25 Iso27001 Jobs

Lead and support IT compliance audits and assessments aligned with ISO 27001 and SOC 2 standards.Understanding of regulatory compliance standards, such as GDPR, HIPAA,PCI-DSS,or ISO27001.Understanding of cloud platforms (AWS, Azure, or Google Cloud)

Position Description Role Title: Senior Information Security Officer Current Reporting Manager: Head of Information Security Assurance Current Location: Gurgaon Position Purpose The Senior Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will drive security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the ISO will ensure that security controls align with client contractual obligations, regulatory requirements, and industry best practices. The ISO will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges. Main Activities The position is within the Information Security team. Main activities will include but are not limited to: Responsibility Area Internal Audit & Assurance: Oversee the implementation and operations of the ISMS within the region. Ensure and support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Continuously assess and improve security controls and processes. Information Security Risk Management Identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Information Security Policy & Standards Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit & Compliance Lead and support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training & Awareness Develop, support deliver security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Assess and manage security risks associated with third-party vendors and suppliers. Ensure that security requirements are included in vendor contracts and SLAs. Perform regular security assessments of critical suppliers, considering the impact on client services. Security Operations & Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. Qualifications and Experience Bachelor'S degree in Information Security, Computer Science, or related field (or equivalent experience). 5+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. Strong understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. Experience in security risk management, audits, compliance, and client security assurance. Knowledge of security operations, incident response, and managed security services. Familiarity with supply chain security and third-party risk management. Excellent communication and stakeholder management skills, with experience working with clients on security matters. Security certifications such as CISSP, CISM, or CRISC are preferred.

Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills

Governance: Develop, review, and update information security policies, procedures, and frameworks to align with industry best practices and regulatory requirements. Risk Management: Conduct comprehensive risk assessments, including identifying

Role & responsibilities About the role for Internal Candidates Perform 3rd-party audits and trainings according to ISO/IEC 27001, ISO 9001, ISO 20000-1, ISO 22301 & other IT specific standards/ frameworks Provide timely and accurate reviews of clients corrective action and closure Provide customers with timely, complete, and accurate reports of their current level of conformity / implementation of their management system Maintain schedule of audit activity with Management System clients Maintain appropriate auditor credentials and pursues advancement of those credentials and other related credentials as needed. Ensuring compliance with accreditation rules and other internal or external requirements. Ability to manage Key Customers. Supporting the sales team on technical aspects. Familiarity with use of digital tools Preferred candidate profile Bachelors degree in computer Science or equivalent & ideally a higher-level qualification Overall 8+ years experience , 5 Plus years Experience in IT /Management system Implementation / certification and Minimum 5 years of profound experience in the field of information security and External audits Great attitude, Analytical skills and communication skills. Preferred: ITIL Certified, CISA, CISM, CISSP, MCSE, MCSA and/or MBA Good understanding of relevant regulations and industry standards (e.g. ITIL Framework, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, HiTrust and GLBA), best practices and methodologies and the ability to apply these requirements to organizational internal control frameworks. Perks and benefits Flexible work arrangements for better work-life balance Generous Paid Leaves (Annual, Sick, Compassionate, Local Public, Marriage, Maternity, Paternity, Medical leave) Medical benefits ( Insurance and Annual Health Check-up) Pension and Insurance Policies (Group Term Life Insurance, Group Personal Accident Insurance, Travel Insurance) Training and Development Assistance (Training Sponsorship, On-The-Job Training, Training Programme) Additional Benefits (Long Service Awards, Mobile Phone Reimbursement) Company bonus/Profit share. *Benefits may vary based on position, tenure/contract/grade level* DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity. If you are interested in this opportunity, we encourage you to submit your application promptly via the link provided below: https://jobs.dnv.com/job-search/business-assurance/auditor/bangalore-india-hyderabad-india-mumbai-india/lead-auditor-ict/300001120539090

L3 - Senior Consultant - Bengaluru Duties/Responsibilities: L3 As a Senior Consultant, you will be at the front lines with our users supporting them with their Cloud needs specifically helping them navigate the journey to the cloud on the Microsoft 365 platform. Job Description: (Knowledge, Skills, and Abilities) M365 Technologies - MUST have advanced troubleshooting and project implementation skills in 2 or more of the technologies below. Certifications highly preferred (ISO 27001 guidelines). If the candidate has a reasonably strong experience he must complete it within 2 months. Recent learning and certification should be alligned with the future technologies. M365 AzureAD M365 Exchange Online or MDOP 2 M365 InTune - Device Management and Application Management lifecycle, M365 Defender suite (Office 365,EndPoint, Exchange, CloudApps) Microsoft Identify AzureAD, conditional access, integrations SAML Microsoft VDI or DaaS (Microsoft 365, Microsoft Cloud PC) Scripting - powershell, KQL Windows 365 Operating systems and Hardware Microsoft Security and Compliance Team player with experience communication with US users - excellent communication skills Good to have worked in night shifts in the recent future (this is a different genre of people many will find it difficult) Optional.. Must Have InTune - 30% (Patching apps, scripts, automation -AutoPilot, troubleshoot logs) Defender suite - 20% (email, teams, sharepoint, CoPilot, addressing policies and troubleshooting ) Vendor management - 10% (collaborating with MS, HP, Dell, Lenovo, Managed service providers like Microsoft) Security and Compliance products in M365 - 30% (Adanced M365 security features AzureAD, Experience in delivering in SLA environments- 10% Awareness and having worked in ISO 27001 or SOC2 companies - 10% Must work in an IT department with 500+ users or more and be able to mentor juniors in the team. Good to Have Compliance - ISO 27001 or SOC 2 (should have experience working in these environments) Network --> FortiGate UTM (Firewall, IDS, IPS, Web Application Filter) Server Operating systems --> Windows Server 2022, Ubuntu, HyperV Hardware - Laptops, Server and Network Equipment Additional Requirements: Must be willing working in rotational shifts India/US (EST) hrs. BA/BS degree required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology. Certification Certification - M365 Admin certifications in the above technologies are preferred. Must be constantly upgrading/learning new technologies . ******************************************************************************************* If interested with this opportunity, Kindly - do share your updated Resume along with below required details to devaraj.v@valuepointsystems.com OR WhatsApp to 8867682884 Notice Period: Total Experience: Relevant Experience: Current Location: Preferred Location: Current CTC: Expected CTC:

Responsibilities Manage a team of senior Networking and Security personnel. Serves as the subject matter expert (SME) on Cloud networking and security, having previously worked in a senior technical network or security role. Help deliver and manage projects that apply the companys security policies and standards for use in cloud environments. Communicate security concepts to different audiences ranging from business leaders to engineers, as well as customers. Serve as a key subject matter expect in security and networking topics and support delivery of core services from a network security perspective. Mentor and influence team members in implementing and delivering projects and performing ongoing security and network monitoring. Help design security frameworks and effective solutions for vulnerability remediation. Develops standards, policies, and procedures as well as best practices documentation. Able to translate technical requirements into business requirements. Assist team members to update their security and networking skills and knowledge. Collaborate with other IT teams, developers, and business stakeholders to ensure alignment on network and security requirements. Stay up-to-date with the latest cloud networking and security trends and technologies. Develop and execute security roadmaps and initiatives. Drive change and improvements in security delivery of our Cloud security services. Education / Qualifications A university qualification of Bachelor's degree level in Engineering/IT, or a related field. Skills Required: Strong experience in a Security and networking leadership role (5 years+ in a management role combined with previous experience working at a senior technical level for 5 years+ in network/security role). Extensive security management experience in an environment leveraging Azure and/or AWS public cloud platforms. Strong Application, Networking, Cloud Security knowledge and experience. Previous experience working in environments that leverage public Cloud. Extremely knowledgeable in security and networking technical matters. Experience of compliance standards, including ISO27001 and/or SOC2. Familiarity with directives such as GDPR and NIS2/DORA. Experience of team management and interview protocols. Strong understanding of penetration testing and vulnerability assessments. Experience with project management and security project delivery. Solid understanding of application development and SDLC. Security certifications a strong plus (eg CISSP). Fluent English speaker. Desired technical skills or knowledge areas: Expertise in Azure and AWS networking and security services. Proficiency in network protocols and technologies (e.g., TCP/IP, DNS, VPN, routing). Knowledge of security frameworks and standards (e.g., NIST, CIS). Experience with SIEM, IDS/IPS, and vulnerability management tools. Strong practical experience with Fortinet security solutions (FortiGate, FortiAnalyzer, etc.). Proficiency in using Rapid7 security tools (Insight IDR VM) for vulnerability management and forensic investigation. Experience with tooling used for malware analysis and threat prevention. Experience with ManageEngine suite of products, especially PAM360 and Patch Manager Plus. Scripting and automation knowledge (e.g., Python, PowerShell, Terraform).

Job Summary : We are seeking a highly skilled Compliance Specialist with 4-7 years of experience to join our team. The ideal candidate will have a strong understanding of IT environments, risk assessment, and auditing methodologies, along with expertise in regulatory compliance standards such as SOX, ISO27001, HIPAA, GDPR, UK CE+, and NIST. Prior experience with Big 4 firms is highly desirable. Key Responsibilities : Risk and Compliance Assessments : - Conduct assessments to evaluate the design and operational effectiveness of policies, standards, and control frameworks. - Coordinate with process owners and subject matter experts to collect, review, and present artifacts supporting compliance with internal security policies and applicable regulations. Policy and Remediation Support : - Identify common compliance issues and provide solutions to ensure adherence to security policies. - Collaborate with IT and business teams to implement remediations that achieve compliance with information security policies. Automation Initiatives : - Support and manage automation initiatives, including coordination with cross-functional teams to define requirements, gather data, and test designed solutions. - Experience in Robotic Process Automation (RPA) is desirable. Communication and Presentation : - Clearly and concisely present information in a manner that promotes understanding, both in writing and verbally. - Interact professionally with diverse groups and adapt communication to suit various stakeholders. Research and Continuous Improvement : - Conduct research on unfamiliar topics to ensure compliance and knowledge enhancement. - Drive continuous improvement by evolving team processes and incorporating feedback. Global Collaboration : Flexibility to attend meetings across various time zones, including US and Europe. Qualifications and Skills : Educational Background : Bachelor's degree in a relevant field such as Information Security, Risk Management, or IT. Experience : - 4-7 years of audit or compliance experience. - Big 4 experience preferred. Technical Knowledge : - Strong understanding of IT environments, risk assessment, and auditing methodologies. - Familiarity with regulatory frameworks : SOX, ISO27001, HIPAA, GDPR, UK CE+, and NIST. - Experience with RPA is a plus. Communication Skills : - Excellent verbal and written communication skills. - Ability to present information effectively to various audiences. Analytical Skills : - Ability and willingness to research and solve complex compliance challenges. - Interpersonal Skills : Active listener with the ability to guide teams effectively. Hybrid (Primarily Remote, however team is expected to come to office in Delhi/Gurgaon), Mumbai, Delhi / NCR, Bengaluru , Kolkata, Chennai, Hyderabad, Ahmedabad, Pune.

Corporate IT Security and Governance, exp. in Information Security, ISO 27001 Implementation , Documentation. risk assessment , 2nd Line of Defense , Control Review, Control Testing, ITGC controls. ,corporate policies and procedures, GAP Analysis,

Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001

Roles & Responsibilities: 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example R ISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificatesR

Role : Lead QA Location : Kochi Experience :8+ yrs Roles and Responsibilities; 1)Ensure QMS [ISO 9001], ISMS [ISO 27001] process compliance by collaborating with Project team and Support functions 2) Planning and conducting regular bi weekly audit for the projects, Assign audit tasks to the team 3) Leading Internal audit activities - Planning and execution of internal audit, Monitoring the audit status and closure 4) Leading Management Reviews - Collect/review metrics and prepare the Management Review Inputs 5) Leading Quality Board - Ensure the closure of audit findings within SLA , Escalate if any SLA crossed issues in Quality Board meetings 6) Support ISO, ISMS External audit/Certification audit 7) Review the audit reports, Metrics of the team and guide them 8) Experience in support processes (HR, OPS, IT) definitions and metrics collection 9)Participate in project meetings, Customer meetings 10)Provide guidance to project team on process implementation and sustenance 11)Conduct milestone audits, prepare audit reports and report to QA Head 12)Prepare process compliance reports, collect metrics and share to QA Head 13)Raise Red flags and Escalate to QA Head in case of process compliance issues 14)Continuously improve the processes based on feedback from project team. 15) Definition and implementation of new processes, policies, Templates based on ISO 9001, ISO27001 and 27002 std 16) Review/Update QA documents / reports 17)Process consultation/Trainings 18) Involve in other QA activities on need basis. Technical Skills : Thorough knowledge on Software development and testing life cycle, Experience of working along with team following Agile scrum and Waterfall model. Experience in Support functions (HR, OPS, IT ) Process and metrics collection Knowledge on ISO std 9001:2015, ISO 27001and 27002 Experience in conducting internal audits, prepare audit reports/Compliance reports based on ISO std Documentation skills

Job Title: Corporate Bank (CB), Investment Bank (IB) and Operations (Ops) Technology Risk Function Role Description The first line Tech Risk function for business divisions CB, IB and Ops at Deutsche Bank sits within the Divisional Control Office. CB and IB front-to-back have the largest footprint as a risk bearing function within the banking divisions, and you will be part of a dynamic team which is consistently in demand for providing insights, assessments and managing Information Technology (IT) and Information Systems (IS) risks on behalf of the business. Divisional Control Office (DCO) team ensures that the division operates with high levels of integrity. It is responsible for supporting the business by developing, implementing and maintaining a risk culture to ensure a strong and sustainable business control environment whilst minimizing risk arising from non-financial risk factors. DCO strategy includes improving the risk management information and strengthening the governance and risk culture and has a functional responsibility for providing a central point of oversight over the Risk & Control Assessments (RCA). This includes supporting the business by driving Risk & Control Assessment specifically focusing on Information Security (IS) / Information Technology (IT) risks in line with NFRM (2LOD) guidelines. RCA is a key component of the bank's non-financial risk management toolkit, to enable the effective profiling, monitoring and management of operational risks. As part of the team, you will join the Banks journey and contribute towards our strategic goal of managing technology risk within appetite whilst enabling adoption of emerging and new technologies for business growth. This role will specifically perform RCAs as related to the IB business. Knowledge of IB products/operations is a big plus Your key responsibilities Collaborate with businesses and support them in conducting Risk & Control Assessments as per NFRM guidelines specifically focusing on Information Security (IS) / Information Technology (IT) risks Analyze contextual data and relevant data triggers and determine or update risk profile, inherent risk, control environment and residual risk ratings along with supporting rationale, liaising with Risk Types SMEs in their business Ability to assess impact of control environment on inherent risk along with documentation of qualitative assessment Participate in 1LoD-led RCA meetings for business to drive the risk discussions, focusing on key or emerging risks that may impact the business Coordinate with businesses/2LoD and assist in 2LoD challenges Prepare RCA reports and obtain business sign-offs Document risk mitigation decisions, if required, with consideration of risk appetite Deliver high quality Global Governance decks and reporting trends to support senior management Your skills and experience CISA/CRISC or relevant security qualifications with experience of Risk & Controls and/or Internal Audit in banking industry covering Information Security (IS) / Information Technology (IT) risks Experience in SOX/ ISO27001 control framework Knowledge related to risk management (including conducting Risk & Control Assessments) and corporate banking products, processes and systems preferred, specifically focusing on Information Security (IS) / Information Technology (IT) risks Proven people management skills with ability to lead activities independently Strong quantitative and analytical skills required to critically evaluate information for key risk assessments Strong project management skills and a proactive team partner Influencing, negotiation skills and stakeholder management expertise Strong verbal and written communication skills Proficiency with automating tasks in Excel to improve efficiency a plus, but not mandatory.

The Lead Technologist supports the technical infrastructure required to supply IT services to the bank. They are involved in the strategy, design, development, and deployment of IT solutions. They are able to troubleshoot complex issues, being aware of overlapping and different technology areas. Based on their business knowledge, they are able to identify where IT designs can be strengthened and provide value to the businesses. They are responsible for providing detailed technical feedback into the Engineering function to deliver more robust IT solutions. They understand in detail, how IT needs to be supported and can create appropriate processes and controls which ensure IT failings are captured and remediated to ensure stability. They provide technical direction on all related IT platforms and are considered technical experts for level 3 support in outage coordination. The Lead Technologist is counted upon to provide technical guidance and recommendations for complicated business IT problems. They embrace a Continuous Service Improvement approach to drive efficiencies and remove repetition to streamline support activities, reduce risk, and improve system availability. Role Description The successful candidate is expected to have at least 12-15 years experience in IT, preferably with Asset Management Business Applications and Processes. The IT Application Owner (ITAO) has sound IT risk management skills. They follow one of several possible service delivery approaches, acknowledge interference with the IT applications life cycle and assist with incorporating the adopted approach into best practice. The focus is on applications moving onto cloud. Here you support tracking of the application control status and help application dev-teams with practical advice. Make sure that all steps in Identity & Access Management cycle (on-boarding, recertification, off-boarding) are compliant against DB Policies and application is on-boarded to central tools. The ITAO is aware of the gap in the current infrastructure solutions and where industry innovations are along the maturity lifecycle. They work with application stakeholders to improve the infrastructure, ensuring compliance with the technical roadmap. The ITAO has a sound knowledge of development methodologies and the IT policies necessary to perform effectively in the organisation, aligned to the banks appetite for risk. The ITAO acts to improve safety and security of the application, compliance with regulations, policies and standards, enhance operational readiness, and ease maintenance of the environment for delivering change into production. The ITAO supports the banks audit function in the remediation of audit points and self-identified issues in order to reduce risk. The ITAO is responsible for producing and maintaining accurate documentation on compliance with methodologies, IT policies and IT security requirements. The ITAO interacts with and influences colleagues on the governance of IT platform reliability and resilience ITAOs will also be responsible for Application Decommissioning ITAOs will be driving activity that helps incidents reduction against an application Support compliance on all steps of SDLC process and make sure that all SDLC controls are green. You support the teams role as key contact for all security controls in the software delivery process and ensure that the security controls are evidenced by driving automated evidence. You are consulting with the ITAO community, information security specialists in our CSO organization, and other infrastructure teams like the ORR/SDLC teams. Your key responsibilities Enterprise IT Governance: Responsible for review of current and proposed information systems for compliance with the organisation's obligations (including legislation, regulatory, contractual and agreed standards/policies) and adherence to overall strategy Information security : Communicates information security risks and issues to business managers and others. Performs basic risk assessments for small information systems. Contributes to vulnerability assessments. Applies and maintains specific security controls as required by organisational policy and local risk assessments. Investigates suspected attacks. Responds to security breaches in line with security policy and records the incidents and action taken. Information content publishing : Understands technical publication concepts, tools and methods and the way in which these are used. Uses agreed procedures to publish content. Obtains and analyses usage data and presents it effectively. Understands, and applies principles of usability and accessibility to published information. Business risk management : Investigates and reports on hazards and potential risk events within a specific function or business area. Continuity management : Implements and contributes to the development of a continuity management plan. Coordinates the assessment of risks to the availability, integrity and confidentiality of systems that support critical business processes. Coordinates the planning, designing, and testing of maintenance procedures and contingency plans. Data management : Assists in providing accessibility, retrievability, security and protection of data in an ethical manner. Methods and tools : Provide support on the use of existing method and tools. Configures methods and tools within a known context. Creates and updates the documentation of methods and tools Overall Responsibilities Summary Make sure that all critical activities in application are monitored and logs are reviewed. Ensure appropriate controls onboarded and implemented where appropriate. Make sure that all steps in Identity & Access Management cycle (on-boarding, recertification, off-boarding) are compliant against DB Policies and application is on-boarded to central tools. Manage Internal and external application audits and Audit issue remediation activities. Completion of regular/recurring assessments Timely response to audit & regulatory requirements with evidence, were compliant. Make sure that infrastructure is compliant and has up-to-date patches. Plan for Application Hardware Software License upgrades or migration activities to align to the compliant platforms. Keep up-to-date DR Test Plan and manage regular DR Tests Manage application capacity forecasting and monitoring. Manage any IT Security incidents that may occur in the application. Support compliance on all steps of SDLC process and make sure that all SDLC controls are green. Application Decommissioning Drive incidents reduction against an application Planning/Organizing: Able to manage work but also to make the estimate, scheme in detail, work on deployment plans and manage deadlines. Manage the technical roadmap of the application (technology roadmap compliance), estimate/budget capacity needed. Expertise in Planning and execution of Releases, Changes, Patches. Exposure of handling L3 role, incident analysis, patch preparation and implementation. Skilled individual to interact with L2 teams for incident and problem management cases. The candidate will typically have a rather limited technical hands on involvement. A high-level understanding on the products/technologies below is welcomed: Databases; Application/web servers (like J2EE based, especially JBoss, Tomcat, WebLogic Server, Apache) Management of security certificates. Unix servers very basic administration Microservices and SOA Communication and encryption protocols (mainly HTTP(S), SSL) Networking (firewalls, load balancers, etc) High Availability Architecture. GCP Google Cloud Platform management Your skills and experience Degree-level IT and/or information security qualification, or equivalent experience in Information Security and IT Security Experience in Software Development Lifecycle (SDLC) - from idea to production to understand our customer journey, these mostly application owners, business ISOs and development teams GCP-Cloud foundation knowledge General understanding of current security industry standards, best practices, and/or frameworks i.e.: NIST, ENISA, ISO27001, OWASP Problem-solving and analyticalskills with the ability to oversee complex processes Ability to educate a technical and non-technical audience about varioussecuritymeasure Excellent communications skills and very service oriented and customer friendly behaviour even in stressful situations Self-driven behaviour Fluent in English (written/verbal) Preferable Knowledgeofinformation securitytools e.g., security scan and testing tools Understanding of cloud engineering and native security features to support the migration path for applications onto the cloud environment Firm understanding of DevSecOps and the banks shift left agenda to integrate security in the software development lifecycle as earliest as possible. ISO or ITAO certification (for internals only)

Proficiency in at least 3 of the following IAM technologies o Active Directory o Identity and Access Management o Single Sign On (SSO) o Virtual Directories o PKI o Privileged Access Management *Okta experience Mandatory Required Candidate profile *OKTA expert skills *Experience in IT regulation & compliance standards such as SOC1& 2 & ISO27001

The qualitative execution of IT audit projects assigned in line with internal audit methodology. Participate in opening meetings with the process owners to explain the scope and objectives of the audit and provide an overview of all steps in the audit process. Propose practical and value-added recommendations to address control weaknesses and/or process inefficiencies Design and execute IT audit procedures in accordance with annual audit plan and audit methodology to meet audit objectives. Perform general and application control reviews for simple to complex computer information systems. Perform information system control reviews to include but not limited to system development standards, data privacy, Cyber Security, SIEM, DLP, ISNP, operating procedures, system security, programming controls, logical access controls, data centre controls, third party vendor audits, backup and disaster recovery and system maintenance. Prepare audit finding memorandum and working papers to ensure that adequate documentation exists to support the completed audit and conclusions. Prepare reports that summarize audit objectives, scope, findings, conclusions and management response. Conduct oral and written presentations with middle level management during and upon the completion of audits. Perform testing and walkthrough procedures, review and analyze the control structure, documents testing results and communicate results to the supervisor and process owners. B.Tech/ BE/ MCA/ CISA/ CEH with minimum five years of post-qualification experience for IT Audits and risk assessments Skills we are required IT Audit, CISA, Network security, Technology audit, Third party risk Management, ITGC, SOX, ISO27001

We have a requirement for Auditor - ISMS (Information Security Management System) Auditor - ISMS Location - Chennai Qualification - Any Engineering Degree or Equivalent Technical Certifications Qualified on IMS, Qualified Lead Auditor in Information security i.e. ISO27001, ISO 22301 and ISO 20001 standards Experience - 8-13 Years Auditing & Report Preparation Carry out assessments of client management systems Monitoring sub-contractors during assessment Handling of product complaints and providing CAPA for the same Fully understand and conduct audits as a leader or a member of the audit team as per the SOP/ work instructions Ensure all relevant material/ documents are taken during audits Prepare and submit all Reports, CAPs and other audit related documents in a complete, comprehensive and presentable manner consistent with Client/ Intertek quality and TAT guidelines Ensure confidentiality of information obtained during the course of employment Travel and assist in trip planning with short notices as per operational requirements Completion and maintenance of audit files Training Participate in all the training courses as and when scheduled Share law updates with the team in case a new law or changes in an existing law comes into notice Interested candidate can share the resume on mitanshu.kumar@intertek.com Company - Intertek India Pvt. Ltd. Website - www.intertek.com

Arcadis are looking to add to their team, an experienced and motivated compliance officer. This role supports the Products Compliance Director, and with Arcadis corporate entities to ensure that the compliance frameworks, standards and policies are aligned, and processes maintained alongside regulatory frameworks and standards relevant to our business. Arcadis has robust audit frameworks in place and this role adds to this by maintaining an internal audit plan, establishing a rhythm of auditing that complies with our regulatory frameworks, highlighting with teams, opportunities for improvement and facilitating deployment of these improvements to our processes. The role sits within our global business area Intelligence. We use digital intelligence and deep human knowledge to create products and solutions in a holistic way. We empower our clients with agile, data-driven insights and technologies that complement our sustainable design, engineering and advisory expertise. We can confidently work in partnership to address global challenges from climate change and rapid urbanization, to increasing digitalization, socio-economic disruption and societal expectations head-on, all with the common goal of improving quality of life. This role will be accountable for the day to day management and maintenance of the regulatory certifications and associated activities relevant to our products and services. Establishing and maintaining a robust audit compliance plan for the Intelligence GBA and ensuring alignment with all Arcadis corporate functions and ensuring that any OFIs or findings are dealt with in the appropriate manner aligned with their risk level. Recognise the value and benefits that compliance activities bring and work in concert with the Technology teams to find pragmatic solutions to ensure Arcadis continue to provide best in class products to our clients. Qualifications First and foremost, you share our passion for improving the quality of life. You pride yourself for the part you play in transforming the world around you and understand the importance of teamwork. You are a technically capable with experience in a regulated environment having: Knowledge of current information security standards, frameworks and regulations such as ISO27001, NIST, SSAE18/SOC 2, PCI-DSS, GDPR, NIS2 Experience in writing related policies, processes and procedures in a technical environment. Working knowledge of a SaaS environment - private/public cloud security best practices knowledge Relevant certifications in the compliance and information security space Internal audit experience and partnering with technology teams A people focused attitude and approach, compliance is considered a collaborative activity in Arcadis

The GRC Risk and Compliance Analyst is responsible to apply knowledge of risk management, information security/data privacy requirements and controls, and Openwave products & customer environments to manage security exception process, deliver accurate and timely risk assessments and inquiry/questionnaire responses to customers, auditors, and internal stakeholders. The position will play a lead role in strengthening the companys information security and contract compliance through timely and effective execution of risk management processes. How you will help: Specific Job Responsibilities 1. Support Iso27001 control implementation and assessment activities for Openwave. 2. Support on-site Iso27001 walkthroughs and audit activities as needed. 3. Execute security & privacy related risk assessments, including helping to identify, document, and implement controls, resolve identified issues, and manage related documentation using ticket system (such as Jira) and GRC platforms (such as 6clicks). 4. Coordinate with Openwave teams to develop & deliver responses to customer inquiries and questionnaires. Communicate effectively with customers and internal stakeholders independently as needed. 5. Provide best practice knowledge related to risk management & risk assessment as applied to specific Openwave products, technologies, and markets. Participate actively in continuous improvement of GRC processes, considering scalability, transparency, documentation, content/evidence reuse, and effective customer management. 6. Support customer and third-party audit activity of Openwave as required. 7. Assist with policy updates as required. Who we have in mind: Position Requirements 1. Bachelors degree in information technology, Information Security, Business or Risk Management (or equivalent professional qualification). 2. Minimum 3 years of experience a Risk Management role related to information security. 3. Working knowledge of information security regulations and standards required, including ISO/IEC 27001. 4. Prior experience in Corporate IT or Information Security roles is a real advantage. If no experience, then it would be important to demonstrate an interest in broadening your knowledge outside GRC and be prepared to help out in these areas when the need arises. 5. Proactive, structured and detail-oriented work style with strong communication skills required. Ability to work independently with minimal supervision. 6. Excellent oral and written English skills required.

Azure Security Engineer must have expertise in Microsoft defender stack like Defender for endpoint, Defender for O365, Defender for identity, Defender for servers as well as experience on Azure firewalls, Security Co-pilot, Azure Policies and sentinel. Successful candidate will be responsible for designing, implementing, and maintaining secure azure solutions that align with industry best practices and compliance requirements. Responsibilities: • Design and deploy secure azure solution that leverage the Microsoft defender stack like Defender for endpoint, Defender for O365, Defender for identity, Defender for servers, Azure firewalls, and Azure sentinel. • Configure and maintain azure firewall to protect against network-based attacks and implement customer rules as needed. • Develop custom detection rules and queries for sentinel to identify security threats and trends. • Microsoft security events in azure using azure sentinel and collaborate with incident response teams to investigate security incidents and implement corrective actions. • Conduct security assessments and VA scans to identify potential security threats and develop remediation plan to address them. • Develop and maintain security policies, procedures, and documentation to ensure compliance with regulatory requirements and industry standards. • Knowledge on Security principles, Techniques to secure cloud environment (Azure). • Keep up to date with latest security trends, tools and techniques and provide guidance and recommendations to improve the security posture of the organization. • Integrate Various log sources to Sentinel and create the use cases. Tune the use cases appropriately wherever required. • Knowledge of Security frameworks such as NIST, ISO27001, and CIS. • Familiarity with security tools such as Azure security center, Azure AD, Azure Key Vault, Azure WAF, Security Co-Pilot, Azure policies. • Hands on Experience on PKI/Cloud PKI Certificate Management. Requirements: • Bachelors degree in computer science or related field. • Candidate should have good Verbal and written communication skills. • Candidate should have very good Problem solving & analytical skills. • Experience in creating technical documents • Candidate should shave good knowledge on ITIL Process • Certification on Az-500, Az-104, SC-300 preferred

Position: Consultant Risk and Compliance Experience: 3 to 5yrs Location: Noida OR Remote Responsibilities: • Independently manage multiple service engagements ensuring customer service deliveraccording to the company quality guidelines & methodologies. • Lead and manage data privacy and risk & compliance projects from initiation to completion, ensuring they are delivered on time, within scope, and within budget. • Expertise in delivery of risk and compliance advisory services • Experience on conducting privacy risk assessments and data protection impact assessments (DPIAs), and advice on corrective measures to mitigate data privacy risks. • Identify, develop, recommend and/or implement business processes to improve organizational privacy and information security compliance. • Provide analysis of legislative requirements, emerging knowledge, and trends to make recommendations to management. • Work with internal and external customers on consulting engagements and provide business as well as technical leadership to ensure that data, processes and technology are designed for data protection and compliance such as SOC 1/2, NIST, PCI-DSS, CIS 8, ISMS etc. • Knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception, and audit trails • Work collaboratively with the practice leaders and provide end to end engagement leadership on the projects. • Provide subject matter expertise to the engagement/project teams. Serve as the point of contact for requirements across various standards. • Build and maintain customer relationships by understanding and being responsive to customer needs and ensuring high quality of work. • Contribute in people and knowledge development initiatives within the team and organization. • Maintain an up-to-date understanding of emerging trends in information security and apply new techniques and trends, in-line with overall information security objectives and risk tolerance • Demonstrate strong analytical thinking and interpersonal skills, including the ability to research and understand sophisticated processes and effectively communicate them to interested parties. • Recommend security policy changes and enhancements • Support the Information Security program including development, collection, assessment, and reporting of metrics Requirements: • Demonstrate proficiency in standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, ISO 27701, etc. • Exhibit a good understanding of GDPR, CCPA, or other privacy laws. • Excellent technical capabilities around information security, business continuity and technology risk assessments • Must be able to demonstrate outstanding communication skills to ensure the ability to articulate clearly IECnmotnpelfroindyaelnetia-CPleornsfoidneanl tial https://www.sdgc.com/ and negotiate with the relevant stakeholders. • Experience working with internal and external auditors/stakeholders/customers • Prior knowledge and experience on performing testing of internal controls specified in Information Security policies • Possess a sound knowledge of fundamentals of information security systems and data privacy requirements. • Display competence in governance and reporting, as well as a strong grasp of cyber and privacy risks. • Effectively managing workflow, including multiple projects, in a proactive and highly responsive manner. • Strong attention to detail with an analytical mind and outstanding problem-solving skills. • Must be able to demonstrate outstanding communication skills to ensure the ability to articulate clearly and negotiate with the relevant stakeholders. • Experience working with internal and external auditors/stakeholders/customers. • Knowledge and auditing experience around some regulations/acts/standards, such as ISO 27001, NIST Cybersecurity Framework and Privacy Framework, SOC2, ISO 22301, NIST CSF and Cloud Security will be preferred. • Ability to work on a flexible schedule when needed, as part of cross-geography and cross-culture global team • Willingness to travel globally on need basis Certifications: • ISO 27001 Lead Auditor, CRISC, CISA, CISM (Must have) • FIP-IAPP (Essential) • Knowledge of compliance standards like ISO 27001, NIST CSF, NIST 800-53, NIST 800-171, GDPR, SOX, SOC, HIPAA, FAIR, OWASP, CIS 20 (Good to have)

Largest IT Consulting Company is hiring in large numbers in Mumbai Only immediate Joiners/ 15 days joiners need to apply Call on :7208835287 / 9359055605 send cv to zeba@contactxindia.com it@contactxindia.com Role & responsibilities Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulation Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: • Bachelors degree in computer science or related field • Excellent communication and team collaboration skills Preferred candidate profile Perks and benefits

Supply Chain Risk Management - AM - BLR/GGN/ Pune - J48773 Key Responsibilities: Act as a trusted advisor to stakeholders, supporting the provision of accurate, appropriate, timely assurance information regarding the KPMG supply chain across capabilities and firmwide. Support the identification of emerging trends and issues with the KPMG supply chain to shape and inform the KPMG risk posture. Tactically deliver allocated activity from the annual service roadmap to defined standards and service levels. Support the delivery of the annualised audit schedule, with a strong understanding of a risk based approach. Be proactive in identification of continuous improvements to foster positive change within the Information Assurance team, seeking innovative solutions to enhance practices. Deliver the 2nd LoD Supply Chain audit activity to monitor supply chain compliance against regulatory, client, global and local policy & standard requirements, including ISO27001. Support the ongoing need to ensure that all supplier contracts include standardised Information Security and Data Privacy statements. Provide support to report on Supply Chain Assurance metrics, providing insights into compliance and risk, highlighting areas for improvement. Log all findings in the GRC tooling, track, review and monitor remediation results and associated evidence, supporting sign off where appropriate. Work with finding owners to ensure remediation actions plans are defined and delivered in a timely manner. Support the analysis and thematic reviews and consolidation of findings and to recommend risk treatment plans to reduce risk for the firm. Ensure audit work is documented in accordance with business standard and fully supports conclusions and overall opinion through 1st / 2nd level reviews Ensure that all work is delivered to a high standard Conduct other Information Security & Privacy audit activity on behalf of KPMG (i.e. SOC2) where appropriate. Skills and experience required: Strong stakeholder management skills, the ability to collaborate and develop relationships internally and externally Experience advising on supply chain matters, with appropriate background in developing and implementing supply chain risk and assurance frameworks Excellent ability to conduct audits in an effective and efficient manner y Working knowledge of ISO27001, Cyber Essentials/ Cyber Essentials Plus, NIST Cybersecurity Framework, CIS, SOC2, Data Protection (UK GDPR, DPA, PECR) and experience of operational implementation An understanding of ancillary frameworks (EU AI Act, UK AI Frameworks) Experience of developing processes to deliver service improvements Excellent analytical and reporting skills, using presentation tools to present complex information with exceptional attention to detail Excellent communication skills, both written and verbal Well organised and able to maintain a high workload efficiently at a consistently high standard Strong knowledge of information security controls Experience of working with GRC tools (ServiceNow) and supplier management tools (Coupa, Bitsight). Understanding of a 3 lines of defence model (risk & assurance) Be highly motivated and able to work on own initiative, ability to seek support when required. Additional Requirements: Significant experience in information security and supply chain risk and assurance. Certifications in information security, such as CISM, CISMP, CISSP. Auditor qualifications, CISA, ISO27001 Lead Auditor, GIAC or equivalent. ITIL foundation certificate or above desirable Required Candidate profile Candidate Experience Should Be : 7 To 10 Candidate Degree Should Be : BE-Comp/IT,BE-Other,BTech-Comp/IT,BTech-Other,MBA,MCA

IT Lead Analyst, Internal Audit Lets be unstoppable together! At Circana, we are fueled by our passion for continuous learning and growth, we seek and share feedback freely, and we celebrate victories both big and small in an environment that is flexible and accommodating to our work and personal lives. We have a global commitment to diversity, equity, and inclusion as we believe in the undeniable strength that diversity brings to our business, employees, clients, and communities. With us, you can always bring your full self to work. Join our inclusive, committed team to be a challenger, own outcomes, and stay curious together. Circana is proud to be Certified by Great Place To Work. This prestigious award is based entirely on what current employees say about their experience working at Circana. Learn more at www.circana.com. What will you be doing? The global Internal Audit team plays a key role in the initial implementation of Circana’s ICFR program. The Internal Audit IT Lead Analyst will join a lean team, reporting directly to the Internal Audit Director to provide guidance on IT compliance matters and work closely with the external auditors, IT, finance and business unit leaders to maintain a robust IT compliance framework. This role will assess IT risks and lead the design, implementation, and continuous improvement of IT controls over systems and processes to safeguard the integrity of the company’s internal controls across the organization's global operations. Job Responsibilities Conduct IT ICFR risk assessments of in-scope applications, IT controls rationalization and optimization Serve as a technical resource on all IT ICFR matters, providing reliable and insightful recommendations for implementing internal controls within IT processes. Develop and monitor key IT ICFR metrics and timelines. Ensure appropriateness of IT ICFR documentation, including process flows, risk control matrices and test plans, and evaluate / develop / refine controls as systems are upgraded or processes change. Manage and conduct IT testing for design & operating effectiveness and remediation test work including IT general controls (ITGCs), IT application controls (ITACs), information produced by entity (IPE) key reports, user access reviews and system and organization controls (SOC) reviews for consistency and quality across all testing activities. Build and maintain a comprehensive understanding of business applications and maintain active relationships across the company to facilitate audit execution Develop and execute Segregation of Duties assessment as well as assist the Director of Internal Audit in identifying compensating controls for identified SOD conflicts Monitor the broader organization to ensure the control environment adapts as the company evolves. Provide consultation support on IT control readiness for emerging or newly in-scope areas with a focus on IT related processes and controls, such as software development life cycle (SDLC) controls. Conduct internal ISO27001 audits, ensuring compliance with information security policies, identifying risks, and recommending improvements to maintain certification standards. Oversee the monitoring and follow-up of remediation plans from NIST maturity assessments, ensuring timely progress, addressing deficiencies, and driving continuous security improvement. Facilitate the use of data analytic techniques to drive opportunities for control improvements and control testing efficiencies. Leverage emerging technologies such as AI and machine learning to enhance compliance processes where applicable. Communicate effectively with IT teams, business unit leaders, finance teams and external auditors and ensure timely remediation of any identified IT control deficiencies or weaknesses Provide guidance and training on IT ICFR compliance as needed. Requirements Bachelor’s degree in information technology, Computer Science, or related field. CISA or CISSP certification is highly preferred. 10+ years of experience in information security and IT audit, compliance or risk management roles, with a strong knowledge of SOX requirements and control frameworks, such as COSO, ISO27001, NIST CSF and COBIT, with a Big 4 accounting firm, and Fortune 500 public company. Strong understanding of current IT SOX testing methodologies, risk assessment practices, latest PCAOB requirements, and their practical application in complex IT environments. Advanced understanding of ITGCs and ITACs, including the ability to identify and evaluate key reports and interfaces critical to financial reporting and system integrity. Experience with GRC and Data-Analytics related software is preferred. Strong work ethic and collaborative working style, coupled with a timely action-oriented mindset. Circana Behaviors As well as the technical skills, experience and attributes that are required for the role, our shared behaviors sit at the core of our organization. Therefore, we always look for people who can continuously champion these behaviors throughout the business within their day-to-day role: Stay Curious: Being hungry to learn and grow, always asking the big questions. Seek Clarity: Embracing complexity to create clarity and inspire action. Own the Outcome: Being accountable for decisions and taking ownership of our choices. Center on the Client: Relentlessly adding value for our customers. Be a Challenger: Never complacent, always striving for continuous improvement. Champion Inclusivity: Fostering trust in relationships engaging with empathy, respect, and integrity. Commit to each other: Contributing to making Circana a great place to work for everyone. Location This position can be located in the following area(s): India

Collaborate with management on infrastructure development, enhancement and deployment activitie Financial aspects in terms of Capex creation and input to local investment budgets, work on IT cost savings / IT indirect spend work on IT cost savings