110 Iso27001 Jobs - Page 5

Responsibilities Manage a team of senior Networking and Security personnel. Serves as the subject matter expert (SME) on Cloud networking and security, having previously worked in a senior technical network or security role. Help deliver and manage projects that apply the companys security policies and standards for use in cloud environments. Communicate security concepts to different audiences ranging from business leaders to engineers, as well as customers. Serve as a key subject matter expect in security and networking topics and support delivery of core services from a network security perspective. Mentor and influence team members in implementing and delivering projects and performing ongoing security and network monitoring. Help design security frameworks and effective solutions for vulnerability remediation. Develops standards, policies, and procedures as well as best practices documentation. Able to translate technical requirements into business requirements. Assist team members to update their security and networking skills and knowledge. Collaborate with other IT teams, developers, and business stakeholders to ensure alignment on network and security requirements. Stay up-to-date with the latest cloud networking and security trends and technologies. Develop and execute security roadmaps and initiatives. Drive change and improvements in security delivery of our Cloud security services. Education / Qualifications A university qualification of Bachelor's degree level in Engineering/IT, or a related field. Skills Required: Strong experience in a Security and networking leadership role (5 years+ in a management role combined with previous experience working at a senior technical level for 5 years+ in network/security role). Extensive security management experience in an environment leveraging Azure and/or AWS public cloud platforms. Strong Application, Networking, Cloud Security knowledge and experience. Previous experience working in environments that leverage public Cloud. Extremely knowledgeable in security and networking technical matters. Experience of compliance standards, including ISO27001 and/or SOC2. Familiarity with directives such as GDPR and NIS2/DORA. Experience of team management and interview protocols. Strong understanding of penetration testing and vulnerability assessments. Experience with project management and security project delivery. Solid understanding of application development and SDLC. Security certifications a strong plus (eg CISSP). Fluent English speaker. Desired technical skills or knowledge areas: Expertise in Azure and AWS networking and security services. Proficiency in network protocols and technologies (e.g., TCP/IP, DNS, VPN, routing). Knowledge of security frameworks and standards (e.g., NIST, CIS). Experience with SIEM, IDS/IPS, and vulnerability management tools. Strong practical experience with Fortinet security solutions (FortiGate, FortiAnalyzer, etc.). Proficiency in using Rapid7 security tools (Insight IDR VM) for vulnerability management and forensic investigation. Experience with tooling used for malware analysis and threat prevention. Experience with ManageEngine suite of products, especially PAM360 and Patch Manager Plus. Scripting and automation knowledge (e.g., Python, PowerShell, Terraform).

Job Summary : We are seeking a highly skilled Compliance Specialist with 4-7 years of experience to join our team. The ideal candidate will have a strong understanding of IT environments, risk assessment, and auditing methodologies, along with expertise in regulatory compliance standards such as SOX, ISO27001, HIPAA, GDPR, UK CE+, and NIST. Prior experience with Big 4 firms is highly desirable. Key Responsibilities : Risk and Compliance Assessments : - Conduct assessments to evaluate the design and operational effectiveness of policies, standards, and control frameworks. - Coordinate with process owners and subject matter experts to collect, review, and present artifacts supporting compliance with internal security policies and applicable regulations. Policy and Remediation Support : - Identify common compliance issues and provide solutions to ensure adherence to security policies. - Collaborate with IT and business teams to implement remediations that achieve compliance with information security policies. Automation Initiatives : - Support and manage automation initiatives, including coordination with cross-functional teams to define requirements, gather data, and test designed solutions. - Experience in Robotic Process Automation (RPA) is desirable. Communication and Presentation : - Clearly and concisely present information in a manner that promotes understanding, both in writing and verbally. - Interact professionally with diverse groups and adapt communication to suit various stakeholders. Research and Continuous Improvement : - Conduct research on unfamiliar topics to ensure compliance and knowledge enhancement. - Drive continuous improvement by evolving team processes and incorporating feedback. Global Collaboration : Flexibility to attend meetings across various time zones, including US and Europe. Qualifications and Skills : Educational Background : Bachelor's degree in a relevant field such as Information Security, Risk Management, or IT. Experience : - 4-7 years of audit or compliance experience. - Big 4 experience preferred. Technical Knowledge : - Strong understanding of IT environments, risk assessment, and auditing methodologies. - Familiarity with regulatory frameworks : SOX, ISO27001, HIPAA, GDPR, UK CE+, and NIST. - Experience with RPA is a plus. Communication Skills : - Excellent verbal and written communication skills. - Ability to present information effectively to various audiences. Analytical Skills : - Ability and willingness to research and solve complex compliance challenges. - Interpersonal Skills : Active listener with the ability to guide teams effectively. Hybrid (Primarily Remote, however team is expected to come to office in Delhi/Gurgaon), Mumbai, Delhi / NCR, Bengaluru , Kolkata, Chennai, Hyderabad, Ahmedabad, Pune.

Corporate IT Security and Governance, exp. in Information Security, ISO 27001 Implementation , Documentation. risk assessment , 2nd Line of Defense , Control Review, Control Testing, ITGC controls. ,corporate policies and procedures, GAP Analysis,

Role & responsibilities: Outline the day-to-day responsibilities for this role. Preferred candidate profile: Specify required role expertise, previous job experience, or relevant certifications.

Our client is a Big4 consulting firm with the base office (for the role) at Bengaluru. Client is looking to hire people with experience on Information Security, SOX, SOC along ITGD, SAS 70, ISO 27001. As an Assistant Manager in the Control Assurance (A&A) Team you'll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - You should assist client in identifying and evaluating business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement. You should assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. You must facilitate use of technology-based tools or methodologies to review, design, and/or implement products and services. You should understand clients' business environment and basic risk management approaches. Project Management: Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions. Build and nurture positive working relationships with clients with the intention to exceed client expectations. Desired qualifications They should be B.E/ B.Tech in Computer Science, Information Technology or related fields. Chartered Accountant and/or MBA with Finance/IT They must have 2 - 4 years of experience in the areas of IT audits, ITGC, SOX / ICFR / IFC / SAS 70 / SSAE / SOC, IT Financial Audit and Business Automated Controls, IT Risk consulting or any other regulatory / compliance audits They should have knowledge of ERPs like SAP / OFIN / JDE / etc and their native application controls will be preferred. They must have hands on experience on regulatory requirements / international standards (SSAE / ISAE / SOX, PCI, ISO 27001) and good practices (COSO, COBIT) relating to information security. They must have Excellent English skills, excellent presentation skills, excellent soft skills. Preferred Certifications Certifications of CISA, CISSP, CISM, ISO27001 preferred Audit & Assurance/Control Assurance Control Assurance (A&A) | Assistant Manager Location and way of working. Base location: Bangalore This profile involves frequent travelling to client locations. Hybrid is client's default way of working. Each domain has customised the hybrid approach to their unique needs.

Role & responsibilities Perform 3rd-party audits and trainings according to ISO/IEC 27001, ISO 9001, ISO 20000-1, ISO 22301 & other IT specific standards/ frameworks Provide timely and accurate reviews of clients corrective action and closure Provide customers with timely, complete, and accurate reports of their current level of conformity / implementation of their management system Maintain schedule of audit activity with Management System clients Maintain appropriate auditor credentials and pursues advancement of those credentials and other related credentials as needed. Ensuring compliance with accreditation rules and other internal or external requirements. Ability to manage Key Customers. Supporting the sales team on technical aspects. Familiarity with use of digital tools Preferred candidate profile Bachelors degree in computer Science or equivalent & ideally a higher-level qualification Overall 10 years experience , 5 Plus years’ Experience in IT /Management system Implementation / certification and Minimum 5 years of profound experience in the field of information security and External audits Great attitude, Analytical skills and communication skills. Preferred: ITIL Certified, CISA, CISM, CISSP, MCSE, MCSA and/or MBA Good understanding of relevant regulations and industry standards (e.g. ITIL Framework, FFIEC, SOX, COSO, COBIT, ITIL, ISO27001, PCI, HIPAA, HiTrust and GLBA), best practices and methodologies and the ability to apply these requirements to organizational internal control frameworks.

As a Penetration Tester, you will be instrumental in safeguarding our AI platforms by identifying vulnerabilities and simulating real-world attacks. Your expertise will help fortify our systems, ensuring the integrity and trustworthiness of our AI solutions. Role & responsibilities Conduct Penetration Tests: Perform comprehensive penetration testing on AI models, APIs, cloud infrastructures, and associated systems to uncover security weaknesses. AI-Specific Threat Analysis: Identify and assess vulnerabilities unique to AI systems, including model inversion, data poisoning, and adversarial attacks. Tool Development: Create and maintain custom scripts and tools to automate testing processes and improve efficiency. Reporting: Document findings in detailed reports, providing actionable recommendations to mitigate identified risks. Collaboration: Work closely with development, data science, and DevOps teams to integrate security best practices throughout the AI product lifecycle. Stay Updated: Keep abreast of the latest cybersecurity threats, penetration testing techniques, and AI security research. Job Penetration Testing Tools: Proficiency with tools like Kali Linux, Burp Suite, Metasploit, Nmap, and Wireshark. Programming and Scripting: Strong skills in Python, Bash, or PowerShell for automating tasks and developing custom testing tools. Networking and Protocols: In-depth understanding of TCP/IP, DNS, HTTP/HTTPS, and other networking protocols. Operating Systems: Experience with Windows, Linux, and macOS environments. Cloud Security: Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and their security configurations. AI and Machine Learning: Basic understanding of machine learning frameworks (e.g., TensorFlow, PyTorch) and AI model architectures Preferred candidate profile Advanced Threat Analysis: Experience in identifying and mitigating sophisticated cyber threats. Social Engineering: Knowledge of social engineering tactics and their application in penetration testing. Security Frameworks: Familiarity with OWASP, NIST, and ISO/IEC 27001 standards. Secure Coding Practices: Understanding of secure coding standards and the ability to perform code reviews.

Preferred: Pune-based candidates Required Skills: - IT Audit Planning and Management - Conducting ISO 27001 Audits and Reporting - Corrective Actions and Follow-up - Implementation of ISO 27001 - ISO 27001:2022 Certification is a plus

- Responsible for managing data security & privacy compliance (ISO 27001, EU GDPR, SOC 2). - Leads audits, risk assessments, policies, and training; experienced in managing and auditing security and privacy controls. - Open to travel across Mumbai.

Function: IT Advisory About KPMG in India KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focussed and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Our professionals provide the experience to help companies stay on track and deal with risks that could unhinge their business survival. Our services enable clients to effectively co-ordinate their key growth, quality and operational challenges and working in partnership with us, clients have the benefits of KPMG's experienced, objective, and industry-grounded viewpoints. Job Description: Role & RESPONSIBILTY Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Perform risk assessments on various applications, services, and infrastructure components. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Deliver complex Infrastructure programmes with multiple business and technical risks that will impact the success of key business priorities Create and track a plan to deliver programme goals, including the technical implementation plan, ensuring colleagues and stakeholders are kept up-to-date Manage risks and Issues on the programme demonstrating tactics to resolve or mitigate Understand trade-offs in hardware and infrastructure delivery using experience and influencing skills to drive consensus with the Engineering and Product teams to obtain the best value and deliver brilliant technical solutions Able to foresee potential risks and issues, establish a process, facilitate discussion and manage escalations Able to understand a technical architecture to be able to foresee the impact on dependencies, delivery timelines and implementation plans Have good knowledge of engineering best practices and practical infrastructure implementations to appreciate delivery challenges Collaborate with the Product and Engineering teams to define annual budgetary requirements Evaluate and interpret assessment results to identify potential vulnerabilities and risks and provide actionable recommendations for risk mitigation. Stay up to date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk. Establish and sustain long-term profitable client relationships that drive value creation, delivery excellence and a positive client work environment. Manages client expectations and client satisfaction. Acts as an advisor and partner to the client. Design, develop and implement business strategies for clients to implement new and different approaches to business based on the innovation approach. REQUIREMENTS: A minimum of 5+ years of hands-on experience in Project/Program Management. Understand the key principles of ITSM and How this drive effective change into BAU Have experience of building credible relationships and influencing senior management Strong Project, Stakeholder & Programme management skills Good reporting skills for programs and financial forecasting Adept communication & influencing skills and adoptability to changes - Expert delivery experience with the following tools: - Jira - Confluence - Miro - Microsoft Project - MS Excel Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Strong communication and stakeholder & conflict management skills. Strong analytical and problem-solving skills, with the ability to think critically and strategically. SELECTION PROCESS Candidates should expect 2-3 rounds of personal or telephonic interviews to assess fitment and communication skills. CRITERIA Education 60% above throughout academics One 3 years (at least) regular course is must either Diploma or Graduation Course: B.E. / B. Tech / MCA / M. Tech / MBA degree or equivalent Minimum 3 years of hands-on experience in conducting cyber risk assessments. Certification: CISM / CISSP / CCSP / CISA / CRISC / ITIL / ISO 27001/22301/20000 LI/LA / PCI DSS (At least one) CCNA / CCNP or equivalent (optional) Relevant certifications in OT security (GICSP, ISA/IEC-62443 or equivalent) Compensation Compensation is competitive with industry standards. Details of the compensation breakup will be shared with short-listed candidates only WoRK Timing: Monday to Friday WoRK LOCATION: Bangalore (5 days Work from Office) People BENEFITS Continuous learning program Driving a culture of recognition through ENCORE’ our quarterly rewards and recognition program Comprehensive medical insurance coverage for staff and family Expansive general and accidental coverage for staff Executive Health check-up (Manager & above, and for staff above the age of 30) Les Concierge desks Internal & Global mobility Various other people friendly initiatives Strong commitment to our Values such as CSR initiatives The opportunity is now! If you are interested in being part of a dynamic team, serving clients and reaching your full potential – KPMG Advisory Services is for you!