776 Iso 27001 Jobs - Page 26

Sales Coordinator | Mandaala.com About Parent Company: PrintStop India Pvt Ltd. At PrintStop, we have an 18-year legacy of transforming the printing and customised gifting procurement processes for small to large enterprises. Our commitment to quality and service is reflected in our average customer rating of 4.5 and ISO 9001:2015 and ISO 27001:2022 certifications. We are also certified as a Great Place to Work, with a focus on excellence and employee well-being. Printstop India Pvt Ltd has 2 divisions: For Small and Medium Enterprises - PrintStop.co.in For Large Enterprise - Mandaala.com About Enterprise Solution Division: Mandaala.com At Mandaala, we digitally transform how large enterprises manage merchandise engagement programs for employees and other stakeholders through our #MerchTech Solutions. We ve partnered with over 150 leading brands, including Infosys, Capgemini, HDFC Bank, and Niva Bupa Health, to streamline their merchandise programs by combining company-branded merchandise (SWAG) with technology. Why Join Mandaala? At Mandaala - PrintStop, evolution isn t just what we do, it s who we are. For 18 years, we ve challenged the norm, reinventing ourselves time and again to stay ahead and create real impact. Innovation, agility, and ownership drive us as we shape the future of #MerchTech. Our culture is rooted in "I CARE FOR": Innovation, Customer Centricity, Agility, Recognition, Ethics, Fun, Openness, Ownership, and Respect. It s more than just words; it s the heartbeat of everything we do. Be Part of Something Bigger, The MerchTech Movement Join a fast-growing #MerchTech company that is transforming how large enterprises engage through merchandise. Create an Impact Work with Fortune 500 companies to build exceptional employee experiences with merchandise. Join a Passionate Team Collaborate with a passionate team pushing the boundaries of engagement through custom merchandise. Be part of a company that evolves, adapts, and innovates, always. Your Role: Sales Coordinator (Desk Role) Type: Full-time role with exciting growth opportunities. Location: Prabhadevi/Parel - just a 5-minute walk from the station for an easy commute. Working Days: Monday to Saturday (one Saturday off per month) Your KRAs & KPIs (As per JD given) Reporting: Track and document the status and progress of each job to ensure timely updates and transparency. Delivery: Oversee the timely and accurate delivery of products or services to the customer. Dispatch Repo: Manage the logistics and documentation for dispatching goods, ensuring proper records are kept. Informing Customer: Communicate with the customer about job status, updates, and any changes to maintain engagement and satisfaction. Artwork Approval: Coordinate the review and approval process for artwork to ensure it meets customer specifications before production. Billing Part Done: Handle the invoicing process, including preparation and delivery of bills to ensure accurate and prompt payment. Responsible for coordination for each job process: Reporting, delivery, dispatch report, informing customer, artwork approval, billing part done. Proper training on CRM(Zoho) and accessing individual reports. Thorough product knowledge and process training for clients assigned. Cross training within the team. What Makes You a Great Fit? Experience: A Go-Getter You have 1-3 years of experience in inside sales, business development, or pre-sales, ideally in SaaS, corporate merchandise, or B2B sales. A Natural Connector You thrive on building relationships with HR, Marketing, Admin VPs, and senior decision-makers, understanding their needs, and guiding them toward the right solutions. Solution-Selling Mindset You consult and solve problems. You understand how businesses operate and can tailor conversations to drive impact. Communication & Persistence You re comfortable engaging with C-level executives, keeping momentum in conversations, and following up like a pro. A Target-Driven Closer Hitting goals isn t just an expectation it s what drives you. You have a track record of meeting or exceeding lead generation, SQL, and discovery meeting targets. Ready to Join the Mandaala MerchTech Movement? If you re a proactive communicator, relationship builder, and go-getter who loves creating new business opportunities, we want to hear from you! Just send us your resume and a quick note on why you d be a great fit. Drop it at careers@printstop.co.in, and let s grow together!

The CoinDCX Journey: Building Tomorrow, TodayAt CoinDCX, we believe CHANGE STARTS TOGETHER . You are the driving force that will help us make Web3 accessible to all.In the last six years, we have skyrocketed from being India s first crypto unicorn to carrying a community of over 125 million with us. To continue maximising the adoption and acceleration of Web3, we are now focused on developing cutting-edge products, addressing accessibility and security challenges, and bridging the gap between people and Web3 technologies. While we go ahead and keep dominating the Web3 world, we would like to HODL you on our team! Join our team of passionate innovators who are breaking barriers and building the future of Web3. Together, we will make the complex simple, the inaccessible accessible, and the impossible possible. Boost your innovation to an ALL TIME HIGH with us!Inside CoinDCX s Information Security TeamOur Information Security team protects CoinDCX s digital assets by ensuring the highest standards of security across all our operations. We re vigilant, proactive, and dedicated to safeguarding our systems and data. If you re an expert in information security with a passion for protecting digital finance, join us in securing the future of CoinDCX.Be Part of the Next Moonshot:This internship program offers a dynamic opportunity for college students interested in gaining hands-on experience in various facets of information security. Interns will be exposed to and involved in projects across multiple areas including Governance, Risk, and Compliance (GRC), Cyber Defense, Security Engineering, Security Awareness, Data Security, Privacy, and Security Testing.You need to be a HODLer of these * Currently pursuing a degree in computer science, prefer Information Security stream * Strong interest and foundational knowledge of information security concepts and principles. * Excellent analytical and problem-solving skills and effective communication and teamwork abilities.You will be mining through these tasksGRC (Governance, Risk, and Compliance): * Assist in the development and update of policies, procedures, guidelines and other mandatory documentation aligned with ISO 27001 (Information Security Management), ISO 27701 (Privacy Information Management), Service Organization Controls 2 (SOC2), Crypto Currency Security Standard (CCSS) standards. * Collaborate with internal staff for conducting compliance audits, and risk assessment activities. * Tracking and ensuring accurate execution of security and privacy KPI and KRIs. * Perform and support in various compliance activities towards sustenance of ISO 27001 and ISO 27701 certifications. * Carrying out the annual vendor security due diligence * Execute the annual security and privacy awareness trainings and ensure 100% compliance * Develop and release threat-based and industry specific security education and awareness via comms & fliers * Support the team in planning and executing of security & privacy events * Assist the team in preparing the organization for SOC attestations * Assist in implementing data security controls and protocols. * Aid in privacy assessments and compliance with data protection regulations. * Contribute to the automation and improve the effectiveness of GRC objectives such as implementation of GRC and privacy tools, automating GRC tasks, automated reporting of KPIs and KRIs, implementation of CISO dashboards, publishing the news letters etc.Security Awareness: * Support in developing and delivering security awareness programs and materials. * Assist in organizing training sessions and campaigns for staff awareness. * Design and execute simulation attacks such as phishing, social media attacks, etc. * Develop engaging themes and content for security awareness campaigns. * Conduct spot audits to assess employee adherence to security practices. * Conduct training sessions and awareness campaigns for staff education.Data Security and Privacy: * Assist in implementing data security controls and protocols. * Support data classification, encryption, and access management efforts. * Aid in privacy assessments and compliance with data protection regulations. * Perform user access reviews to ensure adherence to security policies. * Support in data classification and data discovery processes. * Assist in building automation tools for data security measures. * Contribute to building and maintaining rules in Data Loss Prevention (DLP) systems.Are you the one? Our missing block * You are knowledge-hungry when it comes to VDA and Web3, always eager to dive deeper and stay ahead in this evolving space. * The world of Web3 and VDA excites you, fueling your curiosity and driving you to explore new opportunities within this dynamic landscape. * You act like an owner, constantly striving for excellence, impact, and tangible results in everything you do. * You embrace a We over Me mindset, growing individually while fostering the growth of those around you. * Change is your catalyst, igniting your passion to build and innovate. * You think outside the box, unbound by limitations or doubt, always pushing the boundaries of what s possible.

About the role Unit & Position Description: DNV - Business Assurance Global Technical HUB (GTH ICT), part of Global Operations & Technical, is responsible for Global Accreditation and Compliance Governance in an efficient and cost-effective way. The Technical Developer Manager in the GTH are part of a global ICT technical team and work in close cooperation with the local units departments sales and operations. The role will report to GTH ICT Manager. The primary function of the ICT Technical Reviewer is to conduct technical approvals by means of review and verification of the various steps in the DNV Business Assurance certification processes. Tasks may include: Review and reporting of the quality of work delivered by DNV Business Assurance local units (LU) worldwide. The work comprises all types of technical approval (TA) work within the area of competence, quotes, report packages, project sampling, certification decisions, qualifications and other duties necessary to safeguard compliance. Ensure that the work is performed in accordance with the quality requirements of the activity, the procedures governing the activity and the specific instructions. Report back and revert non compliances to LU including escalation when needed. Technical support to managing accreditation activities (compliant, recall, internal audits, accreditation audit management) Develop technical guidelines/ instructions Cooperate with other ICT technical referents (Sales, MSC etc) Ensure co-operation and team building among the other DNV Functions (Sales, Customer Care, GCUs, etc.) Support the LUs in the most efficient and effective way to achieve their Quality and business targets and safeguard the acceptance by our global Accreditation Bodies and/or Standard Owners Support Management to solve internal/external audit findings and support other duties necessary to safeguard compliance Ensure that the independent nature of DNV Business Assurance is never compromised What we offer Flexible work arrangements for better work-life balance Generous Paid Leaves (Annual, Sick, Compassionate, Local Public, Marriage, Maternity, Paternity, Medical leave) Medical benefits ( Insurance and Annual Health Check-up) Pension and Insurance Policies (Group Term Life Insurance, Group Personal Accident Insurance, Travel Insurance) Training and Development Assistance (Training Sponsorship, On-The-Job Training, Training Programme) Additional Benefits (Long Service Awards, Mobile Phone Reimbursement) Company bonus/Profit share. *Benefits may vary based on position, tenure/contract/grade level* About you Position Qualifications: Bachelor s degree or higher or equivalent experience in ICT area Broad experience and auditor qualification (internal/external) in ISO 27001 and/ot technical sectors are required Qualification in schemes ISO 20000 and/or ISO 22301 preferred Experience in management system certification Pragmatic approach, an efficiency driven and solution-oriented mindset, detail orientation and strong organization skills Strong proficiency with Microsoft Office (Excel, Outlook, Word) Excellent interpersonal and verbal/written English communication skills are essential

Transport is at the core of modern society. Imagine using your expertise to shape sustainable transport and infrastructure solutions for the future? If you seek to make a difference on a global scale, working with next-gen technologies and the sharpest collaborative teams, then we could be a perfect match. Purpose The Cybersecurity Engineer (PCS Coordinator/ CS Project Manager) is a lead Product Cybersecurity Engineer within the development process at GTT. The PCS Coordinator is an appointed Product Cybersecurity Engineer (PCSE) with sufficient technical knowledge within product cybersecurity and domain, expected to coordinate the cybersecurity work on assigned Techno Stream and act as the gateway between his Techno Stream and organisation to ensure execution of cybersecurity activities within the Techno Stream. Each PCS Coordinator at GTT has responsibility to drive CS activities for at least one EUF, system, subsystem, or component (ECU) with E/E contents. All Techno Streams with this ownership shall have an appointed PCS Coordinator to plan and execute related PCSMS activities also generate needed documentation. Responsibilities Act as Vehicle CS Coordinator within central PCSMS Team and take on the below responsibilities: Act as CS Epic Owner in case of existence any specific cybersecurity EPIC. Create / Update / Refine cybersecurity work packages for various vehicle programs, supporting intro block s epic owners or work package Leaders. Monitor the progress of CS activities performed by Techno Stream to identify certification & compliance related risks and help development streams to address the same within specified time limits. Provide necessary guidance and clarity to the stakeholders on the cybersecurity deliverables with the release of official work packages. Follow up the objective, entry, exit and acceptance criterion of Cybersecurity deliverables for every Vehicle Development milestone (from concept until End of Life) and ensure compliance. Release official Product Cybersecurity time plan thereby identifying program risks, plan mitigations and further secure consensus within the stakeholders. Reporting in periodic Cybersecurity Program reviews concentrating on the time & quality of deliverables for every milestone. Coordinate & facilitate effective communication between internal & external (if applicable) cybersecurity stakeholders to achieve the common objective of R155 Cybersecurity Vehicle Type Approval Certification in line with the business requirements. Support the engagements with regional technical services & type approval authorities related to R155 Cybersecurity Vehicle Type Approval as per the business requirements. Apart from all responsibilities assign to PCSE, additional activities rely on PCS Coordinator including: Support the Techno Stream s management team with cybersecurity management competence as a speaking partner. On delegation by PO/PM, perform PCSMS activities and drive the cybersecurity activities on end user function respective system, component. Technical contribution (along with product cybersecurity engineer) to perform and updating cybersecurity deliverables such as TARA, cybersecurity concept and cybersecurity specification development. Represent the Techno Stream in all cybersecurity community of practice (e.g., PCS Clinic) as active member. Represent the Techno Stream in type approval procedure (new and extension) & provide needed evidence to central team to provide document needed for technical services. (Contents in needed documents e.g., InfoDoc) Domain responsible for cybersecurity culture, planning and reporting. Develop and follow up cybersecurity plan for project according to scope and delivery. Request Verification Review (VR) from appropriate reviewer including XF team where higher independence is required. Request cybersecurity validation from the penetration testers. Authorities Upon agreement with the PO who owns respective cybersecurity artefacts, PCS Coordinator is eligible to release documents in long time storage (e.g., phoenix) Technical approval of CS-QDPR Compliance Matrix, including suppliers deviations. Accept the suppliers CS Case and the suppliers CS Assessment Report. (If applicable) Plan and conduct the product CS Safety Joint Reviews. (If applicable) Demand CS status from projects within the Techno Stream. Indicate and raise the need for a CS deviations Approval to project management / line management. (If deviation occurs and there is rational motivation available) Demand action from project management and/or line management when CS work products are missing or have inadequate quality. Qualification and Competences B.E/B.Tech or ME/M.Tech in Computer Science, Electronics, Electrical or equivalent with 4+ years of experience into automotive cybersecurity Knowledge of embedded and/or automotive systems Knowledge of cybersecurity engineering best practices, standards, and regulation (i.e., ISO/SAE 21434, SAE J3061, ISO 27001/27002, UNECE R155) Knowledge and practical experience with common cybersecurity controls e.g., secure boot, security onboard and offboard communication, hardware security module. Knowledge and experience in cybersecurity threat analysis and risk assessment process and techniques Strong problem-solving skills to analyse cybersecurity issues and requirements. Technical Knowledge related to the product(s) that the Techno Stream is responsible for In case the Techno Stream s product has elements related to off-board systems, Knowledge about the extended vehicle ecosystem is needed. Domain knowledge related to the Techno Stream with regards to exposed interfaces, threat scenarios, vulnerabilities, conventional functionality, and cybersecurity mechanisms. We value your data privacy and therefore do not accept applications via mail. Who we are and what we believe in We are committed to shaping the future landscape of efficient, safe, and sustainable transport solutions. Fulfilling our mission creates countless career opportunities for talents across the group s leading brands and entities. Applying to this job offers you the opportunity to join Volvo Group . Every day, you will be working with some of the sharpest and most creative brains in our field to be able to leave our society in better shape for the next generation. We are passionate about what we do, and we thrive on teamwork. We are almost 100,000 people united around the world by a culture of care, inclusiveness, and empowerment. At Group People & Culture , a part of Volvo Group, we create the foundation and frameworks for people growth and organizational development, to drive the people agenda that enables the realization of the Volvo Group aspirations through people strategy and commitment. You will be part of a global and diverse team of highly skilled professionals who work with passion, trust each other and embrace change to stay ahead.

About Sprinto Sprinto is a leading compliance automation platform that helps SaaS companies achieve and maintain information security certifications like SOC 2, ISO 27001, GDPR, and more. With 2500+ customers across 75+ countries and $31.8 M in funding from Accel, Elevation, and Blume Ventures, Sprinto is scaling fast and securely. The Role We are looking for a high-performing Account Executive to join our EU sales team. In this hunting role, you ll work alongside an SDR to build a strong pipeline, close deals, and contribute directly to Sprinto s growth. You ll own the full sales cycle from discovery to closure selling into fast-growing SaaS companies. What You ll Do: Run discovery calls to understand prospects compliance needs and pain points Manage the complete sales cycle from qualified lead to deal closure Partner with SDRs to drive pipeline generation efforts Deliver tailored product demos and value-driven sales presentations Navigate multiple stakeholders and run effective sales processes Maintain accurate CRM records for forecasting and reporting Stay up to date with the compliance space and competitive landscape What We re Looking For: 3-6 years of B2B SaaS sales experience At least 2 years in a quota-carrying, closing role Experience selling to the EU market Strong communication, discovery, and negotiation skills Proven track record of meeting or exceeding targets Familiarity with sales tools like Hubspot and LinkedIn Sales Navigator Benefits: Remote First Policy 5 Days Working With FLEXI Hours Group Medical Insurance (Parents, Spouse ,Children) Group Accident Cover Company-Sponsored Device New skill development pay Sales_POD

Summary CSOC Engineering will be an integral part of the Novartis Cyber Security Operations Center (CSOC). The CSOC is an advanced global team passionate about the active defence against the most sophisticated cyber threats and attacks. By leveraging various tools and resources, the CSOC Engineer Lead will help to proactively detect, investigate, and mitigate both emerging and persistent threats that pose a risk to Novartis networks, systems, users, and applications. The main objective of the CSOC Engineering Lead is to design, develop, implement, and manage dataflow pipelines and integrate them with SIEM platforms such as Sentinel and Splunk. The Data onboarded to SIEM will be Crucial for CSOC Analysts and the content development and SOAR Engineers to develop monitoring alerts and automation playbooks. Collaboration with internal and external stakeholders, including Novartis internal teams, external vendors, and Product/Platform engineers, will be a crucial aspect of this role. The CSOC Engineering Lead will collaborate closely with these stakeholders to understand and integrate various datasources. This may involve utilizing services such as Cribl, Syslog NG, Azure Monitoring Agent, Universal Forwarder to list a few. Furthermore, the CSOC Engineering Lead will work in close partnership with the CSOC stakeholders, including TDR, THR, Forensic, Content Development, and SOAR teams. Their expertise and collaboration will be instrumental in quickly resolving any Data onboarding requests or resolve any issues with the detection rule on security tool such as SIEM, DLP, EDR. Overall, the CSOC Engineering Lead role is pivotal in ensuring the proactive defence of Novartis critical assets, systems, and infrastructure against the ever-evolving landscape of cyber threats. About the Role MAJOR ACCOUNTABILITIES In addition to accountabilities listed above in Job Purpose: CSOC Engineering Lead Lead and manage a geographically distributed team of Skilled Engineers, providing guidance and support while leveraging their diverse skillsets and personalities. Evaluate and review performance metrics and KPIs to ensure the Onboarding team is meeting targets and delivering efficient and effective results. Take accountability for the teams performance in various areas, including but not limited to data onboarding to: SIEM platforms such as Sentinel and Splunk Supporting audit requests and reports Engaging with product teams to address technical challenges Managing stakeholders commitments Act as the primary point of contact for first-level escalations, addressing any issues or concerns that arise and ensuring timely resolution. Develop and maintain comprehensive documentation to facilitate knowledge sharing and ensure quality outcomes are consistently achieved. Drive a culture of continuous improvement and innovation within the team, identifying opportunities to optimize processes and enhance efficiency. Serve as a subject matter expert in onboarding processes and play an active role in guiding the team and providing expertise whenever needed. CSOC Engineer Evaluate and onboard new data sources, performing data analysis for identifying anomalies and trends, and developing dashboards and visualizations for data reporting. Design and create security detection rules, alerts, and Use Cases utilizing platforms such as SIEM, DLP, EDR, and WAF. Develop robust detection mechanisms to identify and respond to potential security threats across various security technologies. Collaborate with cross-functional teams to understand risks and develop effective detection strategies that align with organizational security goals. Regularly review and enhance existing detection rules and Use Cases to ensure their effectiveness and alignment with emerging threats and vulnerabilities. Troubleshoot and provide support for onboarding issues with platforms like Sentinel, Splunk, and Cribl. Validate and ensure proper configuration and implementation of new logics with security system and application owners. Perform data normalization, establish datasets, and develop data models. Manage backlog of customer requests for onboarding new data sources. Detect and resolve issues in various data sources, implementing health monitoring for data sources and feeds. Identify opportunities for automation in data onboarding and proactively detect parsing/missing-data issues. KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS Maintaining and Improving Data Onboarding team performance according set KPIs. Evaluate and review Team performance. Identify technology and process gaps that affect CSOC services; propose solutions and make recommendations for continuous improvement. PERSONAL CONSIDERATIONS As the role is part of a global organization, willingness for required traveling and flexible work hours is important. Provide 24x7 on-call support on a rotational basis, including weekends, to ensure system stability and incident response readiness. EDUCATION / EXPERIENCE EDUCATION Essential: University working and thinking level, degree in business/technical/scientific area or comparable education/experience. Desirable: Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner. Professional (information system) risk or audit certification such as CIA, CISA or CRISC. Advanced training/certification on S ecurity tools like Splunk, Sentinel, XDR, DLP SANS certification s (for security analyst/SIEM) EXPERIENCE 8+ Years work experience. Strong managing skills. Good general security knowledge. Strong knowledge of security tools (DLP, XDR, SIEM, Firewalls). Experienced IT administration with broad and in-depth technical, analytical and conceptual skills. Experience in scripting and Automation for Security tools. Experience in Security Engineering tasks such as SIEM alert creation, SOAR playbook development Experience in reporting to and communicating with senior level management (with and without IT background, with and without in-depth risk management background) on incident response topics. Strong written and verbal communication and presentation abilities, with the capacity to effectively convey information risk-related and incident response concepts to both technical and non-technical stakeholders. Exceptional interpersonal and collaborative skills, fostering effective communication and cooperation with diverse individuals and teams. Exceptional understanding and knowledge of general IT infrastructure technology and systems. Proven experience to initiate and manage projects that will affect CSOC services and technologies. PRODUCT/MARKET/CUSTOMER KNOWLEDGE Good understanding of pharmaceutical industry. Good understanding and knowledge of business processes in a global pharmaceutical industry. SKILLS/JOB RELATED KNOWLEDGE Firsthand experience of Security tools like Splunk, Sentinel, XDR, DLP. Direct experience managing Data ingestion pipeline through Cribl. Understanding of security systems (such as AV, IPS, Proxy, FW) . Security use-case design and development Understanding of SOAR Development experience in python (SDKs) An understanding of error messages and logs displayed by various software. Understanding of network protocols and topologies. Strong technical troubleshooting and analytical skills. A knowledge of the MITRE ATT&CK framework is beneficial. Ability to prioritise workload. Team management Excellent written and spoken English. Calm and logical approach. NETWORKS High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity. Ability to manage competing priorities, and seeking consensus when stakeholders have different or even contradicting opinions. OTHER Fluency (written and spoken) in English CORE COMPETENCIES Leadership Establishes clear direction and sets stretch objectives. Aligns and energizes Associates behind common objectives. Champions the Novartis Values and Behaviors. Rewards/encourages the right behaviors and corrects others. Establishes clear directives and objectives. Communicates positive expectations for others on the team. Integrates and applies learning to achieve business goals. Customer/Quality Focus Assigns highest priority to customer satisfaction. Listens to customer and creates solutions for unmet customer needs. Established effective relationships with customers and gains their trust and respect. Defines quality standards to ensure customer satisfaction. Creates and supports world-class quality standards to ensure customer satisfaction. Fast, Action-Oriented Is action-oriented and full of energy to face challenging situations. Is decisive, seizes opportunities and ensures fast implementation. Strives for simplicity and clarity. Avoids bureaucracy. Alerts others to potential risks and opportunities. Keeps organizational processes simple and efficient. Takes acceptable/calculated risks by adopting new or unknown directions. Results Driven Can be relied upon to succeed targets successfully. Does better than the competition. Pushes self and others for results. Anticipates potential barriers to achievement of shared goals. Pushes self and others to see new ways of achieving results (e.g., better business model). Uses feasibility and ROI analyses to ensure results. Keeps pace with new developments in the industry.

Hi Everyone, I am on lookout for Specialist S&I NIST for a leading product based MNC in Kharadi, Pune. Kindly refer below JD and share your resume on pallavi.ag@peoplefy.com Job Description Summary:- Experience with Audit, Compliance and Regulatory for IT landscape Strong IT Security experience Good understanding with Security principles and Security Frameworks NIST and ISO 27001 experience for 5 years Developed and implemented NIST and/or ISO frameworks within IT Security Landscape

Hands on required skills- IT Audit Planning and Management, Conducting ISO27001 Audits, Reporting Corrective Actions and Follow-up Implementation of ISO27001 ITGC, Cyber Security, SOC 2 Interested Please share resume on sonali.singh@riskpro.in

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organizations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realize their ambitions. We are currently seeking an experienced professional to join our team in the role of Consultant Specialist In this role you will: Serve as the subject matter expert (SME) for risk and controls across SDLC, DEPL, CHNG, and INCM processes. Provide proactive advisory support to technology teams to design, implement, and enhance control environments aligned with policies, regulatory expectations, and risk appetite. Conduct deep dives into control frameworks for software development, deployment, change management processes, and incident management processes. Drive end-to-end risk assessments, control testing, and effectiveness reviews. Partner with DevOps, Engineering, and Production Support teams to embed risk identification and mitigation into Agile and DevSecOps pipelines. Review and challenge process changes to ensure appropriate risk considerations are incorporated. Support audit, regulatory exams, and compliance reviews; act as point of contact for technology-related audits within scope. Monitor key Control indicators (KCIs), incidents, issues, and control breaches, providing insights and recommendations to senior leadership. Provide training and awareness sessions for control owners and technology partners. Champion a strong risk culture across the organization. Requirements To be successful in this role, you should meet the following requirements: 8+ years of experience in Technology Risk, IT Audit, IT Governance, or related fields. Proven experience in DevOps practice and automation. Knowledge in Linux/Unix based operating systems. Experience in containerization and orchestration Deep understanding of SDLC frameworks (Agile, Waterfall, DevOps) and associated risk management practices. Strong knowledge of deployment automation, change management controls, and incident management best practices. Familiarity with control standards such as COBIT, NIST, ITIL, and ISO 27001. Proven experience advising technology teams and senior stakeholders. Hands-on experience with tooling such as ServiceNow, JIRA, GitHub, or similar for SDLC/CHNG/INCM. Excellent analytical, communication, and stakeholder management skills. Ability to influence without authority and drive a proactive risk management culture .

Role & responsibilities General description of the role: Minimum 8 years of experience in managing security audits, such as, ISO 27001, HIPAA, SOC 1, SOC2, PCIDSS Including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors In-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, or HIPAA, PCIDSS audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Assist in testing and verification of all controls and formulating reports documenting findings. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Work closely with internal business teams to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans. Ensure continuity of compliance with ISO27001 and ISO 22301, PCI DSS, HIPAA, GDPR Analyse potential impact of new threats and communicates risks to relevant business units Manage security operations, analyse security exceptions, gather necessary background information, document exceptions and ensure that the risk is recognized and managed with compensating controls Provide orientation to Business Units on Risk Assessment, Business Continuity Plan and Business Impact Analysis Facilitate in preparation of Business continuity plan for each project and functions Conduct internal ISMS and BCMS audits and identify potential gaps in the system Prepare detailed and summary reports of assessments, remediation plans as needed and advise internal stakeholders Report the audit findings on the potential weakness in the system and areas of improvement Preferred candidate profile Top 5 Skill Set Hands-on experience with security technologies Experience in Information security and business continuity internal audits Strong Knowledge in risk management, ISO 27001, ISO 22301 PCI DSS, HIPAA, GDPR, SOC 2 Knowledgeable in security concepts, techniques, tools, methods, and practices Good technical in cyber security products Individually to perform the technical audits

To oversee servers, computer hardware and IT networks (LAN/WAN) and CCTV and ensure appropriate maintenance, upgradation and integration to improve efficiencies. To partner in continuous improvement initiatives through Information Technology support to incorporate changes and improve productivity to match current and future business needs \ Budgetery Responsibilty: Tracking and utilizing CAPEX budgets for increasing efficiencies of user departments without budget over-runs in the specified period Compliance - Renewing necessary licenses for usage of IT software and applications through necessary documentation and processes Implementing compliance of IT Security on Server and Desktop as per Corporate and Unit IT policy. Implementing compliances related to ISO 27001 or other applicable upgraded certifications and interfacing with external agencies for periodic audits Others Customer Centric: Maintaining fault tolerance backup network links to provide application availability to users in case of crashes with least failure over time. Providing IT related support to Automation and Electrical department to integrate their systems for real time and on-line access Others Planning: Giving inputs for CAPEX & OPEX plan and budget based on SWOT, emerging needs of the business, upgradation of infrastructure de-supported by OEM Identifying new requirement in IT Infrastructure such as Server, Storage, Network Take care of daily operational needs Qualifications: Computer Science Engineering,Master In Computer Science Report to: Manager

Job Summary: We are seeking a dynamic and experienced Cybersecurity SOC Group Head to lead and oversee the operations, strategy, and continuous improvement of our 24/7 Security Operations Center. This role is critical to managing cyber threats, detecting and responding to incidents, and ensuring the overall security posture of the organization. The ideal candidate will bring a strategic vision, deep technical expertise, and strong leadership to transform and evolve SOC capabilities. Qualifications: Bachelors or Master s degree in Computer Science, Information Security, or related field. Minimum 12+ years of cybersecurity experience, with at least 5+ years in SOC leadership roles. Proven experience managing large SOC teams in enterprise environments or MSSP settings. Strong knowledge of SIEM (e.g., Splunk, Qradar, MS Sentinel ), SOAR, EDR (e.g., CrowdStrike,Microsoft Defender for Endponts), and cloud security. Deep understanding of attack vectors, threat landscapes, and incident response lifecycle. Relevant certifications such as CISSP, CISM, GIAC, or SANS GCIH/GSOC preferred. Soft Skills: Excellent leadership, people management, and conflict resolution skills. Strong communication and reporting abilities for executive-level stakeholders. Ability to work under pressure during high-stress cyber incidents. Preferred Experience: Experience in multi-tenant SOC environments or MSSPs. Familiarity with OT/ICS security (for industrial environments) is a plus. Global experience across multiple geographies and regulatory landscapes. Strategic Leadership: Define the vision, strategy, and roadmap for SOC operations in alignment with enterprise cybersecurity goals. Drive maturity improvements using NIST CSF, MITRE ATT&CK, and other industry frameworks. Oversee budget planning, resource allocation, and SOC capability development. Operations Oversight: Manage daily SOC operations, including threat monitoring, detection, triage, incident response, and escalation. Lead efforts to enhance SOC processes, use cases, and threat detection logic. Establish and enforce KPIs, SLAs, and operational metrics to evaluate performance. Team Management: Build and lead a team of SOC analysts, incident responders, threat hunters, and shift leads. Develop training programs and career paths to upskill and retain top cybersecurity talent. Establish a 24/7 shift model (if not already implemented) and ensure coverage during cyber crises. Technology & Tools: Oversee and optimize the use of SIEM, SOAR, EDR, XDR, and threat intelligence platforms. Collaborate with engineering and IT teams to integrate data sources and enrich detection capabilities. Lead initiatives to automate repetitive tasks and enhance alert quality through use of ML/AI where applicable. Incident Management: Serve as executive escalation point for critical incidents and major breaches. Coordinate with IR teams, forensic experts, legal, PR, and compliance during high-impact events. Conduct post-incident reviews and ensure root cause remediation. Collaboration & Compliance: Act as the SOC representative in internal audits, regulatory assessments, and external engagements. Collaborate with threat intelligence, GRC, infrastructure, and application security teams. Ensure alignment with compliance requirements such as ISO 27001, NIST, GDPR, HIPAA, etc.

Role: IT Manager - Budgets are around 10-12L Focus Areas: 1. ISO Implementation (Process & Security) Lead the design and roll-out of ISO-aligned processes (e.g., ISO 27001) Manage internal audits, gap assessments, and remediation planning 2. Process, Controls & Policies Develop, document, and maintain IT policies (access, change, incident) Establish IT process controls (change management, vendor risk, backup/DR) 3. Identity Management Deploy and administer identity & access management (IAM) systems Define role-based access controls (RBAC) and periodic access reviews 4. P&L Controls in IT Track and report IT budget vs. actuals, optimizing spend Implement cost-control measures and financial governance for IT

Not Applicable Specialism Risk Management Level Senior Associate & Summary A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats. Why PWC Learn more about us . s Bachelors in computer science/Information Systems/Engineering or equivalent Minimum 3+ years of experience in IT C ybersecurity CISA (Certified Information Security Auditor) / ISO 27001 (LA/LI) / ISA/IEC 62443 Cybersecurity Fundamentals Specialist / ISA/IEC 62443 Cybersecurity Risk Able to perform the IT/OT cybersecurity assessment independently and determine the best method of protecting the network, systems, software, and information or operational systems from any potential attacks. Perform and Verification of vulnerabilities, threat analysis, and security checks. Conduct research on cyber security criteria, security systems, and validation procedures Use businessstandard analysis criteria, investigate, and provide security solutions. Provide technical reports and official papers based on test results. Provide professional guidance and supervision to security teams. OSCP / Cloud security (public & private cloud) / CISA (Certified Information Security Auditor) / ISO 27001 (LA/LI) / CEH / ISA/IEC 62443 Cybersecurity Fundamentals Specialist Able to perform the IT cybersecurity assessment independently (Application testing, Network VAPT, Configuration review, cloud assessment, etc ) To determine the best method of protecting the network, data, software, and information systems from any potential attacks. Mandatory Skill Sets OT Security Preferred Skills Sets OT Security Year of Experience required 4 Education Qualifications Any Graduate Education Degrees/Field of Study required Bachelor Degree Degrees/Field of Study preferred Required Skills Operational Technology (OT) Security Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Azure Data Factory, Communication, Creativity, Cybersecurity, Cybersecurity Governance, Data Architecture, Data Archiving, Data Flow Mapping, Data Privacy Act, Embracing Change, Emotional Regulation, Empathy, Enterprise Content Management, Incident Response Plan, Inclusion, Information Rights Management (IRM), Information Security, Information Security Governance, Information Security Management System (ISMS), Intellectual Curiosity, IT Infrastructure {+ 11 more} No

The Operational, Technology and Cyber Risk (OTCR) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank s operations, data, and IT systems by managing operational, technology and cyber risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Group OTCR team serves as the second line of defence for assuring that controls are implemented effectively, in accordance with the OTCR Framework, and for instilling a risk culture within the Bank Key Responsibilities The Head of Policy & Regulatory Management is a key leadership role responsible for developing, implementing, and maintaining robust policies, and overseeing standards and controls to safeguard the companys information assets and ensure regulatory compliance within the dynamic industry. This role will lead a small team of policy and risk professionals, collaborate with key stakeholders across the organization, and act as a subject matter expert on evolving cyber security and technology policy matters. The Policy team are responsible for defining and maintaining Cyber and Technology Policy and overseeing first line standards and control implementation. Policy and standard set out the mandatory outcomes the Bank needs to manage the requisite risks effectively, requiring regular update and management to deliver operationally effective and future fit guidelines. The role will be responsible for providing thought leadership on best-in-class policy, standards and control delivery, helping drive the simplification, consolidation and continuous improvement. The role also includes executing Legal and Regulatory Management activities related to the respective policies and frameworks including mapping of regulatory requirements against new regulations and responding to regulatory RFI s. Skills and Experience The ICS & Technology Policy function is responsible for ensuring that the respective policies remain valid, relevant and effective together with the Standards that support the Policy. The responsibilities include. Develop, maintain, and enforce comprehensive Cyber Security and Technology policies that are aligned with industry best practices (e.g., NIST, ISO 27001, PCI DSS), regulatory requirements (e.g., GDPR, CCPA, FFIEC), and business objectives. Ensure policies are clearly documented, communicated, and readily accessible to all relevant stakeholders. The role will be heavily focused on driving enhancement and convergence across ICS and Technology. This will include providing thought leadership on risk and controls, guiding the organisation to develop a simplified control taxonomy, and improving measurement, reporting and compliance. Ensure forward looking approach to assess and update the Policy for fast evolving emerging technologies such as AI, Quantum Computing and Digital Assets. Ensure alignment across wider Risk Frameworks and ecosystem, connecting the dots across frameworks, policy, standards, controls, and process. Qualifications A rigorous and analytical approach to risk management Knowledge of the Business and its franchise and/or remit. Experience of business partnering, including the ability to synthesise and articulate complex and technical topics clearly to diverse audiences Ability to manage a diverse and challenging stakeholder community / team Proven experience with co-ordination of many dependencies in a complex, large-scale environment Specific strong competence in the use of Excel for analysis of complex data and PowerPoint for communication purposes Ideally the role holder will have specific experience of OTCR frameworks and have an in-depth knowledge of some of the key organisational and operational challenges faced by a Second-Line Risk function. Group, with specific knowledge in cyber and information security risk Ability to represent the Bank with external stakeholders via Industry Forums and at key Regulatory meetings. Ability to assess priorities and focus on detailed aspects of a SME function to drive effective delivery Excellent analytical skills: ability to think clearly and rigorously about how best to assess existing and emerging risks and readiness, being able to reach a pragmatic approach and direction. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations. Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum. Flexible working options based around home and office locations, with flexible working patterns. Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning. Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. 24833

Job Title: Principal Information Security Specialist Job Code: 10034 Country: IN City: Mumbai Skill Category: IT\Technology Description: Responsibilities: Lead operational execution of enterprise data protection tools including BigID, MIP, DLP, Thales, Truffle Hog, etc. Manage endtoend incident response workflows related to data leakage, sensitive data discovery, and misconfiguration. Ensure operational efficiency of data discovery, classification, and protection capabilities across endpoints, cloud, and onprem environments. Collaborate with engineering, compliance, legal, and business teams to define and implement data protection policies. Oversee and optimize data classification strategies (manual, suggestive, and automated). Track and report key metrics including incident trends, false positives, and SLA adherence. Drive adoption and user training programs related to data classification and labeling. Participate in and lead audits, risk assessments, and regulatory readiness reviews. Own tool lifecycle from onboarding, configuration, integration to tuning and decommissioning. Serve as escalation point for highpriority incidents, executive reporting, and stakeholder briefings. Knowledge, Skill, Experience Required: Required: 1315+ years of overall experience in Information Security. 8+ years of direct experience in data protection, DLP, or data privacy. Proven experience managing enterprisegrade tools like BigID, MIP, Symantec/Forcepoint DLP, Thales Cipher Trust, Truffle Hog, and/or others. Strong understanding of data discovery, classification, encryption, rights management, and related regulatory standards (e.g., GDPR, HIPAA, DPDP, CCPA). Solid background in cloud security controls (M365, AWS, Azure, GCP) and hybrid deployments. Expertise in SIEM and SOAR integrations, incident response, and threat modeling. Experience with scripting or automation (e.g., Python, PowerShell) a plus. Familiarity with compliance frameworks such as ISO 27001, NIST, RBI, etc. Beneficial: Symantec and Forcepoint DLP Certification Microsoft Certified: Information Protection Administrator Associate (SC400) Certifications such as CIPT, CIPP, CISSP, CISM, or equivalent preferred. Azure Security / Microsoft 365 Security certifications Personal Characteristics: Strategic thinker with handson execution capability. Excellent communication and stakeholder management skills across technical and nontechnical audiences. Strong problemsolving and analytical skills. High degree of professional integrity, ownership, and accountability. Proactive and collaborative team leader, able to operate in crossfunctional and matrixed environments. Adept at working under pressure with strong prioritization and decisionmaking skills. We are committed to providing equal opportunities throughout employment including in the recruitment, training and development of employees. We prohibit discrimination in the workplace whether on grounds of gender, marital or domestic partnership status, pregnancy, carer s responsibilities, sexual orientation, gender identity, gender expression, race, color, national or ethnic origins, religious belief, disability or age. *Applying for this role does not amount to a job offer or create an obligation on Nomura to provide a job offer. The expression "Nomura" refers to Nomura Services India Private Limited together with its affiliates.

Job Description Overview of Fieldwork team: Fieldwork team uses our proprietary tool called IPP which does target list matching with our panel, list upload, emailing, campaign creation, redirections, sample out, fax handling etc to ensure all project sampling activities done properly. Broad Responsibilities: Work on the assigned Sampling task and ensure quality completion in a quick TAT Identify and implement innovative techniques and solutions that can be adapted into Sampling workflow as best practices Conduct quality control checks on process front to ensure error free deliverables Coordinate and consult with Project Managers on prioritizing the work and its deliverables without compromising on client satisfaction and assigned deadline Should be committed for BCP (Business Continuity Plan) when needed Pre-requisites for hiring: Strong expertise in Market Research Services focusing on Healthcare Vertical and consumer experience Strong Knowledge of Excel, Word, and any programming language would be added advantage Adaptability, flexibility and the ability to work under pressure Strong organizational and communication skills Commitment to work beyond working hours to achieve deadline when necessary to keep client satisfaction high As part of job responsibilities, you are required to comply with ISO 20252:2019 and ISO 27001 standards . Willing to work in US Shift (6:00 PM to 3:00 AM or 7:00 PM to 4:00 AM) Qualifications BCA/BSc graduate

About LeadSquared: One of the fastest-growing SaaS companies in the CRM space, LeadSquared empowers organizations with the power of automation. More than 1700 customers with 2 lakhs+ users across the globe utilize the LeadSquared platform to automate their sales and marketing processes and run high-velocity sales at scale.We are backed by prominent investors such as Stakeboat Capital, Jyoti Bansal, and Gaja Capital to name a few. We raised $153mn in our latest Series C funding round from WestBridge Capital, and were now Indias 103rd Unicorn! We are expanding rapidly and our 1100+ strong and still growing workforce is spread across India, the U.S, the Middle East, ASEAN, ANZ, and South Africa. * Among the Top 50 fastest-growing tech companies in India as per Deloitte Fast 50 programs * Frost and Sullivans 2019 Marketing Automation Company of the Year award * Among Top 100 fastest growing companies in FT 1000: High-Growth Companies Asia- Pacific * Listed as Top Rates Product on G2Crowd, GetApp, and TrustRadiusLocation: Cessna Business Park (Bangalore)-WFORequirements: * 2-3 years of experience in product or application security; at least 1 year of hands-on software development experience is highly desirable. * Proficiency in application security testing using tools such as Burp Suite, SonarQube, SQLMap, and others (SAST, DAST, SCA). * Experience with secure coding practices, and strong scripting skills in Python or JavaScript. * Solid understanding of industry standards and frameworks such as OWASP Top 10, SANS CWE, etc. * Knowledge of security fundamentals like cryptography, authentication, risk assessment, and threat modeling. * Exposure to cloud platforms (e.g., AWS, Azure) and their associated security best practices. * Familiar with CI/CD pipelines and DevSecOps practices for integrating security into development workflows. * Understanding of compliance standards such as ISO 27001 and HIPAA. * Ability to automate security testing to increase assessment coverage and efficiency. * Strong communication skills to effectively convey technical findings to both technical and non-technical stakeholders.Key Responsibilities: * Conduct application security assessments on web,API and mobile platforms. * Perform secure code reviews on apps * Carry out cloud security assessments for SaaS infrastructure and services. * Manage the vulnerability lifecycle from discovery to resolution. * Deliver security training and awareness sessions to internal teams. * Develop tools and frameworks to support security automation and engineering initiatives.

Job Description: Risk Management is a crucial department in FIS which is responsible for Control assessment, SSAE 16 assessment, Vendor due diligence and Risk assessment. About the Team: Our team of associates are great to work with, and we have an awesome team of management professionals who are there to help guide you to success. We believe our clients are the most important aspect of our business. Our determination to be the best that FIS has to offer rings true with each team member through training, knowledge, and a desire to excel in the financial world. What You Will Be Doing: Performing Vendor Risk Assessment & Reviews for Internal and External client vendors as per ISO 27001, PCI DSS, HIPPA, RBI, GLBA etc. Develop utilizing key control objectives and principles from the Federal Financial Institutions Examination Council (FFIEC), the Gramm-Leach-Bliley Act (GLBA), the Federal Trade Commission (FTC), the Health Information Portability and Accountability Act (HIPAA), and other relevant requirements. Performing the Control Testing as per Data Security Standard for APAC & AUS Business. Support the various requirements towards compliance for ISO 27001 and other second party audits. In co-ordination with Internal Audit guidelines, conduct routine audit checks to verify the compliance to the RISC Policy and Procedures. Prepare audit reports and work paper with the process owners to close the findings. Designed to manage and mitigate operational and reputational risk associated with third party provider services. Key elements of the Process include: due diligence reviews, service provider selection, contract establishment and ongoing monitoring practices related to third party relationships and adequate risk assessment activities at all stages of the lifecycle. Performing the Pre-SSAE 16 review for the International Products and Business as per client requirement. What you bring: B Tech or Technical Graduates can apply The candidate must have 3-6 years of experience for desired position. Ability to create new controls as per need and not dependent on existing controls. Governance, Risk Management, Compliance, Internal Audit, Vendor Management, Analysis of loss data. Must have worked or having theoretical knowledge on Risk Assessment. Must have a broad knowledge of technology and Information Security technology and methodologies particularly including for example, SSAE 16, ISO 27001, PCI DSS. ISO 27001, PCI DSS, HIPPA, RBI, GLBA etc. Self-driven who can take initiative to get things done on their own without waiting to be told. Good communication and writing skills A team player and ability to lead team. Project and assignment management. What we offer you: A multifaceted job with a high degree of responsibility and a broad spectrum of opportunities A broad range of professional education and personal development possibilities - FIS is your final career step! A competitive salary and benefits. A variety of career development tools, resources and opportunities

Senior Cybersecurity Specialist Are you an experienced cybersecurity professional who is excited about practical application of cybersecurity into industrial and IoT environmentsWe would like to have you on our team to keep smart cities cybersecure! The KONE Technology and Innovation (KTI) function is where the magic happens at KONE. Its where we combine the physical world - escalators and elevators - with smart and connected digital systems. We are changing and improving the way billions of people move within cities every day. Within the KONE Technology & Innovation unit, we have a dedicated C ybers ecurity team for assuring the security of KONE s products and solutions as well as applications used by KONE s business lines. Buzzwords: Application security, Cloud security, SDL, DevSecOps We are now looking for a person to support and drive the Security Development Lifecycle (SDL) activities in KONE solution development projects. Our solutions range from connected elevator systems to cloud services and to mobile applications for technicians and for end users. As a Senior Cybersecurity Specialist, you will be responsible for supporting KONE development teams globally to identify and implement security requirements and to review and test the solutions as they have been implemented. You enjoy working in co-operation with development teams to offer solutions for security problems and practical guidelines on how to implement security in the projects. You get to conduct threat analysis and identify the appropriate security requirements. You don t shy away from getting hands on with application owners and developers to guide them or help them implement the necessary security controls. Through validation and testing you ensure that controls are implemented, and the requirements fulfilled. You support our becoming and existing Security Champions to succeed in their roles by guiding, identifying their skill gaps, and providing training. You might be an experienced security-minded software developer, or perhaps you are a cybersecurity professional who has specialized in application security. You can communicate with various audiences, and you can deal both with the big picture as well as with details when so required. The position is located in Pune, India. Responsibilities Act as a cybersecurity advisor and provide security expertise and guidance to development and operations teams. Conduct risk-based security impact assessments to classify applications and assign appropriate security requirements. Translate requirements into actionable tasks and guide stakeholders in understanding and implementing them. Detect security issues during validation and operation using automation and scenario-based testing. Help teams to understand and mitigate risks and vulnerabilities. Review and enhance security documentation and assessments from Security Champions, offering constructive feedback. Monitor R&D and IT stakeholder needs and deliver targeted security training or clinics. Collaborate within the Cybersecurity team to improve KONE s security management system, SDL standards, processes, and tools. Requirements 5+ years of experience in cybersecurity. CISSP, CSSLP or other relevant certifications are considered a plus. Educational qualifications (B. Sc. or M Sc. in computer science, business administration, information technology management, information systems security or related) Practical experience in implementing Security Development Lifecycle (SDL) in agile software projects (for example, Microsoft SDL, OWASP, BSIMM) Familiarity with security standards and best practices (for example: ISO 27001, IEC 62443, OWASP) Experience in threat modeling and security risk assessment Experience with DevSecOps practices and tools (SCA, SAST, DAST) Experience with cloud platforms (AWS or Microsoft Azure) Why to join KONE s cybersecurity team We at KONE s cybersecurity team are at an interesting point currently. Our focus has been on modernizing enterprise cybersecurity to limit risks with day-to-day operations but at the same time, we are building our industrial and product cybersecurity. KONE is on a digitalization journey and our elevators are transforming from a steel box on the end of a rope into central platforms of smart buildings. We are bringing totally new kinds of innovative solutions to the market to enable even smarter people flow. As our offering becomes more digital, excellent cybersecurity plays a crucial role in building customer trust. KONE Technology and Innovation We are changing and improving the way billions of people move within buildings every day. Hardware is where weve always shined, but today, digital expertise - IoT, analytics, AI, automation, simulation, to name a few - is equally important for our continued success. Whats KONE Technology & Innovation like as a workplaceWe like to think of ourselves as a diverse tribe, pulling together to understand and meet the ever-changing needs of our customers, from concept through to design, down to every single finished product. This all happens in an atmosphere of trust and respect, typified by our Nordic values, a healthy work-life balance, and a flat hierarchy. At KONE, we are focused on creating an innovative and collaborative working culture where we value the contribution of each individual. Employee engagement is a key focus area for us and we encourage participation and the sharing of information and ideas. Sustainability is an integral part of our culture and the daily practice. We follow ethical business practices and we seek to develop a culture of working together where co-workers trust and respect each other and good performance is recognized. In being a great place to work, we are proud to offer a range of experiences and opportunities that will help you to achieve your career and personal goals and enable you to live a healthy and balanced life. Read more on www. kone. com/careers

We are looking for a highly skilled and experienced Risk Consulting Senior Associate 1 to join our team in Bengaluru. The ideal candidate will have 3-5 years of experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Roles and Responsibility Develop an understanding of RSM Technology Risk Consulting approach, methodology, and tools. Perform technology risk assessments and review control's design and operating effectiveness. Conduct IT internal audit consulting activities, including audits over ERP systems, IT security, and other IT systems. Execute components of IT audits under offshore delivery models effectively and efficiently. Identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to advise clients. Ensure documentation complies with quality standards and collaborate effectively with RSM consulting professionals, supervisors, and senior management. Manage multiple concurrent engagements and provide timely, high-quality client service that meets or exceeds expectations. Utilize problem-solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions to best advise our clients. Exercise professional skepticism, judgment, and adhere to the code of ethics while on engagements. Ensure service excellence through prompt responses to internal and external clients. Understand RSM US and RSM Delivery Center's LOBs and work as a team in providing an integrated service delivery. Ensure professional development through ongoing education. Job Requirements B.Tech/MCA/MBA with 3-5 years of relevant experience in Information Technology/Security Controls, SSAE 18, SOC reports, IT Audits, IT General Controls, IT Application Controls, and ERP Audits. Intermediate knowledge of financials, operations, and technology and its related risks. Good knowledge of SOC 1, SOC 2, ICFR, IT General Controls, IT Application Controls, Information security, and risk management frameworks/standards (ISO 27001, NIST, COBIT, ITIL, PCI). Qualified to pursue a job-relevant certification (CISA, CISM, CRISC, CISSP). Strong Data Analytical skills including advanced Excel skills (VLOOKUP's, pivot tables, and basic formulas), Word, and PowerPoint. MS Visio skills to develop process and data flow diagrams. Strong multi-tasking and project management skills. Excellent verbal and written communication (English) as this is a client-facing role and requires frequent communications with RSM International clients.

Each day, you'll collaborate with product management and development teams to define, prioritize, and deliver high-impact features that keep our cloud infrastructure and applications resilient. you'll design and automate CI/CD pipelines, implement robust security controls, and respond to security incidents ensuring our systems are always ahead. Your expertise will directly support Siemens Gamesa s mission for clean, reliable energy, all within a culture that values your ideas, empowers your growth, and celebrates your commitment to excellence. How you'll Make an Impact Create, develop, and implement solutions to address infrastructure and security requirements. Identify the needs for build automation, designing, and implementing CICD solutions. Create, develop, and implement automation and system integration for various build platforms. Build or maintain CICD building blocks and shared libraries proactively for app and development teams to enable quicker build and deployment. Design action plans to address CICD platform/tools/solutions shortcomings and difficulties. Trouble shoot, identify, and fix problems in the DevSecOps domain. Secure Infrastructure: Design, implement, and maintain secure infrastructure and environments, including FedRAMP-compliant environments, consisting of applications, containers, virtual machines, and cloud infrastructure. Vulnerability Management: Collaborate with teams to remediate and mitigate identified vulnerabilities, work with the security team to assess vulnerabilities, and identify potential security risks and weaknesses in the system. Security Automation: Develop and maintain security automation tools and scripts to streamline security processes and patch management, ensuring consistent application of security controls across deployment pipelines and infrastructure. Incident Response: Respond to security incidents promptly, perform root cause analysis, and implement measures to prevent future occurrences. Security Audits and Compliance: Assist in security audits and compliance assessments to ensure alignment to industry standards and regulations, collaborating with internal and external auditors to address any security-related findings. Collaboration and Documentation: Work closely with developers and security teams to identify security requirements and implement appropriate solutions, maintaining clear and comprehensive documentation of security practices, standards, and guidelines. What You Bring You have 8-10 years of proven experience as a Data Security Engineer, with a strong background in DevSecOps and cloud technologies. You are proficient in programming and scripting languages such as Python, C#, and PowerShell. You understand secure coding practices, common vulnerabilities (OWASP Top 10), and security frameworks (ISO 27001, NIST, PCI DSS). You have hands-on experience with security tools, vulnerability management, and cloud platforms (AWS, Azure, Google Cloud). You are skilled in containerization (Docker, Kubernetes) and infrastructure-as-code tools (Terraform, CloudFormation). You bring experience with security automation, incident response, and compliance audits. Exposure to tools like SonarQube, Coverity, Dependency Track, Trivy, or ZAP is a plus. Rewards/Benefits All employees are automatically covered under the Medical Insurance. Company paid considerable Family floater cover covering employee, spouse and 2 dependent children up to 25 years of age. Siemens Energy provides an option to opt for Meal Card to all its employees which will be as per the terms and conditions prescribed in the company policy as a part of CTC, tax saving measure

We are looking for a strategic and technically capable Cyber Defense Vulnerability Manager to lead vulnerability management initiatives within our Cyber Defense Operations (CDO) function. Responsible for the vulnerability remediation strategy, aligning with Arms global security standards and running the operational execution of the vulnerability management lifecycle. Responsibilities: Develop and lead strategic vulnerability management and Attack surface management initiatives across teams and geographies. Drive remediation accountability and ensure alignment with business risk profiles. Coordinate integration of threat intelligence and vulnerability scanning and Penetration Testing tools (eg, Tenable, Qualys) with ServiceNow workflows. Define Key Performance Indicators and metrics to govern remediation efficiency and SLA compliance. Collaborate with global teams, including Product Security, Red Team, Threat Intelligence, and Engineering. Provide leadership and mentoring to vulnerability analysts. Champion process automation and tooling enhancements. Drive operational transformation to mature existing processes, procedures and tooling. Lead the response efforts for major vulnerabilities in conjunction with security partners across the business. Act as a senior technical authority, as we'll as an escalation point for advanced response coordination. Scope and perform security reviews of platforms, web applications, mobile applications, and private and public cloud environments. Identify architectural deficiencies and implement vulnerability mitigation strategies to address. Required Skills and Experience: Demonstrable experience leading a vulnerability and Attack Surface management function in a global or enterprise-scale environment. Expertise in platforms like ServiceNow Vulnerability Management, Tenable, and third-party integrations. Sufficient understanding of web technologies to handle Web vulnerabilities. Solid understanding of security governance, frameworks (ISO 27001, NIST), and risk assessment practices. Demonstrated leadership in running multi-functional teams and stakeholder alignment. Ability to articulate security risk and remediation impact to executive audiences. Exposure to Networking, automation, scripting, and API integrations. Specialist technical knowledge spanning security and IT domains to enable a comprehensive response to vulnerabilities of the highest complexity, as we'll as cross organisational incident management. Detailed cyber security threat landscape knowledge and experience in bringing it to bear in response to a vulnerability. Nice To Have Skills and Experience: bachelors or masters in Cybersecurity, IT, or related field! Certifications such as CISSP, CISM, GIAC (GCCC, GCPM), or PMP. Understanding of Agile or DevSecOps practices

Each day, you'll collaborate with product management and development teams to define, prioritize, and deliver high-impact features that keep our cloud infrastructure and applications resilient. you'll design and automate CI/CD pipelines, implement robust security controls, and respond to security incidents ensuring our systems are always ahead. Your expertise will directly support Siemens Gamesa s mission for clean, reliable energy, all within a culture that values your ideas, empowers your growth, and celebrates your commitment to excellence. How you'll Make an Impact Create, develop, and implement solutions to address infrastructure and security requirements. Identify the needs for build automation, designing, and implementing CICD solutions. Create, develop, and implement automation and system integration for various build platforms. Build or maintain CICD building blocks and shared libraries proactively for app and development teams to enable quicker build and deployment. Design action plans to address CICD platform/tools/solutions shortcomings and difficulties. Trouble shoot, identify, and fix problems in the DevSecOps domain. Secure Infrastructure: Design, implement, and maintain secure infrastructure and environments, including FedRAMP-compliant environments, consisting of applications, containers, virtual machines, and cloud infrastructure. Vulnerability Management: Collaborate with teams to remediate and mitigate identified vulnerabilities, work with the security team to assess vulnerabilities, and identify potential security risks and weaknesses in the system. Security Automation: Develop and maintain security automation tools and scripts to streamline security processes and patch management, ensuring consistent application of security controls across deployment pipelines and infrastructure. Incident Response: Respond to security incidents promptly, perform root cause analysis, and implement measures to prevent future occurrences. Security Audits and Compliance: Assist in security audits and compliance assessments to ensure alignment to industry standards and regulations, collaborating with internal and external auditors to address any security-related findings. Collaboration and Documentation: Work closely with developers and security teams to identify security requirements and implement appropriate solutions, maintaining clear and comprehensive documentation of security practices, standards, and guidelines. What You Bring You have 8-10 years of proven experience as a Data Security Engineer, with a strong background in DevSecOps and cloud technologies. You are proficient in programming and scripting languages such as Python, C#, and PowerShell. You understand secure coding practices, common vulnerabilities (OWASP Top 10), and security frameworks (ISO 27001, NIST, PCI DSS). You have hands-on experience with security tools, vulnerability management, and cloud platforms (AWS, Azure, Google Cloud). You are skilled in containerization (Docker, Kubernetes) and infrastructure-as-code tools (Terraform, CloudFormation). You bring experience with security automation, incident response, and compliance audits. Exposure to tools like SonarQube, Coverity, Dependency Track, Trivy, or ZAP is a plus. Rewards/Benefits All employees are automatically covered under the Medical Insurance. Company paid considerable Family floater cover covering employee, spouse and 2 dependent children up to 25 years of age. Siemens Energy provides an option to opt for Meal Card to all its employees which will be as per the terms and conditions prescribed in the company policy as a part of CTC, tax saving measure

Proficiency in one or more programming languages such as Python, Java, or C++. Experience with cloud security (AWS, Azure, or Google Cloud) and legacy on-prem system securities. Knowledge of network security, including VPNs, VLANs, and network segmentation. Strong knowledge of at least one operating system (Linux, Solaris, Windows). Familiarity with DevSecOps practices and tools (eg, Coverity, Veracode, AquaSec for containers) Working knowledge of Kubernetes, Jenkins, and Azure DevOps Understanding of compliance frameworks and standards (eg, ISO 27001, NIST, GDPR). Experience with vulnerability management tools (eg, Qualys). Understanding the use of security information and event management (SIEM) systems. Knowledge of endpoint detection and response (EDR) solutions. Qualifications: Bachelors degree in Computer Science, Information Security, or a related field. Strong knowledge of security protocols, cryptography, authentication, and authorisation. Experience with security tools and technologies such as firewalls, IDS/IPS, Splunk, SIEM, and endpoint protection. Excellent problem-solving skills and the ability to find practical solutions to complex security issues. Proven ability to handle high-pressure situations and deliver results under tight deadlines. Preferred Experience: Demonstrated experience in dealing with chaotic situations, such as managing high-priority, broad-reaching requests from management. For example, successfully leading a team to mitigate a critical security breach that threatened company-wide operations. Ability to land practical solutions by effectively communicating with stakeholders, prioritizing tasks, and implementing security measures that align with business goals. CMT Assessment completed. (Original) n-2 assessment -work in progress aiming/target to make 9 apps compliant in FY25 CO13 12 Apps in Scope for BIG Decision forum for time extension/Deviation CorpFintech CO13 apps.pptx TCA onboarding (Completed) Security uplift Phase-II- Work in progress for P1 Priority 1 task