776 Iso 27001 Jobs - Page 21

ROLE AND CONTEXT NEED TO DO NEED TO KNOW Purpose: The job holder is responsible to lead and manage the end-to-end lifecycle of Vulnerability Assessment and Penetration Testing (VA/PT) for all digital assets and applications at Adani Ports and Logistics, ensuring timely execution, risk mitigation, and compliance with cybersecurity standards. Main Priorities: Plan and execute VA/PT projects across digital assets. Identify, assess, and report vulnerabilities and risks. Collaborate with IT and development teams for remediation. Ensure compliance with cybersecurity standards (ISO 27001, NIST, GDPR). Provide regular updates and final reports to stakeholders. Drive continuous improvement in VA/PT processes. Key Outputs: Project plans, Gantt charts, and KPIs for VA/PT activities. Detailed vulnerability and penetration testing reports. Risk assessments and prioritized remediation strategies. Compliance documentation and incident RCA reports. Final project summaries and executive reports. Technical documentation and internal training materials. Continuous improvement and lessons-learned reports. Relationships: Internal - ICD External - Client Reportees: NA Key Performance Metrics: Timely execution of VA/PT projects. Number and severity of vulnerabilities identified and remediated. Compliance rate with security standards and frameworks. Stakeholder satisfaction with reporting and communication. Reduction in incidents caused by known vulnerabilities. Effectiveness of training and awareness programs. Qualifications: Bachelor s degree in Cybersecurity, IT, Computer Science, or a related field. Skills/ Knowledge: Strong understanding of VA/PT methodologies and tools (e. g. , Nessus, Metasploit, Burp Suite). Familiarity with operating systems, network protocols, and security frameworks. Knowledge of ISO 27001, NIST, GDPR compliance. Strong project management and documentation skills. Excellent communication, leadership, and problem-solving abilities. Certifications (if any): CEH, Security+, OSCP (preferred) or equivalent cybersecurity certifications Experience (add relevant Exp also) 5-8 years in cybersecurity. Minimum 3-4 years in vulnerability assessment and penetration testing.

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology. Position: Sr. Information Security Analyst Grade: IT3 Location: Noida/Bangalore Job Description: Key Responsibilities Led and implement security architecture and solutions to safeguard enterprise systems, networks, and data. Conduct vulnerability assessments, penetration testing, and risk assessments to identify and mitigate security threats. Develop and enforce security policies, procedures, and best practices to ensure compliance with internal standards and industry regulations. Collaborate with cross-functional teams to design secure systems and provide guidance on secure coding practices and vulnerability management. Continuously monitor the security landscape for new threats and ensure proactive defense mechanisms are in place. Required Skills Qualification Hands-on experience in securing corporate environment. Hands-on experience in security frameworks (NIST, ISO 27001, CIS) and experience with risk management and compliance Hands-on experience securing Windows (Workstations and Servers), Linux (Workstations and Servers), and Mac Hands-on experience conducting risk management by identifying gaps and providing strategies for mitigation. Hands-on experience documenting vulnerability assessment results in a clear and actionable format. Expertise in network security, firewalls, IDS/IPS, and security monitoring tools such as SIEM Proficiency with cloud security technologies (AWS, Azure, GCP) and securing cloud-based infrastructure. Experience with incident response, forensics, and managing security incidents from detection to resolution. Determines security violations and inefficiencies. Knowledge of mergers and acquisitions Experience: Should have relevant experience of at least 6-10 years. Qualification: Engineering (Computers, Electronics, IT) or equivalent We re doing work that matters. Help us solve what others can t.

Skills Required : ISO 27001, NIST, PCI

The candidate will have expertise in penetration testing, cloud security, compliance frameworks (HIPAA, PCI DSS), security documentation, and security tools such as Qualys, Burp Suite, and other industry-standard solutions Strong communication skills and the ability to document security processes effectively are essential for this role Key Responsibilities Penetration Testing Vulnerability Management Perform penetration testing on web applications, networks, and cloud environments to identify security vulnerabilities Utilize tools like Burp Suite, Qualys, Nessus, Metasploit, and other scanning tools to detect threats Work with development and operations teams to remediate vulnerabilities and strengthen security posture Cloud SecurityEnsure cloud security best practices for AWS, Azure, and other cloud platforms Implement security controls for cloud-hosted applications and workloads Conduct security assessments and recommend security enhancements Compliance Regulatory Security Ensure compliance with HIPAA, PCI DSS, ISO 27001, NIST, and other security frameworks Conduct audits, risk assessments, and compliance gap analysis Assist in developing policies, procedures, and security documentation to meet regulatory requirements Security Operations Incident Response Monitor security logs and alerts for threat detection and response Work with security teams to investigate and mitigate security incidents Conduct forensic analysis in the event of security breaches Documentation Communication Develop and maintain security policies, procedures, and technical documentation Create security reports and communicate findings effectively to stakeholders Provide security training and awareness programs for employees Location - Bengaluru, Noida, Pune, Mumbai, Hyderabad, Mohali, Panchkula, Chennai.

Job description ** Immediate / 30 days Joiners** Work Mode: 5 days work form office Location: SLK Green Park, Devanahalli Bangalore Transport facility: Provided across Bangalore Job Description: 4+ years of experience in cybersecurity or IT risk/compliance Support the implementation and monitoring of security compliance programs across multiple client accounts and internal systems Conduct periodic internal assessments and audits to evaluate adherence to security standards such as ISO 27001, SOC 2, and client-specific requirements Maintain and update security documentation, including risk registers, audit reports, and compliance dashboards Perform risk assessments for new projects, vendors, or changes in business processes Good understanding of IT infrastructure, networks, and security controls Experience in conducting internal audits, compliance assessments, and evidence gathering Strong analytical and documentation skills. Excellent verbal and written communication skills Strong understanding of security frameworks (e.g., ISO 27001, SOC 2, Data Privacy etc.)

** Immediate / 30 days Joiners** Work Mode: 5 days work form office Location : SLK Green Park, Devanahalli Bangalore Transport facility: Provided across Bangalore Job Description: 8+ years of experience in cybersecurity or IT risk/compliance, with at least 2-3 years in a lead or manager or senior consultant role Strong understanding of security frameworks (e.g., ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, etc.) Act as the primary point of contact for client-specific security compliance and governance requirements Interpret and implement client contractual security requirements across delivery, IT functions Conduct risk assessments, gap analyses, and ensure remediation plans are implemented as per client expectations Coordinate and oversee internal audits, client audits, and respond to client/ third-party security assessments Collaborate with cross-functional teams including IT, Legal, Facilities, HR, and Delivery to ensure end-to-end security compliance Good knowledge of security technologies for network security, access management, data protection, security event management, endpoint protection, email security, etc. Ability to work independently with minimal supervision Certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Auditor are preferred. Excellent verbal and written communication skills

. Our most valuable asset is our people . At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the As a Risk management specialist at ZS Associates, youll be responsible for identifying, and mitigating compliance and operational risks in line with the firms standards. Youll also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry best practices. By partnering with various stakeholders, including Product Owners and Business function Managers, you will contribute to the reporting of a comprehensive view of technology risk posture and its impact on the business. Youll have advanced knowledge of risk management principles, practices, and theories will enable you to drive innovative solutions and effectively manage a diverse team in a dynamic and evolving risk landscape. What youll do: Develop the culture of risk management across the organisation, and ensure effective identification, quantification, communication, and management of risks focusing on root cause analysis and resolution recommendations across domains Cyber, HR, Legal, Finance, etc. Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance. Provide SME support to functional managers or Internal stakeholders in understanding and applying responsibilities towards risk and compliance providing recommendations as appropriate. Support the CIO and CISO, and work with internal stakeholders to: Participate in consultation and conduct gap analysis against new requirements Coordinate and facilitate IT / cyber security audits. Support Risk Owners and Tech teams in documenting control procedures, guidelines, etc. Ensure risk and control activities are completed in a timely and appropriate manner applying the correct governance route Report and publish Risks to senior leadership inclusive of providing content for Senior Leadership risk and control review forums/Committees. Ensure all governance attestations and sign-off from Senior leadership are completed including the conduct risk measures. Co-ordinate and track the tickets / findings in areas like IT Operational Risks and Information Security Risks, Control Self assessments , Internal/External Audit findings with appropriate CAPA, BCP / Disaster recovery , Problem tickets with root cause analysis. Audit event co-ordination, Audit liaison and issue closure oversight (SOC 2 Type 2, ISO 27001, etc.) Lead pre-audit preparation activities with stakeholders (SOC 2 Type 2, ISO 27001, etc.) Provide first line of defense support in assessing risk and reviewing control issues Documentation of control procedures, standards and guidelines, etc. What youll bring: Bachelor s degree in IT or relevant field with a strong academic background A minimum of 7-10 Years of experience in Risk management and internal controls governance Strong communication & strategic influencing skills. Relevant experience working with senior leaders, building internal networks, and delivering high impact programs in complex -matrixed environments. Formal training or certification in Information Security, and/or 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation. Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies. Proficient in MS Office productivity suite (e.g., Word, Excel, PowerPoint, SharePoint). Advanced Excel skills strongly preferred CISM/CRISC/CISA/CISSP/CIA/MBA or relevant Risk Management / Audit certification Basic working knowledge of following (Majority of the points, if not all): -COBIT Control Objectives for Information and Related Technology -ISO/IEC 27001:2013 Code of Practice for Information Security Management -NIST SP 800-53 -NIST CSF -SOC1/SOC2/SOC3 -HIPAA/HITECH Security and Privacy Audit Protocol -Shared Assessments Standard Information Gathering (SIG) framework -US SOX Sarbanes Oxley Act -US HIPAA/HITECH Act -EU GDPR General Data Protection Regulation -US EU Privacy Shield -India Companies Act Additional Skills: Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives. Program level management up to and including Executive presentation and reporting. Knowledge and Experience of Technology Infrastructure. Understanding of Infrastructure Security Stakeholder management Willingness to adapt to evolving industry standards and technologies Ability to manage a wide variety of tasks and meet deadlines, and reliability/dependability Proven ability to work creatively and analytically in a problem-solving environment Perks & Benefits: . Travel: . Considering applying? . To Complete Your Application:

Job Description REDE Consulting seeks highly qualified professionals for critical roles in ServiceNow IRM/GRC implementation. The successful candidates will be responsible for executing complex projects with significant impact on organizational risk management and regulatory compliance. Key Responsibilities: Implement and manage ServiceNow IRM/GRC modules with a focus on Risk Management, Policy & Compliance, Audit Management, and Continuous Monitoring. Develop and maintain comprehensive workflows, profiles, indicators, scoring models, and dashboards to ensure robust risk and compliance frameworks. Demonstrate in-depth knowledge of regulatory frameworks such as SOX, HIPAA, ISO 27001, NIST, and DORA, applying this expertise to client solutions. For Architect/Lead roles: Design end-to-end solutions, communicate effectively with stakeholders, and provide mentorship to team members. For Business Analyst roles: Analyze complex GRC use cases and translate business requirements into actionable technical stories. Contribute domain expertise in Banking, Healthcare, Telecom, or Life Sciences to enhance project outcomes and client satisfaction. Maintain strict adherence to project timelines and quality standards, ensuring deliverables meet or exceed client expectations. Stay current with evolving regulatory landscapes and ServiceNow platform updates to provide cutting-edge solutions. Qualifications Professional Opportunity Contribute to a high-impact team delivering advanced risk and compliance automation solutions on the ServiceNow platform. Engage with global clients across regulated industries, addressing critical business needs. Assume a pivotal role in leading, innovating, and influencing digital risk transformation initiatives. Benefit from a flexible remote-first work environment, competitive compensation package, and professional development opportunities.

Job Summary: The Cyber Security Team Lead will support the Head of Information Security in the development, implementation, and management of the organisation s information security strategy. This role involves overseeing daily operations, ensuring the security of information assets, managing security incidents, and fostering a security-conscious culture within the organisation. Key Responsibilities: Strategic Support: Assist in the development and execution of the organisations information security strategy and policies. Provide strategic guidance and leadership in all areas of information security. Operational Management: Oversee day-to-day security operations, including monitoring, threat management, and incident response. Ensure effective 24/7 monitoring and incident handling. Risk Management: Identify and assess security risks, and develop mitigation strategies. Conduct regular security audits and vulnerability assessments. Incident Response: Lead the response to security incidents and breaches, ensuring timely and effective resolution. Develop and maintain the incident response plan, including conducting regular drills. Compliance and Governance: Ensure compliance with relevant security standards, regulations, and frameworks (e.g., ISO 27001, NIST, GDPR). Maintain up-to-date documentation of security policies, procedures, and incidents. Team Leadership: Supervise and mentor the information security team, providing guidance and support. Foster a collaborative and high-performance team environment. Training and Awareness: Develop and deliver security training and awareness programs for employees. Promote a culture of security awareness throughout the organisation. Stakeholder Collaboration: Collaborate with IT, legal, HR, and other departments to ensure cohesive security practices. Serve as a key point of contact for security-related matters with external partners and vendors. Qualifications: Education: Bachelor s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master s degree is a plus. Certifications: Relevant certifications such as CISSP, CISM, CISA, or equivalent. Experience: Minimum of 10 -15 years of experience in information security, with at least 3 - 5 years in a leadership role. Proven experience in managing security operations, incident response, and risk management. Skills and Competencies: Technical Expertise: Strong knowledge of information security principles, technologies, and best practices. Experience with security tools and technologies such as SIEM, firewalls, IDS/IPS, and endpoint protection. Analytical Skills: Ability to analyse complex security issues and develop effective solutions. Strong risk assessment and management skills. Leadership and Communication: Excellent leadership and team management skills. Strong verbal and written communication skills, with the ability to convey complex security concepts to non-technical stakeholders. Problem-Solving: Strong critical thinking and problem-solving abilities. Ability to remain calm and effective in high-pressure situations. Additional Requirements: Availability for on-call duties and to respond to security incidents outside regular working hours. Willingness to travel as needed. Hybrid Policy - 2 to 3 days in a month work from Office* #LI-Hybrid What we offer Benefits We offer excellent benefits including an incentive programme, generous annual and parental leave policies, volunteering days and well-being support throughout the year, as well as free access to all Economist content. Country specific benefits are also offered. Our Values Our values are a collective set of beliefs and behaviours that strengthen The Economist Groups purpose and demonstrate where we want to be as an organisation. They reflect on our mission to pursue progress for individuals, organisations and the world. Independence We are not bound to any party or interest and encourage exploration and free-thinking. We champion freedom, both within our organisation and around the world. Integrity We are bold in our efforts to uncover the truth and stand up for what we believe in. We inspire trust through our rigour, fact-checking and transparency. Excellence We aspire to the highest standards in all we do. We are ambitious and inquisitive in our pursuit of continuous progress and innovation. Inclusivity We value diversity in thought and background and encourage healthy debate with a breadth of perspectives. We treat our colleagues and customers fairly and respectfully. Openness

Why join us? Key Responsibilities Threat Monitoring & Detection: Continuously monitor security tools and systems (SIEM, EDR, IDS/IPS, etc.) for suspicious activity or anomalies. Analyse and triage security alerts in real-time, assessing their legitimacy and severity. Quickly distinguish false positives from genuine threats and escalate significant incidents for immediate action. Use your expertise to fine-tune alerting rules and reduce noise, ensuring the SOC focuses on meaningful threats. Incident Response & Investigation: Serve as a front-line responder and incident handler for cybersecurity incidents. Follow established incident response procedures to contain threats and minimise damage when an incident is confirmed. Lead the technical investigation of complex incidents, determining the scope, root cause, and attack vector. This includes analysing logs, network traffic, malware, and other evidence to piece together what happened. When needed, perform in-depth digital forensics (e.g. malware analysis or disk/memory forensics) to retrieve artifacts of the attack and understand the full impact. Collaborate with the Incident Manager or SOC Lead on major incidents, taking technical ownership of containment and eradication steps. Ensure rapid recovery and verification that threats have been neutralised before restoring systems. Proactive Threat Hunting & Detection Enhancement: Leverage your experience to go beyond reactive monitoring and proactively hunt for threats that may evade automated security tools. Regularly conduct threat hunting exercises across network and endpoint data to identify stealthy malicious activity or vulnerabilities. Develop and refine new detection rules, alerts, and security controls based on your findings to improve our ability to catch advanced threats. Work closely with security engineering teams to implement these improvements in our SIEM and other monitoring platforms. Stay attuned to the latest attacker tactics and techniques; if credible new threats emerge (e.g. a novel malware or hack tactic), pivot to hunt for any signs of those in our environment. Threat Intelligence & Trend Analysis: Monitor threat intelligence feeds and stay up-to-date on cybersecurity trends, emerging vulnerabilities, and attack campaigns relevant to our industry. Analyse how global threat developments DWF Group - Confidential Data might impact our firm, and share timely alerts or guidance with the team (for example, if a new vulnerability (Zero-Day) is being exploited in the wild, ensure we check our systems and apply patches or mitigations). Use this intel to inform your threat hunting and to adjust our defences pre-emptively. Identify patterns or recurring issues in security events and recommend strategic changes (such as additional security controls or user training) to address the root causes. Documentation & Reporting: Maintain meticulous documentation for all incidents and investigations. For each incident handled, document the details, analysis steps, containment actions, and resolution outcomes in our incident management system. Prepare clear and comprehensive incident reports that can be shared with both technical teams and non-technical stakeholders. These reports should outline what happened, how it was remediated, and recommendations to prevent similar incidents. Contribute to the SOC s knowledge base by recording lessons learned and updating incident response playbooks or runbooks. This ensures the team can handle similar incidents more efficiently in the future and helps fulfil any compliance or audit requirements for incident record-keeping. Mentoring & Knowledge Sharing: Act as a subject matter expert and mentor within the SOC team. Be the fount of knowledge that less-experienced analysts can rely on for guidance. Provide on-the-job training, tips, and best practices to junior SOC analysts during investigations and day-to-day monitoring. Guide and support junior analysts through complex investigations and response efforts, helping them develop their skills in threat analysis and incident handling. Lead by example in documentation, analysis techniques, and adherence to processes. Additionally, you may conduct periodic knowledgesharing sessions or post-incident debriefs to help the entire team learn from notable incidents or new threat tactics. Cross-Functional Coordination: Collaborate with a variety of teams and stakeholders to ensure effective incident resolution and strengthen overall security. Work closely with IT infrastructure and application teams to understand system behaviours and assist in remediation (for instance, coordinating the isolation of affected servers or deployment of critical patches during an incident). Interface with the Legal and Compliance departments when needed, especially if an incident involves sensitive client data or may require legal actions and notifications - understanding that certain incidents in a law firm may invoke client breach reporting or evidentiary preservation needs. Coordinate with the Communications/PR team if a significant breach requires internal or external communications, ensuring consistent and accurate messaging. Your role is to make sure everyone who DWF Group - Confidential Data needs to be involved in an incident is informed and working in sync, thereby facilitating a swift, unified response. Security Awareness & Preventive Measures: Contribute to improving the human element of security in our firm. Take a leading role in organising and executing phishing simulation campaigns and other security awareness exercises for employees. Analyse the results of phishing tests to identify common weaknesses or departments that may need extra training. Work with our security awareness or IT training teams to provide feedback and implement remedial actions that reduce the risk of successful phishing and social engineering attacks in the future. Additionally, provide security guidance to staff when needed - for example, by reviewing suspicious emails reported by users or advising on best practices - thereby injecting your knowledge into the broader organisation beyond the SOC. Process Improvement & Preparedness: Continuously seek opportunities to improve the SOC s processes and tools. After major incidents, lead a thorough post-mortem analysis with the team to discern what went well and what could be improved. Update incident response playbooks and checklists based on lessons learned or changes in the IT environment. Ensure our incident response plans align with industry standards (such as NIST 800-61) and legal industry requirements. Participate in (and sometimes lead) incident response drills and tabletop exercises to test the team s readiness for various scenarios (e.g., a ransomware outbreak or a significant data breach). These simulations help strengthen the team s coordination and build muscle memory for real incidents. Also, collaborate with the SOC Manager/Lead on identifying tool or capability gaps - for instance, if you notice that certain types of threats are hard to investigate, you might champion the adoption of a new forensic tool or a SIEM enhancement. Your seasoned perspective is valuable in steering investments in SOC capabilities and ensuring the team stays ahead of adversaries. Responsibilities You should be adept at querying and correlating data to spot threats across complex IT systems. Hands-on experience with digital forensic techniques and tools (for disk imaging, memory analysis, malware analysis, etc.) is expected - you know how to uncover and analyse evidence left by attackers. Familiarity with threat intelligence platforms and feeds, and the ability to integrate threat intel into SOC monitoring, is important. Scripting or basic programming skills (Python, PowerShell, etc.) to automate tasks or parse data are a plus. Overall, you should be comfortable with the technical underpinnings of modern cyber-attacks (network protocols, Windows/*nix internals, cloud security, etc.) and how to detect and stop them. Incident Response Expertise: Demonstrated ability to handle incidents from start to finish. You have a clear understanding of incident response frameworks (e.g. NIST CSIRP, SANS PICERL) and can effectively perform each phase: preparation, identification, containment, eradication, recovery, and lessons learned. Experience conducting root cause analysis and driving remediation efforts is essential. You should be able to coordinate multiple parallel workstreams during an incident (e.g., one focusing on containment, another on analysis, etc.) and ensure nothing is overlooked. Experience with threat hunting and identifying incidents proactively is highly valued, as it shows you can go on the offensive against threats, not just react. Leadership & Communication: Excellent communication and teamwork abilities. In this senior role, you must communicate clearly with different audiences - from technical peers to lawyers and executives. Ability to translate DWF Group - Confidential Data complex technical findings into clear, concise explanations is key, especially when briefing non-technical stakeholders after an incident. Strong written communication is important for reports and documentation. You should be comfortable providing guidance and constructive feedback to junior team members. Prior experience mentoring or training others (formally or informally) will serve you well, as a portion of this role is to uplift the skills of the team. We are looking for someone who can take initiative, remain calm under pressure, and lead by example during crisis situations. A collaborative mindset is crucial - you will work with a variety of teams, so being able to build positive working relationships and influence others to act on security recommendations is part of the job. Knowledge of Regulations & Best Practices: Good understanding of relevant security standards and regulations. Familiarity with data protection laws (such as GDPR in Europe) and breach notification requirements will help ensure our incident handling remains compliant. Awareness of legal-industry specific concerns like protecting attorney-client privilege during breach investigations is a plus. Knowledge of frameworks like MITRE ATT&CK for threat analysis, and ISO 27001 or SOC 2 for security controls, can provide helpful context in this role. You should also exhibit a strong ethical compass and respect for confidentiality, given the legal sensitivities of the data we handle. What will help you succeed in this role? Qualifications and Experience Education: Bachelor s degree in Cybersecurity, Information Security, Computer Science, or a related field is preferred. Equivalent practical experience is fully recognised. Relevant certifications that demonstrate your expertise in incident response or security operations are a plus (e.g., GCIH, CISSP, CISM, GCFA, CEH). While not strictly required, such certifications indicate a solid knowledge base and commitment to the field. More importantly, we value a proven track record and hands-on skills in security operations over formal credentials alone. DWF Group - Confidential Data Experience: Extensive experience in security operations and incident response. We expect on the order of 4-6+ years of dedicated cybersecurity experience, with significant time spent in a SOC or Incident Response role. This should include handling a wide variety of security incidents from detection through resolution. You should have seen everything from minor malware infections to major security breaches and be comfortable acting as the escalation point for complex cases. Experience specific to legal or other highly regulated industries is beneficial (due to understanding of data sensitivity and compliance needs), as is experience dealing with cross-border security challenges. Any experience in supporting cybersecurity during mergers & acquisitions (integrating acquired company s networks, data protection during transitions) would be an asset, as our firm is growing and occasionally acquires other businesses. Technical Skills: Deep knowledge of security technologies and incident response practices. Strong proficiency with SIEM platforms, intrusion detection/prevention systems, EDR tools, and log management is required, as these are the primary tools for monitoring and investigating incidents. You should be adept at querying and correlating data to spot threats across complex IT systems. Hands-on experience with digital forensic techniques and tools (for disk imaging, memory analysis, malware analysis, etc.) is expected - you know how to uncover and analyse evidence left by attackers. Familiarity with threat intelligence platforms and feeds, and the ability to integrate threat intel into SOC monitoring, is important. Scripting or basic programming skills (Python, PowerShell, etc.) to automate tasks or parse data are a plus. Overall, you should be comfortable with the technical underpinnings of modern cyber-attacks (network protocols, Windows/*nix internals, cloud security, etc.) and how to detect and stop them. Incident Response Expertise: Demonstrated ability to handle incidents from start to finish. You have a clear understanding of incident response frameworks (e.g. NIST CSIRP, SANS PICERL) and can effectively perform each phase: preparation, identification, containment, eradication, recovery, and lessons learned. Experience conducting root cause analysis and driving remediation efforts is essential. You should be able to coordinate multiple parallel workstreams during an incident (e.g., one focusing on containment, another on analysis, etc.) and ensure nothing is overlooked. Experience with threat hunting and identifying incidents proactively is highly valued, as it shows you can go on the offensive against threats, not just react. Leadership & Communication: Excellent communication and teamwork abilities. In this senior role, you must communicate clearly with different audiences - from technical peers to lawyers and executives. Ability to translate DWF Group - Confidential Data complex technical findings into clear, concise explanations is key, especially when briefing non-technical stakeholders after an incident. Strong written communication is important for reports and documentation. You should be comfortable providing guidance and constructive feedback to junior team members. Prior experience mentoring or training others (formally or informally) will serve you well, as a portion of this role is to uplift the skills of the team. We are looking for someone who can take initiative, remain calm under pressure, and lead by example during crisis situations. A collaborative mindset is crucial - you will work with a variety of teams, so being able to build positive working relationships and influence others to act on security recommendations is part of the job. Knowledge of Regulations & Best Practices: Good understanding of relevant security standards and regulations. Familiarity with data protection laws (such as GDPR in Europe) and breach notification requirements will help ensure our incident handling remains compliant. Awareness of legal-industry specific concerns like protecting attorney-client privilege during breach investigations is a plus. Knowledge of frameworks like MITRE ATT&CK for threat analysis, and ISO 27001 or SOC 2 for security controls, can provide helpful context in this role. You should also exhibit a strong ethical compass and respect for confidentiality, given the legal sensitivities of the data we handle What we offer? At DWF, we deeply appreciate the significance of offering a comprehensive rewards package that extends beyond a basic salary. Our commitment is to ensure that each member of our team not only feels valued but is also duly rewarded throughout their tenure with us. Upon joining our organisation, you will have the opportunity to select from a diverse array of benefits, allowing you to carefully tailor a package that perfectly aligns with your individual needs and those of your family. In addition to our standard benefits, we offer a wide range of flexible benefits and robust well-being programs. Our recruitment process upholds the highest standards of fairness and engagement. It includes comprehensive interviews and, at times, a written assessment, an assessment day, or presentation. We aim to create a positive experience for all candidates and offer any adjustments or additional support. About us DWF is a global legal business providing Complex, Managed and Connected Services. We empower people to be themselves within an inclusive and supportive environment, enabling everyone to achieve their full potential in line with their abilities and career aspirations.

AI Solutions Engineer at Edwisely | Jobs at Edwisely Experience: 0-3 Years Role Overview We re seeking an AI Solutions Engineer to lead the integration of GenAI tools such as ChatGPT or Claude into our core platform. You ll design, prototype, and deploy features that elevate student outcomes, make teaching exciting, and enrich dashboards with intelligent insights, all while upholding privacy and governance standards. Key Responsibilities Design and build GenAI-powered features like guided study assistants, automated remediation engine, and intelligent feedback tools. Develop end-to-end pipelines (prompt design model integration CI/CD deployment) that align with Edwisely s Intelligent Learning Infrastructure. Collaborate with product teams, faculty, and UX designers to deploy AI features in classrooms and dashboards. Ensure all AI implementations meet ISO 27001 security and CERT-In data protection guidelines. Measure adoption and impact via analytics dashboards support evidence-based learning outcomes. What You ll Bring Strong in prompt engineering, RAG, embeddings, or QA systems using frameworks like OpenAI API, LangChain, Hugging Face Transformers. Familiarity with ML deployment FastAPI, Docker, AWS/GCP within production-grade applications. Experience with education data, knowledge graphs, student modeling, or assessment systems is a big plus. Results-driven: ability to turn prototypes into scalable features. Passionate about improving higher education with impactful, AI-driven solutions. Why Edwisely? Be part of a high-impact EdTech startup, transforming learning journeys of engineering students nationwide. Work with a product that uses AI + analytics to personalize learning, support faculty, and guide institutional decisions . Career growth: define your ownership architecture, implementation, or research-led product development. Competitive package, fast-paced work culture, and freedom to drive real-world impact. Application Process Submit your CV + GitHub or project links (especially showcasing GenAI integrations or NLP projects). for Edwisely

Management Level F Role Summary The Senior Security Operations Analyst will play a lead role, assisting the Head of Security Operations, in a team of up to 13 staff delivering these activities. They will report directly to the Head of Security Operations. They will contribute to all aspects of the Company s operational security strategy and programme, as appropriate to demand, workload, skills and experience. Core Duties/Responsibilities Conduct regular compliance reviews of actual practice in teams across the IT organisation against defined operational IT security processes. Ensure that operational security processes are adjusted as security needs or the Company s business change. Identify potential for improvements in cost efficiency in the main operational security activities and provide feedback to the CISO and Head of Security Operations to instigate projects and initiatives that seek to achieve these improvements. Monitor quality of service and quality of security control targets and metrics with all non-security teams throughout the Company engaged in operational IT Security activities. Participate in requirements definition, acceptance and implementation of projects and initiatives that are developed by GIS for the infrastructure and tools that support the main operational IT Security activities. Identify and conduct IT Security Monitoring and Testing activities to the appropriate quality of service and security. In particular this involves working with the Company s external security monitoring partner to ensure complete, effective and robust levels of protection through monitoring and response. Design & oversee the implementation of sound security management practices and controls for day-to-day access security administration and monitoring by other business and IT teams. Monitor for, respond to, mitigate impact of, take remedial action during, and define lessons learnt from, information security incidents, gathering input from other information and IT security teams. Own and manage vulnerability identification across the EQ estate. Analyse scan results, validate findings, and prioritise remediation actions based on risk, exploitability, and asset criticality. Track remediation efforts and verify effectiveness through re-scans and reporting Contribute as appropriate to IT operations and infrastructure development initiatives within Group IT from the IT security perspective. Skills, Knowledge & Experience The Senior Security Operations Analyst will have held previous positions as an Operational Security team leader, senior SOC analyst or Incident Responder. They should have accumulated at least 4 years relevant experience in a role in industry or an IT or security services provider. Extensive experience of the following is essential: Managed security monitoring services and other relevant security technology vendors and service provider. Experience in leading incident response activity either as an individual or as an incident response coordinator. Previous ownership of incident response processes and procedures - including documentation, maintenance and testing of those processes and procedures. Demonstrable practical experience with threat hunting techniques and processes. A strong understanding of the Cyber Kill Chain and Mitre Framework and how these can be used to determine threat actors and identify attack mitigations. Technical analysis of cyber security threats and threat intelligence. Experience of delivering and managing operational security tooling for cloud based environments - with significant focus on natively available controls within AWS. Familiarity with relevant industry cyber security standards/frameworks such as NIST CSF, ISO 27001 and CIS Critical Security Controls. Experience with Vulnerability Management tools (Qualys, Nessus, Metasploit, BurpSuite etc ) Experience managing and configuring DLP capabilities Development of processes and play books to support Security Operations services. Experience with scripting (Python, Power BI) and automation tools a benefit. Strong organisation and communication skills a must. In addition, the following key experience is preferred: Experience of delivering against similar accountabilities with global impact in an organisation of similar scale and complexity as EQ. Ability and motivation to work with parties inside and outside the security community through a cooperative, interactive, trustful and respectful approach. A doer with capacity to drive relevant activities personally. Broad general knowledge of good information security practice.

Compliance Management: Responsible for ensuring the implementation and ongoing adherence to relevant security frameworks, including ISO 27001, GDPR, and PCI DSS. This includes maintaining comprehensive documentation and evidence of compliance controls and policies, as well as leading periodic compliance reviews and assessments. Audit Support: Collaborate with security and audit teams to coordinate and support the execution of both internal and external audits. This involves addressing audit findings, ensuring the timely implementation of corrective actions, and preparing and presenting necessary audit evidence and responses related to various security standards. Security Controls & Configuration Oversight: Accountable for ensuring that security configurations across cloud environments, network firewalls, and security tools are securely implemented and consistently monitored. This includes maintaining and enforcing secure configuration baselines and diligently reviewing logs to ensure continuous compliance readiness. EXPERIENCE 2-3 Years SKILLS Primary Skill: Infrastructure Support Sub Skill(s): Infrastructure Support Additional Skill(s): VMWare, Infrastructure Support, System Administrator, AD DC DHCP DNS, Infrastructure Support L1

We are looking for a seasoned SAP GRC Consultant with over 5 years of experience in implementing and managing SAP GRC Access Control solutions. The ideal candidate will have a strong understanding of Segregation of Duties principles and SOX compliance requirements, along with hands-on expertise in configuring GRC components such as MSMP workflows, BRF+ rules and LDAP integration. Requirements: Minimum 5 years of experience as a GRC Consultant. Strong expertise in SAP GRC Access Control 10.x/12. x. In-depth knowledge of SoD concepts, risk analysis and remediation strategies. Experience with SOX compliance and audit requirements. Proficient in MSMP workflow configuration, BRF+ and EAM setup. Hands-on experience with Compensating Controls, Mitigation Controls and Custom Risk ID creation. Strong understanding of Ruleset configuration and access provisioning. Experience with LDAP integration and user lifecycle management. Experience in regulated industries such as Manufacturing, Aerospace, Defense etc. Familiarity with GDPR, ISO 27001 or other compliance frameworks. Ability to work independently and manage multiple priorities in a fast-paced environment. Experience in the manufacturing industry is essential, with a focus on production system integration, audit readiness and operational risk management. SAP GRC certification is desirable. SAP Security and Authorization knowledge is a plus. #LI-Onsite #LI-PO1

Location/s: Bengaluru Recruiter contact: Supriya Yadavalli Mott MacDonald is a global engineering, management, and development consultancy with over 20,000 employees across more than 50 countries and 140+ offices. We work across incredible global industries, delivering exciting work that is defining our future and making an important societal impact in the communities we serve. Our people power our performance - we succeed when they do. With countless opportunities to collaborate, learn, and grow, the possibilities for excellence are as varied as every individual. Whether you want to grow as a subject matter expert or broaden your experience with roles across our international community, you re surrounded by global specialists who want to combine their expertise and champion you to be your best. As a proudly employee-owned business, we benefit our clients, our communities, and each other, investing in creating the right space for everyone to feel empowered, included, and valued. Whatever your ambition, Mott MacDonald is where people come to be brilliant. About the business unit Mott MacDonald s support services are the driving force behind our organisation enabling us to run efficiently and effectively. The team works collaboratively to offer specialist advice, best practice and technology to all areas of our business specifically designed for our global reach. Job Description: Working as an IT Specialist in Cyber Security you will assist and advise the IT Manager for Cyber Security regarding Risk Analysis and Remediation Risk Analysis and Remediation Service Desk analyst you will be the first point of contact for all employees seeking to resolve IT issues. Speedy and intelligent resolution of IT incidents is the key to ensuring that Mott MacDonald can deliver on its promises to its clients. Key duties and responsibilities include: Proactively seeking out the most effective means of monitoring information security related activities, by use of existing tools, or the investigation of new tools and methods Developing and adopting appropriate Risk Assessment methodologies to ensure we are correctly prioritizing the risks we have identified. Assist in the monitoring and resolution of all Information Security issues as they occur, driving through forensic investigation and remediation as appropriate. Feedback all lessons learned into Operational and/or Governance systems. Drive and support information security related change in Operational teams Governance Advice on appropriate security posture (approach, risks, technical measures, awareness) from the point of view of the business (both overall and specific teams) Assist with driving cultural change in the organization by helping people understand risks and make better choices to address enterprise security weaknesses. Communications Responsible for working with BMS and IT teams to communicate to the business and IT on known threats and best practices for information security, as they evolve. Operational Advice on all requirements around information security and appropriate use of specific systems or services, both those provided by IT or as required by the business, including projects with special security requirements and setup. Acting as a point of contact for Information Security champions within operational IT teams, advising on appropriate responses, escalation as required. Supervise the development of and relationship with the (planned) Security Operations Centre Help to ensure that risk is measured and understood effectively by operational teams. Penetration testing and vulnerability assessments Assist with prioritisation of security controls and remediation. Architecture Review and recommend tools and processes for managing information security around new and existing systems. Price out solutions and advise on the best risk solution portfolio. Identify, review and evaluate technology risk. Input to design choices for new systems to ensure security is addressed appropriately. Scan and provide feedback on new products and risks to inform management strategy. Candidate Specification: Essential: Demonstrable experience of business operations and processes in a large multinational or global organisation In-depth understanding of the Office 365 platform and Microsoft Windows Domain environment In-depth understanding of modern cloud and network technologies and protocols Demonstrate appreciation for user-centred design, experience, and usability Experience with mobile applications Working knowledge of international data privacy, data residency, and information security requirements Desirable: High degree of understanding of the evolving global and internal IT environments Knowledge of all Threat areas (deliberate, accidental, internal, external) Extensive experience of the ISO 27001 Information Security Management framework Understanding of Cyber Essential Plus and similar government security standards Personal Attributes: Passionate about technology and learning. Ability to balance demands and priorities and think clearly under pressure. Attention to detail and a focus on quality. Excellent conflict resolution, communication, and collaboration skills. Logical and analytical approach to solving problems. We can offer (subject to Company s policy): - Agile and safe working environment - Competitive annual leave and sick leaves - Group incentive scheme - Group term life insurance, Workmen s compensation and Group medical insurance coverage - Short and Long-term Global employment opportunities - Global collaboration and knowledge sharing - Digital Innovation and Transformation

Define and implement secure cloud network architecture, manage firewall operations, and ensure alignment with industry security standards. Education: 15 Years Full-TimeJob SummaryWe are hiring a Security Architect to lead the design and implementation of secure network environments, with a focus on firewalls, cloud security, and threat protection. You will ensure compliance with frameworks like NIST, ISO 27001, and CIS while supporting cross-functional security transitions. Job Summary We are hiring a Security Architect to lead the design and implementation of secure network environments, with a focus on firewalls, cloud security, and threat protection. You will ensure compliance with frameworks like NIST, ISO 27001, and CIS while supporting cross-functional security transitions. Required Skills Expertise in Checkpoint Firewalls, IPsec, GlobalProtect VPNs, and Firewall implementation Experience with Cisco ASA, Cisco ISE, Barracuda, and Incapsula WAFs Strong in firewall rule management, remote access, threat detection, and content filtering Familiarity with patch management, firmware monitoring, and ruleset reviews Proficient in network protocols (BGP, routing, switching) Hands-on with IDS/IPS, proxies, and network security tools Basic OS knowledge: Windows, Unix, Linux Understanding of cloud security standards: NIST, ISO 27001, CIS Strong documentation and collaboration skills for security handovers

is a next-generation technology and product engineering company at the forefront of innovation in Generative AI, Agentic AI , and autonomous intelligent systems . We build intelligent, secure, and scalable digital platforms that power the future of AI across industries. Role Overview: We are looking for a Senior Security Specialist with 8+ years of experience in cybersecurity, cloud security, and application security. You will be responsible for identifying, mitigating, and preventing threats across our technology landscape particularly in AI-powered, data-driven environments. This role involves leading penetration testing efforts , managing vulnerability assessments , and implementing best-in-class security tools and practices to protect our platforms and clients. What we are looking from an ideal candidate? Design and implement robust security architectures for cloud-native and on-prem environments. Conduct penetration testing (internal/external, network, application, API) and deliver clear remediation strategies. Perform regular vulnerability assessments using industry-standard tools and frameworks. Lead threat modeling and risk assessments across systems, services, and data pipelines. Collaborate with development and DevOps teams to integrate security in SDLC and CI/CD pipelines ( DevSecOps ). Define and enforce security policies, incident response procedures, and access controls. Monitor for security breaches and investigate security events using SIEM and forensic tools. Ensure compliance with global standards such as ISO 27001 , SOC 2 , GDPR , and HIPAA . Provide guidance on secure implementation of AI/ML components and data protection strategies. Preferred Skills: What skills do you need? Requirements: 8+ years of experience in information security , application security , or cybersecurity engineering . Proficient in penetration testing methodologies and use of tools such as Burp Suite , Metasploit , Nmap , Wireshark , Nessus , OWASP ZAP , Qualys , etc. Deep experience in vulnerability management , patching, and security hardening practices. Strong understanding of OWASP Top 10 , CWE/SANS Top 25 , API security, and secure coding principles. Hands-on experience with cloud security (AWS, Azure, or GCP), IAM, firewalls, WAFs, encryption, and endpoint security. Familiarity with SIEM , EDR , IDS/IPS , and DLP solutions. Knowledge of DevSecOps and tools like Terraform , Kubernetes , Docker , etc. Excellent problem-solving, analytical, and incident-handling capabilities. Preferred Qualifications: Certifications such as CISSP , CISM , CEH , OSCP , or AWS Security Specialty . Experience working on security aspects of AI/ML platforms , data pipelines , or model inferencing . Familiarity with governance and compliance frameworks (e.g., PCI-DSS, HIPAA). Experience in secure agile product environments and threat modeling techniques. What We Offer: A mission-critical role securing next-gen AI systems Opportunity to work with an innovative and fast-paced tech company High visibility and leadership opportunities in a growing security function Compensation is not a constraint for the right candidate

Redefine the future of customer experiences. One conversation at a time. We re changing the game with a first-of-its-kind, conversation-centric platform that unifies team collaboration and customer experience in one place. Powered by AI, built by amazing humans. Our culture is forward-thinking, customer-obsessed and built on an unwavering belief that connection fuels business and life; connections to our customers with our signature Amazing Service , our products and services, and most importantly, each other. Since 2008, 100,000+ companies and 1M+ users rely on Nextiva for customer and team communication. If you re ready to collaborate and create with amazing people, let your personality shine and be on the frontlines of helping businesses deliver amazing experiences, you re in the right place. Build Amazing - Deliver Amazing - Live Amazing - Be Amazing The AI Security and Compliance Engineer is responsible for working with development and compliance teams to ensure secure and compliant AI development throughout the product lifecycle. The engineer applies knowledge of AI and application security risks and threats to design and implement appropriate, cost-effective security controls during development, deployment, and operation of AI based applications. The engineer defines and promotes the implementation guidelines for data classification, segregation, and access controls to AI model inputs and training data to ensure data confidentiality and privacy for different data sources and user groups. The engineer performs audits and vulnerability assessments, penetration testing and supports mitigation of findings. Key Responsibilities: Ensure AI products have security and privacy by design. Establish and document policies and guidelines for data classification and data used for training to prevent leaks of sensitive data. Work with development and compliance teams to ensure secure and compliant AI development throughout the product lifecycle to meet customer, regulatory, and contractual obligations. Monitor and audit AI systems and development processes for compliance with policies, regulations and contractual obligations. Monitor and respond to security incidents involving AI systems. Create AI-specific incident management procedures to address AI related security incidents. Enhance the resilience of AI systems against potential threats by implementing cyber security best practices, controls, and tools to protect AI models from threats such as those in the OWASP AI Top Ten, including supply chain and model poisoning threats and attempts to access, modify, and exfiltrate confidential information via the query interface. Establish policies and guidelines for access controls, limitations and guardrails on usage and prompts for AI inputs and API s. Ensure proper access controls on API s and processing pipelines, and segregation of data. Create, update, and maintain threat models for a wide variety of software projects. Provide AI security training for internal development teams. Maintain current knowledge of AI risks, threats, and AI testing tools and techniques. Perform other duties to support the technical and operational security of the organization as required. Qualifications: Bachelor s degree in an IT related field or equivalent experience and 2-5 years of experience in working in IT security, software development, or AI development. Desired certifications - one or more of the following: CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), SSCP (Systems Security Certified Practitioner), CCSP (Certified Cloud Security Professional) or CompTIA Security+. Understanding of Application Security and Data Security for applications and AI, such as the OWASP Top 10 and the OWASP Top 10 for Generative AI. Proficiency in and strong working knowledge of AI technologies and models such as Llama and ChatGPT. Experience and understanding of threats and risks related to web applications and API s, particularly with AI based applications. General knowledge of security implications of threats and vulnerabilities related to networks, servers, operating systems, applications, and databases. Experience with vulnerability management, patching, and mitigation assessment. Experience working within and implementing policies for a security framework such as ISO 27001 and NIST. Flexibility to work off-hours to support global project teams and maintenance windows. Ability to support 24x7 on-call for incident response on a rotating basis. Experience developing software, scripting and using SQL queries to automate controls, processes and reporting. Competencies: Strong analytical problem-solving skills and attention to detail. Organization, Time Management & Prioritization - Self-starter that focuses on key priorities; plans, organizes, schedules and executes on tasks and projects in an efficient and productive manner. Ability to form productive relationships across the organization to accomplish information security objectives. Ability and willingness to learn all aspects of the information security field. Professional verbal and written communication skills in English. Expresses ideas using clear, effective and efficient language. Listens patiently and attentively. Adapts to the purpose of the communication with appropriate style, substance, detail, confidence and channel. Possess the ability to manage multiple channels of communication simultaneously; phone, email, tickets, and chat. Able to assess, document, and prioritize identified security flaws and vulnerabilities based on risk. Total Rewards Our Total Rewards offerings are designed to allow our employees to take care of themselves and their families so they can be their best, in and out of the office. Our compensation packages are tailored to each role and candidates qualifications. We consider a wide range of factors, including skills, experience, training, and certifications, when determining compensation. We aim to offer competitive salaries or wages that reflect the value you bring to our team. Depending on the position, compensation may include base salary and/or hourly wages, incentives, or bonuses. Medical - Medical insurance coverage is available for employees, their spouse, and up to two dependent children with a limit of 500,000 INR, as well as their parents or in-laws for up to 300,000 INR. This comprehensive coverage ensures that essential healthcare needs are met for the entire family unit, providing peace of mind and security in times of medical necessity. Group Term & Group Personal Accident Insurance - Provides insurance coverage against the risk of death / injury during the policy period sustained due to an accident caused by violent, visible & external means. Coverage Type - Employee Only Sum Insured - 3 times of annual CTC with minimum cap of INR 10,00,000 Free Cover Limit - 1.5 Crore Work-Life Balance - 15 days of Privilege leaves per calendar year, 6 days of Paid Sick leave per calendar year, 6 days of Casual leave per calendar year. Paid 26 weeks of Maternity leaves, 1 week of Paternity leave, a day off on your Birthday, and paid holidays Financial Security - Provident Fund & Gratuity Wellness - Employee Assistance Program and comprehensive wellness initiatives Growth - Access to ongoing learning and development opportunities and career advancement At Nextiva, were committed to supporting our employees health, well-being, and professional growth. Join us and build a rewarding career! Established in 2008 and headquartered in Scottsdale, Arizona, Nextiva secured $200M from Goldman Sachs in late 2021, valuing the company at $2.7B.To check out what s going on at Nextiva, check us out on Instagram , Instagram (MX) , YouTube , LinkedIn , and the Nextiva blog . #LI-RQ1 #LI-Hybrid

We are looking for a Lead IT Security Engineer with 7-10 years of hands-on experience in securing cloud infrastructure and e..."/> Lead IT Security Engineer About Alaan We are an AI-powered expense management platform designed to simplify finance for businesses in the Middle East, helping them save both time and money. Our platform offers everything businesses need to manage and control their expenses in one place, including smart corporate cards, AI-powered automation and insights, streamlined accounting, and centralized dashboards. Since 2022, over 1000 businesses in the UAE from startups to enterprises like Al Barari, Rove, Rivoli, Punjab National Bank, and CarSwitch have used Alaan to control their spending and reduce costs. Together, our customers have saved over AED 100 million using Alaan. About the role We are looking for a Lead IT Security Engineer with 7-10 years of hands-on experience in securing cloud infrastructure and enterprise environments. In this leadership role, you will take ownership of securing our AWS and GCP environments, leading the implementation of Privileged Access Management (PAM) solutions such as CyberArk, and driving organization-wide adoption of security best practices across engineering and DevOps.You will closely collaborate with DevOps, Engineering, and Compliance teams to continuously harden our infrastructure, guide security strategy, and ensure alignment with industry-leading principles. What youll do Lead security strategy and implementation for AWS and GCP environments, covering IAM, VPC, networking, access control, and observability. Architect and oversee the deployment of Privileged Access Management (PAM) tools (e.g., CyberArk) and ensure secure integration across critical systems. Champion secret management practices, removing credentials from Git repositories; implement preventive controls using Git hooks and CI/CD enforcement tools. Work with engineering and DevOps teams to embed security into every phase of the development lifecycle. Establish and enforce endpoint security policies (e.g., MDM, patch management, audit readiness) for all engineering devices. Conduct regular security reviews, including access audits, misconfiguration scans, and policy validation. Lead security incident response efforts and provide forensic analysis where needed. Partner with engineering leaders to review architecture decisions and ensure secure design patterns. Support and guide compliance initiatives (e.g., SOC 2, ISO 27001, PCI DSS) with relevant controls and documentation. What we are looking for 7-10 years of experience in IT Security or Cloud Security roles, with recent leadership responsibilities. Deep hands-on expertise in securing AWS and GCP environments, especially around IAM, network security, and logging. Proven experience deploying and managing PAM solutions like CyberArk. Strong grasp of DevSecOps practices and secure CI/CD implementations. Experience with MDM and endpoint protection solutions (e.g., Jamf, Intune, CrowdStrike). Proficient with tools for secrets detection and policy enforcement (e.g., GitLeaks, TruffleHog). Excellent communication skills, with the ability to lead cross-functional conversations on security posture and risk. Bonus (Preferred, not required) Knowledge of application-layer security including OAuth, OpenID, and secure API design. Experience securing Kubernetes workloads and multi-tenant environments. Background in fintech or other highly regulated industries. Whats in it for you Contribute to building the Middle East s most beloved fintech brand from the ground up Benefit from a role with significant ownership and accountability Thrive in a flexible hybrid culture with ample work-life balance Participate in exciting offsite events Competitive salary and equity Enjoy additional perks like travel allowances, gym memberships, and more

Since our launch in 2015, we ve lent over 10bn to ambitious entrepreneurs up and down the UK. That s led to the creation of over 40,000 new jobs and over 29,000 new homes - and we re not about to stop there. We re dedicated to helping trailblazing businesses thrive and our Finance team are the drivers of our growth. As an IT and Cyber Security Auditor , you will be responsible for planning, executing, and reporting on a wide range of audits covering IT security, business automation, cloud infrastructure, and digital transformation across OakNorth Bank plc. You will provide independent assurance to senior management that the Bank s technology environment including its growing use of Generative AI is secure, resilient, and well-governed. This role also includes guiding the Bank s responsible adoption of Generative AI (GenAI) technologies while helping build capabilities within the Internal Audit team, including mentoring and developing junior staff members. This is a fantastic opportunity to join a fast-paced, growing bank with a reputation for doing things differently. We don t want another cog in the machine, we re looking for self-starters and bold thinkers who want to pave their own career paths. Are you ready to step up to the challenge? Key Responsibilities: Lead and Deliver Audits : Plan, execute, and report IT and cyber security audits covering ITGCs, cloud (AWS/Azure), networks, data protection, automation, and digital transformation initiatives. Manage audits independently or with co-sourced partners, ensuring end-to-end delivery. Support GenAI Risk Assurance : Assess risks and controls related to the Bank s adoption of Generative AI covering governance, data integrity, ethical usage, access controls, and operational safeguards. Leverage GenAI tools to enhance audit execution and insight generation. Evaluate Cybersecurity and Resilience : Review threat detection capabilities, cybersecurity controls (e.g., IAM, DLP, IDS/IPS), and response readiness. Challenge business continuity, disaster recovery, and incident response plans, including backup processes and RPO/RTO targets. Stakeholder Engagement and Reporting : Provide clear, actionable reporting to senior management and collaborate with Technology, Risk, and Operations teams to strengthen control environments and drive improvements. Team Development and Methodology Improvement : Guide, coach, and mentor junior auditors; contribute to the evolution of IT audit methodology to reflect emerging technologies, risks, and regulatory expectations. What We re Looking For: Must-Haves: Overall experience of 8 years with Minimum 3 years of experience in IT audit or cyber risk, ideally within banking, fintech, or a Big 4 advisory firm. Degree in Information Technology, Computer Science, or a related field with a strong academic record. At least one globally recognized IT audit/security certification (e.g., CISA, CISSP, ISO 27001 LA); Familiarity with GenAI use cases and associated risks in an enterprise setting. Strong understanding of frameworks like NIST, ISO 27001, COBIT, COSO, and ITIL. Experience using GRC tools and a passion for applying technology in audit work. Preferred Traits: High drive and bias for action brings energy and momentum to audit delivery. Clear and structured communicator who simplifies complexity and delivers insights. A collaborative leader who uplifts others coaches, mentors, and supports junior colleagues. Operates with integrity and directness say it as it is mindset. Trusted and respected by peers and stakeholders at all levels of the organization. Fast learner and problem-solver who thrives in a changing environment. 0 - 0 a year Benefits & Perks: Equity. We want people to have a stake in the business so that all our interests are aligned Health Insurance for employee and dependents Wellbeing and social events Support causes that matter to you - Volunteering time off

Position Summary The Compliance, Quality & Data Fiduciary Manager is responsible for ensuring the organizations compliance with ISO 9001 (Quality Management System), ISO 27001 (Information Security Management System) standards, also fulfilling the duties of data fiduciary. This role involves managing the quality and information security frameworks, ensuring data protection & privacy compliance and overseeing all related processes to maintain the highest standards of integrity and trust. Area of Responsibility A . ISO 9001Quality Management System (QMS) 1. Design, Development and Implementation Design, implement and maintain QMS in accordance with ISO 9001 standards Develop and document quality policies, procedures and processes which are aligned with prevailing ISO 9001 standards. 2. Monitoring and Auditing Conduct regular interval audits to ensure ISO 9001 Compliance Monitor key performance indicators(KPIs) to access and improve effectiveness of QMS Lead continuous improvement initiatives in quality management 3. Training and Awareness Provide training on ISO 9001 standards and quality management best practices Ensure all employees understand their role within the QMS framework B.ISO 27001 Information Security Management System (ISMS) 1. Development and Implementation Establish, implement the ISMS standards as per ISO 27001 Develop and maintain robust information security policies, procedures and controls. 2. Risk Management Conduct risk assessments to identify potential threats to information security. Implement appropriate security measures to mitigate identified risks. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27001 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Incident Management Develop and manage an incident response plan for handling security breaches. Lead investigation into security incidents and coordinate remedies efforts. C.ISO 27701 Privacy Information Management System (PIMS) 1. Development and Implementation Establish, implement the PIMS standards as per ISO 27701 Develop and maintain robust personal data protection policies, procedures and controls 2. Data security and Privacy Regularly review and update data protection policy to align with changing regulation Implement appropriate data protection measures, ensuring that personal data is secured and handled ethically. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27701 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Transparency and Accountability Maintain transparent data practices, clearly communicating how personal data is used and stored. Ensure that the organization can demonstrate compliance with data protection principles and respond effectively to data principles request. 5. Training and Awareness Provide training on ISO 27701 standards and train employees on data protection laws DPDP Act 2023, emphasizing their roles and responsibilities as data handlers Promote a culture of privacy and data protection within the organization D. Compliance Management 1. Regulatory Compliance Ensure the organization complies with all relevant legal and regulatory requirements related to quality, privacy information and information security Keep up-to date with changes in legislation and standards that impact ISO 9001, ISO 27001 and ISO 27701 2. Documentation and Reporting Maintain comprehensive record of compliance activity, include audit findings, corrective actions and management reviews Prepare and present compliance and quality reports to senior management E. Continuous Improvement 1. Process Optimization Identify opportunities for process improvements for across quality, information security and data protection functions Lead initiatives to enhance organizational practices and promote a culture of continuous improvement 2. Stakeholder Engagement Collaborate with internal and external stakeholders to ensure alignment with these ISO 90001, ISO 27001 and ISO 27701 requirements. Act as a primary contact for all compliance certification such as quality, information security and data protection related matters. Qualification: Bachelor Degree, relevant certifications( ISO 9001 lead auditor, ISO 27001 Lead Auditor, Data Protection Officer) Shift Timing 9 AM-6 PM, 5 days with 2 alternate Saturdays in a month Experience: Proven experience in managing, implementing and getting certification on ISO 9001 and ISO 27001 for at least 9 -12 years of experience Last experience along with ISO 9001 and ISO 27001, preferably in managing ISO 27701 for at least 2-3 years Experience in conducting audits, vendor assessments/ due diligence with respect to ISMS and data protection as requested by the clients. Leading all compliance initiatives. Key Competencies Functional Strong knowledge of ISO 9001, ISO 27001 and ISO 27701 along with data protection regulations Excellent analytical, problem solving and decision making skills Strong communication skills with ability to influence and lead cross functional teams. Should have excellent presentation skills and should be able to present to senior management High attention to details and strong organizational skills Should be able to conduct and manage audits of different business units within the organization Should be able to manage vendors and possess good negotiation skills Perks: Health & Wellness Work-Life Balance Recognition & Awards Collaborative Culture Learning & Development Professional Growth

Position Summary The Compliance, Quality & Data Fiduciary Manager is responsible for ensuring the organizations compliance with ISO 9001 (Quality Management System), ISO 27001 (Information Security Management System) standards, also fulfilling the duties of data fiduciary. This role involves managing the quality and information security frameworks, ensuring data protection & privacy compliance and overseeing all related processes to maintain the highest standards of integrity and trust. Area of Responsibility A . ISO 9001Quality Management System (QMS) 1. Design, Development and Implementation Design, implement and maintain QMS in accordance with ISO 9001 standards Develop and document quality policies, procedures and processes which are aligned with prevailing ISO 9001 standards. 2. Monitoring and Auditing Conduct regular interval audits to ensure ISO 9001 Compliance Monitor key performance indicators(KPIs) to access and improve effectiveness of QMS Lead continuous improvement initiatives in quality management 3. Training and Awareness Provide training on ISO 9001 standards and quality management best practices Ensure all employees understand their role within the QMS framework B.ISO 27001 Information Security Management System (ISMS) 1. Development and Implementation Establish, implement the ISMS standards as per ISO 27001 Develop and maintain robust information security policies, procedures and controls. 2. Risk Management Conduct risk assessments to identify potential threats to information security. Implement appropriate security measures to mitigate identified risks. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27001 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Incident Management Develop and manage an incident response plan for handling security breaches. Lead investigation into security incidents and coordinate remedies efforts. C.ISO 27701 Privacy Information Management System (PIMS) 1. Development and Implementation Establish, implement the PIMS standards as per ISO 27701 Develop and maintain robust personal data protection policies, procedures and controls 2. Data security and Privacy Regularly review and update data protection policy to align with changing regulation Implement appropriate data protection measures, ensuring that personal data is secured and handled ethically. 3. Monitoring and Auditing Conduct regular interval audits to ensure ISO 27701 Compliance Address any non-conformities identified during audits and ensure continuous improvement 4. Transparency and Accountability Maintain transparent data practices, clearly communicating how personal data is used and stored. Ensure that the organization can demonstrate compliance with data protection principles and respond effectively to data principles request. 5. Training and Awareness Provide training on ISO 27701 standards and train employees on data protection laws DPDP Act 2023, emphasizing their roles and responsibilities as data handlers Promote a culture of privacy and data protection within the organization D. Compliance Management 1. Regulatory Compliance Ensure the organization complies with all relevant legal and regulatory requirements related to quality, privacy information and information security Keep up-to date with changes in legislation and standards that impact ISO 9001, ISO 27001 and ISO 27701 2. Documentation and Reporting Maintain comprehensive record of compliance activity, include audit findings, corrective actions and management reviews Prepare and present compliance and quality reports to senior management E. Continuous Improvement 1. Process Optimization Identify opportunities for process improvements for across quality, information security and data protection functions Lead initiatives to enhance organizational practices and promote a culture of continuous improvement 2. Stakeholder Engagement Collaborate with internal and external stakeholders to ensure alignment with these ISO 90001, ISO 27001 and ISO 27701 requirements. Act as a primary contact for all compliance certification such as quality, information security and data protection related matters. Qualification: Bachelor Degree, relevant certifications( ISO 9001 lead auditor, ISO 27001 Lead Auditor, Data Protection Officer) Shift Timing 9 AM-6 PM, 5 days with 2 alternate Saturdays in a month Experience: Proven experience in managing, implementing and getting certification on ISO 9001 and ISO 27001 for at least 10 -12 years of experience Last experience along with ISO 9001 and ISO 27001, preferably in managing ISO 27701 for at least 2-3 years Experience in conducting audits, vendor assessments/ due diligence with respect to ISMS and data protection as requested by the clients. Leading all compliance initiatives. Key Competencies Functional Strong knowledge of ISO 9001, ISO 27001 and ISO 27701 along with data protection regulations Excellent analytical, problem solving and decision making skills Strong communication skills with ability to influence and lead cross functional teams. Should have excellent presentation skills and should be able to present to senior management High attention to details and strong organizational skills Should be able to conduct and manage audits of different business units within the organization Should be able to manage vendors and possess good negotiation skills Perks: Health & Wellness Work-Life Balance Recognition & Awards Collaborative Culture Learning & Development Professional Growth

Role & responsibilities • Monitor and respond to real-time cyber threats using SIEM tools and threat intelligence platforms. Conduct regular vulnerability assessments and penetration testing. Analyze security incidents and provide detailed incident reports with remediation plans. Oversee firewall, antivirus, and intrusion detection/prevention systems (IDS/IPS). Perform security risk assessments for infrastructure, applications, and cloud environments. Ensure compliance with HIPAA, GDPR, ISO 27001, and other relevant regulations. Develop and enforce information security policies, procedures, and standards. Work closely with the DevOps, Network, and Infrastructure teams to enforce security protocols. • Lead incident response drills and disaster recovery planning. Prepare security metrics and dashboards for internal reviews and audit support. Stay current on evolving cyber threats and emerging security technologies Preferred candidate profile • Bachelor's degree in Computer Science, Information Security, or a related field. • Strong knowledge of threat intelligence, security monitoring tools (e.g., Splunk, IBM QRadar, or similar). Experience in cloud security (AWS/Azure/GCP) and endpoint security. Familiarity with frameworks such as NIST, MITRE ATT&CK, OWASP. Certifications preferred: CISSP, CISM, CEH, or CompTIA Security+. Strong analytical skills and ability to handle security incidents independently. Excellent communication skills and ability to work with cross-functional teams. Nice to Have • Experience working in healthcare or pharmaceutical industries. • Knowledge of data privacy regulations applicable to clinical or health data. • Exposure to machine learning applications in threat detection.

Here's an updated version of the job description, incorporating your specified details: Staff Product Security Engineer (Embedded & IoT) Work Flexibility: Hybrid Work Mode: Hybrid Location: Bengaluru Work Flexibility Definitions: Remote Role allows you to work the majority to 100% of time from an alternate workplace. These roles could have travel expectations, and you must work within the country of the job requisition location. Field-based – You can expect to regularly work a majority to 100% of time at customer facilities and has a set territory or expectation to travel within a set boundary. Almost all sales roles would likely be qualified as field-based. Onsite – Role is 100% located at a company facility. Some ad hoc flexibility may be available depending on role, level, and job requirements. Manufacturing roles and any role that requires physical presence at the office would qualify under this category. Hybrid – You can expect to regularly work in both an alternate workplace and a company facility. Roles that are partially remote or co-located would qualify as hybrid, and the expectation to be on site would be defined and agreed upon by your manager/supervisor. What you will do: Provide technical leadership and guidance to a team of Web, Embedded, and IoT Security engineers. Execute and oversee Penetration Testing and Vulnerability Assessment activities for Embedded Systems and IoT devices. Leverage DevSecOps to embed security testing ( SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation ) into all phases of the Software Development Life Cycle (SDLC). Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services. Develop and maintain comprehensive test plans, methodologies, and tools for security testing. Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies. Collaborate with cross-functional teams to design and implement secure Embedded and IoT solutions. Lead the Software Bill of Materials (SBOM) Management program , ensuring accurate identification and documentation of software components and dependencies. Drive continuous improvement initiatives related to Embedded and IoT security, testing, and vulnerability management. What you need: Required Qualifications: Bachelor's or Master’s in Computer Science Engineering or a related field. 4 to 10 years of experience in product security, with a strong focus on embedded systems and IoT . Experience with threat modeling, risk assessment , and security architecture reviews for Embedded Systems and IoT solutions. Proficiency in C, C++, and Python programming languages. Familiarity with relevant security standards and frameworks such as OWASP, NIST Cybersecurity Framework , and ISO 27001 . Solid understanding of software development lifecycles and methodologies, particularly in the Embedded Systems and IoT context. Preferred Qualifications: Proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit , and experience applying DevSecOps principles. Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby, or Python. Understanding of Cloud-based environments like Azure and AWS . At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams. Additional Details: Travel Percentage: 10% Mode of Interview: Face-to-Face

Your day at NTT DATA The Senior Security Sales Specialist is an advanced subject matter expert and is also quota-bearing sales persona. Thie primary purpose of this role is to pursue and land qualified leads identified by the Client Management team and other respective teams. The Senior Security Sales Specialist identifies new opportunities from a selection of existing accounts, and presents solutions, value propositions, partner configurations, cost structures, and revenue models to the client that meet their needs. The Senior Security Sales Specialist works directly with clients at a variety of levels, as well as internal subject matter experts. A substantial amount of time is spent on engaged selling or supporting the sales process in partnership with Client Managers. This role contributes to the pre-sales process by working with pre-sales architects to create the best solution design for the client, as well as building and developing excellent stakeholder relationships with new and existing clients, whilst developing new business channels and territories. What youll be doing Key Responsibilities: Owns and drives pipeline to achieve allocated security budget numbers. Drives positive brand recognition on security business in-country and in-region. Maintains subject matter expertise in the Security technology domain or solutions set. Supports the closure of sales based on Security technology domain knowledge. Addresses the technology conceptual challenges during the sales process. Maintains a comprehensive level of relevant product and service knowledge to have meaningful conversations with potential and existing clients. Maintains awareness of the competitive landscape, market pricing, and strategy and how to penetrate a new market. Contributes to the knowledge base of the companys solutions and services within a practice area or service area by sharing best practices with internal teams, as well as client teams. Works with relevant technology vendors and ensures a deep understanding of their solutions and how they can contribute to our own solutions set. Articulates the Security solution/deliverables that the client requires, as opposed to the products that they need to buy. Prepares and conducts client workshops and presentations. Establishes relationships with multiple client stakeholders and secures deals with clients to achieve assigned sales quotas and targets. Uses understanding of the clients business and depth of knowledge on the Security solutions to personalize the recommended solution in line with the clients need. Capable of spotting new sales opportunities within an account and work with the sales teams to drive them to closure. Pursues and lands qualified leads identified by the client managers and other lead generation sources. Develops and maintains clear account plans for appropriate clients and targets. Discovers, forecasts, and runs opportunities in the medium and long-term. Identifies, assesses and highlights client risks that could prove detrimental to the clients organization and credibility. Collaboratively work with sales teams, especially Client Managers, to successfully close the deal. Works closely with other in-territory counterparts and matrix teams to achieve the shared goal of growth. Uses sales methodologies and tools such as target plans, opportunity plans, and account plans to drive the sales process. Develops and implements an opportunity plan, to provide regular check-ins with the primary point of contact and have an established process for getting buy-in from all stakeholders. Knowledge and Attributes: Advanced understanding of security principles, concepts, and technologies, including knowledge of NIST CSF, ISO 27001, cybersecurity solutions, network security, data security/privacy and best practices in securing data and IT infrastructure. Advanced understanding of the technical concepts of Security solutions and display the ability to provide technical consultation and guidance to customers. Displays success in achieving and exceeding sales and financial goals. Advanced proficiency in developing and encouraging meaningful customer relationships up to C-level. Displays ability to delivery engaging sales presentations and elevator pitches. Close attention to maintaining up to date, accurate sales forecast and close plans. Advanced proficiency in team selling approach. Advanced knowledge of competitors and ability to apply competing successful sales strategies. Client-centric approach, with ability to understand customer problems and find best-fit solutions. Flexible to adapt quickly to short, new missions or urgent deadlines. Displays negotiation capabilities to craft solutions that are beneficial to customers, partners, and organization overall. Academic Qualifications and Certifications: Bachelors degree or equivalent in a Technical or Sales field or related is preferred. Certified in industry relevant structured sales methodologies and negotiation skills. Preferred certifications (but not limited to) CISSP, CompTIA Security+, GISF. Required Experience: Advanced sales experience in a technology or services environment, particularly selling Security solutions. Advanced experience of IT Managed Services environment. Advanced demonstrable experience of solution-based selling with a proven track record of sales over-achievement. Advanced experience in selling complex security solutions and services to C-Level clients. Advanced experience in resolving a wide range of issues in creative ways to meet targets and objectives. Workplace type On-site Working