436 It Audit Jobs - Page 13

Overview The Cybersecurity Governance, Risk, Compliance (GRC) Senior Analyst position is responsible for managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance. Contributes to preserving the high standards of confidentiality, integrity, and availability of EagleView mission-critical information. Conducts Cybersecurity risk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of control processes. Implements and maintains on-going programs and processes to test the design and operational effectiveness of security controls. Responsible for ensuring IT assurance and compliance related activities are completed in accordance with industry standards and regulatory requirements. The position reports to the Manager, GRC, and is responsible for executing the key functions of information risk management, security compliance, governance, and information security assurance. Primary Responsibilities In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team. You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes. You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels. Ensure compliance with laws, regulations, and industry standards, and compliance programs (e.g. SOC2, PCI, ISO 27001, NIST 800-X) Create processes to support effective risk identification, evaluation, communication, and remediation Participate in Risk Management Committee meetings Work with risk owners to develop plans of action to reduce or mitigate risks Analyzes security controls for effectiveness of design by evaluation of control documentation and process Analyzes security controls for operational effectiveness by evaluation of control evidence Contribute to corporate information risk management strategy, policies, standards, and tactical plans Contributes to a comprehensive internal security audit program that validates existing security controls Contribute to the company-wide security awareness program and compliance training Coordinate annual enterprise risk assessment and PCI-self assessment activities Ensure all systems, processes, and changes are formally documented Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance Maintains the Risk Register and support processes to define and measure risks, then plan risk responses with company leadership Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders Skills/Requirements Required Knowledge, Skills and Experience: Bachelor's degree in a technology or business-related field (BSc or BBA preferred) 8 years overall experience in Information Security, Risk Management, or IT audit 5 years of hands-on experience supporting one or more of the following programs: Risk Management Vendor Risk Management Security Audits and Compliance (especially SOC2) Vulnerability Management Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls Working knowledge of business and risk assessment methodologies/mitigation strategies using industry standards (e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.) Very high attention to detail, with strong skills in managing/presenting data and information Very strong skills in documentation, including policies, standards, processes and procedures Ability to work independently and productively without constant supervision Critical thinking and analytical ability Excellent verbal and written communication skills Preferred Knowledge, Skills and Experience: Certification such as SANS GIAC, CISA, or CISSP preferred Previous experience in a software development company is preferred Experience using a GRC management platform (e.g. Archer, ZenGRC, etc.)

Role & responsibilities Monitoring Backup jobs training the documentation, and keeping to IT Head approval. Responsible for tracking hardware and software inventory in the ticketing tool. Updating the IT assets Maintaining the labels for all IT assets. Responsible for the Backup Responsible for GMP-related queries and prepared the documentation IT-related bills are filed and kept for approval. PCB-related onsite support and coordinating with vendors supported by the reporting Head. Monitoring and maintaining the CC Cameras infrastructure and escalating to the head if anything is critical. Troubleshooting third-party applications at the Unit level and escalating to the reporting Head to get solutions from 3rd party vendors. Technical Support on Enterprise resource planning (ERP/FOCUS) to End users through (Ticket, Mail, Mobile, and Remote) in Sipra has the following modules: Accounts, Purchase, Sales, Inventory, and Payroll. Conduct training sessions for new and existing users for any developments supported by the IT Head. Knowledge on complete Desktop and Server support. Configuring servers using 2003, 2008,2012, 2016 and 2019. Knowledge on Active Directory services, Installing active directory-Domain controller, group policies and adding Client machines in to AD User administration i.e., setting up user accounts, permissions and passwords Knowledge on remote technical assistance Software installations and configurations. Establishing LAN, adding / removing nodes to / from LAN Working knowledge of MS Active Directory 2012 and 2016 Knowledge on DNS, DHCP & FTP Knowledge on firewalls, routers and switches(Cisco, WatchGuard) Giving complete technical support to all virus-related issues and network related issues Managing email, anti-spam and virus protection. Preferred candidate profile Pharma Experience is must for the candidate. Should have basic understanding for 21CFR and GXP Systems

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. Qualifications: Bachelor s degree in engineering, Computer Science, Information Systems, or a related field with 5-10 years rich working experience and strong understanding of SAP S/4HANA GRC (Governance, Risk, and Compliance) Access Control and Security module for overseeing the implementation, configuration, and management of SAP GRC Access Control and Security solutions within the SAP S/4HANA environment.Ensure the organizations access control and security processes align with regulatory requirements and industry best practices.SAP S/4HANA GRC Access Control: In-depth knowledge and hands-on experience with SAP GRC Access Control module, including role management, user provisioning, access request management, and access risk analysis.Segregation of Duties (SoD): Expertise in SoD concepts, methodologies, and tools. Ability to design and implement SoD rules and controls within SAP GRC Access Control.Regulatory Compliance: Understanding of regulatory requirements and standards, such as GDPR, SOX, and industry-specific regulations. Knowledge of controls and processes to ensure compliance with these requirements.Security Administration: Proficiency in SAP S/4HANA Fiori security administration activities, including user account management, role management, and access provisioning Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their colour, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability, or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavour for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Solution Design: Collaborate with stakeholders to understand business requirements and design SAP GRC Access Control and Security solutions that meet regulatory compliance and risk management objectives.Access Control Implementation: Implement and configure SAP GRC Access Control module, including role management, user provisioning, access request management, and access risk analysis.Segregation of Duties (SoD) Management: Design and implement SoD rules and controls within SAP GRC Access Control. Perform SoD analysis to identify and remediate conflicts in user access and ensure compliance with regulatory requirements.Security Administration: Proficiency in SAP ECC, SAP GRC, S/4HANA Fiori security administration activities, including user account management, role management, and access provisioningRisk Assessment and Mitigation: Perform risk assessments to identify potential security risks and vulnerabilities within the SAP landscape. Develop and implement mitigation strategies to address identified risks.Compliance and Audit Support: Ensure compliance with relevant regulations, such as GDPR, SOX, and industry-specific requirements. Support internal and external audits by providing necessary documentation and evidence of compliance.

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. Qualifications: Bachelor s degree in engineering, Computer Science, Information Systems, or a related field with 5-10 years rich working experience and strong understanding of SAP S/4HANA GRC (Governance, Risk, and Compliance) Access Control and Security module for overseeing the implementation, configuration, and management of SAP GRC Access Control and Security solutions within the SAP S/4HANA environment.Ensure the organizations access control and security processes align with regulatory requirements and industry best practices.SAP S/4HANA GRC Access Control: In-depth knowledge and hands-on experience with SAP GRC Access Control module, including role management, user provisioning, access request management, and access risk analysis.Segregation of Duties (SoD): Expertise in SoD concepts, methodologies, and tools. Ability to design and implement SoD rules and controls within SAP GRC Access Control.Regulatory Compliance: Understanding of regulatory requirements and standards, such as GDPR, SOX, and industry-specific regulations. Knowledge of controls and processes to ensure compliance with these requirements.Security Administration: Proficiency in SAP S/4HANA Fiori security administration activities, including user account management, role management, and access provisioning Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their colour, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability, or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavour for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Solution Design: Collaborate with stakeholders to understand business requirements and design SAP GRC Access Control and Security solutions that meet regulatory compliance and risk management objectives.Access Control Implementation: Implement and configure SAP GRC Access Control module, including role management, user provisioning, access request management, and access risk analysis.Segregation of Duties (SoD) Management: Design and implement SoD rules and controls within SAP GRC Access Control. Perform SoD analysis to identify and remediate conflicts in user access and ensure compliance with regulatory requirements.Security Administration: Proficiency in SAP ECC, SAP GRC, S/4HANA Fiori security administration activities, including user account management, role management, and access provisioningRisk Assessment and Mitigation: Perform risk assessments to identify potential security risks and vulnerabilities within the SAP landscape. Develop and implement mitigation strategies to address identified risks.Compliance and Audit Support: Ensure compliance with relevant regulations, such as GDPR, SOX, and industry-specific requirements. Support internal and external audits by providing necessary documentation and evidence of compliance.

KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment Job Summary Projects in Role Governance would include Identity Access Governance (IAG) assessment, Role based Access control (RBAC) design and functional assistance in IAG solution implementation along with providing services to run IAG operations for client organizations. A bachelor s degree in engineering and 3-5 years of related work experience; or a master s or MBA degree in business, computer science, information systems.Knowledge of access management concepts and technologies such as single sign on (SSO), multi-facto authentication (MFA) mechanism.Exposure to internal audits, compliance assessments, and regulatory reporting related to access control.Exposure to automation data analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantageFamiliarity with ERP systems, financial applications and other business systems.Understanding of RBAC and SOD principles and risk management practice.Knowledge of IT security concepts and access management tools.Sector specific knowledge such as FS (banking/NBFC) is an added advantage.Proficiency with Microsoft Word, Excel and other MS Office toolsProfessional certifications (e.g., CISA, CISM, CISP or IAM-Specific certifications) can be advantageous and preferred.A team player and strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their colour, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability, or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavour for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Participate in client meetings and discussions to understand user life cycle processes for access management and determine IAG maturity in their environment.Demonstrate knowledge on RBAC and segregation of duties principles and conduct meetings with client stakeholders, to perform identity and access assessments and design RBAC including Access Control Matrices (ACM) and Segregation of Duty (SoD) Matrix.Collaborate with stakeholders to evaluate SOD conflicts in consultation with Business teams to resolve identified conflicts and/or implementing mitigating controls to address risk.Assistance in formal evaluation of potential IAG solutions depending on various identity needs of clients.

Manage internal/external audits (ISO, SOC 2), handle client questionnaires, ensure security compliance (ISO 27001, NIST), coordinate audits via OneTrust, test controls, review policies, and support InfoSec risk, GRC, and compliance processes. Required Candidate profile Looking for 8–12 yrs exp in InfoSec audits, ISO 27001, NIST, client questionnaires, OneTrust GRC, control testing. Good to have CISSP/ISO certs. Shift: 2–11 PM,

To drive and support the business change activities required to underpin Shell s Audit simplification agenda. Shell is focused on aligning and simplifying Internal audit to increase business value which will drive significant and ongoing change in all parts of the business, supporting the business growth agenda. The role is delivery focused and will lead Audit -driven business change in a programme or project environment. T he primary purpose of the role is to: Work on IT Audit and related services like control testing (ITGC / SOX) and SOP designing. Support in reviews of audit processes like IT Audit, ITGC, ISO27001 and SOX audit. Work on Change Management, Incident Management and user access control. Technical Skills Experience Individual contributor in an Audit team handling a project pertaining to a client. Able to understand procedures to be followe'd for execution documentation of below projects: o ITGC Audit. o SOX audit. o Change Management Soft Skills Experience High delivery impact in IT Audit activities Process knowledge of business functions Understanding of Audit approaches Proven track record of building strong stakeholder relationships at different organizational levels Able to produce high quality deliverables and activities Resilient and able to manage challenges in variety of work / sectors Results/outcomes-oriented way of working Confident and able to work in any type of work environment Excellent oral and written presentation skills Qualification: BTech, BCA Graduate or any computer science graduate with 1-3 years of ITGC experience. Certifications in IT audits and ISO27001 would be preferred Selection Process: 2 rounds of technical interview followe'd by business head and ICOE round for culture fitment.

Qualification: BTech, BCA Graduate or any computer science graduate with 1-3 years of ITGC experience. Certifications in IT audits and ISO27001 would be preferred Overview To drive and support the business change activities required to underpin Shell s Audit simplification agenda. Shell is focused on aligning and simplifying Internal audit to increase business value which will drive significant and ongoing change in all parts of the business, supporting the business growth agenda. The role is delivery focused and will lead Audit-driven business change in a programme or project environment. The primary purpose of the role is to: Work on IT Audit and related services like control testing (ITGC / SOX) and SOP designing. Support in reviews of audit processes like IT Audit, ITGC, ISO27001 and SOX audit. Work on Change Management, Incident Management and user access control. Technical Skills Experience Individual contributor in an Audit team handling a project pertaining to a client. Able to understand procedures to be followe'd for execution documentation of below projects: o ITGC Audit. o SOX audit. o Change Management Soft Skills Experience High delivery impact in IT Audit activities Process knowledge of business functions Understanding of Audit approaches Proven track record of building strong stakeholder relationships at different organizational levels Able to produce high quality deliverables and activities Resilient and able to manage challenges in variety of work / sectors Results/outcomes-oriented way of working Confident and able to work in any type of work environment Excellent oral and written presentation skills

Summary -To provide expert advice to superiors for a sub-area within FSC and related key activities; to ensure compliance with external and internal accounting reporting requirements in a timely and accurate manner. About the Role About the role: Novartis being a public company and SEC registrant has established SOX internal control system in order to provide reasonable assurance to the Group s management and Board of Directors regarding the reliability of financial reporting and the preparation of its financial statements. The Senior Consultant ERP Assurance is a member of a global team of IT assurance experts who play a critical role in designing and assessing efficiency of IT Application Controls across the company s IT landscape. This team plays a pivotal role and is exposed to senior stakeholders at all levels, both internal and external. Key responsibilities: You will play an important role as an experienced ERP assurance professional You will be part of a global team of IT Application Controls experts Provide assurance in the areas of ERP systems (eg SAP, others) Identify process and IT controls improvement opportunities and drive implementation Test IT application controls - Reports, Interfaces, Fully Automated Controls etc, ensuring SOX compliance and reliability Participate in IT risk assessments Collaborating with IT Application Owners and Business Process Owners in helping to identify SOX relevant IT Applications and Infrastructures You will support identification and testing of IT application controls when implementing a new ERP system or upgrades You will advise on ITACs structure by understanding the end-to-end processes, IT environment and data context to resolve right mix of preventative and detective controls based on automation and data analytics You will collaborate with teams from all over the world Essential Requirement: University degree (university or college) in economics, business informatics or computer science with a demonstrated track in IT Audit or Internal Controls in any of Big 4 preferably A minimum of 4 years experience in auditing ERP systems (ideally SAP systems), IT environments and (automated) business process controls Experience in performing IT audit or review engagements (focus on ITACs), including a solid understanding of external audit approaches, concepts, methodology Good teammate with the ability to collaborate closely with both technical and business contacts An entrepreneurial and structured attitude as we'll as a result oriented and collaborative approach to work Exceptional communication, presentation, and business writing skills in English Desirable Requirements: Ability To Influence Key Stakeholders. Critical Thinking. Process Optimization.

Responsibilities: * Finalization of books of accounts * Independently handle statutory audits and IT audits of Companies, LLP etc. * Independently handle IT return filing * Perform GST reconciliations and GST annual return filing.

Who we are About the role: We are seeking an experienced Assistant Manager, Technology Internal Audit to be part of our growing Internal Audit (IA) team based in Bengaluru, India. This person should have a motivated and agile mindset, with experience performing technology-risk based audits and SOX ITGCs. The broader Internal Audit & Risk Governance team focuses on providing risk assurance and business insights through audit and operational projects that identify opportunities for management to enhance risk management, controls posture, and improve business operations. We strive to provide value to our stakeholders, insights to the Audit Committee/Board and help management to achieve their strategic goals while mitigating risks and maximizing opportunities. Focus areas include enterprise risk, internal controls, financial reporting, risk governance, business processes, and technology related risks. The Assistant Manager, Technology Internal Audit, will play a key role in executing technology internal audits and SOX ITGC testing, communicating results and identifying pragmatic observations and recommendations to make Samsara s technology related processes and controls more effective. The scope includes working closely with business stakeholders across the company (in key technology-focused areas) to provide independent insights to address risk gaps and improve maturing areas in Samsara s technology, cybersecurity, and compliance risk areas. You should apply if: You want to impact the industries that run our world: Your efforts will result in real-world impact helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely. You are the architect of your own career: If you put in the work, this role won t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, countless opportunities to experiment and master your craft in a hyper growth environment. You re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers. You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-calibre team that will encourage you to do your best. In this role, you will: Develop, execute, and lead internal audit projects that provide effective coverage over technology, security, compliance, and other relevant risks and controls (e.g. enterprise security, IT strategy & operations, SaaS secure development lifecycle) Manage the execution of technology risk-focused IA projects, including identification of observations, communication to key stakeholders, and formal reporting of results to IA leadership and management Own and drive the SOX IT General Controls testing effort including coordinating and overseeing activities of the SOX ITGC testers, including outsourced vendor, and manage their delivery schedule including quality review of all their testing work-papers. Drive improvements in the SOX process, including implementing best practices, improving documentation, and driving consistency across the business Build and maintain relationships with key partners and collaborators across the business in technology-risk relevant teams (e.g. IT , Security, R&D functions) Champion, role model, and embed Samsara s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices Minimum requirements for the role: 6+ years of relevant IT audit / risk / security / compliance (SOX) experience in an internal role or consulting, including experience leading others in these areas Working experience leveraging SOX ITGC, cloud security, and IT governance frameworks (e.g. COBIT, NIST, ISO 27001, SOC 2 etc.) Strong verbal and written communication skills, with the ability to effectively communicate to senior executives Working experience leveraging AI tools in audit or risk-related processes (such as testing, automating workflows, etc). Strong project management skills with the ability to juggle multiple work efforts, be agile and adapt quickly to changing needs An ideal candidate also has: A bachelor s degree or equivalent in relevant fields of study - Information Systems, Computer Science, Engineering/Technology, Accounting, or other related fields is desirable Relevant professional certification(s) such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Chartered Accountant (CA) or other technology / audit-related certifications Working experience executing technology risk-related security assessments and/or advisory engagements, including delivery of results to management and monitoring progress/completion of management action plans #LI-Onsite .

Role & responsibilities Strategic Planning Create forward looking view of what the strategy should be with regard to Risk & Control in AM IT Relationship management Build and maintain relationships within WPB Cyber, CCO tech, ITSO, AM CITRO, Risk and Control Organization, ITID and 2nd line risk Knowledge Drive culture change around Risk & Control Consult on technology projects, providing support during IT audits Share best practice with the WPB Risk and Control Organization Provide guidance and help to IT delivery teams regarding security solutions to enable faster delivery of IT Systems Collaborating with IT development teams and other teams working closely in a DevOps and agile development processes Support the Safe and Secure development framework ensuring developers are coding in-line with security standards, practices and industry best-practice Stakeholder Management/Governance Partner with the AM business and Risk Functions to promote and provide support to relevant policies, standards and governance within AM IT Provide regional stakeholder updates with respect to global IT Control uplift programs Support IT engagement with internal / external / client audit and Regulatory Exams, including oversight of field work, collation of artefacts and partnership with CCO tech to remediate issues Attend relevant governance forums and where applicable provide appropriate MI Prepare the RCMM deck Communicate residual risk through reporting, business governance processes and forums Preferred candidate profile Partner and contribute to the risk & control agenda for AM IT Delivery of risk & control projects and programmes for AM IT Assist service owners in responding appropriately and effectively to firm-wide risk, cyber, internal, and external audits Contribute in evidence collection in delivery of external audits Partner with service owners, AM CITRO and 2nd line risk to identify and assess controls, determine mitigating actions and remediation activities, and understand the overall risk profile Advocate and support initiatives to improve accuracy across all Enterprise Golden Source data repositories Provide technical knowledge to support secure development of applications and remediation programs Provide visibility of status of action plans and external/internal audit issues Coordinate response to ICMP testing Support in mitigation of Risk Issue and Action Plan. Challenge where appropriate, decisions made on control implementation Review allocation of issues to AM IT and agree categorization of high/medium/low with audit and CCO tech Approve the raising and closure of regional IT issues, action plans, but look to automate process Fulfil DBIRO responsibilities for AM IT Advocate security policies and standards to wider IT team Support new IT projects with initial risk assessment, providing consultancy and guidance on controls and policies. Support where necessary key WPB security uplift initiatives Contribute to review of security standards and procedures Providing support for automated application security tooling working with Cybersecurity as necessary Interpret and advise on the results from security testing to both technical and non-technical audiences

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: ForgeRock Identity Manager. Experience8-10 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Vulnerability Assessment Penetrationtest. Experience5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLA’s (90-95%), response time and resolution time TAT Mandatory Skills: OT SECURITY. Experience3-5 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: ServiceNow SecOps. Experience5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLA’s (90-95%), response time and resolution time TAT Mandatory Skills: ServiceNow SecOps. Experience3-5 Years.

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: PingFederate. Experience8-10 Years.

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: SailPoint Identity Mgmt and Governance. Experience8-10 Years.

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: Active Directory. Experience8-10 Years.

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: GRC Technology. Experience8-10 Years.

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: Privilege Password Management CyberArk. Experience8-10 Years.

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: F5 Load Balancers. Experience8-10 Years.

Role Purpose The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFP’s received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the client’s need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: Privilege Password Management CyberArk. Experience8-10 Years.