776 Iso 27001 Jobs - Page 31

You Lead the Way. We ve Got Your Back. With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you ll learn and grow as we help you create a career journey that s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally. At American Express, you ll be recognized for your contributions, leadership, and impact every colleague has the opportunity to share in the company s success. Together, we ll win as a team, striving to uphold our company values and powerful backing promise to provide the world s best customer experience every day. And we ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong. Join Team Amex and lets lead the way together. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also, they do preventive work to avoid future overdue with accounts that have a high exposure. Partner with the BU to complete risk assessments and ensure adherence to program requirements. Assist with evaluation of control environments of Third Parties to support security assessment activities Facilitate execution of information security assessments for in-scope third parties (e.g., Manage the inventory of Third Parties, conduct periodic assessments, assess the quality of assessments conducted by External Assessors, define risk ratings as appropriate to the control failures, etc.) Partner with ISO Organization in sharing inputs towards assessment questionnaires and Guidance documents, and for managing assessments related to IS-Critical Third Parties Program Managing transformational projects, as and when required, related to Process improvements, System upgradation and overall Program uplift Assist with analysis and reporting related to TSM lifecycle as needed Minimum Qualifications 4+ years of experience in the financial services industry focus on Operations; including working with complex and dynamic functions and solutions, strong thought leadership is required Customer service focused and results-oriented leader A broad understanding of the IT controls and best practices across key risk domains, including risk assessment methodology, application security, network and infrastructure security, Data loss prevention, and incident management is recommended Prior experience managing risk assessments; including background in audit, compliance, Third Party Risk/Oversight, or other risk control functions Possess ability to lead through a highly matrixed organization Requires ability to influence without direct authority and possess proven collaboration skills Excellent written and verbal communication skills, able to effectively communicate at all levels within the organization is required Being flexible and able to adjust to new needs and new technologies, and be comfortable with ambiguity Preferred Qualifications Current certifications in CISSP, CISM, CISA, CRISC, CGEIT, COBIT, ISO 27001 or PCI is recommended but not mandatory Benefits include: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

Job Role: IT Administrator The IT Administrator at Nutrabay will be responsible for managing the company s on-premises IT infrastructure, cloud services, network security, and user support. This individual plays a critical role in ensuring business continuity, security compliance, and optimal performance of IT systems across all departments. You should apply if you have: 3+ years of experience in IT administration or a similar role. A strong understanding of Windows Server, Active Directory, and network administration. Proficiency with Microsoft 365 administration and AWS cloud services. Experience in IT security principles, compliance frameworks (especially ISO 27001), and the DPDP Act. Excellent troubleshooting skills and a proactive attitude. Strong documentation and communication abilities. A bachelor s degree in Computer Science, Information Technology, or a related field. You should not apply if you: Do not have hands-on experience managing IT infrastructure and cloud environments. Are unfamiliar with IT security compliance standards or backup and recovery strategies. Struggle with cross-functional collaboration or handling help desk operations independently. Are uncomfortable taking ownership of critical IT incidents, even outside working hours. Skills Required: Microsoft In-tune & Active Directory Microsoft 365 & Google Workspace administration AWS cloud infrastructure Network devices (Routers, Switches, Firewalls) IT Security & ISO 27001 compliance Data protection under DPDP Act Backup & disaster recovery strategies Help desk ticketing & technical support IT policy documentation & asset management What will you do Manage on-premises servers, storage systems, and network equipment Administer Windows Domain, M365, and Google Workspace services Oversee AWS cloud infrastructure with an eye on cost and performance optimization Implement and monitor security controls in line with ISO 27001 and DPDP Conduct vulnerability scans, access management, and regular audits Manage backups and ensure tested disaster recovery solutions are in place Provide help desk support and onboarding/offboarding for employees Document IT policies, procedures, and monthly system performance Collaborate with vendors and support budget planning for IT services Lead training and awareness initiatives across departments Be available for high-priority incidents beyond work hours Work Experience: Minimum 3+ years in IT Administration or related roles Working Days: Monday - Friday Location: Golf Course Road, Gurugram, Haryana (Work from Office) Perks: Friendly Atmosphere High learning & personal growth opportunity Flexible Timings Diverse Work Environment Why Nutrabay: We believe in an open, intellectually honest culture where everyone is given the autonomy to contribute and do their life s best work. As a part of the dynamic team at Nutrabay, you will have a chance to learn new things, solve new problems, build your competence, and be a part of an innovative marketing and tech startup that s revolutionizing the health industry. Working with Nutrabay can be fun, and a place of a unique growth opportunity. Here you will learn how to maximize the potential of your available resources. You will get the opportunity to do work that helps you master a variety of transferable skills, or skills that are relevant across roles and departments. You will feel appreciated and valued for the work you delivered. We are creating a unique company culture that embodies respect and honesty, which will create more loyal employees than a company that simply shells out cash. We trust our employees and their voices and ask for their opinions on important business issues. About Nutrabay: Nutrabay is the largest health & nutrition store in India. Our vision is to keep growing, have a sustainable business model, and continue to be the market leader in this segment by launching many innovative products. We are proud to have served over 1 million customers up till now and our family is constantly growing. We have built a complex and high-converting eCommerce system and our monthly traffic has grown to a million. We are looking to build a visionary and agile team to help fuel our growth and contribute towards further advancing the continuously evolving product. Funding: We raised $5 million in a Series A funding round.

Plan, execute and report all IT Security and Business Automation related audit activities for OakNorth Bank plc. to provide independent assurance to senior management that the bank s IT infrastructure and digital transformation initiates (incl. non-IT) are fit for purpose to allow the bank to safely deliver best-in-class services to all its customers. Job Responsibilities: Plan, execute and report all IT and cyber security related audit activities for OakNorth Bank plc Provide independent assurance to senior management that the bank s IT infrastructure is fit for purpose to allow the bank to safely deliver best-in-class services to all its customers Ensure best practice and frameworks are followed to adhere to various audit guidelines and standards A Subject Matter Expert who can build a strong network for himself/herself and execute audit work autonomously all the way through to review whilst having a strong sense of customer service Manage IT related audit activities for the OakNorth Bank plc Delivers at least one audit per quarter: some audits to be delivered alone and others in partnership with the existing OakNorth audit team or empanelled co-sourced partner Document audit fieldwork, findings and prepare audit reports Review audit evidences and track closure of management actions Report on audit activity to senior management Continuously improve the IT audit methodology which suits the highly technical, disruptive, global, and fast-moving environment Supports IA team and colleagues on subject matter whilst keeping in mind team goals, not only individual targets Deliver internal and external certification audits Execute ITGC, network, cyber and cloud security audits Conduct internal audits to provide information whether the firm s Information Security Management System conforms to the Internationally recognised Standards Deliver audits to evaluate the evolving cybersecurity automation ecosystem( best-in-breed ) Perform cloud security assessments for AWS / Azure cloud platforms and other cloud-based solutions Carry out technical security reviews of firewall configurations, DLP, IAM, IPS /IDS and other critical applications Audit the continuously improving IT infrastructure model with newly emerging and flexible work solutions, post Covid-19 Continuously assess and report, how well the Bank assesses internal and external threats including email attacks and vulnerabilities, as well as the fitness for purpose and effectiveness of its strategic and tactical responses Challenge incident, disaster response and business continuity plans and review the test reports, outcomes to verify backup / restore set-ups and RPO / RTO levels Desired Skills: Hunger, fire (10x, momentum) Ability to work with others across teams, geographies, and legal entities (one team) Not a prima donna / ego issue (right ambition) Not highly political or spin doctor (say it as it is) Logical thinking, ability to get to the simplest answer as opposed to a convoluted one (challenge and simplify) An honest person who operates with a high degree of ethics and integrity through any situation (right ambition, say it as it is) Someone with a minimum of 3 years of banking / consulting experience in IT security audits Someone who holds a degree in information technology from a top institute with a consistently good academic record Holds at least one globally recognised IT certification, and working towards a second (IA / Risk or technical) Hands-on experience of working on some of the latest and best auditing / GRC tools A good understanding and knowledge of IT Security Compliance frameworks and industry control standards and, such as NIST, ISO 27001, COSO, COBIT, and ITIL A self-starter and fast learner; someone who can work and learn on his/her own Someone with gravitas and whose opinion matters; someone who is trusted by colleagues across the firm, from the most junior to the most senior A person who focuses on what matters most: outcomes; someone who relentlessly avoids hypothetical risks and verbose

To act as the SPOC for all third-party audits, especially from BFSI clients & create Network Infrastructure. JD: https://www.pinnacle.in/career/security-manager JD:https://www.pinnacle.in/career/network-manager To work purely from HO Nagpur

Looking for an Information Security Consultant with experience in IT audits, SOX, ISO 27001, NIST, PCI DSS, risk assessments, and compliance. Must handle audits, GAP assessments, client meetings, and risk advisory. Required Candidate profile Candidate should have Min. 5 years of experience in IT audits, SOX, ISO 27001, NIST, PCI DSS, and risk assessments. Good communication, client handling, and report writing skills needed.

Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations. Responsible and accountable for driving and maintaining the Compliance Program Which Includes: I. Defining and implementing controls as per Customer defined Security and Privacy policies II. Ensuring measurement and compliance to the policies. III. Drives Internal and External Audits IV. Participate and advise on Security Incident Investigation V. Training and awareness of Employees on Security Policies Well versed and hands-on experience for establishing processes, controls and audits of compliances like ISO 27001, ISO 15408. SOX ITGCs, SSAE 18 SOC 1 & SOC 2, PCIDSS,HIPAA, Data Privacy Standards (GDPR/Schrems) Frameworks. Documentation of IT & risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations Work with the client & technical teams for change request on any risk or control implementation as well as governance process Participate in internal as well as external regulatory audits as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security Point of contact for the client compliance & IT audit team for provisioning audit evidences within the SLAs defined. Provide strategic guidance & consulting support on implementation of IT controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Work with the client & team in identifying any process/ control gaps and suggesting the remediation plan& tracking the plan progress till closure. Liaison with Audit Firms and Client for all types of External audits like (ISO 27001, SSAE 16 SOC 1/ SOC 2 etc)

GRC professional with good understanding of industry frameworks and standards 2. In-depth experience on Third-Party Risk Management a. Evaluating third party's cybersecurity control and ensuring they are in compliance with organizations standards and industry best practices b. Track and monitor the status of each due diligence review and communicate the status with management and key stakeholders on a regular basis c. Articulate risks and potential options for remediation or compensating controls d. Understand inherent risk assessment e. Perform new and recurring third party security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility 3. Strong business and communication skills 4. Experience in driving meetings with stakeholders 5. Provide advisory and consulting to client on new trends and challenges in enterprise risk management area 6. Experience in design and development of information security policies, standards, and guidelines 7. Experience on SIG (shared assessments), ISO 27001, NIST framework, SOC 1, SOC2, ISO 27001 and HIPAA 8. Lead and drive meeting with top management 9. Design / modify Contract security language / security clauses 10. Co-ordinate and negotiate security clauses with Procurement team and Supplier 11. Experience on GRC platforms 12. Client interface for understanding the IT Governance, IT Risk & Compliance Management Controls as applicable to Infrastructure operations 13. Well versed and hands-on experience for establishing processes, controls and audits of compliances like HIPAA, CFR, PCI DSS & SOX ITGCs. 14. Documentation of as-is IT & Risk management Controls as they are currently being executed in client environment and ensuring that the same controls are followed and implemented in service delivery operations 15. Work with the client & technical teams for change request on any risk or control implementation as well as governance process 16. Participate in internal as well as external regulatory as well as IT security audits. Understand IT Risks and define audit & governance mechanisms for assets, processes & physical security

Client interface for understanding the SOX IT General Controls as applicable to Application &Infrastructure operations Conducting assessment of existing processes and align them to COBiT 2018 standard. Conducting TOE and TOD for ITGCs Documentation of as-is SOX 404 IT General Controls as they are currently being executed in client environment. Identify process exceptions and risk with respect to materiality defined by the SOX controller. Evaluating 3rd parties and their ITGC environments by assessment of SSAE18 reports Create Process Summaries, Compliance runbooks and RCMs. Define RACI for Control owners, executioners etc. Work with Senior Management of the organization and business teams in getting assertions. Point of contact for the client compliance & IT audit team for provisioning SOX audit evidence within the SLAs defined. Provide strategic guidance& consulting support on implementation of SOX controls for Networks, Operating Systems, System Security, Backup & Recovery, Storage, BCP/DR Identify technical remediations for SOX 404 ITGC and create short term and long term roadmap for remediation Conducting regular training for technical teams for SOX control implementation & audits Should have worked on consulting/implementation & audit of SOX IT General Controls associated with IT Operations (Mandatory) CGEIT, COBiT Experience & COSO ERM execution (preferred) Excellent understand & experience in IT applications &infrastructure management which includes SDLC, App Security, DevOps, Networks, Data Centre Operations, Service Management/Service Desk, Server Management etc. Excellent understanding of IT Service Management processes. ITIL certified. Should be able to identify & report risks related to SOX ITGC design effectiveness & operational effectiveness gaps Should have experience in executing end-to-end SOX ITGC audit life cycle Exposure to other regulatory compliances such as Data Protection Act Candidate should have client facing experience B.E/B.Tech with MBA preferred. Candidates with following Certifications will be preferred: CISA/CGEIT/CISM/CISSP ISO 27001 Implementer, Lead Auditor ITIL V3.0

As part of the Enterprise Security team, the Security Technology Operations (STO) Manager will help secure Arm s digital infrastructure. This includes managing and optimizing security technologies, implementing Zero Trust and network segmentation, and enhancing threat detection and response. The role requires strong cloud and network security knowledge, hands-on experience with security tools, and the ability to lead strategic initiatives while coordinating with partners, vendors, and internal teams. Responsibilities Implement network segmentation and Zero Trust to reduce attack surfaces, enforce least-privilege access, and isolate systems across enterprise and cloud environments. Lead the deployment, optimization, and upkeep of tools like EDR, AV, DLP, VPN, and firewalls to improve Arm s security posture. Promote Zero Trust principles identity-based access control, continuous verification, micro-segmentation, and clear trust boundaries to limit lateral movement and protect key assets. Collaborate with architects and infrastructure teams to define segmentation policies that align with Arm s threat model. Drive enhancements to security technologies, ensuring compliance with standards like NIST, CIS, and ISO 27001. Partner with IT and security teams to roll out new technologies and extend Zero Trust and segmentation across environments. Mentor analysts and engineers, promoting a culture of proactive defense and secure-by-design practices. Required Skills and Experience Demonstrated ability in security operations, infrastructure security, or network security roles. Strong expertise in network security technologies, including VPN, firewalls, IDS/IPS, Zero Trust Network Access (ZTNA) , and segmentation strategy and implementation . Technical proficiency in security solutions, including EDR, DLP, AV, email security, and cloud-native security controls. Experience implementing Zero Trust frameworks and network segmentation architectures in hybrid or multi-cloud environments. Understanding of Identity and Access Management (IAM) systems, including least-privilege access models, directory services, and policy-based access control. Familiarity with ITIL processes, security governance, and risk management, with experience tracking SLAs and compliance objectives. Nice to Have Skills & Certifications Security certifications such as CISSP, CISM, CCSP, AWS Certified Security, or Cisco Certified CyberOps Professional. Experience with scripting and automation for operational efficiency (e.g., Python, PowerShell, Terraform), as well as modern Infrastructure-as-Code and Policy-as-Code frameworks. Familiarity with Zero Trust security models, segmentation technologies (e.g., SDN, NGFWs, NAC) , and continuous risk assessment techniques.

Lastly, AHEAD Principal Technical Consultant also leverage their visibility and experience to contribute to the continuous improvement and maturation of in-practice service offerings and capabilities by proposing ideas for change and executing on ideas that are committed. This includes positively impacting our service portfolio and individuals on the team through thought leadership and mentorship. Key Responsibilities The following are the expectations of a Principal Technical Consultant: Client Delivery Support sessions of strategy, roadmap, design, and planning workshops for small to medium sized service engagements Execute on project objectives, requirements gathering, project tasks/milestone, project status, dependencies, and timelines, to ensure engagements are delivered successfully and on time while meeting the business objectives Creation and finalization of project deliverables, may perform peer review for collateral developed by others on a delivery team Effective presentation of deliverables to project team members. Knowledge of AHEAD s project lifecycle management activities to effectively support delivery engagements throughout the duration of a project Technical Mastery Proficiency in technical troubleshooting; the ability to critically think about a problem and generate a creative solution with minimal oversight. Deep knowledge of scripting, particularly with PowerShell and/or Python, and the ability to troubleshoot developed code. Ability to effectively communicate aspects of a technical solution to a non-technical individual. Capability to conduct research and utilize available resources to fill in technical knowledge gaps where ambiguity presents itself. Business Development Represent service offerings during the sales cycle, including project scoping, proposal development, and presenting proposals to clients Knowledge of AHEAD s sales management lifecycle to effectively support sales opportunities throughout the duration of a proposal Lead client discovery and/or visioning workshops to identify opportunities for cross-practice collaboration Practice Development & Thought Leadership Participate in the development, enhancement, and standardization of AHEAD in-practice service offerings Owns and/or enables more than one service capability Process-focused technology thought leader and evangelist Maintain a broad knowledge and understanding of current and future state IT trends, technologies, and standards Lend support and mentorship to others Skills Required Proficient in working technically with Identity Providers (IdPs), specifically Active Directory / Entra ID / IAM Working knowledge of identity lifecycle management processes and challenges Expertise in understanding Enterprise Architecture and the impact security decisioning will have on client environments Experience running and managing project outcomes, timelines, and budgets Ability to lead a team of individuals and provide mentorship where necessary Hands-on experience with the major cloud platforms (AWS, Azure, and/or GCP) Broad familiarity with governance, risk, and compliance (GRC) as well as industry standard compliance frameworks (e.g., NIST 800-53, NIST CSF, ISO 27001/2, etc.) Hands-on experience with cybersecurity tools that function in the following spaces: PAM / PIM / IAM, DLP, SOAR (XSIAM), Microsoft Security, AWS Security, Red Teaming / AppSec, Isolated Recovery Environments (IREs) Qualifications Previously worked in a leadership or program director role Minimum of: 10 years consulting experience, or commensurate work experience 3 professional and/or technical certifications, including industry-recognized certifications which align to AHEAD s Security service portfolio Excellent verbal and written communication skills Comfortable addressing groups of people in virtual settings Ability to solve complex, abstract problems Excellent interpersonal skills, good listener, ability to connect with different personalities Exhibit Executive presence with leadership characteristics Demonstrated experience as a technology change agent

Join us as a Manager in our Digital Risk Services team, where youll lead the way in tackling the most pressing technology risk challenges faced by our clients. Immerse yourself in cuttingedge fields like cybersecurity, artificial intelligence, and emerging digital risks. Your technical leadership will be instrumental in crafting innovative solutions and driving transformative projects. . Lead groundbreaking projects in digital risk, focusing on areas such as cybersecurity, AI, Cloud and SDLC, to devise forwardthinking assessment and mitigation strategies. Cultivate and maintain strong client relationships, becoming the trusted advisor for advanced digital risk management solutions. Collaborate with diverse technical teams to design, implement, and refine stateoftheart risk management frameworks using Agile, DevSecOps, and AI risk assessment protocols. Stay at the forefront of industry trends and emerging technologies to deliver profound insights and predictive risk analytics using AI/ML tools. Mentor and inspire your team, fostering an environment of technical brilliance, continuous learning, and innovation. Drive business growth by identifying new opportunities and developing detailed proposals that leverage the latest digital risk technologies. Good to have requirements As below Mandatory Skill Sets Minimum of 10 years in risk advisory with a focus on cybersecurity, AI, and digital risks. Proven track record in managing complex technical projects in a consulting setting. Expertise in regulatory frameworks and industry standards like ISO 27001, NIST, and GDPR. Outstanding technical communication and leadership skills, engaging effectively with senior stakeholders. Preferred Skill Sets AI, Cybersecurity

About the Role: Compliance and MLRO professional will be responsible for overseeing and managing the compliance functions of Liminal group. This role shall have the CO/MLROs of regulated entities reporting into him/her and shall ensure the overall regulatory compliance of the group entities. This role requires a comprehensive understanding of financial regulations, AML/CFT Laws of the jurisdictions in which Liminal is active, and the ability to ensure Liminal s adherence to these requirements. Responsibilities: Regulatory Compliance: Monitor and interpret financial regulations applicable in all the jurisdictions where Customer Facing entities of Liminal s group company exist and adherence to all the relevant regulatory reporting requirements. Conduct regular assessments to identify areas of non compliance and develop corrective action plans. Develop, implement and manage Liminal s AML program in accordance with respective jurisdictional Guidelines. Conduct regular risk assessments and update AML policies to address emerging risks. Policy Development: Collaborate with relevant departments to develop and update policies and procedures in accordance with applicable guidelines. Understand risk based approach to compliance plan in an ever evolving business environment. Ensure that employees are aware of and trained on compliance and AML policies. Reporting and documentation: Prepare and submit regular reports to the respective regulators, highlighting Liminal s compliance status. Maintain comprehensive documentation of compliance and AML activities and reports for both internal and external audits. Establish procedures for the identification and reporting of suspicious activities. Training and Awareness: Conduct training sessions for employees to enhance awareness of all the relevant regulations and compliance and AML requirements. Foster a compliance conscious culture within Liminal. Monitoring and Testing: Implement monitoring and testing procedures to ensure ongoing compliance and AML programs. Conduct periodic internal audits to identify and rectify compliance issues. Qualifications: Bachelor s degree in Business, Finance, Law or a related field. Professional certifications such as CAMS would be advantageous. Proven experience of 10 to 15 years in a compliance role within a financial services firm in India preferably with a FIU facing entity. In-depth knowledge of AML/CFT regulations across the globe and financial industry compliance standards. Proven experience in onboarding tools (both KYB and KYC) and Transaction monitoring tools (both pre and post) Experience in Virtual Assets/Digital Assets domain of custody operations is a plus Strong analytical and problem solving skills. Excellent communication and interpersonal skills. About Liminal : Liminal is a compliant and insured digital asset custody and wallet infrastructure provider. Launched in April 2021, Liminal Custody is a CCSS Level 3, SOC Type 2, and ISO 27001 & 27701 certified organization. Based in Singapore, Liminal has operations spread across APAC, MENA, and Europe, along with offices in Singapore,Taiwan , India, and UAE. The company has received an initial approval from VARA. Liminal takes pride in supporting businesses with its qualified and insured custody (self and institutional) that enables stress-free safekeeping of digital assets for institutions. It also provides a cutting-edge wallet infrastructure platform that is secure, compliant, and automated and comes with a plug-and-play architecture for faster onboarding of developers, business partners, and government agencies. Our website - https://www.liminalcustody. com/

Who are we Summary: The Cybersecurity Engineer is responsible for ongoing cybersecurity assessments of Wabtec products to determine whether they comply with applicable Wabtec cybersecurity standards and technical controls. They will advise product managers and engineering teams, create awareness of cybersecurity standards and technical controls, and recommend best practices for satisfying these standards and controls for all Wabtec products offered or made available for customer. They will work closely with others to define and maintain technical controls to address external standards, Wabtec standards, and product requirements. Experience & Qualifications: Bachelor s degree in Computer Science, Software Engineering, Cybersecurity, or a related field. Minimum of 5 years of experience with design, development, and/or testing of embedded industrial products and/or web systems. Minimum of 2 years experience with hands-on cybersecurity engineering. Experience with cybersecurity standards such as, IEC 62443, NIST 800-53, or ISO 27001/2. Extensive hands-on experience with cybersecurity assessment tools and methods. Understanding of software development cycles, project development lifecycle. Demonstrated ability to effectively manage multiple tasks, working with various stakeholders in a global organization. Demonstrated commitment to process improvement. Fluent in English, with ability to communicate both verbally and in writing. Experience in the rail, mining, or automotive sectors preferred. Responsibilities: This position requires extensive knowledge and experience with cybersecurity controls pertaining to mainly embedded and web systems. Responsibilities will include the following: Conduct ongoing cybersecurity reviews of Wabtec products and determine whether Cybersecurity Authorization to Operate (CATO) should be granted based on compliance with Wabtec policies, standards, and technical controls. Support engineering teams responsible for conducting threat and risk assessments to identify product threat surfaces and attack vectors. Interpret technical cybersecurity concepts and their business implications. Be able to clearly explain these concepts to management and other engineers. Drive and support an authoritative technical consultation process on product cybersecurity across Wabtec s embedded electronics and non-IT networked product portfolio including connected vehicle security, secure implementation of real-time operating systems, ongoing security support for heavy industrial systems and web services. Recommend and consult on the design of software controls, hardening measures, and other risk mitigations to minimize attack surface and support cost-effective field maintainability of security controls. You may also be asked to perform other duties outside of your function or trade, for which adequate training will be provided if necessary. Our Commitment to Embrace Diversity: To fulfill that commitment, we rely on a culture of leadership, diversity, and inclusion. We aim to employ the world s brightest minds to help us create a limitless source of ideas and opportunities. We have created a space where everyone is given the opportunity to contribute based on their individual experiences and perspectives and recognize that these differences and diverse perspectives make us better. We believe in hiring talented people of varied backgrounds, experiences, and styles People like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know. Who are we Wabtec Corporation is a leading global provider of equipment, systems, digital solutions, and value-added services for freight and transit rail as well as the mining, marine, and industrial markets. Drawing on nearly four centuries of collective experience across Wabtec, GE Transportation, and Faiveley Transport, the company has grown to become One Wabtec, with unmatched digital expertise, technological innovation, and world-class manufacturing and services, enabling the digital-rail-and-transit ecosystems. Wabtec is focused on performance that drives progress and unlocks our customers potential by delivering innovative and lasting transportation solutions that move and improve the world. We are lifelong learners obsessed with making things better to drive exceptional results. Wabtec has approximately 27K employees in facilities throughout the world. Visit our website to learn more! http://www.WabtecCorp.com Our Commitment to Embrace Diversity: Wabtec is a global company that invests not just in our products, but also our people by embracing diversity and inclusion. We care about our relationships with our employees and take pride in celebrating the variety of experiences, expertise, and backgrounds that bring us together. At Wabtec, we aspire to create a place where we all belong and where diversity is welcomed and appreciated. To fulfill that commitment, we rely on a culture of leadership, diversity, and inclusion. We aim to employ the world s brightest minds to help us create a limitless source of ideas and opportunities. We have created a space where everyone is given the opportunity to contribute based on their individual experiences and perspectives and recognize that these differences and diverse perspectives make us better. We believe in hiring talented people of varied backgrounds, experiences, and styles People like you! Wabtec Corporation is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or protected Veteran status. If you have a disability or special need that requires accommodation, please let us know.

Job Overview We are seeking a highly skilled and motivated Vendor Information Security Risk Management Specialist to join our team. This individual will be responsible for evaluating and tracking information security risks posed by third-party vendors and partners. As part of the G&C team, you will collaborate with various stakeholders to ensure the integrity, confidentiality, and availability of our data and systems when interacting with external entities. Key Responsibilities Vendor Risk Assessments : Conduct comprehensive information security risk assessments on third-party vendors and service providers. Evaluate their security posture, identify vulnerabilities, and ensure compliance with company policies, industry standards, and legal/regulatory requirements. Risk Mitigation & Management : Collaborate with stakeholders to define risk mitigation strategies for third-party vendors. Monitor and manage the lifecycle of vendor risk and ensure that risk treatment plans are in place and executed. Compliance & Regulatory Oversight : Ensure that third-party vendors comply with relevant industry standards (e.g., GDPR, ISO 27001, SOC 2, etc.) and internal security policies. Contractual Security Requirements : Work closely with the legal and procurement teams to establish and enforce security terms in third-party contracts, including Service Level Agreements (SLAs) and Data Processing Agreements (DPAs). Continuous Monitoring : Implement processes and tools for ongoing monitoring of third-party security posture. Evaluate third-party security reports, incident response, and performance metrics to ensure adherence to agreed-upon security controls. Qualifications Education : Bachelor s degree any field. Experience : Minimum of 6 years of experience in information security, risk management, or a related field, with

Boku Inc. (BOKU.L) is the leading global provider of local mobile-first payments solutions. Global brands including Amazon, DAZN, Meta, Google, Microsoft, Netflix, Sony, Spotify, and Tencent rely on Boku to reach millions of new paying consumers who do not use credit cards with our purpose-built payment network of more than 300 local payment methods across 70+ countries. Every year, Boku processes over $10 billion in value for our customers. Incorporated in 2008, Boku is headquartered in London and San Francisco and has employees in over 39 countries around the world, including Brazil, China, Estonia, Germany, Ireland, Japan, Singapore, and the UAE. Boku is a truly global company that takes pride in its diversity and thriving equal opportunity workplace. Role : Helpdesk Administrator Department: IT Reports to: Service Desk Manager Role Purpose We are seeking a proactive and self-motivated Helpdesk Administrator to support our Mumbai office and global IT operations. This individual will be responsible for providing on-site support, ensuring smooth IT operations, and playing a key role in onboarding/offboarding, issue resolution, and contributing to global initiatives. This position is ideal for someone who is eager to grow their IT career in a dynamic, fast-paced environment and values ownership and initiative. Key Responsibilities Provide daily on-site IT support for the Mumbai office (4 days/week from office). Handle global and local user support requests via the IT ticketing system. Ensure prompt setup and support for onboarding and offboarding processes, including laptop provisioning, account setup, and access control. Troubleshoot and resolve hardware, software, and network-related issues across Mac and Windows environments. Maintain inventory of IT assets in the Mumbai office; ensure records are accurate and updated. Coordinate with the global IT team for issue escalation and project participation. Support local implementation of security and compliance initiatives (e.g. ISO 27001). Ensure conference rooms and shared tech infrastructure are fully operational. Monitor and maintain printer, networking, and AV systems. Take ownership of IT documentation and local IT process improvements. Communicate effectively with employees and IT teams, ensuring transparency and timely resolution of issues. Additional duties may be assigned based on project requirements, business needs, or team priorities. These are part of the expected responsibilities of the role. Measures of Success Ticket Response Time: 90% of tickets acknowledged within SLA (e.g., 30 minutes). Ticket Resolution Time: 80% of tickets resolved within SLA. User Satisfaction: 90% positive feedback on internal support surveys. Onboarding Setup Accuracy: 100% of new hires fully provisioned on Day 1. Asset Accuracy: Maintain 98%+ inventory accuracy. Documentation Quality: Processes documented, reviewed quarterly. Proactivity: Evidence of self-initiated improvements or issue resolution monthly. Participation in project-based work and covering team tasks is expected and forms part of the core responsibilities. Key Skills and Competencies Familiarity with Microsoft 365 admin tools and services. Competency with Apple macOS and Windows operating systems. Experience using IT Service Management (ITSM) platforms (e.g., Jira, ServiceNow). Knowledge of basic networking (IP, DNS, VPN, Wi-Fi). Experience with onboarding/offboarding IT processes. Strong time management, organizational skills, and attention to detail. Excellent communication skills in English, both written and verbal. A proactive, self-driven attitude with the ability to work independently. Problem-solving mindset with a commitment to continuous improvement. Qualifications ITIL Foundation certification. CompTIA A+/Network+ or equivalent. Familiarity with ISO 27001 or other compliance frameworks.

1. Bachelors degree in computer science, information systems, or Cybersecurity at least 10-12 years of experience in Cybersecurity roles with an emphasis on data security, cybersecurity and IT risks. 2. A strong understanding of networking, operating systems, security protocols, App Security and various security tools is essential. 3. Experience with security frameworks like ISO 27001, NIST, HIPPA & GDPR 4. Experience in designing and deploying security solutions (from RFPs to PoCs, vendor selection, detailed solution design, etc.) 5. Excellent communication and leadership skills are required to effectively collaborate with different teams and communicate security risks to senior management. 6. The ability to analyse complex security issues and develop effective solutions is crucial. 7. Preferred Certifications: Such as CISSP, CISM, or CEH Shift time: 5.30pm 2.30am (Evening Shift) Suitable candidates may forward their updated profiles in strict confidence to hr33@hectorandstreak.com

Description We are seeking an adaptable, self-motivated, and detail-oriented Senior Internal Auditor to plan, lead, and execute internal audit engagements to insure the effectiveness of Coretek s Information Security Program and internal business processes. The ideal candidate will have a strong background in auditing, risk assessment, and compliance. This role involves continuous planning, participation, and execution of internal and external audit engagements to ensure effectiveness of controls and compliance with relevant standards and frameworks. Key Responsibilities: Act as a subject matter expert for Coretek s audit frameworks and engagements. Plan, perform, and coordinate internal audits, ensuring compliance with organizational controls, policies, and processes. Prepare detailed internal audit reports that clearly articulate the objective, scope, results, findings, recommendations, and action plans for each audit. Distribute internal audit reports to stakeholders and conduct follow-up meetings to further discuss audit results, as needed. Prepare executive-level updates and reporting for status of internal and external audits and identified issues. Design and implement new internal audits to contribute to the effective monitoring of the Information Security Program. Prepare and maintain internal and external audit schedules and ensure that Coretek stays aligned with those schedules. Communicate internal/external audit schedules and updates to organization stakeholders. Assist with coordination of external audits and serve as a point-person in these audits, providing requested artifacts and information to external auditors. Work with stakeholders across the organization to gather and assess audit evidence. Follow up with stakeholders to collect evidence for internal/external audits in a timely manner. Work closely with management to develop action plans and monitor progress of identified gaps and issues. Leverage internal tools and procedures to assess and track controls and testing requirements Utilize data analytics to identify trends, patterns, and anomalies in audit data. Take responsibility for meeting audit deadlines Apply lessons learned to continuous improvement opportunities Respond to client requests for SOC 2 Type II reports, ISO certificates, etc. Stay updated on industry trends, regulations, and best practices. Foster a collaborative and supportive team environment. Provide guidance and support to junior auditors. Skills: Self-motivation Strong analytical, critical thinking, and problem-solving skills Strong attention to detail Adaptable with ability to thrive in a fast-paced environment Strong organization and time management skills Ability to handle multiple projects simultaneously Excellent verbal and written communication Ability to work independently and as part of a team Qualifications: Minimum of 5 -7 years prior audit experience Practical application and working knowledge of ISO 27001, ISO 27701, SOC 2, and NIST 800-171 controls Familiarity with Azure Expert MSP preferred Experience in the service provider or multi-tenant environment Four-year degree or equivalent industry experience Proficiency in Microsoft Office Suite Professional certification such as CISA is preferred Working knowledge of Drata GRC software preferred

We are seeking a detail-oriented and analytical GRC Analyst to join our team in Bangalore, India. As a GRC Analyst, you will play a crucial role in ensuring our organizations compliance with regulatory requirements, managing risks, and maintaining effective governance practices. Conduct comprehensive risk assessments and develop mitigation strategies to address identified risks Monitor and evaluate the effectiveness of internal controls and compliance processes Assist in the development and implementation of GRC policies, procedures, and guidelines Perform regular audits to ensure compliance with relevant regulations and industry standards Analyze data and prepare detailed reports on GRC-related matters for senior management Collaborate with cross-functional teams to implement and maintain GRC software tools Stay up-to-date with evolving regulatory requirements and industry best practices Provide training and guidance to employees on GRC-related topics Support the development and maintenance of business continuity and disaster recovery plans Bachelors degree in Business Administration, Information Technology, or a related field 3-4 years of experience in GRC, audit, or related fields Strong knowledge of GRC frameworks such as PCI-DSS ISO 27001:2022 & 9001:2015, SOC2 Type II CEH (Certified Ethical Hacker) AZ-500 Microsoft Azure Security Technoligies/Cloud Security Certifications with hands on experience Proficiency in risk assessment and management techniques Familiarity with compliance regulations including GDPR, SOX, and HIPAA Excellent data analysis and reporting skills Proficiency in GRC software tools Strong communication and presentation skills Detail-oriented with a high level of accuracy and organizational skills Ability to work independently and as part of a team in a fast-paced environment Relevant certifications such as LA/LI 27001:2013/22, CPISI Understanding of industry-specific regulations and best practices

Job Title Security Operations Analyst Location Bangalore, Karnataka, India What you will do As a Security Operations Analyst, you will play a critical role in monitoring and responding to security incidents, identifying vulnerabilities, and ensuring compliance with security policies. You will collaborate with various stakeholders to enhance the security posture of our organization and support incident response activities. How you will do it Monitor security alerts and events from various security tools and platforms. Investigate security incidents, perform root cause analysis, and document findings. Assist in the management of security incidents, including containment, eradication, and recovery efforts. Conduct regular security assessments and vulnerability scans to identify potential risks. Collaborate with IT and other departments to remediate vulnerabilities and implement security best practices. Support incident response activities and maintain incident response documentation. Participate in security awareness training and educate staff on security policies and procedures. Stay updated with the latest security trends, threats, and technologies. What we look for Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field. 4-6 years of experience in security operations, incident response, or a related field. Strong understanding of security frameworks and best practices (e. g. NIST, ISO 27001). Experience with security tools such as SIEM, IDS/IPS, and vulnerability management solutions. Knowledge of networking protocols and systems security concepts. Excellent analytical and problem-solving skills. Strong communication skills and the ability to work collaboratively in a team environment. Relevant cybersecurity certifications (e. g. CompTIA Security+, CEH, CISSP) are a plus. What we offer Competitive salary and performance-based bonuses. Comprehensive benefits package including health, dental, and retirement plans. Opportunities for professional development and continuous learning. Collaborative and inclusive work environment.

Job Description We are looking for self-driven professionals interested in a career in Oracle. The position will independently program manage the ISO 27001 ISMS implementation for OFSS Ltd. In addition will also perform project review activities. Working at Oracle & in this team provides you an opportunity to make a difference to overall business, continuous learning opportunities with access to best tools & courses and a fulfilling & inclusive environment. Career Level - IC4 Responsibilities As an Individual Contributor, perform the role of an Information Security Management System Implementation Lead Work with senior management, various stakeholders from business, support function teams to implement the processes, controls and schedules of the extant standards the organization adhers to. Program manage the ISO 27001 certification program by ensuring compliance to the various Oracle policies, ISMS procedures, ISO standards including front-ending the internal & external audits Successfully transition the organization towards the new standards as and when new standards are applicable. (As an example: Transitioning from ISO 27001| 2013 to 2022 standards by adjusting processes, controls & ISMS activities ). Train ISMS members towards changes in standards and their impact on ISMS activities. Additionally perform the role of a Senior Partner advisor who performs management oversight to partner projects that involves implementation of Oracles Banking & OFSAA Products. Perform audit on identified Oracle product implementation projects to measure project quality & execution effectiveness. Continuously source, maintain, enrich evaluation of projects from various sources as determined by the management to build a repository of program successes, lessons learnt, corrective actions needed. Build an objective evaluation score for projects / programs SKILLS NEEDED A Bachelor or Masters degree in Sciences, Engineering, Technology or accounting. 20 plus years of experience with demonstrable experience in audit / process quality management. With specific focus on Information security. Must have led multiple ISO 27001 implementations or led audits. Information Technology industry processes Must have a thorough understanding of various standards, Practices & legislations in the field of information security. Certifications ISO 27001 Lead Auditor Project Management Professional / Program Management Professional Experience in Waterfall / Agile project methodologies. Experience in project execution in IT industry. Experience in performing project reviews of third-party projects, with a view to identifying strengths & opportunities for improvements in the project management process, project execution, resource skills, customer satisfaction & measurable project outcomes. Excellent communication skills (written & verbal) at various hierarchy levels. Excellent documentation skills with a varied audience executive summaries for senior management, detailed reports for project team with actionable insights. Although the job does not currently envisage any travel, willingness to travel Onsite to Customer location if required. Should be able to join in 4-6 weeks of offer.

Job Description - Security Engineer 48 years of experience in designing, planning, and implementing enterprise security solutions Proficient in cloud platforms: Azure, AWS, and GCP Skilled in network security tools: routing, switching, NGFW, WAF, ALB, etc. Experienced in native cloud security features and tools across all major platforms Strong knowledge in designing and deploying security architecture aligned with the risks across prevent, detect, respond, and predict domains Broad understanding of IT infrastructure, applications, databases, and networking Familiar with frameworks and best practices: ISO 27001, PCI-DSS, OWASP, SANS, etc. Well-versed in security technologies: NGFW, WAF, IDAM, DLP, VPN, MDM, 2FA, PIM, NAC, sandboxing, FIM, etc. Sound knowledge of emerging technologies in security: machine learning, analytics, blockchain, etc. Strong analytical thinking and excellent communication skills Deliverables Support planning, strategy, and implementation of new solutions with cross-functional teams Contribute to evaluation, design, and architecture of innovative security solutions Lead execution of evaluations and related tasks end-to-end Continuously enhance existing controls or propose alternatives for better security and efficiency Ensure project execution within defined timelines and scope Manage complete project lifecycle: initiation, planning, execution, monitoring, and closure Coordinate with implementation teams to ensure smooth rollout of solutions and controls Transition projects to operations with proper documentation and handover Provide post-implementation support and handle escalations effectively. Please share your updated cv on Avani.Vibhute@rigvedtech.com

GRC Lead will manage and strengthen our Governance, Risk, and Compliance (GRC) initiatives for Managed Security Services (MSS) within the Telecom sector. The GRC Lead will be responsible for ensuring that the services we provide to our telecom clients adhere to industry standards, regulatory requirements, and robust risk management practices. This individual will play a key role in aligning our security services with client business objectives, improving our security posture, and ensuring compliance with telecom-specific regulations and frameworks. You have: 7+ years of experience in Governance, Risk, and Compliance (GRC), with at least 3 years in telecom or Managed Security Services (MSS) with a degree in Telecommunication Engineering, Computer Science, Information Security, or a related field (B.E/B.Tech/M.E/M.Tech/MCA). Expertise in telecom-specific security technologies: Firewalls, IDS/IPS, SIEM, encryption, access management, and incident response platforms. Experience working with security and compliance frameworks: ISO 27001, NIST CSF, PCI-DSS, GDPR, NIST SP 800-53, ETSI EN 303 645, also telecom infrastructure, including MPLS, 5G, IoT, and SDN/NFV. Familiarity with GRC tools such as RSA Archer, ServiceNow GRC, or MetricStream. Experience in telecom risk management processes, regulatory assessments, and vendor risk governance. It would be nice if you also had: Industry certifications such as CISM, CISA, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer, TOGAF, or ITIL. Experience in stakeholder management, including executive communication, regulatory liaison, and conflict resolution with auditors or vendors. Strong analytical, negotiation, and project management skills in a cross-functional, multicultural telecom environment. Provide security governance leadership tailored to telecom networks, including mobile, 5G, SDN/NFV, and MPLS environments. Lead risk assessment, threat modeling, and management activities for telecom networks and emerging technologies like IoT and cloud. Ensure compliance with global and local telecom regulatory requirements (e.g., TRAI, DoT, GDPR, FCC, ETSI) through audits, reviews, and reporting. Manage and maintain telecom-specific security policies, technical and administrative controls, and compliance frameworks (ISO 27001, NIST, PCI-DSS). Act as the prime security and compliance interface towards customers, internal teams, auditors, subcontractors, and third-party suppliers. Develop and maintain a risk register, tracking treatment plans and mitigation strategies across client environments. Provide proactive consultation and guidance to customers regarding security best practices and compliance requirements. Oversee incident and crisis response activities to minimize business impact and regulatory exposure, ensuring adherence to notification guidelines. Ensure vendor security due diligence, contract compliance, and ongoing third-party risk monitoring within the telecom supply chain.

"> Search Jobs Find Jobs For Where Search Jobs Cyber Security Engineering (GRC) - Staff Engineer Bengaluru, Karnataka, India Apply Now Save Category: Engineering Hire Type: Employee Job ID 8930 Date posted 02/24/2025 Share this job Email LinkedIn X Facebook We Are: At Synopsys, we drive the innovations that shape the way we live and connect. Our technology is central to the Era of Pervasive Intelligence, from self-driving cars to learning machines. We lead in chip design, verification, and IP integration, empowering the creation of high-performance silicon chips and software content. Join us to transform the future through continuous technological innovation. The Team You ll Be A Part Of: You will be an integral part of the Synopsys Corporate Information Security group, working within a mature Governance, Risk, and Compliance (GRC) Team . This team collaborates closely with the Director of Information Security, Manager of GRC, and stakeholders across the organization to raise the overall security and compliance posture for Synopsys. You Are: As an Information Security Analyst, you posses experienced knowledge of risk management, governance and compliance, computer and network security methods and procedures. The Information Security Analyst possesses current knowledge about the industry, regulatory, and legal requirements relevant to security, compliance, and privacy. You will liaise with various business groups, including Finance, Legal, Audit, HR, and other stakeholders globally, to implement new solutions and processes, document, and remediate outstanding issues. You will enable and transform the risk management program, enhance compliance, and track enterprise security risks. Synopsys is investing in these areas to address the cybersecurity threat landscape, as well as regulatory compliance requirements as the company continues to grow. Working closely with the Director of Information Security, Manager of GRC, and stakeholders across the organization, the Information Security Analyst will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for Synopsys. Being that cyber-attacks and threats are a constant threat, the you must have excellent analytical and critical-thinking abilities to be able to identify any potential vulnerabilities in an organizations existing network and address any attacks quickly while examining existing risk mitigation policies and communicate with the organizations Director of Information Security, on the efficacy of these measures. What You ll Be Doing: The Information Security Analyst will leverage multiple industry frameworks and regulatory standards including, but not limited to, ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, GDPR, TISAX, SOX, etc. The Analyst will liaise with all business groups including Finance, Legal, Audit, HR, and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues. The Information Security Analyst will be responsible for security risk assessments of suppliers and partners external to Synopsys, assessments of systems within the organization, examine and rate risks, work with GRC tools and processes, and recommend risk mitigation controls. Responsibilities include: Identify, document, monitor, and report on risk register items, KPIs/KRIs, including the monitoring of security control efficacy. Demonstrate experience with governance, risk, and compliance tools Work with security control frameworks such as ISO 27001, SOC 2 Type II, NIST 800-53, NIST CSF, and similar Present security risks to wide audience such as risk owners and other stakeholders Demonstrate the ability to understand the end-to-end processes supporting IT, data, and security. Interacts with Synopsys IT and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies. Provide guidance of control implementations related to governance frameworks, regulations, and corporate security policies Understanding of security functions including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management. Work closely within the Synopsys Information Security Team to detect potential security weaknesses and developing creative ways to handle challenges unique to the Synopsys business and systems architecture. Conduct third-party (vendor) risk assessments in collaboration with stakeholders. Provide security requirements to both internal partners and external third-party providers. Effectively communicate and work with a global team Maintain, enforce, and track the Synopsys Information Security Exception process. Stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy. The Impact You Will Have: Enhance Synopsys overall security and compliance posture by building and improving the GRC portfolio. Enable and transform the risk management program to address the evolving cybersecurity threat landscape. Ensure regulatory compliance as the company continues to grow. Strengthen risk assessments of suppliers and partners, contributing to a robust security framework. What You ll Need: Bachelor s degree in Computer Science, Information Systems, or degree, or experience in a related field. Typically, 5-7 years of experience in a related field. Knowledge of common certification and attestation programs such as ISO 27001 and SOC 2 Type II, ISO 31000. Practical working experience with control frameworks like ISO 27001, NIST 800-53, SOC 2 Type II and NIST CSF. Excellent organizational skills with attention to detail and the ability to multitask for project prioritization. At Synopsys, we want talented people of every background to feel valued and supported to do their best work. Synopsys considers all applicants for employment without regard to race, color, religion, national origin, gender, sexual orientation, age, military veteran status, or disability. Apply Now Save Relevant Jobs Senior Staff Product Engineer, R&D-7683 Aschheim, Germany Engineering Principal Analog Design Engineer Mississauga, Canada Engineering Verdi Internship Hsinchu, Taiwan Interns/Temp

Define and enforce cloud governance policies across Azure, AWS, and GCP. Implement policy-as-code solutions to automate cloud compliance and security best practices. Work with engineering teams to ensure adherence to cloud resource management, IAM, and security standards. Build and manage cost monitoring dashboards, anomaly detection, and alerting for cloud spend. Develop strategies for cost optimization, including reserved instances, spot instances, and right-sizing. Conduct regular cloud security audits, identifying risks, vendor contract reviews, and driving remediation plans. Implement automated compliance monitoring and reporting solutions. Collaborate with security teams to strengthen IAM policies, encryption, and logging. Establish guardrails using AWS SCPs, Azure Policy, or Google Organization Policies. Develop and maintain runbooks for governance incidents to ensure swift remediation. Work closely with engineering, security, and finance teams to align governance with business objectives. The Impact You Will Have: Enhancing cloud governance posture to ensure optimal cloud usage and security. Driving cost efficiency through automation and policy enforcement. Ensuring compliance with industry standards, contributing to regulatory adherence. Optimizing cloud architecture and cost efficiency by enforcing best practices. Providing insights and recommendations on budgeting, forecasting, and cloud spend efficiency. Strengthening IAM policies, encryption, and logging to enhance cloud security. Implementing automated compliance monitoring and reporting solutions. Educating teams on cloud cost management, security, and compliance best practices. Advocating for automation-first approaches to governance and compliance. Collaborating with cross-functional teams to align governance with business objectives. What You ll Need: 5+ years of experience in cloud governance, FinOps, or cloud security. Expertise in Azure, AWS, or GCP, including governance frameworks and cost management tools. Hands-on experience with cloud cost monitoring platforms (e.g., AWS Cost Explorer, Azure Cost Management, Google Cloud Billing). Strong knowledge of Infrastructure as Code (Terraform, CloudFormation) and Policy as Code (OPA, AWS SCPs, Azure Policies). Experience with audit and compliance frameworks such as SOC 2, ISO 27001, NIST, and FedRAMP. Proficiency in scripting languages (Python, PowerShell, Bash) for automation. Strong analytical skills and ability to translate governance needs into actionable policies. Excellent collaboration and communication skills to engage cross-functional teams

We are seeking a highly skilled Security Operations Center (SOC) Analyst with expertise in user case management ( detection engineering ) and dark web monitoring to join Renault Group dynamic cybersecurity team. The ideal candidate will have a deep understanding of cybersecurity principles, threat detection methodologies, and hands-on experience in managing security incidents and monitoring the dark web for potential threats. Key Responsibilities: Utilize security information and event management (SIEM) tools to monitor, analyze, and respond to security events and incidents. Develop and maintain use cases, correlation rules, and alerts to enhance the detection capabilities of the SOC. Investigate security incidents, conduct root cause analysis, and provide recommendations for remediation and risk mitigation. Implement and fine-tune detection mechanisms, including signature-based detection, anomaly detection, and behavioral analysis. Collaborate with cross-functional teams, including threat intelligence analysts, incident responders, and system administrators, to identify and prioritize security use cases based on Renault Groups risk and threat landscape. Document use case logic, implementation details, and testing procedures to ensure consistency and repeatability. Analyze security events and incidents to identify patterns, trends, and potential indicators of compromise (IOCs). Conduct research on emerging threats, vulnerabilities, and attack techniques to inform the development of new use cases and improve existing ones. Monitor the dark web for mentions of the organizations assets, sensitive information, or potential threats. Analyze dark web intelligence to identify emerging threats, malicious actors, and security vulnerabilities relevant to the organization. Create and maintain documentation related to incident response procedures, playbooks, and standard operating procedures (SOPs). Stay current with emerging threats, vulnerabilities, and attack techniques to continually improve the Renault Group security posture. Qualifications Bachelors degree in Computer Science, Information Technology, Cybersecurity, or related field. Strong understanding of security information and event management (SIEM) concepts, log analysis, and security analytics. Experience in developing use cases, correlation rules, and alerts for SIEM platforms Knowledge of security frameworks and standards (e.g., MITRE ATT&CK framework, NIST Cybersecurity Framework, ISO 27001). Familiarity with scripting and programming languages (e.g., Python, PowerShell) for automation and tool development is a plus. Experience with dark web monitoring tools and techniques.