60 Iso27001 Jobs

As a Cybersecurity professional specializing in Third Party Risk Management (TPRM), you will utilize your expertise and skills to ensure the security of third-party relationships. With over 4 years of experience in TPRM and a strong background in IT Audits and Cloud security, you will play a crucial role in managing risks associated with external vendors and suppliers. Your responsibilities will include implementing and conducting audits based on ISO22301 standards, as well as assessing and mitigating risks related to third-party relationships. Preferred certifications such as CBCI, CBCP, ISO22301 LI or LA, Offensive Security Certified Professional, and CISA will be valuable assets in this role. Your understanding of vendor risk management considerations and knowledge of Data Protection & Privacy risks will be essential in developing and implementing relevant control frameworks. Excellent written and verbal communication skills, along with the ability to create comprehensive documentation and engaging presentations, will be key in effectively communicating risk-related information. Your motivation to work in both local and global environments, as well as your experience in Infrastructure/Application Security, IT Audit, and Information Risk Management, will contribute to the success of our cybersecurity initiatives. Moreover, possessing security certifications like CISSP, CISA, CISM, CEH, and ISO27001 will further enhance your qualifications for this role. Your ability to thrive in a cross-functional, cross-cultural matrix environment, coupled with your proactive approach to cybersecurity, will make you a valuable asset in our team dedicated to safeguarding our organization against cyber threats.,

The Supplier Assurance Services (SAS) team is responsible for conducting comprehensive risk assessments of suppliers within JPMCs Corporate Third Party Oversight (CTPO) program. Additionally, SAS plays a crucial role in supporting JPMCs Cybersecurity and Technology functions by designing and implementing controls and processes to enhance the security posture of JPMCs supply chain. SAS operates under Global Supplier Services (GSS) and reports directly to JPMCs Global Head of Corporate Third Party Oversight. The SAS Risk Management function aims to standardize and centralize Assessment quality oversight and Supplier Issue Management activities. As an Associate in the Technology Risk and Control - Issue Management team within Global Supplier Services (GSS), your primary responsibility will be to conduct technology and cybersecurity control reviews. This role involves reviewing findings to ensure alignment with JPMC guidance, engaging with internal stakeholders to address Issue Management queries, collaborating with the LOB Delivery Manager and Information Security Manager to resolve findings through Action Plans and Risk Acceptance, and ensuring that relevant Action Plans/Risk Acceptances are remediated within agreed timeframes. Additionally, you will be responsible for managing the entire Issue Lifecycle, identifying process improvement opportunities, and supporting internal education and best practices sharing with peers and colleagues. Qualifications, capabilities, and skills required for this role include: - 5+ years of experience in Technology, Technology Risk & Controls, Technology Audit, Cybersecurity, Application Security, Cloud Security (SaaS, PaaS & IaaS), Network Security, Cyber Resiliency, and Third-Party Outsourcing Risk Management in a large enterprise environment. - Understanding of industry risk frameworks such as ISO27001, NIST Cybersecurity Framework, etc. - Strong written and verbal presentation skills at the senior management level. - Experience in debating issues with senior decision-makers and the ability to push back when necessary. Preferred qualifications, capabilities, and skills include certifications such as CISSP, CISA, CISM, CCSP, or CRISC.,

You are seeking an experienced InfoSec Governance, Risk and Compliance (GRC) Lead to join the expanding global team of DNEG. In this role, you will be responsible for managing and steering the Information Security GRC and Privacy function within DNEG. The InfoSec team ensures the confidentiality, integrity, and availability of both internal and client data, PII, and systems. Your expertise in InfoSec GRC will be crucial in collaborating with the team, peers, and business stakeholders to align and effectively manage InfoSec GRC initiatives/projects to meet tactical roadmap requirements and the broader InfoSec strategy. As the InfoSec GRC Lead, you will need to work methodically and concisely, possess experience in a technical InfoSec security program, and demonstrate excellent interpersonal, analytical, and documentation skills. Working closely with the Information Security Program Manager, you will prioritize and deliver GRC and privacy facets of the InfoSec program. Your role will involve managing, maintaining, and maturing the GRC function within DNEG, ensuring effective communication and documentation of audit deliverables, and collaborating with internal technical teams. The ideal candidate will have five to ten years of experience in GRC, Data Privacy, and audit functions. You should be proficient in Risk Management methodologies, capable of leading risk assessments and defining mitigation solutions, and knowledgeable about data privacy legislations such as GDPR. Bringing a progressive and collaborative approach to the InfoSec GRC function is essential, along with expertise in Information/Cyber Security processes and methodologies. Desired qualifications include experience with risk management platforms, prior work in the film or media industry, and familiarity with hybrid or cloud-native environments. While a bachelor's degree in IT or Computer Science is desirable, certifications such as CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor would be beneficial. In summary, as the InfoSec GRC Lead at DNEG, you will play a vital role in managing and maturing the GRC function, collaborating with internal teams, and ensuring alignment with industry and client-driven audit requirements. Your expertise in InfoSec GRC, risk management, and data privacy will contribute to the overall success of DNEG's Information Security program.,

The Supplier Assurance Services (SAS) team is responsible for conducting comprehensive risk assessments of suppliers as part of JPMCs Corporate Third Party Oversight (CTPO) program. In addition, SAS plays a key role in supporting JPMCs Cybersecurity and Technology functions by implementing controls and processes to enhance the security posture of the supply chain. SAS operates within Global Supplier Services (GSS) and reports directly to the Global Head of Corporate Third Party Oversight. The SAS Risk Management function aims to standardize and centralize the quality oversight of assessments and Supplier Issue Management activities. As an Associate in the Technology Risk and Control - Issue Management team at GSS, your primary responsibility will be to conduct technology and cybersecurity control reviews. This involves reviewing findings to ensure alignment with JPMC guidance, validating closure evidence, and collaborating with internal stakeholders to address Issue Management queries. You will work closely with the LOB Delivery Manager and Information Security Manager to resolve findings through Action Plans and Risk Acceptance. Additionally, you will manage the entire Issue Lifecycle, including identification, creation, modifications, extensions, and validation of closure evidence. It is important to engage with Business Partners to ensure timely remediation of relevant Action Plans and Risk Acceptances. Furthermore, you will be responsible for understanding the Supplier Risk Assessment process, identifying process improvement opportunities, and sharing internal education and best practices with peers and colleagues. The ideal candidate for this role should have at least 5 years of experience in Technology, Technology Risk & Controls, Technology Audit, Cybersecurity, Application Security, Cloud Security (SaaS, PaaS & IaaS), Network Security, Cyber Resiliency, and Third-Party Outsourcing Risk Management within a large enterprise environment. Knowledge of industry risk frameworks such as ISO27001, NIST Cybersecurity Framework, and others is essential. Strong written and verbal communication skills are required, particularly at the senior management level. The ability to engage in constructive debates with senior decision-makers and push back when necessary is also valuable. Preferred qualifications for this role include certifications such as CISSP, CISA, CISM, CCSP, or CRISC.,

This position is responsible for performing vendor security assessments, analyzing risks, and processing exceptions to security standards and PEEP requests. The increasing regulatory and audit oversight of these critical activities emphasizes the importance of continued execution of these tasks. The key responsibilities of this role include conducting risk analysis, reporting metrics, and providing business support. This entails collaborating with business partners, leadership, vendor management, IT leaders, and staff. The position plays a crucial role in ensuring that vendor security assessments are conducted as required, meeting Ameriprise's regulatory obligations, capturing necessary requirements, ensuring timely responses, escalating issues as necessary, and reporting risks and security results to leaders. It also involves integrating these processes with CTI and managing the workload effectively. Additionally, the position is responsible for ensuring that exceptions are reported, escalated, addressed promptly, and consistently to reflect risks accurately, prevent them from becoming idle, and meet regulatory obligations. The candidate must be willing to work in the evening shift from 4:45 pm to 1:15 am and demonstrate the ability to work under pressure and coordinate with offshore/onshore teams. Required qualifications for this role include a degree in computer science, engineering, IT, or an equivalent technical field. Preferred certifications include ISO-27001, CISA, and CISM. Preferred qualifications entail in-depth knowledge and 2-4 years of experience working in the Global Risk and Compliance domain. Strong communication skills are essential for interacting with users globally on Information Security best practices, exceptions, assessments, and audit modules. Additional certifications such as ISO-27001, CISA, and CISM are considered advantageous. Ameriprise India LLP has been offering client-based financial solutions for 125 years, helping clients plan and achieve their financial objectives. As a U.S.-based financial planning company headquartered in Minneapolis with a global presence, the firm focuses on Asset Management and Advice, Retirement Planning, and Insurance Protection. Join a collaborative and inclusive culture that values your contributions and offers opportunities to work with talented individuals who share your dedication to excellence. This is an opportunity to make a difference both in the office and the community while working for an ethical company that cares. This is a full-time position with working hours from 4:45 pm to 1:15 am in the India Business Unit under the AWMP&S President's Office. The job family group is Technology.,

Role & responsibilities Perform 3rd-party audits and trainings according to ISO/IEC 27001, ISO 9001, ISO 20000-1, ISO 22301 & other IT specific standards/ frameworks Provide timely and accurate reviews of clients corrective action and closure Provide customers with timely, complete, and accurate reports of their current level of conformity / implementation of their management system Maintain schedule of audit activity with Management System clients Maintain appropriate auditor credentials and pursues advancement of those credentials and other related credentials as needed. Ensuring compliance with accreditation rules and other internal or external requirements. Ability to manage Key Customers. Supporting the sales team on technical aspects. Familiarity with use of digital tools Preferred candidate profile Bachelors degree in computer Science or equivalent & ideally a higher-level qualification Overall 10 years experience , 5 Plus years’ Experience in IT /Management system Implementation / certification and Minimum 5 years of profound experience in the field of information security and External audits Great attitude, Analytical skills and communication skills. Preferred: ITIL Certified, CISA, CISM, CISSP, MCSE, MCSA and/or MBA Good understanding of relevant regulations and industry standards (e.g. ITIL Framework, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, HiTrust and GLBA), best practices and methodologies and the ability to apply these requirements to organizational internal control frameworks.

You are seeking a Senior Auditor specializing in Security Compliance and Governance, with a profound understanding of cyber security, IT systems, applications, and infrastructure. As a Cyber Security Auditor, you are required to possess exceptional problem-solving abilities, meticulous attention to detail, and a comprehensive comprehension of cybersecurity trends. Your primary responsibilities will include evaluating internal IT controls, analyzing operational effectiveness, assessing risk exposure, and formulating remediation strategies. You will be tasked with responding to system or network security breaches, conducting audits, and preparing detailed reports for clients. Moreover, your role will involve hands-on experience in cyber risk management, vendor/3rd party security risk management, compliance assessments, and policy lifecycle. A strong grasp of Linux, Windows, Firewalls, VPN, IDS/IPS, and Security Audits is essential, along with proficiency in ISO27001, PCI-DSS, and other compliance standards. To excel in this role, you must hold a degree in Cyber Security or relevant certifications such as Security+, ISO 27001 LA, or CISA. A minimum of 3 years of experience as an IT Auditor is required, alongside a deep understanding of network security, infrastructure security, and various technical controls. Expertise in Firewalls, VPN, Data Loss Prevention, IDS/IPS, Web-Proxy, and Security Audits is crucial. You should be well-versed in IT audit methodologies and possess the ability to work efficiently under pressure in a dynamic environment. Your analytical mindset, keen attention to detail, and exceptional problem-solving skills will be key assets in fulfilling the responsibilities of this role.,

At EY, you have the opportunity to shape a career that reflects your uniqueness, supported by a global network, inclusive culture, and cutting-edge technology to help you reach your full potential. Your distinct voice and perspective are valued in contributing towards making EY even better. Join us in creating an extraordinary experience for yourself while striving towards a better working world for all. As a Technology Risk Manager at EY, you will play a pivotal role in IT Risk and Assurance client projects and internal initiatives. Building and maintaining relationships, identifying business opportunities, and proactively addressing risks are key aspects of your responsibilities within the EY- Technology Risk team. You will have the chance to lead as a Manager within the EY- Technology Risk Team, contributing to the growth of a new service offering and shaping the direction of the firm. Your primary duties include evaluating control portfolios, ensuring compliance with policies and standards, supervising control assessments, and providing valuable insights to clients for enhancing processes and managing risks effectively. Key Responsibilities: - Conduct assessments of control design, operating effectiveness, and risk management outcomes - Ensure accuracy, effectiveness, and timely delivery of assigned control assessments - Manage relationships with control owners and stakeholders, resolving issues and escalating when necessary - Apply risk management concepts to identify and formulate findings, offering insights for process improvement - Stay updated on regulatory standards, industry best practices, and control frameworks Skills and Attributes: - Ability to guide team members and perform procedures related to complex issues - Experience in information security assessments and audits - Proficiency in conducting NIST assessments, ISO assessments, and privacy impact audits - Strong project management skills and understanding of complex information systems - Extensive knowledge of clients" business/industry to identify technological impacts Qualifications: - Graduate (CS/ IT, Electronics, Electronics & Telecommunications)/MBA/M.Sc. with a minimum of 6 years of experience - Significant experience in technical knowledge relevant to IT assessments and audits Preferred Qualifications: - Familiarity with program and project management practices - Understanding of IT systems development life cycle EY offers a dynamic work environment where you can collaborate with talented individuals globally and engage with leading businesses across diverse industries. Your growth and development are prioritized, supported by coaching, feedback, and opportunities to enhance your skills and advance your career in a way that suits you best. Join EY in building a better working world through creating long-term value, fostering trust, and providing innovative solutions to complex global challenges.,

The job is located in Fort, Mumbai. You should possess a Bachelor's degree in Information Security, Computer Science, or a related field. Additionally, certifications such as CISA, ISO27001, ISO22301, and CISSP would be advantageous. Ideally, you should have 8 to 10 years of experience in a Senior Manager/AGM role. Your responsibilities will include: - Governance and Risk Management - Incident Management - Training and Awareness - Reporting and Documentation - Policy and Procedure Management - Audit Management This is a full-time position with benefits such as Provident Fund. The schedule for this role is a fixed shift. The preferred candidate will have a total of 8 years of work experience. The work location is in person.,

As the Cyber Security Manager, you will be responsible for protecting the company's digital landscape by designing and implementing comprehensive security programs and cybersecurity strategies. Your role will include securing cloud environments, conducting vulnerability assessments, and managing endpoint security solutions to ensure optimal performance of security tools. Staying updated on the latest security threats and best practices will be crucial to continuously improving the security posture of the organization. Furthermore, you will play a key role in building a culture of security awareness by developing security policies, procedures, and training programs to educate employees. Collaborating with stakeholders and other teams to define and implement effective security measures aligned with industry standards and regulations will be essential in maintaining a secure environment. In addition, you will lead incident response activities, perform risk assessments, and drive root cause analysis to address underlying causes of security incidents. Managing compliance with standards such as ISO 27001 and conducting regular audits to assess the effectiveness of information security management systems (ISMS) will be part of your responsibilities. To be successful in this role, you should have a Bachelor's degree in computer science, Information Security, or a related field, along with a minimum of 10+ years of experience in Information and Cybersecurity. A deep understanding of cybersecurity frameworks and standards, as well as knowledge of cybersecurity technologies and relevant VAPT tools, is required. Strong problem-solving, decision-making, and communication skills are essential, along with the ability to communicate complex technical information to both technical and non-technical audiences. Professional certifications such as CEH, ISO27001, ISMS, CISM, or related certifications are preferred for this position. If you are looking for a challenging opportunity to make a significant impact in the field of cybersecurity, this role could be the perfect fit for you.,

At Bravura Solutions, collaboration, diversity, and excellence are highly valued. We provide a space for you to be curious, innovative, and contribute to our culture in an exciting and fast-paced environment. As a global FinTech market leader and ASX listed company, Bravura partners with over 350 top financial services clients, offering wealth management technology and products. We are dedicated to developing cutting-edge, digital-first solutions that help our clients achieve financial security and prosperity for their customers. Join us in our mission to drive innovation and make a positive impact in the financial services industry. We are currently seeking a Senior Information Security Officer to join our Information Security team. In this role, you will be responsible for implementing and operating the organization's Information Security Management System (ISMS) within your region. Your main tasks will include driving security risk management, ensuring policy compliance, conducting audits, providing training and awareness, managing supply chain risk, and supporting security operations in incident management. Key Responsibilities: - Oversee the implementation and operations of the ISMS within the region. - Ensure alignment with global security policies and regulatory requirements. - Identify, assess, and mitigate security risks. - Maintain the risk register and track remediation activities. - Develop and enforce security standards and client requirements. - Lead internal and external security audits and ensure timely remediation of findings. - Provide security assurance to clients and coordinate with service delivery teams. - Develop and deliver security awareness programs and support training initiatives. - Assess and manage security risks associated with third-party vendors and suppliers. - Assist in managing and responding to security incidents within the region. Qualifications: - Bachelor's degree in Information Security, Computer Science, or related field. - 5+ years of experience in an information security role, preferably in an MSP or data processing environment. - Strong understanding of ISO27001, NIST, GDPR, and other security frameworks. - Experience in security risk management, audits, compliance, and client security assurance. - Knowledge of security operations, incident response, and managed security services. - Excellent communication and stakeholder management skills. - Security certifications such as CISSP, CISM, or CRISC are preferred. At Bravura, we offer a competitive salary, employee benefits scheme, parental leave policy, free meals, and transport facilities. If you are passionate about information security and want to work in a dynamic and innovative environment, we would love to hear from you. Apply now and be part of our team dedicated to shaping the future of financial technology.,

The IT Security Manager is a key role within our IT Infrastructure department at Emkay. As the IT Security Manager, you will be responsible for implementing security measures to safeguard our systems and networks. Your main objective will be to identify and mitigate security risks, ensure compliance with industry standards, and develop strategies to protect sensitive information. Your primary responsibilities will include: 1) Implementation of Security Strategy: - Develop and execute the IT security strategy in alignment with organizational goals. - Conduct risk assessments and provide recommendations to enhance our security posture. - Collaborate with key stakeholders to implement security policies, standards, and procedures. - Enhance IT Infrastructure change management practices following ITIL processes. - Maintain a strong focus on vulnerability and patch management for the entire IT infrastructure. 2) Focus on Infrastructure Security: - Oversee the implementation of security measures for networks, systems, and applications. - Ensure data integrity and confidentiality through access controls and encryption. - Monitor and respond to security incidents, including assisting with forensic investigations. 3) Ensuring Security Compliance: - Ensure compliance with relevant regulatory requirements and industry standards. - Conduct regular assessments of the infrastructure and implement corrective actions as needed. - Stay informed about emerging security threats, vulnerabilities, and technologies. 4) Security Awareness: - Create and promote security awareness initiatives to educate the Infra team on the importance of cybersecurity. - Provide guidance to staff on security best practices and procedures. 5) Incident Response and Management: - Develop and maintain an incident response plan to address security breaches. - Lead and coordinate the response to security incidents, collaborating with internal teams and external partners as required. Qualifications required for this role include: - Bachelor's degree in computer science, Information Technology, or a related field. - Certified ITIL Practice Manager. - 4-5 years of experience in IT security roles focusing on managing security programs. - Industry certifications such as CISSP, CISM, ISO27001, or equivalent are highly desirable. - Strong knowledge of security frameworks, standards, and best practices. - Excellent communication and interpersonal skills. Additional requirements for the role include a strong ITIL background, the ability to keep up with industry trends and emerging technologies, proficient problem-solving and analytical skills with a focus on Cyber Security, demonstrated leadership and team management experience, good communication and interpersonal skills to build relationships with internal stakeholders, and the ability to work independently or as part of a team with a high level of self-motivation and initiative.,

Our story Strada is a technology-enabled, people powered company committed to delivering world-class payroll, human capital management, and financial management solutions to organizations globally. With a team of more than 8,000 experts and over 30 years of expertise, Strada blends leading-edge technology with human ingenuity to help businesses across the globe design and deliver at scale. Supporting over 1,400 customers in 33 countries, Strada partners with customers at every stage of their journey, to help drive their vision forward. Its why were so driven to connect passion with purpose. Our teams experience in human insights and cloud technology gives companies and employees around the world the ability to power confident decisions, for life. With a comprehensive total rewards package, continuing education and training, and tremendous potential with a growing global organization, Strada is the perfect place to put your passion to work. To learn more about us, visit stradaglobal.com ROLE : Vendor Security Risk Management RESPONSIBILITIES : Summary The Vendor Security Risk Management Senior Associate supports the management and mitigation of security risks associated with third-party vendors. This role involves conducting risk assessments, assisting in the development of risk management strategies, and ensuring vendors comply with security policies and standards. Responsibilities • Vendor Risk Assessment : o Assist in performing security risk assessments for new and existing vendors are completed to identify potential risks and vulnerabilities. o Document and communicate assessment findings to Vendor Security Risk Mgt colleagues for review. • Risk Mitigation : o Support the development and implementation of strategies to mitigate identified security risks. o Monitor corrective actions to ensure risks are effectively managed. • Continuous Monitoring : o Assist in continuous monitoring activities to regularly assess vendors’ security performance. o Use automated tools and technologies to track and report on vendors’ compliance with security standards. • Incident Management : o At the request of the Incident Management team support the incident management process by coordinating with vendors to understand whether a vendor was impacted by an incident and ensuring timely and effective resolution. • Compliance : o Maintain up-to-date documentation and evidence of vendors’ compliance with security requirements. o Assist with regular compliance audits and assessments to verify adherence to security policies. • Training and Awareness: o Help conduct and deliver training sessions and awareness programs for internal teams on security best practices. REQUIREMENTS : Experience: o Minimum of 6 years of experience in Vendor Risk Mgt. • Skills : o Excellent communication and interpersonal skills. o Analytical and problem-solving abilities. • Personal Attributes: o High level of integrity and ethical standards. o Detail-oriented and organized. o Proactive and able to work independently. o Strong commitment to continuous improvement and professional development Required Education • Candidate must possess at least a Bachelor's/College Degree , Computer Science/Information Technology, Science & Technology or equivalent kindly inbox profiles to venkatesh.kosana@stradaglobal.com Benefits We offer programs and plans for a healthy mind, body, wallet and life because it’s important our benefits care for the whole person. Options include a variety of health coverage options, wellbeing and support programs, retirement, vacation and sick leave, maternity, paternity & adoption leave, continuing education and training as well as a number of voluntary benefit options. By applying for a position with Strada, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Strada’s employment policies. Background checks may include some or all the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position. Our commitment to Diversity and Inclusion Strada is committed to diversity, equity, and inclusion. We celebrate differences and believe in fostering an environment where everyone feels valued, respected, and supported. We know that diverse teams are stronger, more innovative, and more successful. At Strada, we welcome and embrace all individuals, regardless of their background, and are dedicated to creating a culture that enables every employee to thrive. Join us in building a brighter, more inclusive future. Diversity Policy Statement Strada is an Equal Employment Opportunity employer and does not discriminate against anyone based on sex, race, color, religion, creed, national origin, ancestry, age, physical or mental disability, medical condition, pregnancy, marital or domestic partner status, citizenship, military or veteran status, sexual orientation, gender, gender identity or expression, genetic information, or any other legally protected characteristics or conduct covered by federal, state or local law. In addition, we take affirmative action to employ and advance in the employment of qualified minorities, women, disabled persons, disabled veterans and other covered veterans. Strada provides reasonable accommodations to the known limitations of otherwise qualified employees and applicants for employment with disabilities and sincerely held religious beliefs, practices and observances, unless doing so would result in undue hardship. Applicants for employment may request a reasonable accommodation/modification by contacting his/her recruiter. Authorization to work in the Employing Country Applicants for employment in the country in which they are applying (Employing Country) must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the Employing Country and with Strada.

As the Compliance Program Manager for Information & Cyber Security, your responsibilities will include setting and managing compliance programs to meet various requirements such as regulatory standards, ISO27001, and PCI DSS. You will be tasked with developing security standards, technical solutions, strategies, and best practices for the organization while recommending security enhancements to management as needed. Additionally, you will be responsible for driving large programs across teams to address Information Security needs and ensuring successful, on-time, and on-budget delivery of Information Security projects. Your role will also involve developing, maintaining, and overseeing Information Security Policies, Processes, and standards/guidelines to address all applicable regulatory and ISO requirements. You will work on implementing new security tools to mitigate vulnerabilities and automate tasks, as well as leading the development and implementation of Information & Cyber Security Assurance Program. Managing the Third Party Risk Assessment Program and handling InfoSec Audits (internal/external) will also be part of your responsibilities, along with conducting awareness trainings. Furthermore, you will assist the organization in planning and executing InfoSec needs, influencing successful delivery of Information Security projects. Your duties will also include writing comprehensive reports with assessment-based findings, outcomes, and suggestions for system security enhancement. The ideal candidate for this role should have a Bachelor's degree in Engineering or a technical field, along with relevant certifications in security specialization. Experience in driving and governing audits, practice standardization, and hands-on experience with audits, InfoSec compliances, and Vulnerability assessments are required. Familiarity with technologies and processes such as networks, encryption, vulnerability management, identity and access management, endpoint management, risk management, and cloud services is essential. Basic knowledge of software development lifecycles and methodologies is preferred, along with the ability to present and influence top-line management and executives on Information Security importance. Strong problem-solving skills, conflict management abilities, and a good understanding of infrastructure including web & cloud technologies and network architecture are also desired for this position.,

Role & responsibilities : Design and comply with applicable ISO27001 and NIST CSF standards. Monitor and protect against IT security threats with regular and effective oversight, testing, awareness building and employee training. Help develop a company-wide cultural mentality regarding the importance of information security. Prepare reports on IT security issues, testing, threats and incidences on a regular basis. Perform information security risk assessments. Identify and track the resolution of security incidences and vulnerabilities. Develop communication plans in advance of incidents to ensure a prompt and strategic response to both internal and external personnel. Ensure that adequate physical security controls exist to protect sensitive data and information systems. Responsibilities include asset, building, and network protection. Participate in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all security concerns, requirements, and responsibilities are addressed. Qualifications: Bachelors degree or masters degree in a computer field. Ten years or more IT operations experience and management. Ten years or more of experience leading technology projects in a high uptime, telecom, call center and/or Software-as-a-Service environment. CISSP or CISM qualifications Track record of ISO27001 program implementation, certification and maintenance In-depth knowledge of Windows and Linux server environments Ability to maintain composure and sound judgment in high-pressure environments Demonstrated leadership and personnel/project management skills Highly self-motivated and directed Proven analytical and problem-solving abilities Strong customer service orientation Experience working in a team-oriented, collaborative environment

About Organization: Larsen & Toubro Ltd, commonly known as L&T, is an Indian multinational conglomerate company, with business interests in engineering, construction, manufacturing, technology, information technology and financial services, headquartered in Mumbai. The company is counted among world's top five construction companies. The L&T Group comprises of 93 subsidiaries, 5 associate companies, 27 joint ventures and 35 jointly held operations, operating across basic and heavy engineering, construction, realty, manufacturing of capital goods, information technology, and financial services. Specialties: Aerospace, Infrastructure, Shipbuilding, Construction, Defense, Finance, Forging, Hydrocarbon, Information Technology & Engineering Services, Construction Equipment, Railways, Boilers, Process Plant, Turbines, Power, Renewable Energy, Manufacturing and Green Hydrogen. Job Role - Application Security (Cyber), Corporate IT Educational Qualifications - B.Tech/B.E Experience - Around 2-4 years in (IT) information technology along with information security Job Location - Mumbai Job Profile Sound knowledge of Info Sec standards such as ISO27001 Understanding of technology security architecture concepts Understanding Application Risk Management Framework Should possess good interfacing skills Should possess good application security knowledge, experience on tools & methodologies related to secure software development (OWASP top20, AppScan, Metasploit, WAF) for web, mobility, API, ERP & cloud apps. Job Responsibilities Keep track of latest tools & technologies being introduced in application security arena Roll out "security by design" structure in software projects (secure SDLC) Work with solution providers to conduct limited proof of concept testing for products through well-defined measurement criteria Implement security tools & technologies as per project plans with vendors & partners Conducting software security awareness trainings for stakeholders in respective areas Good communication skills ( verbal / written ) Should be a self-starter, motivated Competencies Required Security certifications (CISSP, OSCP, CEH) desirable

The Supplier Assurance Services (SAS) team at JPMCs Corporate Third Party Oversight (CTPO) program is dedicated to conducting thorough risk assessments of suppliers. As an integral part of Global Supplier Services (GSS), SAS plays a crucial role in enhancing the security posture of JPMCs supply chain in collaboration with JPMCs Cybersecurity and Technology functions. Reporting directly to JPMCs Global Head of Corporate Third Party Oversight, SAS focuses on designing and implementing controls and processes to mitigate risks effectively. In the role of Associate, Supplier Cybersecurity Controls within the Supplier Assurance Services team, you will be responsible for conducting technology and cybersecurity control assessments of supplier environments. Your primary tasks will involve reviewing infrastructure, application stacks, and other technologies to ensure compliance with JPMC Corporate Policies & Standards. Working closely with JPMCs Global Cybersecurity and Technology team and JPMCs Lines of Business (LOBs), you will address the latest cyber risks prevalent in the industry. As part of the SAS team, you will evaluate action plans and risk acceptances across business lines where technology standards compliance falls short. Your key responsibilities will include managing all aspects of the control assessment of suppliers, leading onsite/virtual assessments, identifying and addressing control breaks and vulnerabilities within suppliers IT environments, and suggesting process improvements for enhanced operational efficiency and supplier posture. Additionally, you will support internal education initiatives and share best practices with peers, colleagues, and third parties while escalating any critical issues associated with suppliers as necessary. To excel in this role, you should possess at least 5 years of experience in Technology, Technology Risk & Controls, Technology Audit, Cybersecurity, Application Security, Cloud Security (SaaS, PaaS & IaaS), Network Security, Cyber Resiliency, and Third Party Outsourcing Risk Management within a large enterprise-level environment. It is essential to have a solid understanding of industry risk frameworks such as ISO27001, NIST Cybersecurity Framework, and others. Strong written and verbal presentation skills at the senior management level, along with the ability to engage in constructive debates with senior decision-makers and provide necessary pushback when required, are crucial for success in this position. Preferred qualifications for this role include certifications such as CISSP, CISA, CISM, CCSP, or CRISC, which can further enhance your expertise in supplier cybersecurity controls and risk management.,

About the Role As an Associate Manager , youll play a key individual contributor role in driving security policies, ensuring adherence to compliance frameworks, and mitigating risks within Meeshos internal and external environments. Youll manage end-to-end compliance activities, oversee audits, and contribute to building a secure and compliant ecosystem. As part of the Security Compliance team, youll own and be accountable for the overall Information Security framework and program, helping to uphold the highest standards of security and privacy. What you will do Lead and own the end-to-end security compliance and certification charter. Define, roll out, and enforce Information Security policies and procedures. Define and ensure adherence to data privacy and data protection laws (e.g., DPDP). Collaborate with third-party vendors to maintain robust third-party security practices. Ensure compliance with IT Act, e-commerce guidelines, and regulations related to cryptography, information security, and data privacy. Conduct periodic information security awareness training programs for employees. Oversee information security risk management and privacy impact assessments. Develop and maintain Business Continuity Plans (BCP) and conduct Business Impact Assessments (BIA) to ensure organizational resilience Draft and enforce Data Protection Agreements and Information Security Agreements. Manage and coordinate internal and external audit-related activities. Collect and present audit evidence to ensure successful compliance assessments. Develop, implement, and maintain internal audit policies and procedures in line with standards such as ISO 27001, SOC 2, PCI DSS, or any other opted frameworks. Audit data, systems, and processes for policy and regulatory compliance. Provide actionable insights and reporting on the effectiveness of compliance programs. Conduct vendor audits and produce comprehensive reports. Plan and execute ad-hoc audits as necessary. What you will need Educational Qualification : Bachelor's/Master's degree in Computer Science, Information Security, or a related technical field. Experience : 4-7 years in information security, compliance, or audit roles. Demonstrated experience in startup environments or knowledge of regulatory frameworks (e.g., PCI DSS, ISO 27001). Strong problem-solving skills and hands-on experience implementing compliance standards. Familiarity with frameworks like ISO27001, NIST, Cyber Kill Chain, and MITRE ATT&CK. Working knowledge of cloud platforms (AWS, GCP) is highly advantageous. Excellent project planning, stakeholder management, and communication skills. Ability to adapt to evolving regulatory landscapes and implement best practices. Certifications like ISO Lead Auditor/Implementer, CISSP, CISM, CISA, or CCSP are a plus.

Design, Implement and maintain GRC framework and policies. Conduct risk assessments. Coordinate internal and external audits. Conduct root cause analysis and recommend corrective actions.

Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills.

As a Database Designer / Senior Data Engineer at VE3, you will be responsible for architecting and designing modern, scalable data platforms on AWS and/or Azure, ensuring best practices for security, cost optimization, and performance. You will develop detailed data models and document data dictionaries and lineage to support data solutions. Additionally, you will build and optimize ETL/ELT pipelines using languages such as Python, SQL, Scala, and services like AWS Glue, Azure Data Factory, and open-source frameworks like Spark and Airflow. Collaboration is key in this role as you will work closely with data analysts, BI teams, and stakeholders to translate business requirements into data solutions and dashboards. You will also partner with DevOps/Cloud Ops to automate CI/CD for data code and infrastructure, ensuring governance, security, and compliance standards such as GDPR and ISO27001 are met. Monitoring, alerting, and data quality frameworks will be implemented to maintain data integrity. As a mentor, you will guide junior engineers and stay updated on emerging big data and streaming technologies to enhance our toolset. The ideal candidate should have a Bachelor's degree in Computer Science, Engineering, IT, or similar field with at least 3 years of hands-on experience in a Database Designer / Data Engineer role within a cloud environment. Technical skills required include expertise in SQL, proficiency in Python or Scala, and familiarity with cloud services like AWS (Glue, S3, Kinesis, RDS) or Azure (Data Factory, Data Lake Storage, SQL Database). Strong communication skills are essential, along with an analytical mindset to address performance bottlenecks and scaling challenges. A collaborative attitude in agile/scrum settings is highly valued. Nice to have qualifications include certifications in AWS or Azure data analytics, exposure to data science workflows, experience with containerized workloads, and familiarity with DataOps practices and tools. At VE3, we are committed to fostering a diverse and inclusive environment where every voice is heard, and every idea can contribute to tomorrow's breakthrough.,

As a part of Bounteous x Accolite, you will play a crucial role in driving the future faster for the world's most ambitious brands. Our range of services includes Strategy, Analytics, Digital Engineering, Cloud, Data & AI, Experience Design, and Marketing, all of which are guided by our proven methodology of collaborative partnership known as Co-Innovation. With a workforce of over 5000 employees spread across North America, APAC, and EMEA regions, along with strong partnerships with leading technology providers, Bounteous x Accolite focuses on leveraging advanced digital engineering, technology solutions, and data-driven digital experiences to deliver exceptional and efficient business impact for our clients. Your responsibilities related to Information Security will involve maintaining awareness on crucial security measures such as the acceptable use of information assets, malware protection, and password security. You will be expected to understand and report security risks that can impact the confidentiality, integrity, and availability of information assets, as well as have a grasp on how data is stored, processed, or transmitted from a data privacy and protection perspective. As a key member of our team, your role will include planning, developing, and implementing information security policies and procedures. You will actively contribute to developing the security strategy for the organization, conduct risk assessments for different business units, and maintain risk registers while ensuring the implementation of risk treatment plans. Compliance with data protection and privacy legislations, effective communication of information security goals, collaboration with information security champions, and investigation of security incidents will also be part of your responsibilities. Moreover, you will be involved in driving internal and external audits to successful outcomes, liaising with external agencies on matters related to information security and data privacy, and performing supplier security reviews as per organizational policies. Your role will also entail responding to security questionnaires from clients and reviewing information security-related clauses in agreements or addendums. To be eligible for this position, you are expected to hold a Bachelor's degree in Computer Science, Information Systems, or a related field, along with a minimum of 5 years of experience in Information Security. Having a solid understanding of security principles, technologies, and best practices, as well as relevant certifications or experience in frameworks like ISO27001:2022, will be advantageous. Additionally, experience in planning and conducting audits, developing security policies and procedures, and possessing strong communication and team management skills will be beneficial. At Bounteous x Accolite, we value diversity and encourage individuals with varying backgrounds and experiences to apply, as we believe that passion, intelligence, and technical skills are key attributes regardless of meeting 100% of the criteria. Furthermore, we offer opportunities for team members to engage in Team Member Networks, which provide spaces for individuals with shared identities, interests, and passions, fostering a sense of community within the organization. If you are looking to be part of a dynamic team that values innovation, collaboration, and diversity, we invite you to apply for this exciting opportunity at Bounteous x Accolite.,

As an Internal Auditor at Justdial Ltd in Bangalore, you will be responsible for projects in IT Advisory focusing on the assessment and evaluation of IT systems, along with the mitigation of IT-related business risks. Your role will involve IS audit, ITGC reviews, internal audit engagements, IT infrastructure review, and risk advisory, including supporting IT audit activities. Your responsibilities will include coordinating and managing statutory external audits for SOX (ITGC), providing management reports by collecting and analyzing audit information, conducting ISMS security awareness training programs within the organization, and supporting the Information Security Manager in managing and mitigating risk assessments. You will also be involved in implementing ISO 27001 controls across the organization, conducting risk assessments and gap analyses for ISO 27001/IT General Control, and performing internal audits for various business functions. Additionally, you will conduct data center audits as per ISO 27001 standards, develop and review information security policies and procedures, handle end-to-end ITGC statutory audit requirements, assist in the implementation of ISO 27001:2013 and managing the ISMS, and consult the organization on business continuity for critical functions. You will also be involved in implementing and consulting on PCI DSS SAQ A-EP certification. The ideal candidate for this role should have a bachelor's degree in engineering or BSc-IT, experience in performing IT audits of banking/financial sector applications, and knowledge of IT regulations, standards, and benchmarks used by the IT industry (e.g., NIST, PCI-DSS, ISO 27001). Technical knowledge of IT audit tools, experience in carrying out OS/DB/Network reviews, exposure to risk management and governance frameworks/systems, and proficiency in project management, communication, and presentation skills are essential. Being a team player with strong self-directed work habits, initiative, drive, creativity, maturity, self-assurance, and professionalism is crucial for success in this role. Preferred certifications include CISA, CISSP, ISO 27001 Lead Auditor/Implementer, and CISM. Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools is also required.,

Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills.

You are a detail-oriented and experienced IAM Governance manager who will be a valuable addition to our cybersecurity team. In this role, you will be responsible for governance, risk management, and compliance within the Identity and Access Management (IAM) domain. Your primary focus will be to ensure that our IAM processes and policies align with industry best practices and regulatory requirements. Your key responsibilities will include: - Ensuring that IAM processes comply with policies, industry standards, and regulatory requirements. - Developing and enforcing governance policies, procedures, and standards to enhance the IAM program. - Governing the onboarding of applications to the IAM solution by ensuring adequate security controls are in place for each integration, including role matrices, Role-Based Access Control (RBAC), and access recertification cycles. You will also be responsible for: - Governing and maintaining Role-Based Access Controls (RBAC) and Segregation of Duties (SoD) principles for internal applications and infrastructure. - Monitoring user access review cycles, including access certifications and privileged access management. - Reviewing Multi-Factor Authentication (MFA) and conditional policies for internal teams. - Managing the complete user lifecycle to identify access control gaps and implement necessary controls. Additionally, you will: - Design and maintain role definitions and role-based access control frameworks. - Conduct risk assessments related to identity and access management and mitigate potential security risks. - Collaborate with various departments to ensure smooth onboarding, role changes, and offboarding processes. - Provide support and guidance on IAM to business units and end-users. - Prepare and present IAM governance reports and metrics to senior management and document IAM policies, procedures, and compliance activities. To excel in this role, you should possess strong interpersonal, analytical, and technical skills, along with decision-making and prioritization abilities. A background in the banking environment with a solid understanding of key security frameworks such as ISO27001, PCI DSS, and NIST 800-63 is preferred. Additionally, you should have over 5 years of experience in managing enterprise projects and coordinating in an enterprise environment. Your commitment to continuous learning, driving security risk reduction, and aligning actions with business priorities will be crucial in ensuring the success of our IAM governance initiatives.,