110 Iso27001 Jobs - Page 4

As a Technology Information Security Officer (TISO), your primary responsibility will be to ensure effective and efficient communication, coordination, and implementation of CISO IT Security requirements and decisions. You will play a crucial role in guiding the ITAO team. Your expertise will be instrumental in addressing security considerations related to cloud computing, such as data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss, and DoS attacks. Furthermore, you will be tasked with overseeing Identity and Access Management (IAM), which involves implementing a framework of security policies and technologies to restrict and monitor access to sensitive technology resources within the organization. Your familiarity with ISO27001 specifications and Control Objectives for Information and Related Technologies (COBIT) will be essential in defining and enforcing security policies and procedures that encompass legal, physical, and technical controls for managing organizational risks. In this role, you will be expected to align standards, frameworks, and security measures with the overarching business and technology strategies. It will be imperative for you to stay abreast of current and emerging security threats and devise solutions that strike a balance between business requirements and cybersecurity needs. Additionally, you will be responsible for training users on system implementation and conversion, ensuring that the IT Security strategy aligns with the CISO strategy, and translating this alignment into an operational plan for your area of responsibility. Your role will also involve integrating Chief Information Security Office initiatives, programs, and central solutions, ensuring compliance with security controls, and maintaining technical security documentation. You will act as an expert in DB Information Security Policies and procedures, manage IT audits, and collaborate with key stakeholders to address Information Technology Security risks effectively. For this position, we are seeking a candidate with 14-20 years of experience in security considerations related to cloud computing, IAM, VB.NET, Java/J2EE, ColdFusion, API/web services, scripting languages, RDBMS (e.g., MS SQL Server or Oracle), ISO27001, COBIT, and familiarity with Windows and UNIX environments. Your expertise in these areas will be vital for building and maintaining a secure IT environment and mitigating potential risks effectively.,

Control Testing in automated controls is must Roles and Responsibilities: In this role you are required to do analysis and solving of lower-complexity problems Your day to day interaction is with peers within Accenture before updating supervisors In this role you may have limited exposure with clients and/or Accenture management You will be given moderate level instruction on daily work tasks and detailed instructions on new assignments The decisions you make impact your own work and may impact the work of others You will be an individual contributor as a part of a team, with a focused scope of work Please note that this role may require you to work in rotational shifts

Key Responsibilities: Cybersecurity & SOC Operations: Monitor security alerts and events across IT and cloud infrastructure using SIEM tools. Investigate and respond to security incidents including phishing, malware, unauthorized access, etc. Develop and maintain incident response procedures and escalation protocols. Conduct threat intelligence and vulnerability assessments on-prem and in the cloud. Cloud Security: Implement and monitor cloud security best practices (AWS, Azure, GCP). Manage IAM (Identity and Access Management), encryption, security groups, and cloud firewall rules. Perform security assessments on cloud applications and infrastructure. Ensure compliance with shared responsibility models across different cloud service providers. GRC & Compliance: Develop, implement, and audit security policies based on frameworks like ISO 27001, NIST, SOC 2, and GDPR. Conduct risk assessments and internal audits to identify and address security gaps. Ensure cloud and on-prem infrastructure aligns with regulatory and client compliance requirements. IT Audits & Reporting: Prepare for and support external audits such as ISO 27001, SOC 2, and client-specific reviews. Document processes, create audit trails, and present risk mitigation plans. Maintain detailed records of audit findings and remediation actions. Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. 2-5 years of experience in cybersecurity, cloud security, GRC, or IT audits. Working knowledge of major cloud platforms: AWS, Azure, or GCP. Experience with SIEM tools (e.g., Splunk, QRadar, Microsoft Sentinel) and endpoint security solutions. Understanding of cloud compliance standards: ISO 27017, CSA, CIS Benchmarks. Familiar with GRC platforms such as RSA Archer, ServiceNow GRC, etc. Strong documentation, reporting, and communication skills.

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY- Technology Risk team, you'll contribute technically to IT Risk and Assurance client engagements and internal projects. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You'll also identify potential business opportunities for Ernst & Young within existing engagements and escalate these as appropriate. Similarly, you'll anticipate and identify risks within engagements and share any issues with members of the team. We're looking for a Manager to join the leadership group of our EY- Technology Risk Team. This is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your key responsibilities are to: - Evaluate a portfolio of controls for design effectiveness, operating effectiveness, and/or risk management outcomes, raising issues as appropriate. - Ensure that assigned control assessments are accurate, effective, abide by policy, procedures, and templates, and meet quality control requirements and are delivered on time, in accordance with the assessment plan. - Test and supervise the delivery of assigned controls not limited to ITGC and ITAC but System Architecture, Operating Systems, Databases, Networks, Security Systems, Cloud Services, Asset Inventories, Incident Management, Recovery Management, ISO27001 & NIST assessment, Privacy Assessment, Cyber Maturity Assessment, IT Policies and Standards Assessment, and Software Development Lifecycle (SDLC); using experience and knowledge to intervene and redirect testing as required, resolving, or redirecting escalations as required. - Manage control owners and other stakeholders, ensuring the success of each assigned review, minimizing contention where possible and requesting support where deemed necessary. - Apply judgment and risk management concepts to identify, formulate findings, and provide valuable insights to the clients to improve processes and manage risks to achieving operational and strategic goals. - Review IT Policies and Standards and ensure that they are as per the different industry standard. - Work closely with cross-functional teams and develop strong relationships as project lead within IT security and GRC projects. - Stay current with and promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the enterprise. - Control frameworks such as COSO, internal control principles, and related regulations including SOX and J-SOX. - Familiar with IT industry frameworks such as ISO27001, NIST, PCI-DSS, SOX, FDA, HIPAA: Privacy, HIPAA: Security, and HITECH Act. - Third-party reporting standards (particularly SSAE16), other reporting and industry-specific standards, and, if applicable, trust-based standards such as SysTrust and WebTrust. Skills and attributes for success: - Provide guidance and share knowledge with team members and participate in performing procedures especially focusing on complex, judgmental, and/or specialized issues. Work with the team and the client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement. - Experience in conducting information security assessments including business continuity plan audits, network security audits, and infrastructure audits. - Perform NIST assessments, ISO assessments, and privacy impact audits, Data Privacy and GDPR implementation, experience in developing Data inventory and Third-Party Risk Assessment. - Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to client situations. - Bring and utilize extensive knowledge of the client's business/industry to identify technological developments and evaluate impacts on the client's business. Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. - Understand EY and its service lines and actively assess what the firm can deliver to serve clients. To qualify for the role, you must have a Graduate (CS/IT, Electronics, Electronics & Telecommunications)/MBA/M.Sc. with at least 6 years of experience. Bring your significant experience in applying relevant technical knowledge in at least one of the following engagements: (a) ISO assessments, (b) NIST assessments, (c) Data privacy audits, (d) Network and Infrastructure audits, (e) Cyber Maturity Assessment, (f) IT Policies and Standards Assessment, (g) IAM and IT Asset Management, (h) IT Health Check. Ideally, you'll also have a robust understanding of program and project management practices and familiarity with a typical IT systems development life cycle. What we look for: A team of people with commercial acumen, technical experience, and enthusiasm to learn new things in this fast-moving environment. Opportunities to work with EY technology risk practices globally with leading businesses across a range of industries. What working at EY offers: At EY, we're dedicated to helping our clients, from startups to Fortune 500 companies, and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer support, coaching, and feedback from some of the most engaging colleagues around, opportunities to develop new skills and progress your career, and the freedom and flexibility to handle your role in a way that's right for you. EY | Building a better working world: EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

As an Information Security Analyst at Lionbridge, you will collaborate with the security and privacy team to establish and enhance information security and privacy management processes. Your responsibilities will involve working across various departments within the organization to conduct regular audits and reviews to ensure compliance with industry standards and regulations. You will oversee monthly and quarterly audits with business teams to assess security controls, ensuring they align with required standards, regulations, and customer specifications. Additionally, you will assist in gathering evidence for security compliance reviews and customer audits, while also contributing to the development of company-wide best practices based on audit outcomes. Proactively identifying and addressing information security risks within the organization will be a key aspect of your role. By utilizing the Lionbridge Risk Management Framework, you will evaluate events and processes for compliance with laws, regulations, and standards. Staying updated on emerging legislation and security technologies will also be essential in this position. To excel in this role, you should possess strong written and verbal communication skills in English, along with a basic understanding of internet technologies, operating systems, and networking concepts. A high level of motivation, attention to detail, and investigative skills are crucial attributes. A Bachelor's Degree in IT or a related field is required. While experience in Information Security Governance, Compliance, or Risk Management is preferred, it is not mandatory. Relevant security certifications such as ISO27001, CEH, and knowledge of industry trends and technologies are advantageous. In return, you can expect support from peers, access to cutting-edge technology, and leadership backing for your initiatives. Lionbridge is a global organization that empowers leading brands to expand their international reach and enhance customer engagement. If you are intrigued by the responsibilities and opportunities presented by this role, we encourage you to apply and be part of our dynamic team.,

As a Cyber Assurance Assistant Vice President (AVP) at Barclays in Pune, you will play a crucial role in partnering with the bank to provide independent assurance on control processes and offer advice on enhancements to ensure the efficiency and effectiveness of the bank's internal controls framework. Your responsibilities will include collaborating across the bank to maintain a robust control environment by conducting ad-hoc assessments and testing the design and operational effectiveness of internal controls aligned with the bank's policies and standards. You will develop detailed test plans and procedures to identify weaknesses in internal controls and other initiatives within the bank's control framework to mitigate potential risks and issues that could disrupt bank operations, lead to losses, or impact reputation. In this role, you will communicate key findings and observations to relevant stakeholders and business units to enhance overall control efficiency and provide corrective actions to senior managers. You will work closely with other control professionals to address complex issues and ensure consistent testing methodologies across the bank. Additionally, you will establish a knowledge center containing detailed documentation of control assessments, testing results, findings, and distribute material on internal controls to train and upskill colleagues within the bank. As an Assistant Vice President, you are expected to advise and influence decision making, contribute to policy development, and take responsibility for operational effectiveness. You will lead a team in performing complex tasks, set objectives, coach employees, appraise performance, and determine reward outcomes. If the position involves leadership responsibilities, you will demonstrate a clear set of leadership behaviors to create an environment for colleagues to excel. Your role may involve collaborating on assignments, guiding team members, identifying new directions for projects, and consulting on complex issues. You will identify ways to mitigate risks, develop new policies and procedures to support the control and governance agenda, and take ownership of managing risk and strengthening controls related to your work. Furthermore, you will engage in complex data analysis, communicate complex information effectively, and influence stakeholders to achieve desired outcomes. It is essential for all colleagues to uphold the Barclays Values of Respect, Integrity, Service, Excellence, and Stewardship, as well as demonstrate the Barclays Mindset of Empower, Challenge, and Drive in their behavior.,

As a Cloud Architect - AVP, you will be instrumental in defining and executing our AWS cloud strategy to ensure the effective deployment and administration of AWS cloud solutions. Your role will involve leading a team of AWS cloud engineers and architects, collaborating with diverse stakeholders, and utilizing your extensive expertise to promote AWS cloud adoption and innovation throughout the organization. Your primary responsibilities will include formulating and executing the company's AWS cloud strategy in alignment with business objectives, overseeing the design, architecture, and deployment of AWS cloud solutions with a focus on scalability, security, and reliability, collaborating with various teams to seamlessly integrate AWS services, evaluating and selecting appropriate AWS services and technologies, managing the migration of on-premises applications and infrastructure to AWS, establishing and enforcing AWS cloud governance, security policies, and best practices, providing technical leadership and guidance to the AWS cloud team to promote innovation and continuous enhancement, staying abreast of the latest AWS technologies and industry trends to incorporate relevant advancements into the AWS cloud strategy, and effectively communicating AWS cloud strategy, progress, and challenges to senior leadership and stakeholders. To qualify for this role, you should possess a Bachelor's or Master's degree in computer science, Information Technology, or a related field, along with a minimum of 15 years of IT experience, with at least 10 years dedicated to cloud architecture and implementation, particularly with AWS. Additionally, you should have experience with AWS cloud services SOC 2, ITIL, PCI-DSS, SAE16, ISO27001, Cobit, and/or HiTrust, cloud-native architectures, leading large-scale AWS cloud transformation projects, AWS cloud security, governance, and compliance, infrastructure as code (IaC) and automation tools such as AWS CloudFormation and Terraform, networking, storage, databases, and application development in AWS, exceptional problem-solving abilities, innovative design skills for AWS cloud solutions, strong leadership and communication capabilities, and a track record of managing and mentoring teams effectively. Preferred qualifications include being an AWS Certified Solutions Architect - Professional, experience with multi-cloud and hybrid cloud environments, familiarity with DevOps practices and tools like AWS CodePipeline and Jenkins, and knowledge of emerging technologies such as AI, ML, and IoT in relation to AWS cloud computing.,

Job Description: Azure AD & MS SQL Server Administrator Experience: 10 to 12 Years Location: Faridabad, Haryana, India Job Summary/Objective: Set up & Maintain Azure Hybrid Cloud Core Infrastructure Install, maintain & upgrade MS SQL Server Database on Azure Cloud in a Secure, HA & DR Environment Qualifications: BE/MCA 10th Standard, 12th standard & Graduation/Post Graduation marks should be 60% or more. Skills: Azure Cloud Administration Active Directory (AD), ADFS Administration Azure Devops CI/CD Pipelines Security setup Skill MS SQL Server Administration Window Server Administration, Proficient PowerShell Scripting /.NET Programming Knowledge of Project Management Documentation Artifacts for SDLC & Change Management Good Document writing Skill on Microsoft Excel & PowerPoint Preparation Programming Experience in .NETEnvironment (Nice to Have) Work Experinece on Azure Security Centre, Azure Defender, and Azure Sentinel (nice to Have) Experience on Hyper-V Admin, Backup Tools (Nice to Have) Work Experience in ISO27001/SOC2/GDPR Compliant Organization(Nice to Have) Certifications: Exam AZ-800: Administering Windows Server Hybrid Core Infrastructure Exam AZ-801: Configuring Windows Server Hybrid Advanced Services SC-300: Microsoft Identity and Access Administrator Microsoft Certified: Azure Database Administrator Associate (DP-300) MCDBA/Microsoft Certified IT Professional (MCITP) Database certification Experience: Relevant 8-10 Years Personal attributes: Good Communication skills specially written, Excel and PowerPoint Preparation Team Leader, Effectively articulation of ideas, convey information. Addresses customer inquiries or issues promptly & professionally. Clear and concise communication is essential for understanding requirements & expectations. Work Environment: 5 Days in-office working, Posting at Faridabad/Greater Noida, May have to travel Chennai & Overseas

Position Overview Job Title - Divisional Risk & Control Specialist CB, VP Location Mumbai, India Role Description CB Divisional CISO (D-CISO) Office The Divisional CISO has the ultimate responsibility for the operational aspects of ensuring compliance to Deutsche Banks Information Security Principles. The Divisional CISO Office supports the Div. CISO in this task. In this role the candidate will assist all of our business divisions by evaluating and mitigating information security risks in order to meet both audit and regulatory requirements. What Well Offer You As part of our flexible scheme, here are just some of the benefits that youll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your Key Responsibilities Information Security Officer (ISO) The ISO is a manager aligned to an application (Application ISO) both together hereafter referred to as area of responsibility. The ISO has the responsibility for ensuring the compliance with the Group Information Security requirements in their area of responsibility. Key responsibilities comprise but not limited to: ISO: Understand and analyze business setting from an information security perspective Perform risk assessments on complex applications, vendors, processes and projects from an information security perspective Identify security gaps, evaluate options for remediation, define and implement check points and compensating controls. Provide sufficient information related to the business context, information sensitivity and nature of usage of an application, including identification and implementation of controls for identified Information Security risks in their area of responsibility To cooperate with the D-ISO / D-CISO to address requests for policy interpretation, guidance and advice, to ensure creation of divisional policies in accordance with the IS Policy Governance and to support policy authors by raising questions to the policy advisory team Present assessments results and options to the business and discuss steps for resolution. Initiate and track risk acceptance process if required. Analyze and redesign access management processes (request and approval). Define and implement Segregation of Duties rules (details outlined below) Identifying applications and roles which allow access to PSI and assess appropriateness of access controls. Review of roles and application role concepts. Support on inquiries from internal and External Audit, regulators and clients. Advisory and support projects on information security questions. Advisory vendor relationships. Interact with and educate the business on information security risks and controls and handling sensitive data. Assist in assessing and determining appropriate controls on unstructured data hosted on internal and external data rooms. Conduct information security awareness sessions for stakeholders in CB. Assist in designing and implementing control framework for third party applications. Analyze the root cause for delays or incorrect processing and propose sustainable solutions Generate MIS for multiple IS topics and to assist senior management identify risks Support the wider D-CISO office where required including any adhoc analysis and presentations The Segregation of Duties (SoD) Manager acts as the single point of contact for the Divisions or Functions or other stakeholders with regard to any SoD related questions or issues in their area of responsibility. Key responsibilities of the SoD Manager comprise: To design and implement SoD Rules (for applications) in close collaboration with the ISO as well as other SoD Managers or stakeholders who may be affected by these rules. This includes the regular review of these rules and any necessary amendments To assess and remediate any SoD violations detected within their area of responsibility by either revoking inappropriate access or ensuring adequate compensating controls or exception handling procedures To assess the impact of inappropriate access on business operations and identify if there are indications for improper use of this access To act as the single point of contact for the Divisions or Functions or other stakeholders with regard to any SoD related questions or issues in their area of responsibility Liaise and coordinate with Central SoD Governance team and attend SoD forums Special Projects support on ongoing remediation projects. Your Skills And Experience Skills Profile: Experience as IT and/or IS analyst ideally in a Corporate Banking environment Proficiency in Microsoft Office applications (Excel, PowerPoint, Word, etc.) Excellent communication skills in English (verbal and written) with ability to articulate / engage with Senior management stakeholders (a must) Strong analytical skills and ability to transform complex issues into efficient solutions Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs Management Skills: Strong operational and people management skills, including the ability to operate within a diverse team. Excellent partnering skills and stakeholder management. The ability to successfully navigate a complex organisation, build strong relationships and work collaboratively with business and management teams and with other control functions. Comprehensive management / leadership skills, including the ability to motivate teams through demonstrable commitment to CB and DBs success. Experience/qualifications: Good university graduate or post-graduate degree with Information Security, Risk Management and Governance Prior experience in a risk environment (e.g. in BISO, ORM, Audit, Data Privacy) Good understanding of major business and operational risk processes. Certifications such as ISO27001-LA/LI, CISM, CISSP etc. Experience in banking industry with a strong sense of accountability and integrity Advanced presentation/interactive skills sufficient to convey complex conceptual information/ideas on issues requiring interpretation and opinion. Desire to work in a fast paced, challenging multi-cultural environment and with ability to work in a global team Self-motivated, critical thinking and good understanding of major business and risk processes How Well Support You Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About Us And Our Teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.,

KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Role detail 4 to 8 years of experience in vendor/ supplier/ third party risk assessment Expertise in IT internal audit, Information Security/cybersecurity, IT SOX, Third Part Risk Assessment Reporting e.g., SOC1, SOC 2. Relevant expertise on CSA STAR requirements, ISO control, NIST Standards, PCI DSS and GDPR requirements. Experience in performing control testing, IT / infosec risk assessments. Knowledge of technical domains such as cloud security and application security. Certification: CISA, CISSP, CEH, ISO, PCI DSS, NIST.

Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills.

Open Source COE Security Architect This role has been designed as Onsite with an expectation that you will primarily work from an HPE partner/customer office. Who We Are: Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in todays complex world. Our culture thrives on finding new and better ways to accelerate what’s next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE. Job Description: HPE Operations is our innovative IT services organization. It provides the expertise to advise, integrate, and accelerate our customers’ outcomes from their digital transformation. Our teams collaborate to transform insight into innovation. In today’s fast paced, hybrid IT world, being at business speed means overcoming IT complexity to match the speed of actions to the speed of opportunities. Deploy the right technology to respond quickly to market possibilities. Join us and redefine what’s next for you. What you will do: Expert in IT/Cyber Security field. Should be CISSP/CISM/CCSP and CCSK and ISO27001 Certification are desired. Should have good knowledge of security assessment against different global Frameworks like NIST, MITRE and cloud security alliance etc. Should have good understanding of Compliance and regulatory requirements. Working with information security and DevSecOps teams in a CI/CD environment as well as comprehensive understanding of cloud security systems. Programming experience in C/C++, Python, JavaScript, Bash & PowerShell Scripting is desired. Hands-on expertise, Linux, Kernel, threads, processes, API etc. is desired. Provide Security Vision & Strategy to the Organization, strategic direction, development, and implementation of information security programs and projects to address risks relevant to the attainment of organizational strategic security goals based on open source tool/framework. Experience in advising leadership team regarding evolving of open source Security Technology landscape, product issues, security mitigations for identified risks and possible improvements Expertise in providing executive roadmaps for continual improvement in teams, technology, and processes, process across various security & DevSecOps teams based on open source tool/framework. Experienced in Information Security Risk Management, gap analysis, Audits. Hands-on Experience in formulating Cyber Security Policies, design and implementation of Security Technologies, DevSecOps. Working Knowledge in implementation of Cyber Security Solution in Open Source, Open Stack environment. Ability to provide strategies to increase the ability to withstand cyber-attacks, as measured by annual sophisticated attack simulations. Experience in upgrading, troubleshooting and tuning of Cyber Security Solutions. Thorough understanding and good knowledge of latest Cyber Security technologies, security Architectures, vulnerabilities, security threats. Ability to setup PoC for latest open source security solutions. Good understanding of Open-Source Technologies, Cloud security technologies. What you need to bring: BE/B.Tech with 10+ years of experience in the IT industry and 6+ years of experience in Information Security / Cyber Security field. Expert-level knowledge in the IT/Cyber Security field, with a thorough understanding of the latest security technologies, architectures, vulnerabilities, and threats. Desired certifications include CISSP, CISM, CCSP, CCSK, or ISO 27001. Strong knowledge of global security assessment frameworks like NIST, MITRE, and the Cloud Security Alliance (CSA). A deep understanding of compliance and various industry regulatory requirements. Proven experience in developing security vision, strategy, and executive roadmaps for an organization based on open-source tools. Hands-on experience in Information Security Risk Management, conducting gap analysis, managing audits, and formulating Cyber Security Policies. Comprehensive understanding of cloud security systems and working with DevSecOps teams in a CI/CD environment. Working knowledge of implementing, upgrading, troubleshooting, and tuning Cyber Security Solutions, particularly in Open Source and OpenStack environments. Desired programming and scripting experience in C/C++, Python, JavaScript, Bash, and PowerShell. Hands-on expertise with the Linux operating system, including its Kernel, threads, processes, and APIs. Experience advising leadership teams regarding the evolving security landscape, product issues, and risk mitigation strategies. Ability to provide strategies to withstand sophisticated cyber-attacks and experience with annual attack simulations. Proven ability to set up Proof of Concepts (PoCs) for new and emerging open-source security solutions. Additional Skills: Accountability, Accountability, Active Learning (Inactive), Active Listening, Bias, Business Growth, Client Expectations Management, Coaching, Creativity, Critical Thinking, Cross-Functional Teamwork, Customer Centric Solutions, Customer Relationship Management (CRM), Design Thinking, Empathy, Follow-Through, Growth Mindset, Information Technology (IT) Infrastructure, Infrastructure as a Service (IaaS), Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity, Process Improvements, Product Services, Relationship Building {+ 5 more} What We Can Offer You: Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing. Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division. Unconditional Inclusion We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. Let's Stay Connected: Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE. #india #operations Job: Services Job Level: TCP_04 HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity. Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities. HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

Roles and Responsibilities Ensure compliance with ISO 27001 standards by implementing and maintaining an Information Security Management System (ISMS). Conduct IT audits to identify vulnerabilities and provide recommendations for improvement. Develop and implement policies, procedures, and controls to ensure data privacy and protection. Collaborate with cross-functional teams to integrate security into business operations. Provide training on ISMS best practices to employees. Desired Candidate Profile 6-11 years of experience in IT Compliance or related field. B.Tech/B.E. degree in Any Specialization. Strong knowledge of SOC, SOX, IT Audit, ISO27001 standards.

6 months Contract Work Location: Remote Description of Duties: Prepare and maintain all mandatory documentation for SOC 2 (Type 1 or Type 2) and ISO 27001 compliance, ensuring everything is audit ready.

DWS Group operates in a business environment with an almost complete dependence on information, which is processed and transmitted by information systems and interconnected computer networks and stored physically and electronically. Information security risk and threat landscape are dynamic and requirements for security are constantly growing. It is essential for DWS that confidentiality, integrity (authenticity) and availability of information are protected, and risk is managed according to DWS Risk Appetite and in accordance with legal and regulatory requirements. The role of the DWS Information Security Officer (ISO) is aligned to the DWS COO divisional unit and will report into the Divisional Information Security Officer (D-ISO). DWS ISO assumes ownership for the assigned IT Assets from an information security (IS) perspective. Your Key responsibilities To assume ownership and responsibility for assigned IT assets, in line with the Group Information Security management processes and the DWS ISMS To execute IS Risk assessments and compliance evaluations for assigned IT assets To assign accurate information classification to assigned IT assets based on confidentiality of Information To maintain the Information Security related documentation of assigned IT assets in the Groups asset inventory To establish a good working relationship with Business Application Owners (BAO) and other Subject Matter Experts (SME) of the divisions and functions of the assigned assets and develop profound knowledge of the supported processes and data To support key role holders such as ITAOs and TISOs to develop a secure environment by evaluating the Information Security requirements as early as possible in the system development life cycle to select the applicable Information Security Controls for implementation To give guidance to ITAOs and TISOs on the implementation of compensating Controls in case of deviations from the applicable Information Security Controls To execute and document periodical recertification of user access rights in their area of responsibility in compliance with the Groups identity and access processes To support implementation of Segregation of Duty (SoD) rules for the assigned IT assets To contribute to the Information Security incident management process in the case of a security breach To deliver all items requested during regulatory and internal Information Security related audits To remain fully trained and skilled by completing the required Information Security trainings provided by CSO or as requested by the Divisional CISO or the Divisional ISO. Your skills and experience Essential Candidate should have proven experience of working in Information Security and/ or Information Technology, ideally in a regulated financial institute Strong communication (written and verbal) skills with the ability to effectively communicate with different stakeholders within IT and business functions with excellent command of the English language. Knowledge on Information Security Controls, Data Protection Policy, Information classification principles and segregation of duties requirements within a financial organization Positive attitude and a team player Proactive and ability to work independently in a global team Open to learn, adapt and work with new technologies Outstanding problem solving, analytical and project management skills Proficiency with Microsoft Office programs Fluent English and communication skills Education / Certification Degree-level IT and/or information security qualification, or equivalent experience in Information Security and IT Security General understanding of current security industry standards, best practices, and/or frameworks i.e.: NIST, ENISA, ISO27001, OWASP

Identifying, assessing, and mitigating potential risks across various areas of the organization, including IT security, business processes, and regulatory compliance. Developing, implementing, and maintaining GRC programs and processes to support compliance and risk management efforts. Assisting with internal and external audits, responding to audit findings, and ensuring corrective actions are implemented. User Access review Creating and maintaining policies and procedures related to governance, risk, and compliance. Conducting gap analysis and implementing frameworks and standards such as ISO 27001, GDPR, NIST, and SOX. Developing and revising policies, standards, processes, and guidelines for the organization. Conducting vendor risk assessments against organizational security requirements. Continually testing and monitoring the effectiveness of security controls. Conducting research to aid threat assessment or risk mitigation activities. Assist the department in responding to inquiries from the business units about ongoing operational compliance Working with various teams and departments to ensure GRC practices are integrated into business operations. Required Skills and Qualifications: Technical Skills & Experience: 5+ years of direct experience in information security, with a main emphasis on risk and compliance 3+ years of expertise conducting ISO 27001 and SOC 2 audits, as well as handling audit responses Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC 2 , NIST, PCI, GDPR, etc.) Preferred Certification : CISA Knowledge of identity management standards, storage, and disaster recovery in the cloud and On-Premise Knowledge of GRC tool techniques and best practices Proven track record of organizing and carrying out several risk and compliance projects Ability to successfully manage third-party audits, compile evidence, and organize audit responses Effective written communication skills to develop & maintain the policies and procedures; the capability to communicate with cross-functional teams. Proven analytical and problem-solving abilities for managing initiatives that advance corporate goals Education Bachelors degree in computer science, information systems, or Cybersecurity

Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills. Specially for Managers Experience of writing proposal and responding to RFP’s Handling team of 4-5 people Profiles from consulting background to be preferred.

Years of experience : 5- 10 years Team management experience mandatory Bachelors degree in Computer Science, Information Technology, or a related field. Immediate to 30 days notice Key Responsibilities: Lead and manage the end-to-end ISO27001 certification process. • Develop and implement information security policies, procedures, and controls. • Conduct internal audits and coordinate external audits for ISO27001 and SOX compliance. Support and guide the organization through SOX readiness and ongoing compliance. Perform risk assessments and security gap analyses; recommend corrective actions. • Collaborate with cross-functional teams to enforce security and compliance practices. • Maintain documentation and evidence required for audits and certifications. • Administer IT systems including identity and access management, system configurations, and patch management. • Provide Azure administration support, including resource provisioning, security configurations, and monitoring. • Offer guidance and training to internal teams on security and compliance best practices. Technical Skills Required: Deep knowledge of ISO/IEC 27001 standards and implementation methodology. • Experience with SOX compliance controls and audit processes. • Strong understanding of information security principles and risk management. • Hands-on experience with Azure administration and Microsoft 365 security features. • Familiarity with ITIL practices and IT operational controls. • Experience in vulnerability management, endpoint protection, and incident response. • Proficiency in preparing and maintaining compliance documentation Qualifications: • Bachelor’s degree in Computer Science, Information Technology, or a related field. • ISO27001 Lead Implementer or Auditor certification is highly desirable . • Azure Administrator certification (e.g., AZ-104) preferred. • Minimum 5 years of experience in IT security, compliance, or IT administration. Strong written and verbal communication skills. • Ability to work independently and manage multiple priorities in a fast-paced environment.

Job Summary We are seeking an experienced ISO27001 Consultant to lead and support our organization in achieving ISO27001 certification. This role will also contribute to SOX compliance, information security initiatives, general IT administration, and Azure cloud administration. The ideal candidate will possess a strong understanding of information security standards, regulatory compliance frameworks, and hands-on technical expertise in IT operations. Key Responsibilities: Lead and manage the end-to-end ISO27001 certification process. Develop and implement information security policies, procedures, and controls. Conduct internal audits and coordinate external audits for ISO27001 and SOX compliance. Support and guide the organization through SOX readiness and ongoing compliance. Perform risk assessments and security gap analyses; recommend corrective actions. Collaborate with cross-functional teams to enforce security and compliance practices. Maintain documentation and evidence required for audits and certifications. Administer IT systems including identity and access management, system configurations, and patch management. Provide Azure administration support, including resource provisioning, security configurations, and monitoring. Offer guidance and training to internal teams on security and compliance best practices

Lead and support IT compliance audits and assessments aligned with ISO 27001 and SOC 2 standards.Understanding of regulatory compliance standards, such as GDPR, HIPAA,PCI-DSS,or ISO27001.Understanding of cloud platforms (AWS, Azure, or Google Cloud)

Position Description Role Title: Senior Information Security Officer Current Reporting Manager: Head of Information Security Assurance Current Location: Gurgaon Position Purpose The Senior Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will drive security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the ISO will ensure that security controls align with client contractual obligations, regulatory requirements, and industry best practices. The ISO will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges. Main Activities The position is within the Information Security team. Main activities will include but are not limited to: Responsibility Area Internal Audit & Assurance: Oversee the implementation and operations of the ISMS within the region. Ensure and support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Continuously assess and improve security controls and processes. Information Security Risk Management Identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Information Security Policy & Standards Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit & Compliance Lead and support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training & Awareness Develop, support deliver security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Assess and manage security risks associated with third-party vendors and suppliers. Ensure that security requirements are included in vendor contracts and SLAs. Perform regular security assessments of critical suppliers, considering the impact on client services. Security Operations & Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. Qualifications and Experience Bachelor'S degree in Information Security, Computer Science, or related field (or equivalent experience). 5+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. Strong understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. Experience in security risk management, audits, compliance, and client security assurance. Knowledge of security operations, incident response, and managed security services. Familiarity with supply chain security and third-party risk management. Excellent communication and stakeholder management skills, with experience working with clients on security matters. Security certifications such as CISSP, CISM, or CRISC are preferred.

Role detail 4 to 8 years of experience in assurance, information security, vendor/ supplier/ third party risk assessment Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, privacy etc. Knowledge of technical domains such as network security, cloud security, application security, control testing Knowledge of concepts such as vendor risk profiling, country risk assessment, outsourcing/ technology regulations Experience in assessing emerging technologies such as robotics, IOT, DLT, Social, Mobile etc., Exposure to TPRM specific regulations (FED, MAS, OCC, etc.), Exposure in assessing different third parties e.g. Brokers, Exchanges, etc., Worked with TPRM tools, platforms & utilities such as KY3P, TruSight, ServiceNow, OneTrust, CyberGRX, Coupa etc, Strong Auditing skills is desired, experience in IT Compliance, ITGC testing, and Assurance is a plus Strong problem solving and logical approach skills Excellent written and verbal communication skills Consistent display of technical proficiency Ability to work well in teams Willingness to travel within India or abroad for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example CISA/ CISSP/ CISM/ISO27001 LA / LI / Cloud security certificates Prior exp in IT Audit, SOC 1, SOC 2 Qualifications: Bachelors degree in computer science or related field Excellent communication and team collaboration skills

Governance: Develop, review, and update information security policies, procedures, and frameworks to align with industry best practices and regulatory requirements. Risk Management: Conduct comprehensive risk assessments, including identifying

Role & responsibilities About the role for Internal Candidates Perform 3rd-party audits and trainings according to ISO/IEC 27001, ISO 9001, ISO 20000-1, ISO 22301 & other IT specific standards/ frameworks Provide timely and accurate reviews of clients corrective action and closure Provide customers with timely, complete, and accurate reports of their current level of conformity / implementation of their management system Maintain schedule of audit activity with Management System clients Maintain appropriate auditor credentials and pursues advancement of those credentials and other related credentials as needed. Ensuring compliance with accreditation rules and other internal or external requirements. Ability to manage Key Customers. Supporting the sales team on technical aspects. Familiarity with use of digital tools Preferred candidate profile Bachelors degree in computer Science or equivalent & ideally a higher-level qualification Overall 8+ years experience , 5 Plus years Experience in IT /Management system Implementation / certification and Minimum 5 years of profound experience in the field of information security and External audits Great attitude, Analytical skills and communication skills. Preferred: ITIL Certified, CISA, CISM, CISSP, MCSE, MCSA and/or MBA Good understanding of relevant regulations and industry standards (e.g. ITIL Framework, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, HiTrust and GLBA), best practices and methodologies and the ability to apply these requirements to organizational internal control frameworks. Perks and benefits Flexible work arrangements for better work-life balance Generous Paid Leaves (Annual, Sick, Compassionate, Local Public, Marriage, Maternity, Paternity, Medical leave) Medical benefits ( Insurance and Annual Health Check-up) Pension and Insurance Policies (Group Term Life Insurance, Group Personal Accident Insurance, Travel Insurance) Training and Development Assistance (Training Sponsorship, On-The-Job Training, Training Programme) Additional Benefits (Long Service Awards, Mobile Phone Reimbursement) Company bonus/Profit share. *Benefits may vary based on position, tenure/contract/grade level* DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity. If you are interested in this opportunity, we encourage you to submit your application promptly via the link provided below: https://jobs.dnv.com/job-search/business-assurance/auditor/bangalore-india-hyderabad-india-mumbai-india/lead-auditor-ict/300001120539090

L3 - Senior Consultant - Bengaluru Duties/Responsibilities: L3 As a Senior Consultant, you will be at the front lines with our users supporting them with their Cloud needs specifically helping them navigate the journey to the cloud on the Microsoft 365 platform. Job Description: (Knowledge, Skills, and Abilities) M365 Technologies - MUST have advanced troubleshooting and project implementation skills in 2 or more of the technologies below. Certifications highly preferred (ISO 27001 guidelines). If the candidate has a reasonably strong experience he must complete it within 2 months. Recent learning and certification should be alligned with the future technologies. M365 AzureAD M365 Exchange Online or MDOP 2 M365 InTune - Device Management and Application Management lifecycle, M365 Defender suite (Office 365,EndPoint, Exchange, CloudApps) Microsoft Identify AzureAD, conditional access, integrations SAML Microsoft VDI or DaaS (Microsoft 365, Microsoft Cloud PC) Scripting - powershell, KQL Windows 365 Operating systems and Hardware Microsoft Security and Compliance Team player with experience communication with US users - excellent communication skills Good to have worked in night shifts in the recent future (this is a different genre of people many will find it difficult) Optional.. Must Have InTune - 30% (Patching apps, scripts, automation -AutoPilot, troubleshoot logs) Defender suite - 20% (email, teams, sharepoint, CoPilot, addressing policies and troubleshooting ) Vendor management - 10% (collaborating with MS, HP, Dell, Lenovo, Managed service providers like Microsoft) Security and Compliance products in M365 - 30% (Adanced M365 security features AzureAD, Experience in delivering in SLA environments- 10% Awareness and having worked in ISO 27001 or SOC2 companies - 10% Must work in an IT department with 500+ users or more and be able to mentor juniors in the team. Good to Have Compliance - ISO 27001 or SOC 2 (should have experience working in these environments) Network --> FortiGate UTM (Firewall, IDS, IPS, Web Application Filter) Server Operating systems --> Windows Server 2022, Ubuntu, HyperV Hardware - Laptops, Server and Network Equipment Additional Requirements: Must be willing working in rotational shifts India/US (EST) hrs. BA/BS degree required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology. Certification Certification - M365 Admin certifications in the above technologies are preferred. Must be constantly upgrading/learning new technologies . ******************************************************************************************* If interested with this opportunity, Kindly - do share your updated Resume along with below required details to devaraj.v@valuepointsystems.com OR WhatsApp to 8867682884 Notice Period: Total Experience: Relevant Experience: Current Location: Preferred Location: Current CTC: Expected CTC: