expertise: Deep knowledge of security operations technologies and practices. This includes hands-on familiarity with SIEM tools, intrusion detection/prevention systems, EDR (Endpoint Detection and Response), and other threat detection platforms. Strong understanding of malware analysis techniques, network security, and incident analysis methodologies. Experience with digital forensic tools (for disk, memory, and network forensics) and analyzing system log data to identify anomalies. Up-to-date with current threat intel feeds, TTPs (tactics, techniques, and procedures) of attackers, and vulnerability assessment practices. Ability to script or use automation for incident response is an advantage. Technical Leadership Communication Skills: Outstanding technical leadership abilities with a proven track record of building and guiding highperforming teams. Able to mentor and develop junior analysts, and manage teams across different locations. Excellent communication skills, both written and verbal. Capable of conveying technical findings and security concepts in clear, non-technical language to inform lawyers, executives, or clients as needed. Strong collaboration skills to work with cross-functional teams and influence others to prioritize security. Calm under pressure, with the ability to make sound decisions during high-stress incident scenarios. Knowledge of Legal/Regulatory Frameworks: Solid understanding of the legal and regulatory requirements surrounding cybersecurity in an international context. Familiarity with data protection laws and breach notification regulations is expected - for example, understanding GDPR obligations for handling EU personal data and reporting breaches. Knowledge of standards and frameworks such as ISO 27001, NIST, or ITIL incident management processes is beneficial. An appreciation for the ethical duty of confidentiality in the legal profession and how it impacts information security (e.g. protecting attorney-client privileged data) is important. Problem-Solving Ethics: Strong analytical and problem-solving skills, with a talent for troubleshooting complex security problems and identifying innovative solutions. High degree of professional integrity, ethical conduct, and commitment to maintaining the confidentiality of sensitive information at all times. A proactive mindset with passion for staying ahead of cyber threats and continuously improving security practices What we offerAt DWF, we deeply appreciate the significance of offering a comprehensive rewards package that extends beyond a basic salary. Our commitment is to ensure that each member of our team not only feels valued but is also duly rewarded throughout their tenure with us. Upon joining our organisation, you will have the opportunity to select from a diverse array of benefits, allowing you to carefully tailor a package that perfectly aligns with your individual needs and those of your family. In addition to our standard benefits, we offer a wide range of flexible benefits and robust well-being programs. Our recruitment process upholds the highest standards of fairness and engagement. It includes comprehensive interviews and, at times, a written assessment, an assessment day, or presentation. We aim to create a positive experience for all candidates and offer any adjustments or additional support. About us DWF is a global legal business providing Complex, Managed and Connected Services. We empower people to be themselves within an inclusive and supportive environment, enabling everyone to achieve their full potential in line with their abilities and career aspirations.

Position: Cyber Security Engineer Experience: 3 to 4 Yrs Location: Noida Education: B.E./ B.Tech. MCA Mandatory Skills Candidate Profile Must have experience in Governance - Security Operational Tasks support governance. Compliance and Risk Management. Vulnerability Management - vulnerability (infra and app) scans and remediation plans SMP (Security Management Plan) - preparing, reviewing and managing Authorisation management - should have managed the accounts controls in the Infra scope Security Patch management - end-to-end coordination and implementation Security product management - Antivirus Management, like TrendMicro, Defender, etc... Security incident management - Managing the end-to-end security incident lifecycle with corrective measures Audit support - support auditors mandate on the security system and artefacts Mitigation - thinking analytically and executing efficiently. Analyse and optimise orchestration and automation between security tools Vendor Management, Collaboration, Facilitation - Excellent customer-facing skills and significant experience building strong client relationships Communication Skills - Communicate security and technology needs effectively Security Reporting, Meetings Communication - Prepare and develop security report as contractually required, attend client and Sopra Steria meetings to provide security expertise and advice Certification: CISM ISO 27001 certification is a must

TRIGYN TECHNOLOGIES is a multinational IT services company with resources deployed in 25 countries. TRIGYN is an ISO 9001:2015, ISO 27001:2013 (ISMS) and CMMI Level 5 certified company. Trigyn has offices in United States, Canada, Germany Switzerland and India. Required Experience: At least 5 years working experience in the area of Geospatial Information Systems. Experience in GIS software such as ArcGIS software (Server and Desktop) and ArcGIS extensions. Experience in using remote sensing software such as ERDAS Imagine, ERDAS LPS, etc. Must have a national drivers licence for a light motor vehicle. Fluency in English, both written and oral, is required. ",

What You'll Do Were hiring a Site Reliability Engineer to help build and maintain the backbone of Avalaras SaaS platforms. As part of our global Reliability Engineering team, youll play a key role in ensuring the performance, availability, and observability of critical systems used by millions of users. This role combines hands-on infrastructure expertise with modern SRE practices and the opportunity to contribute to the evolution of AI-powered operations. Youll work closely with engineering and operations teams across regions to drive automation, improve incident response, and proactively detect issues using data and machine learning. What Your Responsibilities Will Be Own the reliability and performance of production systems across multiple environments and multiple clouds (AWS, GCP, OCI). Use AI/ML-driven tools and automation to improve observability and incident response. Collaborate with development teams on CI/CD pipelines, infrastructure deployments, and secure practices. Perform root cause analysis, drive postmortems, and reduce recurring incidents. Contribute to compliance and security initiatives (SOX, SOC2, ISO 27001, access and controls). Participate in a global on-call rotation and knowledge-sharing culture. What You'll Need to be Successful 5+ years in SRE, DevOps, or infrastructure engineering roles. Expertise with AWS (GCP or OCI is a plus), AWS Certified Solutions Architect Associate or equivalent Strong scripting/programming skills (Python, Go, Bash, or similar) Experience with infrastructure as code (Terraform, CloudFormation, Pulumi). Proficiency in Linux environments, containers (Docker/Kubernetes), and CI/CD workflows. Strong written and verbal communications skills to support world wide collaboration.

What You'll Do Avalara's Organizational Risk, Resilience, Compliance and Audit team (ORRCA) is responsible for managing various risk and compliance initiatives and is looking for someone to support a growing team to help build out the security compliance function. You will report to Senior Director, Security Operations. What Your Responsibilities Will Be You will be responsible for the overall coordination, execution, and quality control of assigned compliance controls such as access reviews, change reviews, terminated user analysis. You will ensure controls are appropriately performed by all stakeholders within defined SLAs. You will help implement compliance management in ServiceNow. You will perform compliance assessments against frameworks and develop remediation plans. You will work closely with system owners to ensure corrective action plans are in place to remediate gaps or deficiencies. You will identify areas for automation and/or business process improvements. You will assist in collecting and migrating control information into Avalara's GRC platform. You will work strategically and independently with internal and external groups on multiple simultaneous projects. You will apply compliance and security control knowledge within cloud environments such as AWS and GCP. You will identify opportunities to leverage AI and other automation technologies to streamline compliance processes. What You'll Need to be Successful Bachelor's degree in information technology, Computer Science, or equivalent experience 3+ years of work experience in IT Audit, IT Security, or IT Risk Management 3+ years of work experience working with ISO 27001, SOC 1, SOC 2, SOX, NIST etc. AI and automation experience. Basic understanding of risk concepts, including risk identification, evaluation, mitigation, and measurement

Technical Head of Cloud & DevOps Location: 100% Remote (India, Eastern Europe, UK, or U.S.-based candidates; occasional travel to company hubs or conferences as needed) Type: Full-time, Senior Technical Leadership Role Overview We are seeking a Head of Cloud & DevOps to lead the hands-on management, scaling, and continuous improvement of our decentralized compute infrastructure. This position will serve as the primary technical leader for cloud operations, Kubernetes orchestration, infrastructure management, and DevOps pipelines, ensuring platform reliability, performance, and scalability. You will work closely with the CTO, product management, and cross-functional engineering teams to operationalize our companys evolving platform, drive our migration to in-house Distributed Kubernetes Service (DKS), and ensure high uptime and SLA adherence for enterprise customers. This role requires deep technical expertise combined with strong leadership to guide and mentor teams, while remaining actively engaged in architecture reviews, troubleshooting, and hands-on problem solving. This role is designed for candidates who aspire to grow into a future CTOO position, taking on expanded enterprise leadership responsibilities as the platform scales globally. Mandatory Skills Kubernetes orchestration (multi-cluster, DKS, service mesh) Cloud infrastructure scaling (AWS, hybrid, AI workloads) DevOps & CI/CD leadership (Jenkins, GitOps, version control) Infrastructure as Code (IaC) (Terraform, Helm, Ansible) Incident response and uptime optimization (SRE, observability, 99.9%+ SLAs) Security & Compliance knowledge (SOC 2, ISO 27001, access control, encryption) Team leadership in DevOps/SRE/Cloud Ops Monitoring and alerting systems Platform reliability and SLA adherence 8+ years in Cloud Infrastructure, 4+ in Kubernetes/DevOps leadership Non Mandatory skills Experience with Distributed Kubernetes Service (DKS) migrations Passion for decentralized computing / Web3 / blockchain NXQ Token or similar token incentive familiarity Cloud-native architecture for AI workloads Experience with hybrid or bare-metal Kubernetes deployments Global infrastructure experience Knowledge of performance-based DevOps metrics (error budgets, SLOs) Key Responsibilities Infrastructure Ownership & Uptime Leadership Own the full operational lifecycle of our companys decentralized compute infrastructure, spanning Kubernetes, VMs, AI workloads, hybrid cloud integrations, and blockchain components. • Develop and execute infrastructure scaling plans to meet growth demands while maintaining enterprise-grade SLAs (99.9%+ uptime). • Build robust monitoring, observability, alerting, and incident response systems to proactively manage global NanoServer operations. • Maintain deep involvement in diagnosing and resolving performance, capacity, and stability issues. Kubernetes Platform Management & DKS Migration Lead the architecture, deployment, and ongoing optimization of our companys Distributed Kubernetes Service (DKS). • Manage the transition from AWS EKS to DKS with zero downtime, thorough testing, rollbacks, and security assurance. • Ensure DKS delivers parity or superiority to leading cloud providers' managed Kubernetes offerings. DevOps Leadership Drive maturity in CI/CD pipelines, infrastructure-as-code, configuration management, and automated testing practices. • Oversee deployment reliability, version control, rollbacks, and release management. • Lead incident response runbooks, playbooks, SRE error budgets, and continuous reliability improvements. Security & Compliance Implement strong security controls for Kubernetes clusters, network access, identity management, data privacy, and blockchain-related assets. • Collaborate with compliance teams on certifications (SOC 2, ISO 27001, etc.) as required by enterprise clients. • Maintain operational adherence to security standards and best practices. Team Leadership & Execution Lead, mentor, and grow cross-functional cloud operations teams: DevOps, SRE, infrastructure engineers, and backend developers. • Foster a culture of accountability, continuous improvement, operational excellence, and proactive ownership. • Set clear objectives, performance metrics, and technical execution roadmaps aligned to business goals. Collaboration & Stakeholder Alignment • Partner closely with the CTO, product management, and engineering leadership to translate platform objectives into actionable infrastructure projects. • Represent technical operations in cross-functional planning sessions and communicate platform health, SLAs, and operational risks. Qualifications & Experience 8+ years of experience managing complex cloud infrastructure, with at least 4+ years leading DevOps/SRE/Kubernetes operations at scale. • Strong hands-on expertise with Kubernetes orchestration, multi-cluster management, service mesh, container security, and high-scale distributed systems. • Proven success in infrastructure scaling, uptime optimization, incident response, and capacity planning. • In-depth knowledge of DevOps pipelines, CI/CD frameworks, Infrastructure-as-Code (Terraform, Helm), and automated deployments. • Demonstrated ability to lead migrations from managed cloud services to in-house infrastructure. • Strong understanding of cloud security, access controls, encryption, data privacy, and enterprise compliance . • Passion for decentralized cloud computing, Web3/blockchain concepts, or AI-driven infrastructure is a plus. • Excellent leadership, communication, and cross-functional collaboration skills. • Bachelors or Master’s degree in Computer Science, Engineering, or a related field; equivalent experience considered. Compensation & Benefits Competitive base salary depending on candidate location • Equity participation aligned to long-term growth of our company • Performance-based annual bonuses • NXQ token incentives aligned with ecosystem growth • Comprehensive healthcare coverage • Remote work flexibility with home office stipends • Opportunities for global collaboration and occasional travel • High-impact leadership role shaping the future of cloud technology • Structured career path to grow into CTOO based on organizational maturity and demonstrated leadership

Role & responsibilities Risk Management Assist with the review and improvement of the risk register Assist with the development and tracking risk treatment plans Vendor Risk Management Perform vendor risk and security profile assessments, evaluate vendor responses including the potential for creating action items and maintain records Business Continuity (DR) and Disaster Recovery (DR) Help oversee the business continuity and disaster recovery program starting with policy and plan development and maintenance through the exercise processes and action item remediation Assist with the annual BC/DR business impact analysis and risk assessments Change Management Assist with the review of weekly change management activities including the weekly change advisory board meeting Incident Response Assist with incident response program from management of the incident to remediation, reporting and tracking Audit Assist in coordination and remediation of all audits including internal, client, and certification audits Coordinate and track remediation efforts across multiple teams resulting from any of the programs overseen by the Risk Management vertical Build and maintain policies and procedures regarding all aspects of responsibilities Preferred candidate profile Bachelors degree Knowledge of risk management, vendor risk management, business continuity, disaster recovery, change management and incident response Knowledge of Data Privacy and Cyber Security Frameworks such as GDPR, HIPAA, CCPA, NIST, ISO 27001, etc. Power BI skills a plus Benefits: Competitive salary Health, dental, and vision insurance Retirement savings plan Professional development opportunities Collaborative and supportive work environment

Job Title: PCQA Consultant Primary skills: CMMI v 2.0, ISO 9001:2015, ISO 27001:2022 Secondary skills: GDPR, MSA/SOW, ESG Location: Hyderabad (Mindspace#12B) Educational Qualification: B.Tech/BE/M.Tech/MCA/M.Sc Experience: 5+ yrs Job Description: Very good implementation experience on CMMI v 2.0, ISO 9001:2015, ISO 27001:2022 Good Knowledge on GDPR Knowledge in Agile, SDLC and STLC Conduct monthly audit compliance checks for the assigned projects (Dev, MS and Testing) Facilitate and communicate with Project Managers on process implementation For any non-conformities in process compliance during the monthly audits/internal audits, liaise with the Project Managers and close the non-conformities Collate the project metrics, analyze those metrics and for any deviations from the defined objectives, ask the PMs to prepare corrective actions Review project specific documents viz., MSA/SOW, other technical documents etc. Timely preparation of status reports, metrics report Very good communication skills. ESG ( Environmental, Social and Governance) Knowledge in CMMi High Maturity concepts and implementation will be added advantage. About us: Prolifics Corporation Limited is a Global Technology Solutions Provider with presence across North America (USA and Canada), Europe (UK and Germany), Middle East & Asia. In India, we have offshore development centres: 2 in Hyderabad & 1 in Pune. For more than 40 years, Prolifics has transformed enterprises of all sizes including over 100 Fortune 1000 companies by solving their complex IT challenges. Our clients include Fortune 50 and Fortune 100 companies across a broad range of industries including Financial Services, Insurance, Government, Healthcare, Telecommunications, Manufacturing and Retail. We rank consistently in Dream Companies to Work for and Dream Employer of the Year ranking from World HRD Congress, ranked 7 in 2019. We encourage you to visit us on www.prolifics.com or follow us on Twitter, LinkedIn, Facebook, YouTube and other social media to know more about us.

Job Description:The candidate will have expertise in penetration testing, cloud security, compliance frameworks (HIPAA, PCI DSS), security documentation, and security tools such as Qualys, Burp Suite, and other industry-standard solutions Strong communication skills and the ability to document security processes effectively are essential for this role Key ResponsibilitiesPenetration Testing & Vulnerability ManagementPerform penetration testing on web applications, networks, and cloud environments to identify security vulnerabilities Utilize tools like Burp Suite, Qualys, Nessus, Metasploit, and other scanning tools to detect threats Work with development and operations teams to remediate vulnerabilities and strengthen security posture Cloud SecurityEnsure cloud security best practices for AWS, Azure, and other cloud platforms Implement security controls for cloud-hosted applications and workloads Conduct security assessments and recommend security enhancements Compliance & Regulatory SecurityEnsure compliance with HIPAA, PCI DSS, ISO 27001, NIST, and other security frameworks Conduct audits, risk assessments, and compliance gap analysis Assist in developing policies, procedures, and security documentation to meet regulatory requirements Security Operations & Incident ResponseMonitor security logs and alerts for threat detection and response Work with security teams to investigate and mitigate security incidents Conduct forensic analysis in the event of security breaches Documentation & CommunicationDevelop and maintain security policies, procedures, and technical documentation Create security reports and communicate findings effectively to stakeholders Provide security training and awareness programs for employees

Business Unit: Global Technology Reporting To: Manager, Cybersecurity Shift: About Russell Investments, Mumbai: Russell Investments is a leading outsourced financial partner and global investment solutions firm providing a wide range of investment capabilities to institutional investors, financial intermediaries, and individual investors around the world. Building on an 89-year legacy of continuous innovation to deliver exceptional value to clients, Russell Investments works every day to improve the financial security of its clients. The firm is Top 12 Ranked Consultant (2009-2024) in PI survey 2024 with $906 billion in assets under advisement (as of December 31, 2024) and $331.9 billion in assets under management (as of March 31, 2025) for clients in 30 countries. Headquartered in Seattle, Washington in the United States, Russell Investments has offices around the world, including London, New York, Toronto, Sydney, Tokyo, Shanghai - and has opened a new office in Mumbai, India in June 2023. Joining the Mumbai office is an incredible opportunity to work closely with global stakeholders to support the technology and infrastructure that drives the investment and trading processes of a globally recognized asset management firm. Be part of the team based out of Goregaon (East) and contribute to the foundation and culture of the firm s growing operations in India. The Mumbai office operates with varying shifts to accommodate time zones around the world. For more information, please visit https: / / www.russellinvestments.com . We are seeking an experienced Cybersecurity Engineer to join our Mumbai based Cybersecurity Proxy team. The Proxy team is responsible for supporting the Russell Investments web proxy infrastructure. This role requires experience with web proxy appliances and cloud services, as well as general cybersecurity experience. You ll work alongside the Seattle based Cybersecurity team, IT support teams, and other groups within Russell Investments to ensure our web proxy platforms are configured and performing optimally. These mission critical platforms are used for internet access by nearly every system in the environment. Your expertise in proxy technology will be crucial in safeguarding our organizations critical assets and ensuring the integrity of our systems and data. Years of Experience Minimum 3 years experience in Cybersecurity or related field Qualifications Experience with web proxy infrastructure, including deploying, configuring, upgrading, and maintaining proxy appliances and cloud proxy services. Special Requirements Occasional after hours and weekend work as needed. Responsibilities Configure and maintain web proxy platforms. Understand Russell Investments network architecture. Create and maintain documentation. Participate in various projects, including platform refresh and upgrades. Review proxy policies to ensure new and emerging threats are accounted for. Generate web usage reports. Propose solutions to enhance our security posture. Be familiar with our security Policies and Standards. Develop and maintain response plans, playbooks, and procedures. Candidate Requirements Bachelors degree in Computer Science, Cybersecurity, or a related field. Relevant certifications (e.g., CISSP, CEH, GCIH, etc.) are highly desirable. Proven experience of at least 3 years in a similar role within Cybersecurity In-depth knowledge of cybersecurity principles, methodologies, and best practices, including network security, host security and application security. Familiarity with industry standards and frameworks, such as NIST Cybersecurity Framework and ISO 27001. Understanding of networking technology such as load balancers, firewalls, switches, and routers. Excellent analytical and problem-solving skills, with the ability to assess complex issues and propose effective solutions. Strong communication skills, both written and verbal, with the ability to articulate technical concepts to non-technical stakeholders. Core Values Strong interpersonal, oral, and written communication and collaboration skills Strong organizational skills including the ability to adapt to shifting priorities and meet frequent deadlines, Demonstrated proactive approach to problem-solving with strong judgment and decision making capability. Highly resourceful and collaborative team-player, with the ability to also be independently effective and exude initiative and a sense of urgency. Exemplifies our customer-focused, action-oriented, results-driven culture. Forward looking thinker, who actively seeks opportunities, has a desire for continuous learning, and proposes solutions. Ability to act with discretion and maintain complete confidentiality. Dedicated to the firm s values of non-negotiable integrity, valuing our people, exceeding client expectations, and embracing intellectual curiosity and rigor. Visit us: https: / / russellinvestments.com / us / careers

Grade HResponsible for supporting the delivery of business analysis and consulting processes and procedures for the defined specialism using sound technical capabilities, building and maintaining effective working relationships, ensuring relevant standards are defined and maintained, and supporting delivery of process and system improvements. Specialisms: Business Analysis; Data Management and Data Science; Digital Innovation. Entity: Technology ITS Group You will work with A hardworking and multi-functional team of IAM architects, security engineers, platform owners, and business collaborators across HR, IT operations, and compliance. This team flourishes with collaboration, a security-first approach, and a strong dedication to automation and scalability. You ll engage with a diverse set of federated teams, helping them integrate and mature their access governance capabilities. We value innovation, continuous improvement, and product thinking empowering you to lead with impact, drive adoption through streamlined experiences, and shape the future of identity governance. You ll be part of a supportive environment that encourages knowledge sharing, agile practices, and staying ahead of emerging IAM trends. Let me tell you about the role Senior Enterprise Technology Engineer - Identity Governance Onboarding, you will play a critical role in helping federated teams govern their access by onboarding them onto our IGA platform. Your mission is to make the onboarding process streamlined, scalable, and automated, ensuring teams can adopt governance capabilities with minimal effort. This role will be part of team that drives the integration of systems into IGA, ensuring visibility, policy enforcement, and access governance maturity. You will lead the development of self-service, BAU, and project-based onboarding strategies, allowing teams to evolve from basic governance (visibility, access reviews) to advanced governance (recertification, segregation of duties, and attestation). What you will deliver Supporting IGA Onboarding Adoption - Assist in connecting applications and systems to the IGA platform through self-service, automation, or project-based onboarding, helping teams adopt governance capabilities efficiently. Implementing Access Governance Controls - Contribute to enabling access to entitlements, supporting policy enforcement, and assisting in the implementation of governance features such as recertification, attestation, and segregation of duties (SOD). Contributing to IGA Platform Enhancements - Participate in designing and improving features that streamline onboarding processes and make it easier for teams to integrate with the IGA platform. Data Integration Source Mapping - Work with senior engineers to identify and configure appropriate data sources and connectors that support identity lifecycle and governance requirements. Supporting Compliance Audit Activities - Help ensure that onboarding and governance activities meet compliance standards such as SOX and GDPR, and assist with access reviews and certification processes. multi-functional Collaboration - Collaborate with IAM platform teams, HR, IT operations, and business units to understand integration needs and support onboarding efforts. Ongoing Optimization Feedback Loops - Monitor onboarding progress, gather feedback from collaborators, and contribute to continuous improvement of onboarding flows and governance capabilities. What you will need to be successful (experience and qualifications) Technical skills we need from you Bachelor s degree in technology, Engineering, or a related field. Demonstrable experience in enterprise technology, security, and operations in large-scale global environments. Strong collaborator management skills, with the ability to engage and influence senior business leaders. Experience implementing CI/CD pipelines, DevOps methodologies, and Infrastructure-as-Code (Terraform, Ansible, etc.). Deep knowledge of ITIL, Agile, and enterprise IT governance frameworks. A passion for emerging technology trends, security standard methodologies, and innovation. Essential skills Identity Access Management (IAM) Foundation Hands-on experience with Identity Governance Administration (IGA) tools such as SailPoint, Saviynt, ForgeRock, or Microsoft Entra ID Governance. Working knowledge of identity lifecycle processes, role-based access control (RBAC), and attribute-based access control (ABAC). Familiarity with access request workflows, entitlement reviews, and segregation of duties (SOD) concepts. Technical Automation Skills Exposure to integrating applications with IGA platforms and assisting with connector development and onboarding automation. Basic understanding of REST APIs, JSON, SCIM, and directory services for identity synchronization. Experience writing scripts (e.g., Python, PowerShell) and working with Infrastructure as Code tools (e.g., Terraform, Ansible) to support IAM automation efforts. Governance, Compliance Risk Awareness Awareness of regulatory compliance frameworks such as SOX, GDPR, ISO 27001, and NIST 800-53, and how they relate to identity governance. Experience participating in access reviews, recertification efforts, and audit-related tasks. Collaboration Execution Ability to work effectively with IAM platform teams, security teams, and business partners to support onboarding and governance activities. Strong communication and solving skills, with a focus on translating technical requirements into actionable work. Skills that set you apart All engineers in our team are expected to adopt the following values and practices: Security-First Attitude - Embed security in day-to-day IAM work, recognizing the importance of identity in modern enterprise security. Automation-Driven Culture - Support efforts to automate IAM processes and contribute to CI/CD-enabled environments. Collaborative Approach - Partner with multi-functional teams to understand business needs and deliver effective IAM solutions. Agile Thinking - Participate in Agile ceremonies, contribute to sprint planning, and deliver incremental improvements to IAM capabilities. Continuous Learning - Stay curious and proactive in learning about new IAM technologies, compliance requirements, and security standard processes. About bp Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner! We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Travel Requirement Up to 10% travel should be expected with this role Relocation Assistance: This role is eligible for relocation within country Remote Type: This position is a hybrid of office/remote working Skills:

Grade HResponsible for supporting information security and risk activities for the specialism, using sound technical capabilities to review and adjust information security processes, supporting the delivery of security solutions, recommending improvements to security strategies and managing external service providers, as required. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security. Entity: Technology ITS Group You will work with This team is responsible for response and management of cyber incidents, utilizing an intelligence-led approach for identification, mitigation, and rapid response to safeguard bp on a global scale. By applying lessons learned and data analytics, they establish engineering principles and enhance the technology stack to continuously bolster bps cybersecurity posture. Let me tell you about the role We are looking for an Information Security Engineering Specialist with great knowledge in security fundamentals and is eager to apply them in complex environments. In this role, you will assist in implementing security controls, executing vulnerability assessments, and supporting automation initiatives. This position will have an emphasis in one or more of the following areas - cloud security; infrastructure security; and/or data security. You will have an opportunity to learn and grow under the mentorship of senior engineers, while also contributing to critical security tasks that keep our organization safe. What you will deliver Define security policies that can be used to improve our cloud, infrastructure or data security posture. Integrate our vulnerability assessment tooling into our environments, to provide continuous scans, uncovering vulnerabilities, misconfiguration or potential security gaps. Work with engineering teams to support the remediation and validation of vulnerability mitigations and fixes. Integrate security validations into continuous integration/continuous deliver (CI/CD) pipelines and develop scripts to automate security tasks. Maintain clear, detailed documentation of security procedures and policies, including how to embed and measure security on our cloud, infrastructure or data environments. What you will need to be successful (experience and qualifications) Seasoned security professional with 3+ years delivering security engineering services and/or building security solutions within a complex organization. Practical experience designing, planning, productizing, maintaining and documenting reliable and scalable data, infrastructure, cloud and/or platform solutions in complex environments. Firm foundation of information and cyber security principles and standard processes. Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus. Development experience in one or more object-oriented programming languages (e.g., Python, Scala, Java, C#) and/or cloud environments (including AWS, Azure, Alibaba, etc.) Exposure/experience with full stack development. Experience with security tooling (vulnerability scanners, CNAPP, Endpoint and/or DLP) and automation and scription for security tasks (e.g., CI/CD integration). Familiarity with basic security frameworks such as NIST CSF, NIST 800-53, ISO 27001, etc. Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX) Continuous learning and improvement approach. About bp bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future! We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Travel Requirement Up to 10% travel should be expected with this role Relocation Assistance: This role is eligible for relocation within country Remote Type: This position is a hybrid of office/remote working Skills:

Senior Analyst - Cyber assurance - Compliance Mumbai Role purpose Senior Analyst - Cyber Assurance - Compliance is responsible for ensuring the organization s cybersecurity practices align with relevant industry regulations, internal policies, and best practices. This role focuses on assessing, monitoring, and maintaining compliance with cybersecurity frameworks and standards, ensuring that risk management protocols and controls are effectively integrated across the organization s operations. The Senior Analyst will collaborate with IT, legal, audit, and other departments to manage and address compliance risks related to cybersecurity and data protection, providing expert guidance on compliance requirements and helping to implement necessary improvements to the company s security posture. Duties & Responsibilities: Cybersecurity Compliance Management Ensure that the organization s cybersecurity policies, procedures, and controls comply with relevant standards, regulations, and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST, PCI DSS). Governance of cybersecurity compliance by managing cybersecurity business request through ticketing tool. Work closely with legal, audit, products and IT teams to complete Cyber security assessments Provide guidance to business units on cybersecurity compliance issues, addressing any gaps and ensuring that security controls are being properly applied. Assist in providing cybersecurity responses for RFP/RFIs. Assist in ensuring that data privacy and protection requirements are met, particularly in relation to sensitive customer, employee, and organizational data. Risk and Control Assessments Evaluate the effectiveness of current security controls and practices to ensure compliance with external regulations and internal security policies. Identify compliance risks, control weaknesses, and areas for improvement through Customer SLA/Security assessments, gap assessments, and vulnerability management. Collaborate with stakeholders to implement corrective actions for any cybersecurity compliance issues identified, tracking the resolution process to ensure timely and effective remediation. Participate in risk assessments to identify cybersecurity threats and evaluate the organizations exposure to compliance-related risks, particularly in high-risk areas. Regulatory and Standards Compliance Stay up-to-date on relevant regulations, cybersecurity trends, and best practices to ensure the company remains compliant with applicable laws and frameworks. Assist in preparing for and supporting external audits and assessments related to cybersecurity compliance, providing necessary documentation, evidence, and reports. Guide the development of compliance programs and initiatives, ensuring they align with the organizations overall cybersecurity and business objectives. Compliance Reporting and Communication Prepare reports to senior management, detailing security KPI s, risk and recommended actions. Communicate compliance and cybersecurity risks to key stakeholders, providing actionable insights to enhance decision-making processes. Incident Management and Response Support the organization s incident response team in addressing compliance-related issues arising from security breaches or data protection incidents. Help track and report on incidents related to cybersecurity compliance, ensuring that they are resolved in accordance with applicable regulations and internal policies. Assist in identifying lessons learned from security incidents and developing preventive measures to reduce future compliance risks. Knowledge, Experience & Skills: 3+ years of experience in cybersecurity, compliance, or risk management, with a focus on ensuring adherence to cybersecurity standards and regulations. Experience in working with regulatory frameworks such as ISO 27001, NIST, GDPR, CCPA, PCI DSS, or SOC 2. Proven experience in conducting risk assessments, preparing ISO 27001 SOA, internal audits, and compliance reviews in a corporate or enterprise setting. Familiarity with cybersecurity concepts, controls, and best practices in data protection, threat management, and regulatory compliance. Skills Compliance Knowledge: In-depth understanding of cybersecurity compliance frameworks and regulatory requirements. What do we offer? Open culture and challenging opportunity to satisfy intellectual needs Flexible working hours Smart working: hybrid remote/office working environment Work-life balance Excellent, dynamic and multicultural environment We are proud to enable innovation-led growth for the airline industry and put control back in the hands of airlines. For more information, please visit www.accelya.com #LI-MK1

About the Team At Meesho, the Product Security team is at the forefront of protecting our platform and the 5% of Indian households who shop with us daily. We are a team of proactive builders and defenders who thrive on collaboration and a Founders Mindset. We believe in moving fast, learning from every challenge, and supporting each others growth through open communication and mentorship. We work hard to secure the massive scale of Meeshos e-commerce platform, and we have fun doing it. If youre a self-starter who enjoys solving complex problems and wants to make a real-world impact, youll fit right in. About the Role As a Security Engineer 2, you will be a key player in maturing our product security posture. You wont just find vulnerabilities; youll help us build more secure products from the ground up. Your work will directly protect our customers and the business by focusing on offensive security testing, proactive threat modeling, and embedding security into our development lifecycle and company culture. What you will do Application Security Testing: Conduct comprehensive security assessments (VAPT) of our web platforms, APIs, network and mobile applications (iOS & Android) to identify and mitigate vulnerabilities. Offensive Security: Plan and execute red team and purple team exercises to simulate real-world attacks, test our defenses, and provide actionable recommendations to improve our security posture. Threat Modeling: Lead threat modeling sessions for new and existing features, collaborating with engineering teams to identify potential threats in the design phase and integrate security requirements into the product lifecycle. DevSecOps & Automation: Enhance our CI/CD pipeline by integrating security tools (SAST, DAST, IAST). Develop and implement hands-on security automation to streamline security processes and improve our detection and response capabilities. Security Culture & Awareness: Drive key security culture initiatives, including managing the Security Champions program, conducting phishing simulations, and delivering developer awareness training sessions. Risk & Compliance: Contribute to compliance and risk management efforts, such as ISO 27001 readiness, third-party risk management (TPRM), and Business Continuity/Business Impact Analysis (BCP/BIA). Security Partnership: Act as a security subject matter expert for developers, providing guidance on secure coding practices, vulnerability remediation, and security best practices through code reviews and consultations. Code Review: Perform manual and automated code reviews to identify security-critical bugs. Bug Bounty: Assist in managing our bug bounty program, including triaging submissions and engaging with security researchers. What You Will Need Experience: 3-5 years of hands-on experience in a product security or application security role. Education: A Bachelors or Masters degree in Computer Science, Information Security, or a related field is preferred. Mobile Security Expertise: Strong experience in mobile application security assessments for both Android and iOS.Proficiency with mobile security tools like Frida, Objection, Drozer, MobSF, ADB, etc.Deep understanding of the OWASP MASVS framework and mobile-specific vulnerabilities (insecure webview, insecure deeplink, insecure data storage, flawed cryptography, etc.). Web & API Security Expertise: Proven ability to perform security assessments on web applications and APIs, with a strong understanding of the OWASP Top 10 for both. Experience testing for complex vulnerabilities in authentication, authorization, session management, and business logic. Offensive Security & Threat Modeling: Demonstrated experience planning and executing red team exercises . Proven ability to lead threat modeling sessions and integrate findings into the SDLC. General Skills & Acumen: Strong analytical and problem-solving skills.Excellent communication skills, with the ability to explain complex security issues to both technical and non-technical audiences. Familiarity with DevSecOps principles and CI/CD pipeline security automation. (Bonus Points) Active participation in public or private bug bounty programs is a huge plus. Experience with security awareness initiatives (e.g., Security Champions) and compliance frameworks (e.g., ISO 27001, TPRM) is also highly desirable.

About Company: At Delaplex, we believe true organizational distinction comes from exceptional products and services. Founded in 2008 by a team of like-minded business enthusiasts, we have grown into a trusted name in technology consulting and supply chain solutions. Our reputation is built on trust, innovation, and the dedication of our people who go the extra mile for our clients. Guided by our core values, we don t just deliver solutions, we create meaningful impact. We are seeking a cybersecurity consultant to support IEC 62443 (4-1/4-2) certification efforts, coach development teams, conduct internal audits, and ensure compliance with OT security standards and global regulations. Overview: This role focuses on improving and maintaining processes and workflows to ensure compliance with OT cybersecurity frameworks in product development. The consultant will support the deployment and implementation of these processes across development teams working on physical products with electronics and connectivity. Key Responsibilities: Collaborate with global teams to adapt and implement policies aligned with IEC 62443-4-1. Coach product development teams to follow defined security processes. Advise on implementing security features in line with IEC 62443-4-2. Conduct internal audits and assessments. Requirements: Bachelors or masters degree in science/engineering with 10+ years of experience, including 3+ years in relevant cybersecurity roles. Hands-on experience with IEC 62443 (4-1 and 4-2), ISO 27001, and other security standards and regulations. Experience auditing IEC 62443-4-1 for embedded devices. Understanding of system engineering processes in software development. Nice to Have: Training or certification in ISA IC 32, IC46, IC47, or equivalent. Familiarity with global OT regulations like CRA, NIS2, RED DA, etc. Knowledge of frameworks such as OWASP, NIST CSF, CSA CCM, and IoT SF Security Guidelines.

Number of Openings 3 ECMS ID in sourcing stage TS-ID-15357 Assignment Duration 6 Months Total Yrs. of Experience 12+ years Relevant Yrs. of experience 10 +years Detailed JD (Roles and Responsibilities) Developer with Cryptography Skills Overview We are seeking a highly skilled Developer with extensive experience in cryptography, particularly with the Key Factor Prime Key product. The ideal candidate will have over 10 years of experience working within financial institutions and a strong background in secure data management and cryptographic technologies. Key Responsibilities Design, implement, and maintain cryptographic systems using KeyFactor PrimeKey technologies Develop secure applications and services that meet rigorous financial industry standards Collaborate with cross-functional teams to integrate cryptographic solutions into existing infrastructures Conduct security assessments and audits to ensure compliance with industry regulations Stay updated on the latest cryptographic algorithms and technologies to enhance security measures Provide technical expertise and support to other departments regarding cryptographic solutions Qualifications Bachelors degree in Computer Science, Information Technology, or a related field Over 10 years of experience working in financial institutions Extensive experience with Key Factor Prime Key product. In-depth knowledge of cryptographic algorithms, protocols, and standards. Strong problem-solving skills and ability to work under pressure. Excellent communication skills and ability to collaborate effectively with teams. Certifications in cryptography or related areas are a plus Skills and Competencies Proficiency in programming languages such as Java, Python, and C++. Experience in implementing and managing PKI (Public Key Infrastructure). Knowledge of security frameworks and compliance standards such as PCI-DSS, GDPR, and ISO 27001. Ability to analyze and mitigate security risks and vulnerabilities Strong understanding of blockchain technologies and cryptographic applications in financial services. Domain Cryptography Developer KeyFactor PrimeKey Max Vendor Rate in Per Day (Currency in relevance to work location) 12000 INR Work Location given in ECMS ID Bangalore/Pune WFO/WFH/Hybrid WFO Hybrid BG Check (Before OR After onboarding) As per Infosys Policy Is there any working in shifts from standard Daylight (to avoid confusions post onboarding) YES/ NO NO

Senior System Administrator Location: Pune, Maharashtra, India Onit, Inc. is seeking a Senior Systems Administrator to manage and optimize a diverse global IT cloud infrastructure. The role focuses on Microsoft 365, Entra ID, SSO, Exchange administration, Email Security (Mimecast), and IT governance while contributing to cross-functional initiatives. Key Responsibilities: Microsoft 365 & Exchange Administration: Manage user accounts, licensing, permissions, and roles across multiple M365 tenants. Manage Exchange Online mail flow, retention policies, and security measures (Mimecast). Implement security protocols like MFA, Conditional Access, and threat management. Migrate and Manage One Drive, SharePoint and MS Teams. Ensure compliance with regulations (e.g., GDPR) and manage eDiscovery and audit logs. Platform Optimization: Monitor platform performance and usage, recommend cost-saving optimizations. Develop governance policies and stay updated on the Microsoft roadmap. Backup, Recovery, and Security: Configure backup solutions and update disaster recovery plans. Utilize Mimecast for filtering, encryption, archiving, and continuity. IT Infrastructure Support: Manage hosting, domain, and Cloudflare. Collaborate on AWS infrastructure projects. Required Skills: 8+ years as Global Admin for M365, Entra ID & Exchange administration, including automation and migrations. Proficiency in PowerShell for scripting and administration. Expertise in email security (Mimecast), protocols (SMTP, POP3, IMAP) & Security Standards (SPF, DKIM, DMARC) Experience with Azure AD, IAM, and compliance frameworks (NIST, GDPR, ISO 27001). Knowledge of CrowdStrike, Cloudflare, and Zero-Trust principles. Preferred Certifications: MS-102: Microsoft 365 Administrator Microsoft 365 Certified : Messaging Administrator Associate SC-300: Microsoft Identity and Access Administrator About Onit: Onit is a global leader in enterprise workflow solutions, transforming business processes in Legal, IT, HR, and Finance with cutting-edge platforms and smarter workflows.

Business Unit: Global Technology Reporting To: Manager, Cybersecurity Shift: About Russell Investments, Mumbai: Russell Investments is a leading outsourced financial partner and global investment solutions firm providing a wide range of investment capabilities to institutional investors, financial intermediaries, and individual investors around the world. Building on an 89-year legacy of continuous innovation to deliver exceptional value to clients, Russell Investments works every day to improve the financial security of its clients. The firm is Top 12 Ranked Consultant (2009-2024) in P&I survey 2024 with $906 billion in assets under advisement (as of December 31, 2024) and $331.9 billion in assets under management (as of March 31, 2025) for clients in 30 countries. Headquartered in Seattle, Washington in the United States, Russell Investments has offices around the world, including London, New York, Toronto, Sydney, Tokyo, Shanghai - and has opened a new office in Mumbai, India in June 2023. Joining the Mumbai office is an incredible opportunity to work closely with global stakeholders to support the technology and infrastructure that drives the investment and trading processes of a globally recognized asset management firm. Be part of the team based out of Goregaon (East) and contribute to the foundation and culture of the firm s growing operations in India. The Mumbai office operates with varying shifts to accommodate time zones around the world. For more information, please visit https: / / www.russellinvestments.com . Job Description: We are seeking an experienced Cybersecurity Senior Engineer to join our Mumbai based Cybersecurity Proxy team. The Proxy team is responsible for supporting the Russell Investments web proxy infrastructure. This role requires experience with web proxy appliances and cloud services, as well as general cybersecurity experience. You ll work alongside the Seattle based Cybersecurity team, IT support teams, and other groups within Russell Investments to ensure our web proxy platforms are configured and performing optimally. These mission critical platforms are used for internet access by nearly every system in the environment. Your expertise in proxy technology will be crucial in safeguarding our organizations critical assets and ensuring the integrity of our systems and data. Years of Experience Minimum 5 years experience in Cybersecurity or related field Qualifications Experience with web proxy infrastructure, including deploying, configuring, upgrading, and maintaining proxy appliances and cloud proxy services. Special Requirements Occasional after hours and weekend work as needed. Responsibilities Configure and maintain web proxy platforms. Understand Russell Investments network architecture. Create and maintain documentation. Participate in various projects, including platform refresh and upgrades. Review proxy policies to ensure new and emerging threats are accounted for. Generate web usage reports. Propose solutions to enhance our security posture. Be familiar with our security Policies and Standards. Develop and maintain response plans, playbooks, and procedures. Candidate Requirements Bachelors degree in Computer Science, Cybersecurity, or a related field. Relevant certifications (e.g., CISSP, CEH, GCIH, etc.) are highly desirable. Proven experience of at least 5 years in a similar role within Cybersecurity In-depth knowledge of cybersecurity principles, methodologies, and best practices, including network security, host security and application security. Familiarity with industry standards and frameworks, such as NIST Cybersecurity Framework and ISO 27001. Understanding of networking technology such as load balancers, firewalls, switches, and routers. Excellent analytical and problem-solving skills, with the ability to assess complex issues and propose effective solutions. Strong communication skills, both written and verbal, with the ability to articulate technical concepts to non-technical stakeholders. Core Values Strong interpersonal, oral, and written communication and collaboration skills Strong organizational skills including the ability to adapt to shifting priorities and meet frequent deadlines, Demonstrated proactive approach to problem-solving with strong judgment and decision making capability. Highly resourceful and collaborative team-player, with the ability to also be independently effective and exude initiative and a sense of urgency. Exemplifies our customer-focused, action-oriented, results-driven culture. Forward looking thinker, who actively seeks opportunities, has a desire for continuous learning, and proposes solutions. Ability to act with discretion and maintain complete confidentiality. Dedicated to the firm s values of non-negotiable integrity, valuing our people, exceeding client expectations, and embracing intellectual curiosity and rigor.

IT Governance Risk & Compliance Senior Analyst Job Locations IN-KA-Bengaluru Requisition ID Category (Portal Searching) Information Technology Position Type (Portal Searching) Experienced Professional Overview Connecting clients to markets and talent to opportunity With 4,300 employees and over 400,000 retail and institutional clients from more than 80 offices spread across five continents, we re a Fortune-100, Nasdaq-listed provider, connecting clients to the global markets focusing on innovation, human connection, and providing world-class products and services to all types of investors. At StoneX, we offer you the opportunity to be part of an institutional-grade financial services network that connects companies, organizations, and investors to the global markets ecosystem. As a team member, youll benefit from our unique blend of digital platforms, comprehensive clearing and execution services, personalized high-touch support, and deep industry expertise. Elevate your career with us and make a significant impact in the world of global finance. StoneX, a Nasdaq-listed provider, connecting clients to the global markets focusing on innovation, human connection, and providing world-class products and services to all types of investors. Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, The StoneX Group is made up of four segments that offer endless potential for progression and growth. Responsibilities Working within the IT organization and reporting to the Associate Director of Governance, Risk Compliance ( GRC ), the Governance, Risk & Compliance Analyst is responsible to help support the day to day assurance operations related to policy compliance, process and organizational policies and security requirements governance, as well as risk management functions. You will assist with the collection of data from multiple systems to allow for proper reporting of the Information Security program effectiveness . The Governance Risk & Compliance Analyst will create impact in the following ways: You will engage business personnel to ensure all requisite data and information is complete, accurate, and consistently delivered. You will use your experience and knowledge of security in working with a team to deliver on Governance, Risk and Compliance goals related to developing the complete perspective for operational and management visibility of overall compliance to the Information Security program, policies, and practices Reporting to the Manager of Governance, Risk Compliance (GRC), the Governance, Risk & Compliance Senior Analyst supports daily assurance operations related to policy compliance, governance, and risk management. You will gather data from multiple systems to report on the Information Security programs effectiveness. Major Responsibilities: Coordinate the development of best practice policies and standards based on various governance frameworks Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements. Design and implement an effective exception process to facilitate and manage requests for non-compliance with policies and standards. Develop and lead information security awareness and training initiatives, including phishing exercises. Develop and implement relevant cyber and IT risk metrics and reporting to management and risk committees. Develop and manage an information security risk register to address risk issues and action plans from all sources, e.g., IT audit, technology risk assessments, vulnerability scans, penetration testing, etc. Implement GRC software platform for policy administration, compliance and risk management. Coordinate information security internal audit, external audit, regulatory and SOX reviews to help represent the company from an information security and technology risk perspective. Coordinate responses to RFI\RFPs and client security related questionnaires. Establish a compliance management framework to manage all third line of defense reviews and results. Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance. Coordinate with legal, compliance functions to ensure proper implementation of data privacy legislation and disclosure Identify, analyze, respond to and monitor IT risk. Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives. Conduct third part vendor risk assessments, make recommendations and perform periodic reviews. Manage tracking of identified findings and actions to closure and reporting to leadership. Develop and maintain a Cyber and IT Control Framework. Develop a Cyber and IT controls catalog to align with the organizations risk appetite and tolerance levels to support business objectives. Ensure all controls are assigned control owners to establish accountability. Design and implement Cyber and IT controls assessment and assurance process to ensure controls function effectively and efficiently. Qualifications The right candidate will do this by bringing their education and professional experience in the following spaces: Bachelor s degree. Master s degree a plus. Minimum over 5 years of relevant experience, preferably in financial services. Strong background in information technology with a clear understanding of the challenges of information security. Demonstrated understanding of secure, complex information systems environment in a global financial service sell side environment. Relevant experience in the GRC space. Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc. Direct experience with regulatory compliance reviews and examinations. Current Information Security Certification (e.g. CISSP, CISM, CISA, or related security certification) preferred. Project and program management skills. Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization. Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management. Excellent leadership and teamwork skills. Ability to influence others. Team player with the ability to work independently. Resourceful, energetic, self-starter, flexible, goal-oriented Strong personal integrity Preferred candidates will possess current Information Security Certifications (e.g., CISSP, CISM, CISA, or related). Options Apply for this job online Apply Share Email this job to a friend Refer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed

Sprinto is a leading platform that automates information security compliance. By raising the bar on information security, Sprinto ensures compliance, healthy operational practices, and the ability for businesses to grow and scale with unwavering confidence. We are a team of 300+ employees & helping 2500+ Customers across 75+ Countries . We are funded by top investment partners Accel, Elevation, and Blume Ventures and have raised 31.8 million USD in funding, including our latest Series B round. The Role We are looking for a Product Security Engineer to lead efforts in securing our products. This role involves integrating security into the SDLC, conducting threat assessments, and collaborating with engineering teams to ensure secure design and coding practices. You will also manage vulnerability remediation, ensure compliance, and educate teams on security best practices What you will do Secure SDLC Integration : Embed security into CI/CD pipelines and secure coding practices across development teams. Threat Modeling & Risk Assessments : Perform threat assessments and define mitigation strategies for new features. Application Security Audits : Conduct security reviews and vulnerability assessments for applications. Security Design Reviews : Provide feedback on product designs to ensure security is built in from the start. Vulnerability Management : Oversee vulnerability identification, prioritization, and remediation workflows. Cross-Functional Collaboration : Work closely with development teams to promote secure coding and operational practices. What We re Looking For 5-9 years in application security, product security, or related roles. Proficient in web application security (OWASP Top 10), secure coding practices, and vulnerability remediation. Hands-on experience with security tools (SAST/DAST) and securing cloud environments. Familiar with cloud security (AWS, Azure) and container security (Docker, Kubernetes). Strong understanding of compliance standards like SOC 2, ISO 27001, and GDPR.. Benefits Remote First Policy. 5 Days Working With FLEXI Hours. Group Medical Insurance (Parents, Spouse, Children). Group Accident Cover. Company Sponsored Device. Education Reimbursement Policy.