776 Iso 27001 Jobs - Page 25

Division : ITIS Department : ITEA Job Location : MSIL Gurgaon Job Title : Security Architect Job Role : Leading the Security domain in Enterprise Architecture Practice at Maruti Suzuki Reporting To : Enterprise Architect Level in the organization : DM/MGR Educational Qualification Graduation (With Specialization) : B. Tech. Computer Science/ Information Technology/ Electronics Any Other (Certification / Diploma etc.) : CEH/ CISSP/ CISM/CCSP/Microsoft Cybersecurity Architect Work Experience : 5 to 10 years Job Responsibilities a)Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data b)Document and address organizations information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle. c)Employ secure configuration management processes d)Ensure that acquired or developed system(s) and architecture(s) are consistent with organizations cybersecurity architecture guidelines. e)Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. f)Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. g)Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents. h)Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately. i) Responsible for end to end security pertaining to application, data, technology, network and infrastructure j) In-depth understanding of recognized security frameworks such as NIST, ISO 27001/27002, ITIL, and COBIT Competencies / Skills >5+ years of experience in Security Architecture, Design Implementation >Good understanding of Network and Information Security Technologies. >Excellent vendor management skills. >Networking and influencing skills. >Excellent Communication and presentation skills >Excellent personal and time management skills >Knowledge about Information Security Audits and processes >Team Player >ITIL, TOGAF process knowledge/certification is preferred

About the Role We are seeking a detail-oriented and proactive Information Security Auditor to join our team. The role involves conducting information security audits and related activities for internal external stakeholders, including vendors, dealers, and technology partners. It also encompasses activities to ensure organization s compliance with information security standards, conducting internal audits, and supporting the ISO 27001 recertification process. The ideal candidate will play a crucial role in ensuring compliance with information security standards, identifying risks, and recommending actionable improvements. Key Responsibilities Information Security Audits: Plan, execute, and document information security audits within company across all verticals and for external stakeholders, including vendors, dealers, and technology partners. Assess compliance with relevant information security policies, standards, and frameworks (e.g., ISO 27001, NCRF, NIST, GDPR, JAMA-JAPIA Guidelines etc.). ISO 27001 Compliance and Recertification: Lead and coordinate the company s ISO 27001 recertification audit process with third-party auditors. Ensure compliance with ISO 27001 standards and maintain required documentation. Collaborate with internal stakeholders to address audit findings and implement corrective actions. Risk Assessment and Mitigation: Evaluate third-party risks and recommend practical measures to mitigate identified risks. Collaborate with stakeholders to ensure the implementation of corrective actions and improvements. Policy and Compliance Monitoring: Ensure that stakeholders adhere to organizational information security policies and regulatory requirements. Assist in the development, review, and improvement of information security policies, procedures, and guidelines. Stakeholder Engagement: Serve as the primary point of contact for external stakeholders during audits. Communicate audit findings and recommendations effectively through detailed reports and presentations. Continuous Improvement: Stay updated on emerging information security threats, technologies, and industry trends. Contribute to the enhancement of the organizations information security framework and processes. Qualifications and Skills Education: Bachelor s degree in information technology, Computer Science, Cybersecurity, or a related field. Work Experience: 3-5 years of experience in information security auditing, IT risk management, or a related field. Hands-on experience with third-party/vendor audits is highly desirable. Certifications (Preferred): ISO 27001 Lead Auditor/Implementer CISSP (Certified Information Systems Security Professional) / CISA (Certified Information Systems Auditor) / CRISC (Certified in Risk and Information Systems Control) or similar Technical Skills: Strong knowledge of information security frameworks and standards (e.g., ISO 27001, NCRF etc.). Familiarity with IT systems, networks, and security controls. Proficiency in using auditing tools and techniques. Soft Skills: Excellent communication and interpersonal skills to interact with external stakeholders. Strong analytical and problem-solving abilities. Attention to detail and ability to work independently. Strong organizational and time management skills.

Required Experience: 2-5 years Job Location: Gurgaon Graduation: B.Tech in Electrical/Electronics Engineering (Full time) Any other (Certification Diploma): Relevant certifications in CNC, PLC, IoT, Data Analytics, Python and Industry Standards (if applicable) Job Level: AM/DM Ensuring Safety Compliance: Maintain a safe working environment by adhering to safety protocols and regulations. Preventive and Corrective Maintenance: Plan and execute regular maintenance to prevent breakdowns and address any issues promptly. Breakdown Troubleshooting and Repairs: Diagnose and repair machinery breakdowns efficiently to minimize downtime. Planning, Procuring, Installation, and Upgrades : Manage the procurement and installation of new equipment and upgrades for obsolete items. System Adherence and ISO Coordination: Ensure compliance with ISO 9001, 14000, and 45001 standards, and coordinate related activities. Training and Supervision: Train and supervise peers to ensure proper maintenance procedures are followed. Implementing IoT Projects: Develop and implement IoT projects to build analytical models for predicting machinery failures. Competencies / Skills: Technical/ Functional: CNC Systems: Siemens, Mitsubishi, Fanuc PLC Systems: Siemens, Mitsubishi Machinery Knowledge: Toyoda grinding, Hegenscheidt, NTC, HOWA, MAKINO, CORETEC, FANUC Robots IoT Projects: Experience with Fanuc, Mitsubishi, Siemens controller machines, communication protocol such as ethernet, profinet etc.. Data Analytics: Proficient in Python, experienced in big data analytics and its application on machines Predictive Tools: Knowledge and application of various predictive tools Industry Standards: ISO 9001, ISO 45001, ISO 14001, ISO 27001 Communication: Communication: The ability to convey ideas clearly, listen actively, and tailor messages to different audiences. Collaboration: Building trust, delegating tasks, and working seamlessly towards shared goals. Problem-solving: Identifying issues, analyzing root causes, and developing viable solutions. Adaptability: Embracing new technologies, adjusting to workflow modifications, and thriving in dynamic environments. Leadership: Inspiring, motivating, and empowering others. Setting a clear vision, delegating effectively, and holding oneself and others accountable. Customer Service: Building rapport, resolving issues efficiently, and exceeding expectations.

Job Title : Business Continuity Specialist Qualification : Any Finance Graduate /LLB Experience : 3-5 Years Must Have Skills : > Knowledge of global regulations and industry standards, including ISO 22301, ISO/IEC 27001, and ISO 31000 ERM Standard and/or 2017 COSO ERM Framework > Experience on Business Continuity Management. Good to Have Skills : Strong understanding of risk management frameworks, internal controls, and compliance auditing. Experience with risk management software, data analytics tools, and reporting systems. Ability to identify patterns and evaluate complex regulatory risks and propose practical solutions. Excellent communication skills with the ability to present complex information to non-technical stakeholders. Strong attention to detail and a proactive approach to problem-solving. Quick adjustment to new tools, regulations, and client requirements in the fast-paced BPO environment. Ability to work effectively both independently and as part of a global team. Experience working with cross-functional teams in a global environment. Strong analytical and project management skills with the ability to manage multiple priorities simultaneously. Proven organizational planning and management skills; excellent communication skills; and proven emergency and incident management skills. Proficiency on windows applications Roles and Responsibilities : Develop and Maintain Business Continuity Plans: l Design, implement, and regularly maintain/update comprehensive and sustainable business continuity programs through regular review, updating, and development of BCM policies, guidelines, procedures, and plans to ensure critical business functions can continue during and after disruptions. Collaborate with departments to identify critical functions and recovery requirements. Business Continuity Plans per campaign/support group Emergency Preparedness and Response Plan Incident Management Plan Crisis Management Plan Disaster Recovery Plans, etc. Conduct Business Impact Analysis: l Perform regular analyses to assess the potential impact of various disruptions on business operations. l Prioritize essential functions and develop strategies to minimize downtime and ensure recovery. l Create analytics and reports based on these analyses, and provide strategic recommendations to the BCM Lead to enhance organizational resilience. Lead Continuity Testing and Exercises: l Organize and execute testing and simulation exercises of business continuity plans. l Evaluate the effectiveness of plans and make improvements based on test results and feedback. Manage Continuity Resources : l Oversee the acquisition and maintenance of necessary resources and tools for business continuity. l Drive internal awareness and understanding through various training, and engagements to team members and leaders. l Keep abreast of industry best practices and trends, sharing the same to the organization. l Ensure Compliance : l Maintain business continuity plans in accordance with contractual obligations, relevant regulations, industry standards, and organizational policies, with a strong emphasis on adherence to ISO 22301:2019 to ensure we follow global standards. Regularly review and update plans to reflect changes in regulations or organizational needs. In line with this, management reviews and internal audits are included for a complete end-to-end compliance to the standard. l Act as a subject matter expert for BCM related activities. Incident Management and Response: l Develop and implement incident management strategies, including incident identification, response coordination, and stakeholder communication. l Regularly lead training sessions to enhance staff readiness, document incidents, conduct post-incident evaluations, ensure regulatory compliance, prepare reports for senior management, and continuously improve processes based on best practices and emerging threats. l During incidents, provides guidance to identify, manage, and implement appropriate Business Continuity Plans. Identify and Assess Risks: l Provide inputs to the corresponding Risk Registers. l Conduct risk assessments to identify and evaluate potential threats and vulnerabilities. l Analyze the likelihood and impact of identified risks to business operations. Develop Risk Management Strategies: l Assist in formulating and implementing risk management strategies to mitigate identified risks. l Develop and document risk response plans and procedures. Monitor and Report Risks: l Continuously monitor the risk environment and track emerging risks. l Prepare and present risk assessment reports and recommendations to senior management and relevant stakeholders. Compliance Oversight: l Stay up to date with relevant laws, regulations, contractual obligations and industry standards to ensure compliance across the organization. l Develop and implement compliance programs and processes to ensure adherence to legal and regulatory requirements. l Conduct periodic compliance audits and reviews to identify potential compliance issues and recommend corrective actions Promote Risk Awareness: l Foster a culture of risk awareness and management across the organization. l Provide training and guidance to employees on effective risk management practices and procedures. Coordinate with External Partners: l Collaborate with external vendors, consultants, and regulatory bodies to address external risk factors andensure compliance with industry standards and regulations Location : Jaipur CTC Range : 10 lpa (lakh per annum) Notice period : Immediate - 15days Shift Timings : Rotational Shift Mode of Interview : Virtual Mode of Work : WFH (work from home) Mode of Hire : Permanent Note : NA Thanks & Regards, Thanks & Regards, HR Janhavi Staffing Analyst Black and White Business Solutions Pvt Ltd Bangalore, Karnataka, INDIA. Direct Number: 8067432471| janhavi@blackwhite.in | www.blackwhite.in ************************PLEASE REFER YOUR FRIENDS***********************

About TripleLift Were TripleLift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting. Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses. Our technology is where the worlds leading brands find audiences across online video, connected television, display and native ads. Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance. As part of the Vista Equity Partners portfolio, we are NMSDC certified, qualify for diverse spending goals and are committed to economic inclusion. Find out how TripleLift raises up the programmatic ecosystem at triplelift.com . The Role TripleLift is seeking a Security Engineer to join our team full time. We are an established company in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry. You will be joining a rapidly growing and complex environment and will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap. You ll help drive improvements in our security operations capability and support critical projects enhancing our detect-and-respond capabilities. Responsibilities Support and enhance the organizations global security compliance efforts aligned with frameworks like NIST CSF and CIS Controls Monitor and triage security alerts and incidents using SIEM, EDR, and other monitoring tools; escalate and support investigations as needed Manage and maintain endpoint security tools (e.g., CrowdStrike, Microsoft Defender, SentinelOne) across corporate devices and servers Coordinate with IT to ensure consistent endpoint hardening, patching, and policy enforcement Contribute to the vulnerability management process by validating, tracking, and helping remediate findings across infrastructure and endpoints Assist in the creation and maintenance of detection rules, security dashboards, and runbooks Perform initial threat-hunting activities and collaborate with senior engineers on deeper investigations Support identity and access management practices (e.g., user provisioning/deprovisioning, privileged access reviews) Participate in incident response, including documentation, coordination, and root cause analysis Create and maintain security documentation, procedures, and knowledge base articles Collaborate cross-functionally with engineering, IT, and compliance teams to support secure operations Desired Skills and Attributes 4+ years of experience in a security engineering or security operations role Proven track record working in information security operations, engineering, architecture, or security consulting Understanding of security fundamentals with relation to various cybersecurity and compliance frameworks, particularly NIST CSF, but any of: PCI, SOC2, HITRUST, ISO 27001/2, or similar Deep understanding of the AWS Cloud, it s services, technologies and APIs Hands-on experience managing endpoint security platforms (EDR, antivirus, MDM) in a corporate environment Able to design and evaluate general security controls, as well as how to design effective compensating controls where necessary Experience managing tools in a Security Operations Center environment, i.e., monitoring and reacting to SIEM alerts/events Deep understanding of how to securely manage cloud-native environments and ability to deploy tools in these environments Experience with managing identity and access solutions at scale for a large corporation e.g. Okta Practical experience with coding and scripting languages (e.g., Python, Bash, PowerShell) to support automation and tooling Strong communication and documentation skills Strives for continued learning opportunities to build upon craft Holds a Cybersecurity certification, e.g. CISSP, CISA, Security+, etc. Education Requirement A Bachelor s degree in a technical subject is preferred, although candidates with relevant experience who hold other degrees will be considered. Experience Requirement At least four years of experience working within a security role or related/adjacent role Location Pune #LI-CS1 Life at TripleLift At TripleLift, we re a team of great people who like who they work with and want to make everyone around them better. This means being positive, collaborative, and compassionate. We hustle harder than the competition and are continuously innovating. Learn more about TripleLift and our culture by visiting our LinkedIn Life page. Establishing People, Culture and Community Initiatives At TripleLift, we are committed to building a culture where people feel connected, supported, and empowered to do their best work. We invest in our people and foster a workplace that encourages curiosity, celebrates shared values, and promotes meaningful connections across teams and communities. We want to ensure the best talent of every background, viewpoint, and experience has an opportunity to be hired, belong, and develop at TripleLift. Through our People, Culture, and Community initiatives, we aim to create an environment where everyone can thrive and feel a true sense of belonging. Privacy Policy Please see our Privacy Policies on our TripleLift and 1plusX websites. TripleLift does not accept unsolicited resumes from any type of recruitment search firm. Any resume submitted in the absence of a signed agreement will become the property of TripleLift and no fee shall be due.

Align security initiatives with business objectives to ensure cybersecurity supports growth and innovation. Act as a bridge between executive leadership and technical teams, translating security risks into business terms Monitor and report on risk indicators, risk appetite thresholds, and key risk metrics. Collaborate with cross-functional teams to develop risk mitigation plans. Develop, implement, and maintain cybersecurity governance frameworks (e.g., NIST, ISO 27001). Establish and enforce security policies, standards, and procedures across the organization. Ensure the MSIL s compliance with legal, regulatory, and internal policy requirements. Conduct regular audits and compliance reviews; report findings and recommend corrective actions. Stay up to date on relevant laws, regulations, and best practices. Develop, implement, and maintain compliance training programs for employees. Develop and maintain information security policies, procedures, and controls aligned with business goals and regulatory requirements. Act as a liaison between external regulators, internal auditors, and senior leadership. Define and track security KPIs and metrics to evaluate the effectiveness of governance programs. Provide regular reports to senior leadership and the board on the state of cybersecurity governance.

Job Summary: We are seeking a skilled DevSecOps Engineer to join our XOps team. You will be responsible for integrating security practices within the DevOps pipeline, ensuring secure software development and deployment processes. Youll work closely with development, operations, and security teams to embed automated tools and processes into CI/CD workflows. Key Responsibilities: Design, implement, and manage CI/CD pipelines using tools like Jenkins , GitHub etc. Integrate and manage security tools such as Snyk , SonarQube , JFrog etc., to detect vulnerabilities early in the development lifecycle. Automate security testing and compliance checks as part of the DevOps process. Collaborate with development teams to remediate identified vulnerabilities. Ensure infrastructure as code (IaC) is securely designed and deployed. Drive container security and orchestration using tools like Docker , Kubernetes , Trivy , etc. Maintain compliance with security standards (e.g., OWASP, NIST, ISO 27001). Contribute to monitoring and incident response automation. Required Skills: Strong hands-on experience with Jenkins , Snyk , SonarQube , and static/dynamic code analysis tools. Proficiency in scripting languages (e.g., Python, Bash). Experience with version control systems like Git . Working knowledge of container security, IaC (Terraform, CloudFormation), and secrets management tools (e.g., Vault, AWS Secrets Manager). Familiarity with security practices in cloud environments (AWS, Azure, or GCP). Preferred Qualifications: Certifications such as Certified DevSecOps Professional , AWS Security , or Azure Security Engineer . Knowledge of compliance frameworks (SOC 2, HIPAA, GDPR). Experience in threat modeling and risk assessment.

Candidate should have key understanding on technology, IT and governance aspects from Cyber Security perspective Candidate should have understanding on performing gap assessment on organizations Cyber security landscape primarily to prevent them from cyber security threats Candidate should have exposure to design, development, implementation, and maintenance information security framework aligned to framework like ISO 27001:2013 Candidate should have managed end-to-end Information security, cyber security for its organizations Experience in performing the risk assessment from Cyber Security, Business Continuity and Privacy perspective Experience on Data Privacy including design/development and review of privacy framework aligned with GDPR requirements and GAPP framework Performing maturity assessment for cyber setup; Developing cyber strategy roadmap, helping in implementation Consulting knowledge in overall cybersecurity domain with specific experience in engagements, such as NIST, BCP, ISO 27001, SSAE 18, ISAE3402, SOC 2 and regulatory compliances (RBI, SEBI, IRDA), data privacy audits. Manage / Lead engagement for data privacy, regulatory compliance, cyber strategy, ISO 27001 BCP (ISO22301) & third-party risk management (TPRM) Determine client needs, expectations & participate to develop, lead, and execute the overall client service plan Work on proposals, thought leaderships, POVs as required Demonstrate leadership, team management, problem solving and strong verbal and written communication skills Consulting experience (preferred) Immediate joiners (preferred) Certifications - ISO 27001, ISO22301, ISO 27701, CISSP, CISA (advantage)

0px> Who are we? In one sentence The Information Security Specialist will lead the efforts to secure the Amdocs ecosystem by guiding and monitoring the different IT/ Product/ Business teams to ensure organizational security, by designing a secure architecture of software products/ conducting risk and threat analysis/ analyzing and managing a secure solution in the domain of infrastructure/ application while responding to specific stakeholders questions. What will your job look like? You will recommend information technology policies, standards and guidelines by evaluating the organizations outcomes, identifying problems, evaluating trends, and anticipating requirements. You will work with the technical teams both within and outside of Amdocs to embed, deploy or guide all security requirements. When applicable, you will conduct the information security risk assessment program. Review compliance with the information security policy and associated procedures and practices. You will research and educate the IS organization around specific standards and regulations that might apply to different domains while monitoring their implementation throughout the security ecosystem and provide recommendations to the relevant stakeholders. You will keep up-to-date with emerging security threats and alerts, emerging products, services, protocols, and standards in support of security enhancement and development efforts. You will provide technical guidance to IS teams by means of coaching and mentorship to achieve project goals to the required level of quality. Promote team engagement, empowerment and motivation. You will onboard new hires, train and share knowledge, take an active role in technical mentoring and elevating team knowledge. You will enforce quality processes (i.e. performing technical root cause analysis, outlining corrective action for given problems) and ensure that all the project agreed deliverables are completed to the required level of quality. All you need is... 6-7 years of experience in the information security management ecosystem Knowledge of security architectural considerations from an end-to-end security perspective within the domains of GRC, Architecture, application or ITsec In-depth knowledge of information security concepts and methodologies In-depth knowledge of compliances (PCI DSS, Sox, DPA, etc.) and IS standards (ISO 27001, BS25999, ISO 20000, OWASP, etc.) Team leadership experience - an advantage Why you will love this job: You will have the opportunity to work with the industry most advanced technologies and experts in a global company You will have opportunities to evolve yourself in the future of all cutting-edge technologies and business trends. You will be working with a great team

Information Security Engineer Experience: 2 - 6 Years Exp Salary : Competitive Preferred Notice Period : Within 30 Days Shift : 10:00AM to 7:00PM IST Opportunity Type: Onsite (Mumbai) Placement Type: Permanent (*Note: This is a requirement for one of Uplers' Clients) Must have skills required : ISO 27001, SOC 2, AWS, GCP, Azure, public cloud IDfy (One of Uplers' Clients) is Looking for: Infosec Engineer who is passionate about their work, eager to learn and grow, and who is committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description Who are we? Trust isnt a given, it needs to be built. And in a world where fraud is evolving faster than ever, trust must be safeguarded at every step. At IDfy, we make trust scalable. As an Integrated Identity Platform, we help businesses verify identities, detect fraud, and stay compliantensuring every interaction starts with confidence. Our clients include HDFC Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. With more than 13+ years of experience and 2 million verifications per day, we are pioneers in this industry. We do this through three interconnected platforms: Onboarding Platform: Our IDfy360 and Video Solutions make KYC and identity verification seamless, turning compliance into a frictionless experience. Fraud & Risk Management Platform: We stay ahead with CrimeCheck, RiskAI, and our Transaction Intelligence Platform identifying synthetic identities, financial risks, and bad actors before they cause damage. Privacy & Data Governance Platform: With PRIVY, businesses can navigate evolving data protection laws with ease, ensuring security and transparency at every step. Infosec Engineer As an Information Security Engineer at IDfy, youll support the InfoSec team in ensuring that our systems, policies, and processes meet global compliance standards. From supporting audits to reviewing documentation and responding to customer requests, youll get hands-on experience in what it takes to keep a fast-paced tech company secure. This is the perfect role if youve dabbled in audits, are curious about security frameworks, and want to grow into a well-rounded InfoSec professional. We are the match if you... Have been part of audits (ISO 27001, SOC 2, Customer TPRA) either conducting or surviving them for 2-4 years Have good understanding of ISO 27001, SOC 2, or other security frameworks Experienced in handling ISMS management end to end independently/ as a part of a team Are organized, detail-oriented, and a bit obsessed with checklists Know your way around cloud basics (GCP preferred, others fine too) Can document policies and processes clearly Want to learn how security works in a product and SaaS environment Are eager to work with a team that takes compliance seriously (but not too seriously) Are open to earning certifications down the line (CISA, ISO 27001 LA, etc.) Heres what your day would look like... Assist in maintaining our ISMS for ISO 27001 and SOC 2 including policy review/updates, creating SOPs and executing ISMS activities Support internal and external audit prep and documentation Track and respond to client security questionnaires Face / assist customer third-party risk assessments Collaborate with legal, engineering, and product teams to ensure compliance Assist in monitoring compliance metrics and identifying improvement areas Learn, grow, and eventually take on more ownership within the InfoSec team Whats it like working at IDfy? We build products that detect and prevent fraud. With billions of transactions flowing through our pipes, InfoSec is not just important, its critical. Youll have the space to take ownership, challenge the status quo, and build security systems that scale with our growth. And yes, we love memes, chai, and debating compliance checklists over lunch. Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies. We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities. How to apply for this opportunity: Easy 3-Step Process: 1. Click On Apply! And Register or log in on our portal 2. Upload updated Resume & Complete the Screening Form 3. Increase your chances to get shortlisted & meet the client for the Interview! About Our Client: IDfy is an Integrated Identity Platform offering products and solutions for KYC, KYB, Background Verifications, Risk Assessment, and Digital Onboarding. We establish trust while delivering a frictionless experience for you, your employees, customers and partners. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Infosec Engineer Experience: 2 - 6 Years Exp Salary : Competitive Preferred Notice Period : Within 30 Days Shift : 10:00AM to 7:00PM IST Opportunity Type: Onsite (Mumbai) Placement Type: Permanent (*Note: This is a requirement for one of Uplers' Clients) Must have skills required : ISO 27001, SOC 2, AWS, GCP, Azure, public cloud IDfy (One of Uplers' Clients) is Looking for: Infosec Engineer who is passionate about their work, eager to learn and grow, and who is committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description Who are we? Trust isnt a given, it needs to be built. And in a world where fraud is evolving faster than ever, trust must be safeguarded at every step. At IDfy, we make trust scalable. As an Integrated Identity Platform, we help businesses verify identities, detect fraud, and stay compliantensuring every interaction starts with confidence. Our clients include HDFC Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. With more than 13+ years of experience and 2 million verifications per day, we are pioneers in this industry. We do this through three interconnected platforms: Onboarding Platform: Our IDfy360 and Video Solutions make KYC and identity verification seamless, turning compliance into a frictionless experience. Fraud & Risk Management Platform: We stay ahead with CrimeCheck, RiskAI, and our Transaction Intelligence Platform identifying synthetic identities, financial risks, and bad actors before they cause damage. Privacy & Data Governance Platform: With PRIVY, businesses can navigate evolving data protection laws with ease, ensuring security and transparency at every step. Infosec Engineer As an Information Security Engineer at IDfy, youll support the InfoSec team in ensuring that our systems, policies, and processes meet global compliance standards. From supporting audits to reviewing documentation and responding to customer requests, youll get hands-on experience in what it takes to keep a fast-paced tech company secure. This is the perfect role if youve dabbled in audits, are curious about security frameworks, and want to grow into a well-rounded InfoSec professional. We are the match if you... Have been part of audits (ISO 27001, SOC 2, Customer TPRA) either conducting or surviving them for 2-4 years Have good understanding of ISO 27001, SOC 2, or other security frameworks Experienced in handling ISMS management end to end independently/ as a part of a team Are organized, detail-oriented, and a bit obsessed with checklists Know your way around cloud basics (GCP preferred, others fine too) Can document policies and processes clearly Want to learn how security works in a product and SaaS environment Are eager to work with a team that takes compliance seriously (but not too seriously) Are open to earning certifications down the line (CISA, ISO 27001 LA, etc.) Heres what your day would look like... Assist in maintaining our ISMS for ISO 27001 and SOC 2 including policy review/updates, creating SOPs and executing ISMS activities Support internal and external audit prep and documentation Track and respond to client security questionnaires Face / assist customer third-party risk assessments Collaborate with legal, engineering, and product teams to ensure compliance Assist in monitoring compliance metrics and identifying improvement areas Learn, grow, and eventually take on more ownership within the InfoSec team Whats it like working at IDfy? We build products that detect and prevent fraud. With billions of transactions flowing through our pipes, InfoSec is not just important, its critical. Youll have the space to take ownership, challenge the status quo, and build security systems that scale with our growth. And yes, we love memes, chai, and debating compliance checklists over lunch. Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies. We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities. How to apply for this opportunity: Easy 3-Step Process: 1. Click On Apply! And Register or log in on our portal 2. Upload updated Resume & Complete the Screening Form 3. Increase your chances to get shortlisted & meet the client for the Interview! About Our Client: IDfy is an Integrated Identity Platform offering products and solutions for KYC, KYB, Background Verifications, Risk Assessment, and Digital Onboarding. We establish trust while delivering a frictionless experience for you, your employees, customers and partners. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Job Description: IT GRC Analyst I Department: Information Technology Reports To: Senior IT GRC Analyst Location: 100% Remote Experience: 10+ Years Job Summary: We are seeking a dedicated IT GRC (Governance, Risk, and Compliance) Analyst I to join our dynamic IT team. The primary responsibility of this entry-level role is to assist in ensuring that IT operations are in compliance with regulatory requirements and internal policies, with a particular emphasis on supporting Sarbanes-Oxley (SOX) audits. The IT GRC Analyst I will support risk assessments, policy development, compliance monitoring activities, and SOX audit preparations. Key Responsibilities:* Assist in the development, implementation, and maintenance of IT policies and procedures. Conduct regular risk assessments and audits to ensure compliance with regulatory standards and internal policies, with a focus on SOX controls. Support the IT team in identifying, evaluating, and mitigating IT risks. Monitor compliance with security policies and procedures to ensure a secure environment. Collaborate with different departments to ensure integrated risk management practices. Assist in preparing and executing SOX IT control reviews, documenting compliance efforts, and maintaining records of SOX controls. Provide support in responding to internal and external SOX audits and regulatory assessments. Recommend improvements to SOX controls and processes to enhance the overall security posture. Maintain up-to-date documentation of IT GRC activities, compliance reports, and SOX audit evidence. Qualifications: Bachelor's degree in Information Technology, Computer Science, or a related field. Basic understanding of IT GRC principles, regulatory requirements, risk management frameworks, and SOX compliance. Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Ability to work collaboratively in a team environment. Basic knowledge of security standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and SOX compliance requirements is a plus. Relevant certifications (e.g., CISA, CRISC, CISSP) are desirable but not required for entry-level applicants. Experience: Entry level; 0-2 years of experience in IT risk management, compliance, or a related field, preferably with exposure to SOX compliance activities.

Not Applicable Specialism Risk Management Level Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purposeled and valuesdriven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats Experience in conducting IT risk assessments. Sound understanding of ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Knowledge on application infrastructure architecture. Knowledge on SaaS application architecture. Knowledge on database and middleware communication. Knowledge on API security. Good communication skills. Good team player. Good presentation skills and senior stakeholder management. Certifications CISA, CISSP, CCNP, CCSP, CISM, CRISC etc. Mandatory Skill Sets IT Risk , ISO 27001, NIST, PCI, Data Privacy, and Cloud Security. Preferred Skill Sets Stakeholder Management , Team Management Years of Experience required 3 + Years Education Qualification BE, B.Tech , M.Tech , MCA, MBA graduates . Education Degrees/Field of Study required Bachelor of Technology Degrees/Field of Study preferred Required Skills Stakeholder Management Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Cloud Security, Communication, Conducting Research, Cyber Defense, Cyber Threat Intelligence, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Malware Analysis, Malware Detection Tools, Malware Intelligence Gathering, Malware Research, Malware Reverse Engineering, Malware Sandboxing {+ 11 more} No

Permanent opportunity with an RBI-licensed FinTech company for professionals with 2-5 years of experience in GRC, InfoSec, or Compliance.Requires expertise in PCI DSS, ISO 27001, SOC 2, GDPR, RBI guidelines, & experience in audits & risk assessments.

About the Role: We are hiring a dynamic and results-oriented Technology Recruiter with 4 years of hands-on experience in sourcing, screening, and placing top tech talent. This is a contract role for 6 months , ideal for someone who thrives in a fast-paced environment and can manage end-to-end recruitment for technical positions across levels. Responsibilities: Manage full-cycle recruitment for technology roles Source candidates through job boards, social media, referrals, and networking. Conduct initial screening Coordinate interviews, feedback, and offer negotiation. Manage candidate pipelines using ATS . Maintain accurate and up-to-date recruitment reports and dashboards. Ensure a seamless and positive candidate experience throughout the hiring process. Desired Candidate profile: 4 years of experience in technology recruitment, preferably with product based firms or Startups. Proven experience in hiring for roles such as software engineers, full-stack developers, Security, DevOps, QA, etc. Experience working with Applicant Tracking Systems . Strong sourcing skills using LinkedIn, Job Boards, GitHub, Stack Overflow, etc. About Liminal: Liminal is a compliant and insured digital asset custody and wallet infrastructure provider. Launched in April 2021, Liminal Custody is a CCSS Level 3, SOC Type 2, and ISO 27001 & 27701 certified organization. Based in Singapore, Liminal has operations spread across APAC, MENA, and Europe, along with offices in Singapore,Taiwan , India, and UAE. The company has received an initial approval from VARA. Liminal takes pride in supporting businesses with its qualified and insured custody (self and institutional) that enables stress-free safekeeping of digital assets for institutions. It also provides a cutting-edge wallet infrastructure platform that is secure, compliant, and automated and comes with a plug-and-play architecture for faster onboarding of developers, business partners, and government agencies. Our website - https://www.liminalcustody.com/ Note: This is a work-from-office role based in Whitefield, Bangalore.

About the Job: We are seeking a highly skilled Security Engineer with expertise in CrowdStrike s Next-Gen SIEM (Falcon LogScale) to join our Security Operations team. This role will focus on engineering, optimizing, and maintaining security detection and log management systems to enhance our threat detection and incident response capabilities. You will work closely with SOC analysts, threat hunters, and IT teams to deliver a robust and scalable securitymonitoring solution. Responsibilities: Design, implement, and manage CrowdStrike Falcon LogScale (Next-Gen SIEM) environment for real-time log ingestion, parsing, correlation, and alerting. Manage LogScale collector deployments, including monitoring, configuration, and fleet management. Develop and tune custom detection rules, dashboards, parsers, and alerts to identify malicious activities and policy violations. Integrate diverse log sources including endpoints, firewalls, cloud platforms (AWS, Azure, GCP), and applications into the SIEM environment. Collaborate with Threat Intelligence and Incident Response teams to develop use cases for detection and mitigation of advanced threats. Conduct performance tuning, optimization, and maintenance of the SIEM infrastructure to ensure high availability and scalability. Assist in developing automation scripts and tools for alert triage, response, and reporting. Ensure compliance with relevant security policies, standards, and frameworks (e.g., NIST, ISO 27001). Provide support during security investigations and incident response, including root cause analysis and remediation. Deliver documentation, including architecture diagrams, runbooks, and technical procedures. Requirements: 3 years of experience in cybersecurity engineering 3 years of hands-on experience with the CrowdStrike Falcon platform, with at least 1 year of administration experience in the platform s Raptor release. 1 year of experience in administering CrowdStrike Next-Gen SIEM specifically. S trong knowledge of log management, SIEM/SOAR solutions, and security event correlation. Proficiency in query languages (e.g., CrowdStrike/LogScale Query Language (CQL/LQL) , SPL, KQL, or similar). Experience integrating diverse log sources from on-prem and cloud environments. Experience with custom log parsers. Familiarity with detection engineering, threat modeling, and incident response workflows. Preferred Skills : Experience with scripting languages (Python, Bash, PowerShell) for automation and integrations. Familiarity with EDR, NDR, and UEBA tools. Knowledge of MITRE ATT&CK framework and threat detection methodologies. CrowdStrike certifications (e.g., CCFA, CCFR, CCFH, CCIS)

Cloud security Summary: The Cloud Security Specialist drives security strategy and architecture for our cloud initiatives, combining technical expertise with strategic thinking. They collaborate across teams as a Subject Matter Expert, promoting Everything as Code and empowering teams to tackle cloud security challenges proactively. Role and Responsibilities: Provide expert level guidance to facilitate the implementation and evolution of secure cloud and container architectures, including robust controls and best practices across various cloud service models such as IaaS, PaaS, SaaS, and hybrid configurations. Assist in the evolution of continuous monitoring solutions to validate systems against security baselines, promptly respond to policy violations, and ensure adherence to security standards and compliance requirements. Identify, evaluate, and propose innovative technology solutions for cloud and container environments aimed at enhancing process efficiency, automation, security, environment visibility, developer enablement, and streamlining processes. Collaborate proactively with developers, system administrators, and IT management to ensure that security controls and processes align with company directives and goals, promoting secure-by-design principles. Collaborate with cross-functional teams to design and implement secure cloud architectures, encompassing network security, identity and access management (IAM), data encryption, and other essential security controls. Ensure compliance with relevant security standards, regulations, and frameworks (e.g., GDPR, HIPAA, ISO 27001) across all cloud-based initiatives and deployments. Explore opportunities to introduce automation and innovative technologies in cloud security processes, aiming to enhance efficiency, reduce manual efforts, and strengthen overall security posture. Provide input into the design and deployment of automated security solutions, leveraging expertise to enhance the efficacy and scalability of security measures. Provide guidance and training to internal teams on cloud security best practices, emerging threats, and security awareness to foster a culture of security across the organization. Analyze the latest attacker techniques and implement solutions to mitigate associated risks, ensuring the resilience of cloud environments against evolving threats. Stay abreast of the latest cybersecurity threats and trends, proactively identifying potential vulnerabilities and recommending proactive measures to mitigate risks. Requirements: Bachelors degree in computer science, Information Technology, or Technology related field. Advanced degree or relevant certifications (e.g., CISSP, CCSP, AWS Certified Security Specialty) preferred. Seven years of experience in one, or a combination, of network, application, cloud, or infrastructure security domain, showcasing a comprehensive understanding of security principles and practices. Demonstrated expertise in cloud platforms like AWS, Azure, and Google Cloud, including a deep understanding of security features such as IAM, VPC, Security Groups, and encryption services. Strong familiarity with networking concepts, protocols, and security principles, enabling the design and implementation of secure network architectures. Demonstrated experience in cloud-native architectures, microservices, and operational best practices in cloud and container orchestration. Experience integrating enterprise-scale security solutions in AWS and/or Azure, encompassing user, security, and networking configurations to ensure robust security postures. Proficiency in full stack cloud automation using tools like Git, Terraform, Ansible, and Jenkins, with past programming experience, and knowledge of Python is a plus. Experience aligning security programs with industry benchmarks and standards such as NIST, CIS, FIPS, PCI DSS, HIPAA, and FIPS 140-2, ensuring adherence to best practices. Strong understanding of IT Risk Management, Security Policies and Procedures, Internal Audit, and Compliance Standards. Familiarity with SOC, FFIEC, CSA, and FedRAMP is a plus. Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and capability to communicate technical concepts to non-technical stakeholders. Proven ability to work independently, prioritize tasks, and manage multiple projects simultaneously in a fast-paced environment, ensuring timely and efficient completion of objectives. Commitment to continuous learning and staying updated on industry developments and emerging technologies, coupled with adaptability to evolving technology environments and requirements. Capacity to convey complex ideas effectively, providing definitive direction and guidance on cloud security issues to drive results and mitigate risks effectively. Senior Security Technical Analyst: Key Responsibilities: SaaS Visibility and Risk Identification Ensure ongoing discovery and classification of SaaS usage across the organization, leveraging CASB and other telemetry to identify unsanctioned platforms, assess risk levels, and trigger appropriate security review processes. Security Baseline Enforcement Ensure all SaaS platforms meet Clients minimum security requirements (e.g., SSO, MFA, RBAC, logging, IP restrictions, encryption). Support teams in implementing and validating controls and identify drift over time. Access, Integration, and Data Governance Oversee proper identity and access controls, secure API integrations, and enforcement of data classification, retention, and encryption policies. Coordinate with IAM, Privacy, and business teams to maintain compliance. Monitoring, Alerting, and Incident Readiness Ensure SaaS platforms generate appropriate logs, integrate with enterprise SIEM (e.g., Splunk), and support real-time alerting. Confirm runbooks and escalation paths are in place for incident response and vendor coordination. Governance, Oversight, and Lifecycle Management Maintain visibility into SaaS configurations, ensure changes follow Client change control standards, and verify that lower environments are also governed appropriately. Technical Skills and Experience: Bachelors degree in computer science, information technology or a related field. 7+ years of experience in Information Security, with at least 3 years focused on SaaS security or cloud platforms. Strong understanding of SaaS-specific risks, architecture, and controls. Experience working with CASB, SSPM, and SIEM tools (e.g., Microsoft Defender, Splunk). Understanding of identity and access management in the context of SaaS platforms and integrations with other systems. Strong knowledge of data protection, encryption, secure integration practices, and incident response procedures. Understanding of industry frameworks (e.g., NIST SP 800-53, CSA, CIS). Technical knowledge of cloud-native platforms and integrations. Experience conducting or supporting technical risk assessments for SaaS vendors. Soft Skills: Excellent written and verbal communication skills; ability to articulate technical topics clearly. Strong analytical skills and attention to detail. Ability to work independently in a global, matrixed organization. Comfortable working in rotational shifts and managing competing priorities. Preferred Certifications (Good to Have): CCSK, CRISC, CISA, ISO 27001, or similar cloud/security-related certifications. Experience working in financial services or other highly regulated environments.

Vulnerability and Security Compliance Lead Job Summary We are seeking an experienced Vulnerability and Security Compliance Lead to join our team. The ideal candidate will be responsible for leading efforts to identify, assess, and remediate vulnerabilities across our IT infrastructure while ensuring compliance with relevant security standards and regulations. You will work closely with cross-functional teams to develop and implement security policies, procedures, and best practices that protect our organization from threats. Key Responsibilities Vulnerability Management Lead the vulnerability management program, including vulnerability scanning, assessment, and remediation processes. Coordinate with IT and engineering teams to prioritize and address identified vulnerabilities based on risk impact. Security Compliance Ensure compliance with industry standards and regulations (e. g. , ISO 27001, NIST, PCI-DSS, HIPAA) by developing and maintaining security policies, procedures, and documentation. Conduct regular compliance assessments and audits to identify gaps and recommend corrective actions. Risk Assessment Perform risk assessments to identify potential threats and vulnerabilities to the organizations information assets. Develop and implement risk mitigation strategies and controls to reduce exposure to security threats. Security Policies and Procedures Develop, review, and update security policies, procedures, and guidelines to align with best practices and regulatory requirements. Communicate security policies and compliance requirements to employees and stakeholders to promote awareness and adherence. Incident Response Lead incident response efforts related to security breaches or vulnerabilities, ensuring timely identification, containment, and remediation. Conduct post-incident reviews to assess the effectiveness of response actions and implement improvements. Collaboration and Training Collaborate with IT, legal, and other departments to ensure alignment on security compliance initiatives. Provide training and awareness programs to employees on security best practices, compliance requirements, and vulnerability management. Continuous Improvement Stay current with the latest security trends, threats, and compliance requirements, evaluating their impact on the organization. Recommend and implement improvements to security controls and processes based on emerging threats and vulnerabilities. Qualifications Educational Background Bachelor s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Experience 5+ years of experience in information security, vulnerability management, or compliance roles. Proven experience leading vulnerability assessments and compliance audits in a corporate environment. Technical Skills Strong knowledge of security frameworks (e. g. , NIST, ISO 27001), vulnerability management tools (e. g. , Qualys, Nessus), and security compliance regulations. Familiarity with security technologies such as firewalls, intrusion detection/prevention systems, and endpoint security solutions. Certifications Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or equivalent are desirable. Preferred Skills Experience with security incident response and threat intelligence. Knowledge of risk management methodologies and practices. Familiarity with cloud security practices and compliance frameworks.

At Broadridge, weve built a culture where the highest goal is to empower others to accomplish more. If you re passionate about developing your career, while helping others along the way, come join the Broadridge team. The Security Monitoring Lead Engineer is responsible for enhancing SIEM performance, designing and optimizing detection rules, and integrating automation to drive more effective threat detection and response. This role requires close collaboration with infrastructure, security, cloud engineering, and other cross-functional teams to design and implement seamless integration of security tools, optimize data flows, and ensure comprehensive telemetry coverage across the organization. Additionally, the position requires expertise in DevOps methodologies and Infrastructure as Code (IaC) to build scalable, automated security solutions and streamline deployment processes. The role will require working in shifts to ensure continuous 24/7 operations. Key Responsibilities Architect and implement advanced security monitoring use cases that elevate our threat detection and incident response systems. Spearhead the seamless integration and administration of SIEM platforms, ensuring optimal data flow and threat visibility. Deploy and manage infrastructure as code with Terraform, setting new standards for reliability and efficiency. Develop and automate scripts using Python, Bash, or PowerShell to refine SOC operations and elevate efficiency. Lead efforts in tuning SIEM alerts, enhancing accuracy, and reducing false positives to ensure precise threat identification. Conduct deep-dive log analyses and proactive threat hunting to uncover and mitigate potential security risks. Curate comprehensive documentation and reporting, providing insights that guide strategy and inform stakeholders. Engage continuously with emerging technologies and methodologies to maintain an edge in a rapidly evolving threat landscape. Required Skills and Qualifications Bachelor s degree in computer science, Information Technology, Cybersecurity, or a related field; advanced certifications such as CEH, CISSP, or GIAC are highly regarded. A minimum of 5 years of proven experience in a SOC role with a focus on automation and SIEM integration. Proficiency in Terraform and infrastructure as code practices. Proficiency in scripting languages (Python, Bash, PowerShell), enabling dynamic and effective automation. Extensive experience with security monitoring tools (e. g. , SIEM, EDR, IPS/IDS, Firewalls) and a thorough understanding of cloud security within AWS and Azure environments. Stellar analytical and problem-solving skills, combined with clear and compelling communication capabilities. Capacity and readiness to work and provide leadership in rotational shifts, including nights and weekends. Preferred Qualifications Experience with advanced automation and orchestration tools. In-depth knowledge of security frameworks and regulations, including NIST, ISO 27001, PCI-DSS, GDPR, and HIPAA. A strategic mindset in conducting threat assessments and risk analyses. We are dedicated to fostering a collaborative, engaging, and inclusive environment and are committed to providing a workplace that empowers associates to be authentic and bring their best to work. We believe that associates do their best when they feel safe, understood, and valued, and we work diligently and collaboratively to ensure Broadridge is a company and ultimately a community that recognizes and celebrates everyone s unique perspective.

Key Responsibilities: Conduct ISMS (ISO 27001) follow-up audits to verify compliance and track remediation efforts. Perform Gap Assessments against ISO 27001 and other security standards to identify control deficiencies. Lead or support BCMS (ISO 22301) audits and assessments, providing clear insights and recommendations. Prepare and deliver professionally written reports with actionable findings and clear summaries. Collaborate with internal teams and stakeholders to communicate risks, gaps, and proposed improvements. Support the design and enhancement of security governance processes as required. Requirements Qualifications: Minimum 5 years of experience in Information Security, GRC, or Risk & Compliance roles. Proven expertise in ISO 27001, including implementation, audits, and compliance reporting. Good knowledge of ISO 22301 and BCMS frameworks. Familiarity with other standards such as NIST CSF, ISO 27005, or local regulatory frameworks is a plus. Strong analytical and documentation skills, with the ability to write professional audit/assessment reports. Excellent communication and stakeholder engagement skills. Relevant certifications such as ISO 27001 Lead Auditor, ISO 22301 Lead Auditor, CISA, or CISM are highly desirable.

Role and Responsibilities AWS Security and IAM: Extensive experience in managing AWS IAM roles, policies, and permissions, ensuring adherence to the principle of least privilege. Proficiency in utilizing AWS security services such as AWS Config, CloudTrail, GuardDuty, and Security Hub for continuous monitoring and compliance. Hands-on experience with AWS Key Management Service (KMS) for encryption key management and data protection. Azure Security and Identity Management: Solid understanding of Azure Active Directory (AAD) for identity and access management across Azure resources. Experience with Azure Role-Based Access Control (RBAC) to manage permissions and access to Azure services. Familiarity with Azure Security Center and Azure Policy for assessing and improving the security posture of Azure environments. LinkedIn +3 careers-buspatrol.icims.com +3 SmartRecruiters +3 Infrastructure as Code (IaC) and Automation: Proficient in developing and maintaining infrastructure using IaC tools such as Terraform, AWS CloudFormation, and Azure Resource Manager (ARM) templates. Experience in automating security configurations and compliance checks across AWS and Azure environments. Skilled in implementing and managing secrets management solutions like AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault. CI/CD Pipeline Security Integration: Expertise in integrating security controls and checks into CI/CD pipelines using tools like Jenkins, GitLab CI/CD, Azure DevOps, or AWS CodePipeline. Experience in automating static and dynamic code analysis (SAST/DAST) to identify and remediate vulnerabilities early in the development lifecycle. Familiarity with containerization and orchestration tools like Docker and Kubernetes, including implementing security best practices. Monitoring and Incident Response: Proficient in setting up and maintaining monitoring and alerting systems using AWS CloudWatch, Azure Monitor, and third-party SIEM tools. Experience in developing incident response plans and conducting regular drills to ensure preparedness for security events. Skilled in conducting root cause analysis and implementing corrective actions to prevent future incidents. Compliance and Governance: Thorough understanding of industry standards and frameworks such as ISO 27001, SOC 2, PCI DSS, and HIPAA. Experience in maintaining documentation for security policies, procedures, and compliance audits. Stay updated on emerging security threats and cloud security features to proactively address potential risks. Vulnerability Management: Hands-on experience with vulnerability assessment tools like Snyk, TruffleHog, and CrowdStrike CSPM to identify and remediate security issues. Ability to prioritize and track remediation efforts to ensure timely resolution of vulnerabilities. Collaboration and Training: Proven ability to work closely with development, operations, and security teams to promote a culture of security and shared responsibility. Experience in providing training and guidance on secure coding practices, cloud security, and DevSecOps methodologies. Technical Must-Know Concepts Application Security: In-depth knowledge of secure coding practices, including familiarity with OWASP Top 10 and CWE guidelines. Experience integrating security into the Software Development Life Cycle (SDLC). Threat Modeling: Proficiency in threat modeling methodologies such as STRIDE and DREAD. Ability to identify attack surfaces and develop mitigation strategies. Cloud Security: Expertise in AWS and Azure security best practices, including IAM, KMS, GuardDuty, and Security Center. Understanding of encryption mechanisms for data at rest and in transit. Experience in hardening cloud resources to prevent unauthorized access. Infrastructure and CI/CD Security: Knowledge of securing Infrastructure as Code (IaC) using tools like Terraform and CloudFormation. Experience with secrets management and integrating security scans (SAST, SCA, DAST) into CI/CD pipelines. Vulnerability Management: Proficiency in using tools like Snyk, TruffleHog, and CrowdStrike CSPM for vulnerability assessment. Ability to prioritize vulnerabilities based on risk and impact. Authentication and Authorization Security: Understanding of OAuth 2.0, OpenID Connect, and Single Sign-On (SSO) principles. Experience in implementing secure authentication and authorization mechanisms. Container and Kubernetes Security: Knowledge of container security best practices, including image scanning and hardening. Experience with Kubernetes security features like RBAC and network policies. Cryptography Fundamentals: Familiarity with TLS/SSL protocols, encryption standards, and key management practices. Security Standards and Compliance: Awareness of frameworks such as NIST, ISO 27001, SOC 2, and PCI DSS. Experience in aligning security practices with compliance requirements. DevSecOps Tooling: Proficiency in using CI/CD tools like GitHub, GitLab, and Bitbucket, and integrating security automation into workflows.

Role Overview The Head of Cybersecurity - India will lead the cybersecurity strategy, operations, and governance for the region. The role is responsible for ensuring robust protection of the organizations data, systems, and networks against cyber threats, while enabling compliance with regulatory requirements. This senior leadership role requires expertise in threat management, risk assessment, and cybersecurity technologies, as well as strong people and project management skills. Key Responsibilities Strategic Leadership Develop and implement the cybersecurity strategy for India in alignment with global and regional security objectives. Ensure alignment of cybersecurity initiatives with business goals and regulatory requirements. Lead a high-performing cybersecurity team. Assist Global Head of Cybersecurity in preparing presentations to the various Boards and Committees. Operational Security Oversee the design, implementation, and maintenance of security technologies, including firewalls, intrusion detection systems, endpoint protection, and cloud security tools. Monitor, detect, and respond to cyber threats, ensuring rapid resolution of incidents. Identify risks in technology selections and configurations in the region and create plans for remediation. Ensure business continuity through robust disaster recovery and incident response plans and revise such plans to leverage this regional office. Risk & Compliance Assess, monitor, and mitigate cybersecurity risks in collaboration with business units. Ensure compliance with local and international regulations (e.g., GDPR, IT Act 2000, ISO 27001). Report regularly to Global Head of Cybersecurity on the state of cybersecurity and risks. Ensure compliance with all global corporate Policies, Standards and best practices for the India office. Stakeholder Engagement Collaborate with global cybersecurity leaders to share insights, resources, and strategies. Act as the primary point of contact for regulators, auditors, and third-party security assessments in India. Facilitate cybersecurity awareness program for employees in India to foster a security-conscious culture and ensure completion of required training. Innovation and Trends Stay updated on emerging cybersecurity threats, technologies, and best practices. Recommend and implement innovative solutions to strengthen the organization s cybersecurity posture. Manage Cybersecurity intranet site and ensure fresh and relevant content is provided. Qualifications Education Bachelor s/Master s degree in Computer Science, Information Security, or a related field. Certifications (Preferred) CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CRISC (Certified in Risk and Information Systems Control) Experience 12+ years of experience in information security, with at least 5 years in a leadership role. Proven track record of managing cybersecurity strategies in a large organization, preferably in a global or regional context. Hands-on experience with security frameworks like NIST, ISO 27001, or COBIT. Skills Strong knowledge of security technologies, tools, and practices (e.g., SIEM, EDR, DLP, cloud security). Experience managing cybersecurity in multi-cloud and hybrid environments. Excellent leadership, communication, and decision-making skills. Ability to balance technical requirements with business needs.

Looking for a Compliance Consultant with 3–5 years' experience in compliance consulting, strong knowledge of ISO 27001, SOC 1 & SOC 2, and experience in implementation, Risk assessment, Risk register, audits, gap analysis, and readiness assessments.

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organizations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realize their ambitions. We are currently seeking an experienced professional to join our team in the role of S enior Consultation Specialist In this role you will: Control Coordination & Support: Assist ITSOs in understanding and applying required technology controls. Participate in control owner forums and document key control expectations. Support ITSOs during internal and external audits by coordinating evidence collection and submission. Remediation Tracking: Work with ITSOs to capture and update remediation plans for control gaps. Track progress of remediation actions and escalate delays or risks as needed. Reporting & Documentation: Maintain up-to-date records of audit findings, KCI breaches, and control deficiencies. Assist in preparing regular dashboards and reports to highlight the risk/control status across CTO DT verticals. Solutioning & Risk Mitigation: Liaise with Control SMEs to align on expectations and tooling. Support the Senior Lead in identifying opportunities for automation or process improvements. Collaborate with control SMEs to recommend or build control solutions where standard tools or processes are lacking. Contribute to the continuous improvement of control frameworks and tooling. Requirements To be successful in this role, you should meet the following requirements: Bachelor s degree in Information Technology, Computer Science, Risk Management, or a related field. 10+ years of experience in IT Risk Management, Controls, Audit Support, or Technology Compliance roles. Familiarity with control frameworks (e. g. , NIST, ISO 27001) and risk management principles. Experience working with audits or control assurance activities is an advantage. Skills & Competencies: Strong attention to detail and ability to manage multiple tasks. Good verbal and written communication skills for cross-team collaboration. Basic understanding of GRC tools or platforms. Enthusiastic and willing to learn from senior team members and grow into a broader advisory role. Preferred Certifications (optional): ITIL Foundation CISA (in progress or interest in pursuing) CRISC or other relevant certifications

Transport is at the core of modern society. Imagine using your expertise to shape sustainable transport and infrastructure solutions for the future? If you seek to make a difference on a global scale, working with next-gen technologies and the sharpest collaborative teams, then we could be a perfect match. Purpose The Cybersecurity Engineer (PCS Coordinator/ CS Project Manager) is a lead Product Cybersecurity Engineer within the development process at GTT. The PCS Coordinator is an appointed Product Cybersecurity Engineer (PCSE) with sufficient technical knowledge within product cybersecurity and domain, expected to coordinate the cybersecurity work on assigned Techno Stream and act as the gateway between his Techno Stream and organisation to ensure execution of cybersecurity activities within the Techno Stream. Each PCS Coordinator at GTT has responsibility to drive CS activities for at least one EUF, system, subsystem, or component (ECU) with E/E contents. All Techno Streams with this ownership shall have an appointed PCS Coordinator to plan and execute related PCSMS activities also generate needed documentation. Responsibilities Act as Vehicle CS Coordinator within central PCSMS Team and take on the below responsibilities: Act as CS Epic Owner in case of existence any specific cybersecurity EPIC. Create / Update / Refine cybersecurity work packages for various vehicle programs, supporting intro block s epic owners or work package Leaders. Monitor the progress of CS activities performed by Techno Stream to identify certification & compliance related risks and help development streams to address the same within specified time limits. Provide necessary guidance and clarity to the stakeholders on the cybersecurity deliverables with the release of official work packages. Follow up the objective, entry, exit and acceptance criterion of Cybersecurity deliverables for every Vehicle Development milestone (from concept until End of Life) and ensure compliance. Release official Product Cybersecurity time plan thereby identifying program risks, plan mitigations and further secure consensus within the stakeholders. Reporting in periodic Cybersecurity Program reviews concentrating on the time & quality of deliverables for every milestone. Coordinate & facilitate effective communication between internal & external (if applicable) cybersecurity stakeholders to achieve the common objective of R155 Cybersecurity Vehicle Type Approval Certification in line with the business requirements. Support the engagements with regional technical services & type approval authorities related to R155 Cybersecurity Vehicle Type Approval as per the business requirements. Apart from all responsibilities assign to PCSE, additional activities rely on PCS Coordinator including: Support the Techno Stream s management team with cybersecurity management competence as a speaking partner. On delegation by PO/PM, perform PCSMS activities and drive the cybersecurity activities on end user function respective system, component. Technical contribution (along with product cybersecurity engineer) to perform and updating cybersecurity deliverables such as TARA, cybersecurity concept and cybersecurity specification development. Represent the Techno Stream in all cybersecurity community of practice (e.g., PCS Clinic) as active member. Represent the Techno Stream in type approval procedure (new and extension) & provide needed evidence to central team to provide document needed for technical services. (Contents in needed documents e.g., InfoDoc) Domain responsible for cybersecurity culture, planning and reporting. Develop and follow up cybersecurity plan for project according to scope and delivery. Request Verification Review (VR) from appropriate reviewer including XF team where higher independence is required. Request cybersecurity validation from the penetration testers. Authorities Upon agreement with the PO who owns respective cybersecurity artefacts, PCS Coordinator is eligible to release documents in long time storage (e.g., phoenix) Technical approval of CS-QDPR Compliance Matrix, including suppliers deviations. Accept the suppliers CS Case and the suppliers CS Assessment Report. (If applicable) Plan and conduct the product CS Safety Joint Reviews. (If applicable) Demand CS status from projects within the Techno Stream. Indicate and raise the need for a CS deviations Approval to project management / line management. (If deviation occurs and there is rational motivation available) Demand action from project management and/or line management when CS work products are missing or have inadequate quality. Qualification and Competences B.E/B.Tech or ME/M.Tech in Computer Science, Electronics, Electrical or equivalent with 4+ years of experience into automotive cybersecurity Knowledge of embedded and/or automotive systems Knowledge of cybersecurity engineering best practices, standards, and regulation (i.e., ISO/SAE 21434, SAE J3061, ISO 27001/27002, UNECE R155) Knowledge and practical experience with common cybersecurity controls e.g., secure boot, security onboard and offboard communication, hardware security module. Knowledge and experience in cybersecurity threat analysis and risk assessment process and techniques Strong problem-solving skills to analyse cybersecurity issues and requirements. Technical Knowledge related to the product(s) that the Techno Stream is responsible for In case the Techno Stream s product has elements related to off-board systems, Knowledge about the extended vehicle ecosystem is needed. Domain knowledge related to the Techno Stream with regards to exposed interfaces, threat scenarios, vulnerabilities, conventional functionality, and cybersecurity mechanisms. Who we are and what we believe in We are committed to shaping the future landscape of efficient, safe, and sustainable transport solutions. Fulfilling our mission creates countless career opportunities for talents across the group s leading brands and entities. Applying to this job offers you the opportunity to join Volvo Group . Every day, you will be working with some of the sharpest and most creative brains in our field to be able to leave our society in better shape for the next generation. We are passionate about what we do, and we thrive on teamwork. We are almost 100,000 people united around the world by a culture of care, inclusiveness, and empowerment. At Group People & Culture , a part of Volvo Group, we create the foundation and frameworks for people growth and organizational development, to drive the people agenda that enables the realization of the Volvo Group aspirations through people strategy and commitment. You will be part of a global and diverse team of highly skilled professionals who work with passion, trust each other and embrace change to stay ahead.