776 Iso 27001 Jobs - Page 29

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. Position Summary: We are seeking a strategic and hands-on Cloud Cybersecurity Architect to design, implement, and evolve our cloud security infrastructure across Microsoft and AWS environments. This individual will play a key role in enhancing our security posture, enabling secure cloud adoption, and guiding security engineering across enterprise cloud workloads. Key Responsibilities: Design and maintain secure cloud architectures leveraging Microsoft Sentinel , Defender for Cloud , Intune , Entra ID (Azure AD) , and AWS native security services . Develop and enforce security standards, architecture patterns, and reference designs for hybrid and multi-cloud environments. Lead threat detection and response strategies using SIEM/SOAR tools , ensuring coverage for cloud-native and hybrid workloads. Architect secure device and identity management practices using Microsoft Intune and Entra . Oversee the design of IAM policies , conditional access, and privilege management for Microsoft and AWS platforms. Perform risk assessments, security reviews, and architecture evaluations for new projects and technologies. Partner with DevOps, IT, and business teams to embed security throughout the CI/CD and infrastructure lifecycle. Provide technical leadership in security incident response, architecture reviews, and governance. Stay current with emerging cloud threats and trends, and translate insights into actionable improvements Required Skills & Qualifications: Bachelors degree in Computer Science, Cybersecurity, or a related field (Master s preferred). 7+ years of experience in IT security, with 3+ years in a cloud security architecture role. Deep knowledge of Microsoft Sentinel , Defender , Entra ID (Azure AD) , Intune , and related Microsoft security solutions. Proficiency in AWS security tools and services (IAM, GuardDuty, Security Hub, CloudTrail, WAF, etc.). Strong understanding of Zero Trust architecture , identity governance, endpoint protection, and data security. Experience designing secure cloud-native apps and containerized workloads (e.g., EKS, AKS). Familiarity with regulatory frameworks (e.g., NIST, CIS, ISO 27001, HIPAA, GDPR). Relevant certifications such as Azure Security Engineer Associate , AWS Security Specialty , CISSP , or CCSP . Preferred Qualifications: Experience with infrastructure-as-code tools (e.g., Terraform, ARM, CloudFormation). Scripting and automation knowledge (e.g., PowerShell, Python). Familiarity with Microsoft Purview, Defender for Endpoint, and cloud DLP Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you re passionate about technology and eager to make an impact, we d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

Role: Senior Specialist Third Party Risk Management (TPRM) About the Company: Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won t just imagine the future-you ll create it. About the Job: The Third-Party Risk Management (TPRM) team is part of Chief Security Office (CSO) and is responsible for working closely with internal teams including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Below are the key responsibilities: Conduct Cybersecurity Assessments : Perform comprehensive security assessments of third-party vendors, including evaluating their security policies, controls, and practices. Identify potential risks and vulnerabilities in vendor environments and provide recommendations for remediation. Risk Analysis and Reportin g: Analyze assessment results to determine the level of risk associated with each third-party relationship. Prepare detailed assessment reports and risk summaries for internal stakeholders, including senior management and the TPRM team. Vendor Onboarding and Monitoring : Assist in the onboarding process for new vendors by conducting initial security assessments and ensuring compliance with Supplier Information Security Requirements (SISR). Monitor and re-assess existing vendors periodically to ensure ongoing compliance and address any emerging risks. Collaboration and Communication : Work closely with internal teams, including IT Security, Legal, Compliance, and Procurement, to ensure a unified approach to third-party risk management. Communicate assessment findings and risk mitigation strategies to third-party vendors in a clear and constructive manner. Policy and Procedure Development : Contribute to the development and enhancement of TPRM policies, procedures, and guidelines. Stay up to date with industry best practices, regulatory requirements, and emerging threats to continuously improve the TPRM program. Training and Awareness : Provide training and awareness sessions to internal teams and third-party vendors on cybersecurity best practices and TPRM requirements. Experience Level: 8+ years. Location: Hyderabad / Bengaluru Required skills: 6 years minimum experience in third-party risk management / risk consulting / cyber security assessments. Demonstrated experience in third-party risk management and vendor security assessments. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Good understanding of various third-party risk management frameworks and standards. Proficiency in using security assessment tools and methodologies. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to convey complex security concepts to both technical and non-technical audiences. Detail-oriented with strong organizational and project management skills. Desirable skills: Knowledge of data protection regulations (e.g., GDPR, CCPA) and their impact on third-party risk management. Prior experience with Telecom sector. Relevant certifications such as CISSP, CISM, CRISC, or CISA Additional information (if any): Need to be flexible to provide coverage in US morning hours. Location: IND:KA:Bengaluru / Innovator Building, Itpb, Whitefield Rd - Adm: Intl Tech Park, Innovator Bldg Job ID R-64591 Date posted 04/24/2025

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. Position Summary: We are seeking a strategic and hands-on Cloud Cybersecurity Architect to design, implement, and evolve our cloud security infrastructure across Microsoft and AWS environments. This individual will play a key role in enhancing our security posture, enabling secure cloud adoption, and guiding security engineering across enterprise cloud workloads. Key Responsibilities: Design and maintain secure cloud architectures leveraging Microsoft Sentinel , Defender for Cloud , Intune , Entra ID (Azure AD) , and AWS native security services . Develop and enforce security standards, architecture patterns, and reference designs for hybrid and multi-cloud environments. Lead threat detection and response strategies using SIEM/SOAR tools , ensuring coverage for cloud-native and hybrid workloads. Architect secure device and identity management practices using Microsoft Intune and Entra . Oversee the design of IAM policies , conditional access, and privilege management for Microsoft and AWS platforms. Perform risk assessments, security reviews, and architecture evaluations for new projects and technologies. Partner with DevOps, IT, and business teams to embed security throughout the CI/CD and infrastructure lifecycle. Provide technical leadership in security incident response, architecture reviews, and governance. Stay current with emerging cloud threats and trends, and translate insights into actionable improvements Required Skills Qualifications: Bachelors degree in Computer Science, Cybersecurity, or a related field (Master s preferred). 7+ years of experience in IT security, with 3+ years in a cloud security architecture role. Deep knowledge of Microsoft Sentinel , Defender , Entra ID (Azure AD) , Intune , and related Microsoft security solutions. Proficiency in AWS security tools and services (IAM, GuardDuty, Security Hub, CloudTrail, WAF, etc. ). Strong understanding of Zero Trust architecture , identity governance, endpoint protection, and data security. Experience designing secure cloud-native apps and containerized workloads (e. g. , EKS, AKS). Familiarity with regulatory frameworks (e. g. , NIST, CIS, ISO 27001, HIPAA, GDPR). Relevant certifications such as Azure Security Engineer Associate , AWS Security Specialty , CISSP , or CCSP . Preferred Qualifications: Experience with infrastructure-as-code tools (e. g. , Terraform, ARM, CloudFormation). Scripting and automation knowledge (e. g. , PowerShell, Python). Familiarity with Microsoft Purview, Defender for Endpoint, and cloud DLP Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you re passionate about technology and eager to make an impact, we d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

JOB SUMMARY - State briefly the principal purpose or focus of the position. Describe the primary function (what must be accomplished) and the major objective (why the function is performed). The Security Administrator will support the administration, monitoring, and continual improvement of our cybersecurity applications and platforms. The individual will play a key role in ensuring the ongoing functionality of existing security tools. The ideal candidate will have a foundational knowledge of cybersecurity principles and a strong willingness to learn and grow into an engineering-focused career path. Administer and maintain cybersecurity platforms (e. g. , SIEMs, EDR solutions, vulnerability scanners, email security gateways, public security scoring sites). Monitor cybersecurity tools and platforms for disruptions, alerts, misconfigurations, and performance issues. Perform basic troubleshooting of platforms and escalate significant issues and incidents to senior security staff in a timely manner. Recommend and assist with functional improvements to existing security solutions. Participate in audits, security reviews, and compliance initiatives as needed. Assist in documenting cybersecurity processes, configurations, and workflows. MINIMUM REQUIREMENTS - List the minimum requirements of skills, knowledge and the type and length of previous experience necessary for an individual to be considered for this position. 4+ years of IT experience 1-2 years of security experience 1-2 years of cloud experience Any experience with basic administration of security tools (e. g. , antivirus/EDR, SIEMs, firewalls, identity management systems). Any experience with encryption technologies and digital certificate management Any experience with security and secrets protection platforms Any experience with incident response activities on Windows and Linux systems Any experience identifying and remediating security vulnerabilities Any experience with running scripts and scripting languages Strong written and verbal communication skills Ability to troubleshoot security problems Ability to properly handle confidential and sensitive information EDUCATION REQUIREMENTS - List the minimum requirements of education and/or certification for an individual to be considered for this position. Bachelor s degree in information systems or comparable experience CompTIA Network+ or Security+ highly desired essential functions - List up to 5 to 8 brief statements which describe the major activities for which the position is accountable. Do not list all individual tasks or steps necessary to achieve the end results, but stress the end result itself. List in order of importance. Monitor various platforms for security design flaws, configuration flaws, and other security related service changes Perform platform configuration updates as required for end-user operation Ensure configurations remain in compliance with security requirements Ensure known vulnerabilities are managed and mitigated in a timely manner Evaluate security implications of current processes, service requests, and proposed changes Respond to security events and participate in investigations Ensure regulatory controls are followed and evidence of violation is maintained for review Maintain current knowledge of security practices Review security bulletins and assess impact ADDITIONAL CHARACTERISTICS - List any additional skills, knowledge or characteristics that are preferred but not essential. Knowledge of NIST, CIS Top 20, and ISO 27001 controls Knowledge of business impact and critical needs for IT services Ability to manage tasks independently and escalate as necessary Ability to work with and coordinate between multiple groups Ability to function in a dynamic environment Ability to manage multiple tasks and meet deadlines Ability to prioritize appropriately Ability to pay attention to detail Desire to learn security best practices and promote security throughout the organization Committed to diversity and inclusion At Manhattan, it s about more than just the work. From cultural celebrations to interest groups to volunteer opportunities, your true self is always welcome here. Our team members backgrounds, experiences and perspectives add to us as a whole and make us unique. We are proudly an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a veteran. In the United States, Manhattan Associates participates in the Employment Eligibility Verification Program (E-Verify) operated by the Department of Homeland Security in partnership with the Social Security Administration. Participation in the E-Verify Program allows Manhattan to confirm the employment eligibility of all newly hired employees after the Employment Eligibility Verification Form (Form I-9) has been completed.

What you'll do We are seeking candidates with 1 to 3 years of experience in information security to join our team. The ideal candidate will have a solid understanding of the Microsoft Office environment and a keen interest in pursuing a career in information security. Key Responsibilities: -Assist in monitoring and maintaining security systems and tools. -Support the implementation of security measures to protect sensitive data and systems. -Conduct regular security audits and assessments. -Help in identifying and mitigating potential security threats. -Collaborate with team members to develop and enhance security policies and procedures. -Stay updated with the latest trends and advancements in information security. Qualifications: -Bachelor's degree in Information Technology, Computer Science, or a related field. -Up to 1-3 years of experience in information security . -Proficiency in Microsoft Office tools (Word, Excel, PowerPoint, Outlook). -Strong analytical and problem-solving skills. -Excellent communication and teamwork abilities. -Basic understanding of cybersecurity principles and practices. Location: This position is based in our office in Gurugram, Haryana.

Summary: The project manager role involves driving and managing project starting from planning, initiation to successful delivery of a project in accordance with objectives, milestones, quality standards, timelines and budgets throughout the project lifecycle in coordination with internal & external stakeholders Role & responsibilities 1. Lead and manage Cybersecurity projects from initiation to successful delivery of a project in accordance with objectives, milestones, quality standards, timelines and budgets throughout the project lifecycle, ensuring alignment with organizational security goals. 2. Collaborate with internal & external stakeholders including technical inputs from subject matter expert to collate the project requirements, scope, goals, deliverables, timelines, and budgets etc. 3. Develop detailed project plan/s with WBS to drive the project to meet program objective & stakeholders requirement. 4. Ensure appropriate resource allocation to meet program needs and minimize resource contention. 5. Ensure stakeholders meetings to ensure all parties understand the deliveries and milestones and the resources that are assigned. 6. Ensure projects are delivered on time, within scope, within budget to meet the objectives. 7. Conduct risk assessments, escalate issues/risks and implement mitigation strategies to ensure timely and successful project completion. 8. Conduct periodic review meetings, communicate & publish project status highlighting the progress, risks, challenges & delays etc. to stakeholders and higher management. 9. Develop and manage the stakeholder communications plans; coordinate and communicate with cross-functional teams to facilitate collaboration. 10. Create and maintain project documentation including all project artifacts, architecture diagrams, technical specifications, and configuration documents, SOPs and all required documents to transition & handover project to the operations team. 11. As part of Vendor Management, work closely with vendors thereby defining requirements/BOQ negotiations, including RFPs/RFIs, contractual negotiations, and monitoring vendor performance. follow-up and escalate wherever required to avoid delays. 12. Assist in project management strategy development, and the overall service orientation of the PMO. 13. Foster a collaborative and positive team environment, promoting effective communication and problem-solving across infrastructure projects. 14. Ensure Cybersecurity controls and compliance standards such as NIST, ISO 27001, GDPR are incorporated into projects. Knowledge: 1. Strong understanding of Cybersecurity concepts, standards, frameworks and compliance requirements (eg. NIST, CIS controls, ISO 27001). 2. Project/program management experience with proficiency in project management methodologies and tools. 3. Experience in coordinating cross-functional teams and managing projects with a focus on quality and efficiency to successfully deliver the projects 4. Strong project management skills, including the ability to develop and maintain project plans, monitor progress, and manage budgets and resources. 5. Knowledge of regulatory requirements such as GDPR, PCI-DSS. 6. Knowledge of IT infrastructure (networs, servers, cloud environment etc.) to effectively engage with technical teams. 7. Proficiency in Project Management tools as well as managing projects without tool. Preferred candidate profile 1. Exceptional analytical, conceptual thinking and problem-solving skills. 2. Excellent communication and interpersonal skills, with the ability to understand complex business requirements and translate them into project management requirements. 3. Detail-oriented with a focus on quality and accuracy in project/service deliverables 4. Should have strong written, verbal and presentation skills. 5. Ability to perform under pressure, influence stakeholders and work closely with them to determine acceptable solutions. 6. Strong negotiation, and conflict resolution skills.

Role & responsibilities Develop and customize One Identity Manager components including Designer, Web Designer, Object Browser, and connectors. Build secure backend solutions using C#, ASP.NET MVC, and Web API. Implement workflows, RBAC policies, provisioning logic, and synchronization rules. Write automation scripts using PowerShell and Python for provisioning and integration. Manage database queries and performance tuning in SQL Server and Oracle DB. Integrate One Identity with Active Directory, Azure AD, SAP, and Workday. Collaborate with DevOps teams to implement CI/CD pipelines using Jenkins or equivalent tools. Ensure compliance with GDPR, ISO 27001, OWASP security standards. Support cloud IAM integration with Azure, AWS, or GCP environments. Preferred candidate profile 3+ years hands-on experience with One Identity Manager suite (Designer, Web Designer, connector development). Strong expertise in C#, ASP.NET MVC, Web API, JavaScript, PowerShell, Python. Skilled in SQL Server and Oracle database management. Experience integrating IAM solutions with enterprise platforms like AD, Azure AD, SAP, Workday. Knowledge of CI/CD processes and DevOps tools. Familiarity with security and compliance standards (GDPR, ISO 27001). Certifications like One Identity Certified Professional, Microsoft .NET certifications, CISSP/CISM/CIAM preferred.

Role & responsibilities Unit & Position Description: DNV - Business Assurance Global Technical HUB (GTH ICT), part of Global Operations & Technical, is responsible for Global Accreditation and Compliance Governance in an efficient and cost-effective way. The Technical Developer Manager in the GTH are part of a global ICT technical team and work in close cooperation with the local units departments sales and operations. The role will report to GTH ICT Manager. The primary function of the ICT Technical Reviewer is to conduct technical approvals by means of review and verification of the various steps in the DNV Business Assurance certification processes. Tasks may include: Review and reporting of the quality of work delivered by DNV Business Assurance local units (LU) worldwide. The work comprises all types of technical approval (TA) work within the area of competence, quotes, report packages, project sampling, certification decisions, qualifications and other duties necessary to safeguard compliance. Ensure that the work is performed in accordance with the quality requirements of the activity, the procedures governing the activity and the specific instructions. Report back and revert non compliances to LU including escalation when needed. Technical support to managing accreditation activities (compliant, recall, internal audits, accreditation audit management) Develop technical guidelines/ instructions Cooperate with other ICT technical referents (Sales, MSC etc) Ensure co-operation and team building among the other DNV Functions (Sales, Customer Care, GCUs, etc.) Support the LUs in the most efficient and effective way to achieve their Quality and business targets and safeguard the acceptance by our global Accreditation Bodies and/or Standard Owners Support Management to solve internal/external audit findings and support other duties necessary to safeguard compliance Ensure that the independent nature of DNV Business Assurance is never compromised Preferred candidate profile Bachelors degree or higher or equivalent experience in ICT area Broad experience and auditor qualification (internal/external) in ISO 27001 and/ot technical sectors are required Qualification in schemes ISO 20000 and/or ISO 22301 preferred Experience in management system certification Pragmatic approach, an efficiency driven and solution-oriented mindset, detail orientation and strong organization skills Strong proficiency with Microsoft Office (Excel, Outlook, Word) Excellent interpersonal and verbal/written English communication skills are essential

The Team The OSTTRA Technology teamis composed of Capital Markets Technology professionals, who build,supportand protect the applications that operate our network. The technology landscapeincludeshigh-performance, high-volume applications as well as compute intensive applications,leveragingcontemporary microservices, cloud-based architectures. The Impact: Together, we build, support, protect and manage high-performance, resilient platforms that process more than 100 million messages a day. Our services are vital to automated trade processing around the globe, managing peak volumes and working with our customers and regulators to ensure the efficient settlement of trades and effective operation of global capital markets. Whats in it for you: We are seeking a highly motivated and experienced Information Security person to join our growing security team. In this role, you will be responsible for managing and optimizing our Data Loss Prevention (DLP) solutions, ensuring compliance with relevant security standards i.e. ISO 27001, NIST and implementing and maintaining robust Identity and Access Management (IAM) and Privileged Access Management (PAM). You will play a crucial role in protecting our sensitive data and ensuring the security posture of our organization. This is an excellent opportunity to be part of a team based out of Gurgaon and to work with colleagues across multiple regions globally. Responsibilities Data Loss Prevention (DLP) Management: Implement, Manage, and optimize DLP tools policies to prevent data leaks and ensure data protection. Develop and maintain DLP policies and procedures. Regularly update and fine-tune DLP rules to adapt to evolving data protection needs. Monitor and analyse DLP alerts and incidents and perform incident response. Provide training and guidance to users on DLP best practices. Implement real-time monitoring and logging for data movement and access patterns. Generate detailed reports on data loss attempts, policy breaches, and user behavior anomalies. Evaluate and recommend improvements to existing DLP solutions. Develop playbooks for quick response to DLP-related threats and incidents. Perform regular data flow assessments to identify unprotected data paths Identity and Access Management (IAM) and Privileged Access Management (PAM): Manage requirements around IAM and PAM security, including user provisioning, access control, and privileged access management. Develop and enforce IAM and PAM policies and procedures. Conduct regular access reviews and audits. Generate compliance reports for internal and external audits (e.g., SOX, GDPR, PCI-DSS). Troubleshoot IAM and PAM issues together with the respective Infrastructure teams. Integrate IAM/PAM systems with other security and business applications. Regularly evaluate IAM/PAM solutions to keep pace with emerging threats and technologies. Information Security Compliance: Ensure compliance with relevant security standards and regulations, including ISO 27001, NIST Standard Conduct internal security audits and assessments. Develop and maintain security documentation and procedures. Assist with external security audits and assessments. Stay up to date on the latest security threats and vulnerabilities. Other Duties: Provide security consulting and support to other teams. Knowledge on Application Pen testing would be an added advantage Evaluate and recommend new security technologies and solutions. Participate in security awareness training and initiatives. Understanding on Technology & Security Risk Management and Vendor Risk Management Framework What Were Looking For Qualifications 7 to 8 years experience working in IT Security & GRC in multiple capacities. Bachelors in IT, Computer Science, Cyber Security, or equivalent experience required. Proven experience with DLP tools and technologies (e.g., Symantec DLP, Forcepoint DLP, Microsoft Information Protection, Zscaler etc.) and certification on these tools would be added advantage Strong understanding of IAM and PAM concepts, tools and technologies and certification on these tools would be added advantage In-depth knowledge of ISO 27001 and other relevant security standards and regulations. Certification like ISO 27001, CISA, CRISC, CISM etc. would be an added advantage. Competencies: The ability to multitask, act under pressure and quickly identify and deal with priority matters under tight deadlines. Attention to detail is essential. The ability to handle multiple inquiries at any one time, often under considerable deadline pressure. The ability to work both independently and as part of a team. Desired Skills: Excellent written and spoken English. Detail oriented with excellent research, analytical and critical thinking skills. Strong documentation, oral and written communications, and interpersonal skills.

Location: Noida Domain & Role : Risk & Compliance- Senior Manager Role Description Task and Responsibilities Minimum of 10-13 years of experience in Information Risk Management/Information Security or auditing. Required to have excellent understanding of the IT Control framework, in particular risk assessment and control selection Working experience in any two of the compliance programs (PCI DSS,HIPPA,ISO 27001,SOC2, SOX,NIST,FISMA,COBIT) Lead teams and efforts to ensure effective execution of periodic risk assessments and drive integration of remediation efforts with the risk management process Partner with service delivery leadership to both communicate and manage risk in delivery to an acceptable level Partner with awareness and training elements to develop and ensure rollout of programs to increase the level of awareness of compliance with policy and process Lead and perform activities to help measure and monitor compliance with contractual security requirements, company policies and procedures to ensure the account is compliant and audit ready Lead different compliance & audit testing programs and support successful completion of various external compliance certification programs and internal compliance assessments Proven ability to lead small teams dedicated to the performance of risk management and assessment responsibilities. Ability to provide effective management of junior employees. Develops and provides appropriate guidance on solutions to mitigate risks and enhance system security Coordinates with other DCO and Delivery Compliance representatives to build out world class compliance program components to include processes, procedures, and technologies. Deep understanding of privacy and business continuity requirements and support R&C Privacy and BCM teams in execution of their respective program Demonstrates ability to work in virtual team with help of tools and technologies Demonstrates ability to handle conflicting situation & should have strong verbal, written communication & analytical skills Must have systematic and pragmatic approach to problem solving Demonstrates good inter-personal skills, high standards of professional behaviour in dealings with business customers, colleagues and staff Have a good technical awareness and the aptitude to remain up to date with information security and IT developments Ability to communicate Risk to non IT business owners and support function such as delivery, HR, Admin, Legal, Contracting and others Ability to communicate risk at all levels of management up to and including C-Level executives. Translate business, industry, and regulatory requirements into information security objectives and associated tactical/strategic information security initiatives Certification such as CISA/CISSP/CISM /CRISC/ CGEIT/ISO27001 or any other security related certifications are preferred. Primary Skill : The position is a member of Risk & Compliance org within HCL Technologies. The DCO will be aligned to critical service delivery engagements and will be responsible for ensuring compliance in accordance to client, organizational & regulatory security requirements. The DCO will act as the engagement level risk advisor and manager and will be the primary liaison for risk related items between the engagement and the larger R&C organization. The DCO will interface with client, business delivery team and support function such as IT, HR, Admin, Legal, etc. in execution of job responsibilities. The position typically reports into a Delivery Compliance Partner or Delivery Compliance Manager Secondary Skill : Required Experience and Educational Qualification : 6-10 years of Recruitment experience Working experience in any two of the compliance programs (PCI DSS,HIPPA,ISO 27001,SOC2, SOX,NIST,FISMA,COBIT) Other relevant skills: Strong communication skills Ability to provide effective management of junior employees Demonstrates good inter-personal skills, high standards of professional behavior in dealings with business customers, colleagues and staff

We want to shape the future with vision and innovation. Be part of it and develop your full potential! As part of the global NTT DATA Group, one of the most successful IT service providers in the world, we specialize in value-added SAP solutions as NTT DATA Business Solutions. With over 16,000 employees in more than 30 countries, we design, implement, and develop custom-fit SAP solutions for our global customers. Would you like to take the next step in your career and be part of our highly qualified team? Are you ready to break new ground? Job Title: Information Security Analyst Experience: 3 - 6 Years Job Location: Hyderabad Technical Experience Experience in managing security audits, such as, ISO 27001, SOC I / II including preparing control owners for audits, interpreting control requirements, reviewing control evidence for appropriateness, testing control effectiveness, presenting control evidence to external auditors, and audit planning with external auditors. In-depth knowledge of security controls, interpreting control requirements for ISO 27001 (Must) and SOC II (good to have), audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements. Ability to of plan and lead meetings with control owners and external auditors. Ability to clearly define control requirements to control owners or explaining control evidence to external auditors. Experience planning and performing vendor security risk reviews including creation of templates and reporting for reviewing different types and categories of vendors such as cloud, vendors hosting sensitive data, and vendors with access to sensitive data. Experience reviewing ISO 27001, SOC 2, Pen Test , and other forms of security assessment reports. Manages and tracks the delivery of Security Training and Awareness campaigns. Assists in the development of content for Security Awareness campaigns. Actively contributes to the Security knowledgebase to enable internal knowledge sharing and facilitates efficient audits and questionnaire responses. Supports the Security Audit function by reviewing evidence submissions for accuracy and completeness, following up on audit requests, and helping to establish a continuous monitoring function. Manages and performs quarterly access reviews ensuring completeness and accuracy of results and consistent evidence collection. Supports the Risk Management function by reviewing and documenting Security exceptions and recommending appropriate actions. Recommends and assists in the definition and implementation of security controls in accordance with enterprise policies, standards, and procedures. Educational Qualification: Must be a graduate. Must be ISO27001:2022 Lead Auditor / Lead Implementer certified. Interested candidates share me your updated resume to Satyendra.TVNR@bs.nttdata.com

We are seeking an experienced Application Security Architect to join our growing Secure Architecture team. In this role, you will focus on designing secure solutions for modern application architectures including AI/ML workloads, APIs and cloud-native systems across hybrid environments. You will partner with cross-functional teams to embed security into solution designs, champion secure development practices and align architecture with Resmed s overall security strategy. This role is ideal for someone who thrives on innovation, thinks like an adversary and believes secure design is critical to scalable growth. Let s talk about responsibilities: Lead security architecture efforts for AI, API and cloud-based applications across AWS, Azure and GCP platforms. Define and evaluate security controls to protect models from adversarial attacks, data poisoning and unauthorized inference. Develop secure design patterns, reusable controls and architecture blueprints aligned with Resmed s security standards. Partner with data scientists and engineering teams to develop secure ML pipelines, including feature engineering, validation, and anomaly detection mechanisms. Design secure-by-design architecture patterns and reusable controls for APIs, microservices, and distributed cloud environments. Guide the implementation of zero-trust architecture principles across systems, including identity, access, networking, application and data flows. Perform threat modeling, risk assessments and architecture reviews on high-impact projects. Establish detection and response capabilities around AI systems and APIs. Engage with stakeholders across the business to ensure security solutions enable agility, innovation, and growth. Let s talk about you: 10+ years in cybersecurity, with strong experience in cloud-native application and data security. Strong understanding of cybersecurity frameworks (eg, NIST, ISO 27001), secure software development, and encryption. Experience designing security for distributed systems, APIs, and AI/ML pipelines. Strong knowledge of cloud platforms (AWS, GCP, Azure), API security protocols, and DevSecOps practices. Proven experience in designing and reviewing modern application architectures in agile and data-driven environments. Familiarity with machine learning operations (MLOps), model governance and responsible AI frameworks. Excellent communicator, able to translate complex risks into actionable guidance. Industry certifications like CISSP, CCSP, or cloud security specializations.

Gameskraft Technologies pvt ltd is looking for Graphic Design Interns to join our dynamic team and embark on a rewarding career journey Graphic Design:Assist in the creation of visual content for various marketing materials, including but not limited to social media graphics, website assets, print collateral, and presentations Work collaboratively with the design team to develop and execute creative concepts that align with brand guidelines Content Creation:Generate engaging and visually appealing content for social media platforms to enhance brand awareness and audience engagement Develop and edit multimedia content, including images and videos, to support marketing campaigns Brand Consistency:Ensure consistency in branding elements across all design projects Collaborate with the marketing team to maintain a cohesive visual identity throughout various channels Research and Trends:Stay informed about industry trends and best practices in graphic design Contribute fresh ideas and creative concepts to elevate the overall design strategy Communication:Participate in team meetings to discuss project goals, timelines, and creative strategies Communicate effectively with team members to gather feedback and refine designs accordingly Learning and Development:Actively seek opportunities to learn new design techniques and software tools Take initiative in professional development and apply acquired knowledge to enhance design skills

Design: Receive the brief, let your imagination run wild, and deliver forward-thinking output High quality in less time in our rapidly evolving industry, where innovation and creativity are essential Design sketches for a project and make sure it fall under our brand guidelines You should be the one to know what s trending Research for the required design and be in touch with the design world of today Get a deep understanding of our product design system and brand guidelines and adhere to them Be organised - this helps your teammates collaborate with you easily

FS XSector Specialism Risk Management Level Senior Manager & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purposeled and valuesdriven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . & Summary Join us as a Senior Manager in our Digital Risk Services team, where youll lead the way in tackling the most pressing technology risk challenges faced by our clients. Immerse yourself in cuttingedge fields like cybersecurity, artificial intelligence, and emerging digital risks. Your technical leadership will be instrumental in crafting innovative solutions and driving transformative projects. . s Lead groundbreaking projects in digital risk, focusing on areas such as cybersecurity, AI, Cloud and SDLC, to devise forwardthinking assessment and mitigation strategies. Cultivate and maintain strong client relationships, becoming the trusted advisor for advanced digital risk management solutions. Collaborate with diverse technical teams to design, implement, and refine stateoftheart risk management frameworks using Agile, DevSecOps, and AI risk assessment protocols. Stay at the forefront of industry trends and emerging technologies to deliver profound insights and predictive risk analytics using AI/ML tools. Mentor and inspire your team, fostering an environment of technical brilliance, continuous learning, and innovation. Drive business growth by identifying new opportunities and developing detailed proposals that leverage the latest digital risk technologies. Good to have requirements As below Mandatory Skill Sets Minimum of 10 years in risk advisory with a focus on cybersecurity, AI, and digital risks. Proven track record in managing complex technical projects in a consulting setting. Expertise in regulatory frameworks and industry standards like ISO 27001, NIST, and GDPR. Outstanding technical communication and leadership skills, engaging effectively with senior stakeholders. Preferred Skill Sets AI, Cybersecurity Years of experience required 7+ Years Education Qualification Any graduation/postgraduation Education Degrees/Field of Study required Bachelor Degree, Master Degree Degrees/Field of Study preferred Required Skills Cybersecurity Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Cloud Security, Coaching and Feedback, Communication, Conducting Research, Creativity, Cyber Defense, Cyber Threat Intelligence, Embracing Change, Emotional Regulation, Empathy, Encryption, Inclusion, Influence, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Learning Agility {+ 24 more} No

FS XSector Specialism Risk & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purposeled and valuesdriven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . & Summary Join us as a Senior Manager in our Digital Risk Services team, where youll lead the way in tackling the most pressing technology risk challenges faced by our clients. Immerse yourself in cuttingedge fields like cybersecurity, artificial intelligence, and emerging digital risks. Your technical leadership will be instrumental in crafting innovative solutions and driving transformative projects. Lead groundbreaking projects in digital risk, focusing on areas such as cybersecurity, AI, Cloud and SDLC, to devise forwardthinking assessment and mitigation strategies. Cultivate and maintain strong client relationships, becoming the trusted advisor for advanced digital risk management solutions. Collaborate with diverse technical teams to design, implement, and refine stateoftheart risk management frameworks using Agile, DevSecOps , and AI risk assessment protocols. Stay at the forefront of industry trends and emerging technologies to deliver profound insights and predictive risk analytics using AI/ML tools. Mentor and inspire your team, fostering an environment of technical brilliance, continuous learning, and innovation. Drive business growth by identifying new opportunities and developing detailed proposals that leverage the latest digital risk technologies. Good to have requirements As below Mandatory Skill Sets Minimum of 10 years in risk advisory with a focus on cybersecurity, AI, and digital risks. Proven track record in managing complex technical projects in a consulting setting. Expertise in regulatory frameworks and industry standards like ISO 27001, NIST, and GDPR. Outstanding technical communication and leadership skills, engaging effectively with senior stakeholders. Preferred Skill Sets AI, Cybersecurity Years of Experience 7 + Years Educational Qualification Any graduation/ postgraduation Education Degrees/Field of Study required Master Degree, Bachelor Degree Degrees/Field of Study preferred Required Skills Data Security Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Cloud Security, Coaching and Feedback, Communication, Conducting Research, Creativity, Cyber Defense, Cyber Threat Intelligence, Embracing Change, Emotional Regulation, Empathy, Encryption, Inclusion, Information Security, Intellectual Curiosity, Intelligence Analysis, Intelligence Report, Intrusion Detection, Intrusion Detection System (IDS), IT Operations, Learning Agility, Malware Analysis {+ 21 more} No

Primary Roles & Responsibilities: Understand Blackbox Internal Business services and review proposed customer contracts for compliance, risks privacy, security and regulatory issues Coordinate external & Internal audits of the Blackbox IT environment and collate evidence submitted by technical team God understanding of security concepts, drivers of risk and mitigation control, BCP, DR, Risk Management 3 rd party vendor Audits and Management, policies and procedure writing and evaluations, IT - general and application controls Develop and maintain both continuous and spot check, autonomous and manual audit processes Educate users on IT controls processes and play an advisory role internally. Perform end - to end contracts evaluation for risk, compliance, and security evaluations and expectations. Report on compliance results & metrics to executive teams Provide continual improvement objectives to better align to external requests Build a strong knowledge and understanding of systems and processes Assist in development of data governance processes and RACI Review and update internal corporate Policies based on Industry best practices and Regulatory requirements Understand and document Data workflows and lifecycles Establish Processes to improve the life cycle Management of Contracts Possess experience or good knowledge on IT controls mapping as per global standards. Knowledge, Skills, Abilities: Strong familiarity with risk, compliance, and audit frameworks and the various ways they are applied in IT environments Understanding of Global data privacy and security regulations - like GDPR, CCPA etc. both at global and US state levels for data privacy laws and requirements. Ability to scope, assess, and revise contracts and suggest edits based on business drivers and compliance needs. Ability to find root causes of control failures and mitigate risks accordingly Ability to create and maintain policies, procedures and guidelines for the Company and maintain its lifecycle in SharePoint Ability to educate the company employees and respond to policy related queries. Ability to implement controls in a diverse technical and geographically distributed environment to mitigate risk Ability to convince a highly varied audience to follow prescribed controls Comfort with presenting progress reports and results to senior leadership Understanding of process design and compliance terminology Ability to write and speak clearly, consistently, and concisely Ability to Multitask responses to multiple Contracts and meet given deadlines Ability to be self-driven, Motivated with end-to-end ownership on contracts management Excellent Audit Life Cycle Management skills, Expert use of Excel sheet, Word document management, PPT, ability to track documents versions, evidence etc. Excellent written and verbal communication skills and English language command. Education/Experience Requirements: BA business or information technology or equivalent experience. Minimum 5 years or more of prior experience in IT-GRC domain like IT risk, auditing, Contracts evaluation, Data privacy, compliance evaluation etc. strongly preferred. Knowledge of working with US & Global regulations and compliance requirements like HIPAA, PCIDSS, GDPR and US state level laws like CCPA etc. Frameworks / Industry Standard & Regulations Data Privacy Laws like GDPR, CCPA, PCIDSS, SOC2, HIPAA Security and Assurance standards like NIST 800-53 controls, NIST CSF, CIS controls, ISO 27001 standards Certifications Desired / Preferred CISA and/or CRISC and/or CGEIT ISO 27001 L.A or CISM or CISSP - Desirable.

Contract Applications Received 0 Required Qualifications: Technical Skills: Extensive experience with RSA Archer GRC Suite, including configuration and customization. Proficiency in scripting languages such as JavaScript, PowerShell, or Python for automation tasks. Strong knowledge of API integration techniques, including RESTful services and JSON. Experience with database management and SQL for data manipulation and reporting. Professional Experience: Minimum of 10+ years in GRC solution development, with at least 3 years in a solution architect role. Proven track record of leading end-to-end RSA Archer implementations. Experience in integrating Archer with third-party applications and data sources. Certifications: RSA Archer Certified Professional (ACP) certification is highly desirable. Additional certifications in cloud platforms (AWS, Azure) or ITIL are a plus. Preferred Qualifications: Domain Expertise: In-depth understanding of GRC frameworks and best practices. Experience with compliance standards such as SOX, GDPR, ISO 27001, and NIST. Additional Skills: Familiarity with cloud-based deployments of RSA Archer. Knowledge of Agile methodologies and project management tools.

About Boomi and What Makes Us Special Are you ready to work at a fast-growing company where you can make a difference? Boomi aims to make the world a better place by connecting everyone to everything, anywhere. Our award-winning, intelligent integration and automation platform helps organizations power the future of business. At Boomi, you ll work with world-class people and industry-leading technology. We hire trailblazers with an entrepreneurial spirit who can solve challenging problems, make a real impact, and want to be part of building something big. If this sounds like a good fit for you, check out boomi.com or visit our Boomi Careers page to learn more. Position Overview We are seeking a hands-on Security Architect to join our engineering organization. This critical role will drive alignment between vulnerability management remediation iniatives and DevSecOps, coordinate with engineering and product teams on security implementation, and support strategic security initiatives. The ideal candidate will combine deep technical expertise with strong communication skills to influence and strengthen our overall security posture across the organization. Role and Responsibilities Work closely with the DevSecOps team to implement security strategies and remediation plans. Act as the primary engineering interface for security posture, vulnerability remediation, and secure development practices. Perform hands-on security architecture reviews, threat modeling, secure code reviews, and secure design evaluations. Collaborate with engineering teams to drive adoption of security tools, frameworks, and best practices. Integrate security controls and checks into CI/CD pipelines and engineering workflows. Contribute to Project Phoenix execution and participate in other strategic security engineering initiatives. Identify, assess, prioritize, and drive remediation of vulnerabilities across application, cloud, and infrastructure environments. Mentor engineering teams to adopt security-first design and implementation principles. Track and respond to evolving security threats, integrating learnings into engineering processes. Technical Must-Know Concepts Candidates are expected to demonstrate strong expertise in the following areas: Application Security: Secure coding practices (OWASP Top 10, CWE), secure SDLC integration. Threat Modeling: STRIDE, DREAD frameworks, attack surface identification and mitigation planning. Cloud Security: AWS security best practices (IAM, KMS, GuardDuty), encryption at rest and transit, cloud resource hardening. Infrastructure and CI/CD Security: Security in IaC (Terraform, CloudFormation), secrets management, pipeline security integration (SAST, SCA, DAST, IaC scanning). Vulnerability Management: Experience with tools like Snyk, TruffleHog, CrowdStrike CSPM or similar; prioritization and remediation of vulnerabilities. Authentication and Authorization Security: OAuth 2.0, OpenID Connect, SSO security principles. Container and Kubernetes Security: Image scanning, container hardening, Kubernetes RBAC, network policies. Cryptography Fundamentals: Understanding TLS/SSL, encryption standards, key management practices. Security Standards and Compliance Awareness: Familiarity with NIST, ISO 27001, SOC 2, PCI DSS frameworks. DevSecOps Tooling: GitHub, GitLab, Bitbucket CI/CD pipelines and security automation integrations. Be Bold. Be You. Be Boomi. We take pride in our culture and core values and are committed to being a place where everyone can be their true, authentic self. Our team members are our most valuable resources, and we look for and encourage diversity in backgrounds, thoughts, life experiences, knowledge, and capabilities. All employment decisions are based on business needs, job requirements, and individual qualifications. Boomi strives to create an inclusive and accessible environment for candidates and employees. If you need accommodation during the application or interview process, please submit a request to talent@boomi.com . This inbox is strictly for accommodations, please do not send resumes or general inquiries.

Why Verifone For more than 30 years Verifone has established a remarkable record of leadership in the electronic payment technology industry. Verifone has one of the leading electronic payment solutions brands and is one of the largest providers of electronic payment systems worldwide. Job Summary: The Security Analyst will be responsible for monitoring our security infrastructure, identifying and responding to security threats, managing vulnerabilities, and contributing to the continuous improvement of our overall security posture. This role is crucial in safeguarding our organizations systems, data, and reputation against an ever-evolving landscape of cyber threats. Key Responsibilities: Security Monitoring & Alerting: Monitor security alerts and events from various sources, including SIEM, IDS/IPS, EDR, firewalls, and other security tools. Triage and investigate alerts to determine their severity, scope, and potential impact. Incident Detection & Response: Act as a first responder for security incidents, following established incident response plans. Conduct initial analysis, containment, eradication, and recovery activities. Document incident details, actions taken, and lessons learned. Escalate complex incidents to senior analysts or incident response teams as appropriate. Vulnerability Management: Perform regular vulnerability scans and assessments of our IT infrastructure, applications, and networks. Analyse scan results, priorities vulnerabilities, and track remediation efforts with relevant teams. Assist in the development and implementation of patching and remediation strategies. Security Tool Administration & Maintenance: Assist in the configuration, maintenance, and optimization of security tools and technologies. Ensure security tools are functioning correctly and generating accurate data. Log Analysis & Threat Hunting: Collect, analyze, and correlate log data from various systems to identify suspicious activity or potential threats. Proactively hunt for threats and indicators of compromise (IOCs) within the environment. Threat Intelligence: Stay informed about the latest cybersecurity threats, vulnerabilities, attack vectors, and mitigation techniques. Gather and analyze threat intelligence from various sources to enhance detection capabilities. Reporting & Documentation: Prepare regular reports on security incidents, vulnerability status, and overall security posture. Maintain accurate and detailed documentation of security procedures, configurations, and incident response activities. Collaboration & Support: Collaborate with IT teams, developers, and other business units to implement security best practices and address security concerns. Provide security-related support and guidance to end-users and internal teams. Assist with internal and external security audits and compliance activities (e.g., GDPR, ISO 27001). Skills and experience we desire: Bachelor s degree in computer science or related field 2+ years of hands-on experience with the design, implementation, and operation of enterprise vulnerability management. 2+ years experience supporting diverse IT systems, processes, or capabilities in large organizations 2+ years of solid understanding of industry best practices for hands on, security vulnerability remediation. 2+ years with SCCM, WSUS (or other, similar tools) running in an enterprise environment. 2+ years in scripting of packaged installation of patches, software, and configuration changes, including the knowledge and ability to write PowerShell scripts needed to automate patch management processes. Extensive experience with core vulnerability management scanners (e.g. Qualys, Tenable etc.). Strong knowledge of OWASP Top 10 and the ability to articulate application security risks and determine threat level. Technical understanding of a range of enterprise IT and cloud-based architectures and technologies such as networking, server infrastructure, operating systems, web applications, databases, containerization, mobile. Preferred certifications: Net+, Security+, OSCP, CEH, CISSP, GIAC (GSEC, GEVA, GPEN etc.)

A Snapshot of Your Day Each day, you ll collaborate with product management and development teams to define, prioritize, and deliver high-impact features that keep our cloud infrastructure and applications resilient. You ll design and automate CI/CD pipelines, implement robust security controls, and respond to security incidents ensuring our systems are always ahead. Your expertise will directly support Siemens Gamesa s mission for clean, reliable energy, all within a culture that values your ideas, empowers your growth, and celebrates your commitment to excellence. How You ll Make an Impact Create, develop, and implement solutions to address infrastructure and security requirements. Identify the needs for build automation, designing, and implementing CICD solutions. Create, develop, and implement automation and system integration for various build platforms. Build or maintain CICD building blocks and shared libraries proactively for app and development teams to enable quicker build and deployment. Design action plans to address CICD platform/tools/solutions shortcomings and difficulties. Trouble shoot, identify, and fix problems in the DevSecOps domain. Secure Infrastructure: Design, implement, and maintain secure infrastructure and environments, including FedRAMP-compliant environments, consisting of applications, containers, virtual machines, and cloud infrastructure. Vulnerability Management: Collaborate with teams to remediate and mitigate identified vulnerabilities, work with the security team to assess vulnerabilities, and identify potential security risks and weaknesses in the system. Security Automation: Develop and maintain security automation tools and scripts to streamline security processes and patch management, ensuring consistent application of security controls across deployment pipelines and infrastructure. Incident Response: Respond to security incidents promptly, perform root cause analysis, and implement measures to prevent future occurrences. Security Audits and Compliance: Assist in security audits and compliance assessments to ensure alignment to industry standards and regulations, collaborating with internal and external auditors to address any security-related findings. Collaboration and Documentation: Work closely with developers and security teams to identify security requirements and implement appropriate solutions, maintaining clear and comprehensive documentation of security practices, standards, and guidelines. What You Bring You have 8-10 years of proven experience as a Data Security Engineer, with a strong background in DevSecOps and cloud technologies. You are proficient in programming and scripting languages such as Python, C#, and PowerShell. You understand secure coding practices, common vulnerabilities (OWASP Top 10), and security frameworks (ISO 27001, NIST, PCI DSS). You have hands-on experience with security tools, vulnerability management, and cloud platforms (AWS, Azure, Google Cloud). You are skilled in containerization (Docker, Kubernetes) and infrastructure-as-code tools (Terraform, CloudFormation). You bring experience with security automation, incident response, and compliance audits. Exposure to tools like SonarQube, Coverity, Dependency Track, Trivy, or ZAP is a plus

Role & responsibilities :- Perform assessments of the in-scope facilities against relevant standards such as ISO 27001, ISO 22301, SOC 1, SOC 2. Collaborate closely with various stakeholders to support the entire certification lifecycle. Engage with relevant stakeholders to manage compliance requirements through awareness initiatives and regular interactions, ensuring users understand and comply with necessary procedures to maintain security. Identify gaps and non-compliances, and work with relevant stakeholders to ensure timely resolution Promote a risk-aware culture throughout the organization. Assist in scoping and develop a calendarized schedule of activities for regular monitoring. Perform risk assessments based on HCLTechs methodology and collaborate with stakeholders to develop remediation plans for identified risks. Adhere to a defined escalation matrix to manage identified risks. Coordinate and facilitate to third parties for external audits. Stay informed about the latest information security trends and threat landscapes to take proactive measures during assessments. Keep management informed of critical issues that may impact customers, suppliers, or the company. Introduce efficiencies to enhance existing programs. Participate in other projects as required. Desired Experience and skills Bachelor’s Degree - BE/B Tech/B.Sc/Master degree in any domain, preferably in Information Technology or Computer sciences. Security Certifications like CISA/CRISC/Security+ Relevant experience of minimum 7-8 years in the field of ISO 27001 & SSAE 18 /assessment and Risk management (risk assessment and remediation) Strong analytical, problem solving, organizational, documentation; time management skills. Candidate assists with management of stakeholder needs and expectations while providing consistent and regular communications with support from management Candidate is able to effectively balance multiple tasks through careful prioritization Candidate is able to work collaboratively with others to produce a quality work product Proven ability to communicate with multiple stakeholders Proven ability to manage output from multiple teams Excellent spoken and written English Good Report Writing and Analytical Skills Proficient in MS Office Good in Data Analytics, MIS, Inferences and self-scrutiny for continuous improvement Preferred candidate profile :- CISM OR CISA CERTIFICATION PCI DSS ISO 27001 CERTIFICATION

Role & responsibilities :- Perform assessments of the in-scope facilities against relevant standards such as ISO 27001, ISO 22301, SOC 1, SOC 2. Collaborate closely with various stakeholders to support the entire certification lifecycle. Engage with relevant stakeholders to manage compliance requirements through awareness initiatives and regular interactions, ensuring users understand and comply with necessary procedures to maintain security. Identify gaps and non-compliances, and work with relevant stakeholders to ensure timely resolution Promote a risk-aware culture throughout the organization. Assist in scoping and develop a calendarized schedule of activities for regular monitoring. Perform risk assessments based on HCLTechs methodology and collaborate with stakeholders to develop remediation plans for identified risks. Adhere to a defined escalation matrix to manage identified risks. Coordinate and facilitate to third parties for external audits. Stay informed about the latest information security trends and threat landscapes to take proactive measures during assessments. Keep management informed of critical issues that may impact customers, suppliers, or the company. Introduce efficiencies to enhance existing programs. Participate in other projects as required. Desired Experience and skills Bachelors Degree - BE/B Tech/B.Sc/Master degree in any domain, preferably in Information Technology or Computer sciences. Security Certifications like CISA/CRISC/Security+ Relevant experience of minimum 7-8 years in the field of ISO 27001 & SSAE 18 /assessment and Risk management (risk assessment and remediation) Strong analytical, problem solving, organizational, documentation; time management skills. Candidate assists with management of stakeholder needs and expectations while providing consistent and regular communications with support from management Candidate is able to effectively balance multiple tasks through careful prioritization Candidate is able to work collaboratively with others to produce a quality work product Proven ability to communicate with multiple stakeholders Proven ability to manage output from multiple teams Excellent spoken and written English Good Report Writing and Analytical Skills Proficient in MS Office Good in Data Analytics, MIS, Inferences and self-scrutiny for continuous improvement Preferred candidate profile :- CISA CISM ISO 27001 CERTIFICATION PCI DSS

We are looking for a highly skilled and experienced Third-Party Risk as a Service (TPRaaS) - Staff to join our team in Bengaluru. The ideal candidate will have 1 to 4 years of experience in Third-Party Risk Management, with expertise in TPRM tools and technology solutions. ### Roles and Responsibility Participate in the delivery of Third-Party Risk Management (TPRM) engagements, including walkthroughs, testing, documentation, and other engagement-related activities. Provide delivery updates during vendor calls and client interactions. Follow policies and procedures to support the successful implementation of TPRM operating models. Assist in process walkthrough discussions to document end-to-end business processes and functional requirements. Contribute to assessing the application of legal and regulatory requirements to clients' TPRM practices. Identify process gaps and propose preventive/corrective actions. Demonstrate interest in developing knowledge of market trends, competitor activities, EY products, and service lines. Adhere strictly to fulfilling project activities to achieve exceptional client service. Work effectively as a team member, sharing responsibility, providing support, maintaining communication, and updating senior team members on progress. Conduct research and assist senior team members in preparing client presentations and information memorandums. Continuously strive towards exceeding client & team expectations and work on increasingly complex assignments. Support management in the preparation of proposals and business development materials. Bring an innovative mindset and analytical thinking capability to enhance service delivery. ### Job Requirements Bachelor's degree in IT/Computer Science, BSc.(IT), BE, MCA from a tier 1 or tier 2 college. 1 to 4 years of demonstrated experience in Risk Management, preferably in Third-Party engagement lifecycle (pre-contracting, contracting, and post-contracting). Basic understanding of the TPRM framework, Risk Management, Information Security practices, and Contract Risk Reviews. Good exposure to TPRM tools and technology solutions, such as GRC enablement solutions (Process Unity, Prevalent, Archer, ServiceNow). Basic knowledge of standards like ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc., and privacy regulations like GDPR, CCPA, etc. Basic knowledge of TCP/IP, OSI layer, networking, security concepts, Physical & Environmental Security, Asset Security, and Identity & Access Management. Good to have certifications: CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer. Exposure to tools like ProcessUnity, ServiceNow, Archer is desirable.

We are looking for a highly skilled and experienced professional with 7 to 12 years of relevant work experience to join our team as a Manager-AMI-Business Consulting Risk-CNS in Mumbai. ### Roles and Responsibility Collaborate with cross-functional teams to provide services across multiple client departments. Develop and implement effective risk management strategies to mitigate potential risks. Conduct IT audits, including cyber, infrastructure, and emerging technologies audits. Implement and comply with ISO 27001 standards and IT security controls. Provide expert advice on business continuity and disaster recovery planning. Manage third-party relationships and ensure compliance with commercial and legal requirements. ### Job Requirements Minimum 7 years of relevant work experience in risk management, governance, and compliance. Strong understanding of IT risk management, governance, and compliance principles. Experience in implementing and complying with ISO 27001 standards and IT security controls. Excellent analytical and problem-solving skills, with the ability to deliver insightful and practical solutions. Ability to work collaboratively with stakeholders at all levels. Strong communication and interpersonal skills, enabling effective collaboration with clients and team members. A university undergraduate degree is required; post-graduation is preferred.