39 Nist Csf Jobs

How is this team contributing to the vision of Providence Enterprise Security & Infrastructure (ESI) is committed to appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients). What will you be responsible for Lead the development, implementation, and continuous improvement of the organizations security governance, risk management, and compliance (GRC) strategies. Establish and maintain a comprehensive governance management framework, ensuring effective operational controls to address information security risks. Create, update, and enforce security policies, procedures, processes, standards, and guidelines to support the IT Governance Program, including the lifecycle management of internal controls. Drive risk management and governance initiatives in response to emerging technologies and evolving business needs. Oversee the remediation of information security issues and findings, ensuring both immediate corrective actions and sustainable long-term solutions to mitigate risks. Collaborate with senior leadership, business units, IT, and Legal to establish consistent processes for identifying, assessing, responding to, and reporting on IT risks. Champion the implementation of global IT GRC initiatives, ensuring alignment with organizational objectives and industry standards. Partner with program leadership to influence decision-making and foster unified progress towards security and compliance goals. Identify and lead cross-functional projects that enhance standardization, efficiency, and maturity within the GRC function. Provide effective leadership to GRC teams, including direct reports and contractorsdelegating tasks, coordinating efforts, fostering motivation, and conducting performance reviews in collaboration with HR. Directly manage and develop GRC teams, with responsibility for up to 10 caregivers. Stay current on best practices, legal requirements, and industry standards related to risk management and compliance frameworks such as NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL. Monitor industry trends and the regulatory environment, proactively adapting governance strategies to maintain compliance and organizational resilience. How is this team contributing to the vision of Providence Enterprise Security & Infrastructure (ESI) is committed to appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients). What will you be responsible for Lead the development, implementation, and continuous improvement of the organizations security governance, risk management, and compliance (GRC) strategies. Establish and maintain a comprehensive governance management framework, ensuring effective operational controls to address information security risks. Create, update, and enforce security policies, procedures, processes, standards, and guidelines to support the IT Governance Program, including the lifecycle management of internal controls. Drive risk management and governance initiatives in response to emerging technologies and evolving business needs. Oversee the remediation of information security issues and findings, ensuring both immediate corrective actions and sustainable long-term solutions to mitigate risks. Collaborate with senior leadership, business units, IT, and Legal to establish consistent processes for identifying, assessing, responding to, and reporting on IT risks. Champion the implementation of global IT GRC initiatives, ensuring alignment with organizational objectives and industry standards. Partner with program leadership to influence decision-making and foster unified progress towards security and compliance goals. Identify and lead cross-functional projects that enhance standardization, efficiency, and maturity within the GRC function. Provide effective leadership to GRC teams, including direct reports and contractorsdelegating tasks, coordinating efforts, fostering motivation, and conducting performance reviews in collaboration with HR. Directly manage and develop GRC teams, with responsibility for up to 10 caregivers. Stay current on best practices, legal requirements, and industry standards related to risk management and compliance frameworks such as NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL. Monitor industry trends and the regulatory environment, proactively adapting governance strategies to maintain compliance and organizational resilience. What would your day look like Regularly collaborate with business leaders, application, and product owners to evaluate security needs and impacts of security decisions on business processes as well as to communicate risks. Drive implementation of framework, policies, standards, and other security requirements. Conduct gap analysis and implement Standards Frameworks like NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL. Develop and revise Policies, Standards, Processes, and guidelines for the enterprise through change management. Perform security reviews, attestations, assessments and serve as a Liaison between various teams within Cybersecurity. Collaboare with business function owner on deliverables, support team in understating and meeting business requirements. Manage expectations and effectively communicate to colleagues, project team members, sponsors, stakeholders, business leaders, as well as internal and external security stakeholders and leaders. Promote and raise awareness of Cyber-Security programs and posture, driving change and influencing proper Cyber Security hygiene within the organization. Who are we looking for 4-year University (Bachelors) degree in Computer Science, Information Security, Cyber Security or related field. Minimum 10 years of experience in an Information Security/GRC role. Minimum 5 years of experience in IT Risk Management Role. Preferred 3 years of experience in Healthcare, Pharma or Bio-Technology organization. Strong project management skills to simultaneously work on multiple projects concurrently. Experience with managing a GRC tool support life cycle. Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level. Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently. Ability to lead a team and collaborate with other leaders throughout the organization. Ability to effectively prioritize and execute tasks in a high-pressure environment Preferred knowledge of Information Security standards (ISO/IEC 27001, 27002, NIST CSF, NIST SP 800-53, CIS Controls). Show more Show less

As a Consultant working in a hybrid work mode with a shift from 1 PM to 10 PM, you will be responsible for various Cyber Security auditing tasks in locations like Bangalore, Pune, Noida, and Gurgaon. Your duties will involve understanding engagement objectives, preparing audit plans, and testing procedures to meet review objectives. You will gather detailed insights into IT and business processes, systems, and controls, and lead risk assessments and evaluations. Additionally, you will identify opportunities to leverage data analytics, track project status, and ensure high-quality work paper documentation according to client standards. You will drive discussions on audit findings with the team and management, formulate risk assessments on complex systems, and create Business Impact Analysis, Risk Assessment, and Corrective Action Plan documentation. Developing recommendations to enhance security posture and communicating these recommendations to stakeholders will be part of your responsibilities. You will also identify security deficiencies and vulnerabilities, participate in organizational projects, and contribute to the development of information security policies, standards, and procedures. Desired Qualifications: - Bachelor's degree in Computer Science, Engineering, Cyber Security, or related field - Cyber security certifications (CISSP, CISM, Security+, CEH, Azure Security Engineer, CSFA) - CISA certification required or willingness to obtain within 3 months of employment - 5+ years of experience in Cyber Security field - 2+ years of IT systems audit experience - Experience in Identity and Access Management, Infrastructure Security, Application Security, Data Governance, Cloud Security, and Third-Party Risk Management - Familiarity with standards and regulations such as PCI, SOX, ISO, NIST CSF, NIST 800-53, NIST RMF, PII, CCPA, COPPA, HIPAA, VCDPA, etc. - Proficiency in MS Office, Teams, and working knowledge of standard computer software - Ability to work in a fast-paced environment with attention to detail - Strong verbal and written communication skills, especially in explaining complex topics - Experience in regulated industries and familiarity with technology standards and compliance frameworks Bonus Points for: - ITIL Certification - Threat Hunting and DFIR experience - Security experience in GCP, Azure, and AWS - Knowledge of Zero Trust architectures and data analytics implementation - Penetration testing experience and expertise in multiple cyber security domains - Familiarity with network protection approaches and technologies,

about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. We are seeking a dynamic IT Compliance & Audit Lead to join our Governance, Risk & Compliance (GRC) team in Pune. This role will be pivotal in driving the implementation and evolution of ZSs Continuous Compliance Monitoring (CCM) program. The ideal candidate will bring hands-on technical security expertise, a strong audit and risk management mindset, and the ability to collaborate across technical and business stakeholders. What youll do: Lead the development and execution of ZSs Continuous Compliance Monitoring (CCM) program across infrastructure, applications, and third-party vendors Collaborate cross-functionally with internal security, privacy, engineering, and operations teams to drive remediation and maturity of compliance gaps Serve as SME for security audits, helping interpret and implement compliance controls (e.g., ISO 27001, SOC 2 Type 2, NIST CSF, HIPAA, ESG reporting frameworks) Design and implement automated compliance checks and control testing routines aligned with risk appetite and audit requirements Conduct and support internal and external audits, including pre-audit readiness assessments, evidence collection, and issue remediation oversight Contribute to enterprise risk assessments, security profiling, and threat modeling to improve ZSs security posture Drive security incident post-mortems and track audit findings to closure with technical leads and business owners Assist in the maintenance and enhancement of security policies, procedures, and standards to reflect evolving risk and regulatory requirements Create training and awareness content related to policy adoption, audit preparedness, and security control responsibilities Provide metrics and executive-level reporting on compliance posture, audit outcomes, and CCM maturity Serve as a technical consultant in areas such as SIEM tuning, bounty hunting initiatives, and threat intelligence integration What youll bring: Bachelor's degree in Computer Science, Information Systems, or a related field 4+ years of hands-on experience in Information Security, Audit, Compliance, or GRC roles with technical depth Proven experience implementing or maturing compliance frameworks like ISO 27001, SOC 2 Type 2, HIPAA, NIST CSF, etc. Strong understanding of security tooling and architecture, including: SIEM platforms (e.g., Splunk, Sentinel, QRadar) Threat modeling and profiling tools Vulnerability management platforms Cloud security configurations (AWS, Azure, GCP) Experience with bug bounty programs or threat hunting initiatives is a plus Excellent communication skills; ability to articulate risk and compliance requirements to technical and non-technical stakeholders Certifications preferred: CISA, CISSP, CRISC, CISM, ISO Lead Auditor/Implementer, CEH

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Operation Automation Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking an experienced and innovative SOAR Architect to lead the design, development, and implementation of advanced Security Orchestration, Automation, and Response (SOAR) solutions. The ideal candidate will leverage their expertise in platforms like Splunk Phantom, Chronicle SOAR, and Cortex XSOAR to optimize and automate incident response workflows, enhance threat detection, and improve overall security operations efficiency. Roles & Responsibilities:- SOAR Strategy and Architecture:Develop strategies for automation, playbook standardization, and process optimization.- Playbook Development:Create, test, and deploy playbooks for automated threat detection, investigation, and response. Collaborate with SOC teams to identify repetitive tasks for automation and translate them into SOAR workflows.- Integration and Customization:Integrate SOAR platforms with existing security tools, including SIEM, threat intelligence platforms, and endpoint protection. Customize connectors and APIs to enable seamless communication between security tools.- Collaboration and Leadership:Work closely with SOC analysts, threat hunters, and other stakeholders to align automation efforts with organizational goals. Provide technical mentorship to analysts on SOAR platform utilization.- Performance Optimization:Continuously evaluate SOAR platform performance and implement improvements for scalability and reliability. Monitor automation workflows and troubleshoot issues to ensure consistent operations.- Compliance and Best Practices:Ensure that all SOAR implementations align with industry standards, compliance regulations, and organizational policies. Stay up to date with the latest advancements in SOAR technology and incident response practices. Professional & Technical Skills: - Proficiency in scripting and programming Python to develop custom playbooks and integrations.- Strong understanding of security operations, incident response, and threat intelligence workflows.- Proven track record of integrating SOAR with SIEM solutions (e.g., Splunk, Chronicle), EDR, and other security tools.- Ability to troubleshoot complex integration and automation issues effectively. Additional Information:- Certifications such as Splunk Phantom Certified Admin, XSOAR Certified Engineer, or equivalent.- Experience with cloud-native SOAR deployments and hybrid environments.- Familiarity with frameworks like MITRE ATT&CK, NIST CSF, or ISO 27001.- A 15 year full-time education is required- 3.5 years of hands-on experience with SOAR platforms like Splunk Phantom (On-Prem and Cloud), Chronicle SOAR, and Cortex XSOAR. Qualification 15 years full time education

The Manager, Exposure Management plays a crucial role in identifying, analyzing, and mitigating cybersecurity exposures across enterprise systems. Your focus will be on vulnerability management, attack surface monitoring, and web application scanning to ensure timely detection and response to risks impacting the organization's digital footprint. It is essential to possess strong technical expertise, attention to detail, and the ability to collaborate across teams to influence remediation activities and enhance security posture. Key Responsibilities - Operate enterprise vulnerability scanning platforms, validate findings, and monitor remediation efforts effectively. - Continuously assess the organization's internal and external attack surface for untracked assets, misconfigurations, and exposed services. - Identify and manage asset ownership across business units, ensuring accurate data consistently reflected in the configuration management database (CMDB). - Collaborate with infrastructure, application, and business stakeholders for prompt and comprehensive updates to asset and ownership records. - Configure, execute, and analyze web application security scans, working closely with development teams to address identified issues. - Prioritize vulnerabilities based on exploitability, threat intelligence, and business impact using structured frameworks and tools. - Prepare detailed reports and dashboards tailored for various audiences, from technical teams to executive leadership. - Partner with IT, infrastructure, and cybersecurity stakeholders to facilitate risk-informed remediation activities. - Contribute to continuous process enhancements and tool optimization throughout the exposure management lifecycle. Basic Qualifications - A Bachelor's degree in Computer Science, Information Security, Engineering, or a related technical field, along with a minimum of 10 years of experience in cybersecurity, focusing on vulnerability or exposure management. - A Master's degree in Computer Science, Information Security, Engineering, or a related technical field, combined with at least 8 years of experience in cybersecurity, with a focus on vulnerability or exposure management. Preferred Qualifications - Hands-on experience with tools like Tenable, Qualys, Rapid7, or similar platforms. - Familiarity with web application scanning tools and techniques. - Experience in managing or supporting a CMDB and asset lifecycle processes in a large organization. - Understanding of frameworks such as CVSS, MITRE ATT&CK, and NIST CSF. - Strong communication and analytical skills to effectively communicate technical risks to business stakeholders. - Experience supporting compliance and regulatory programs within a global business context. In addition to competitive benefits programs, we offer health insurance, professional development opportunities, and an Employee Assistance Programme to help you achieve your personal goals. At our organization, we value the expertise, creativity, and passion of our employees and strive to create an inclusive environment that promotes growth, innovation, and diversity. Join us and be part of The Carrier Way, where you can make a difference. Apply now!,

The Manager, Continent Information Security Partnerships, Property Security Compliance plays a crucial role in managing continent security aspects related to the Marriott Security Compliance Assessment program. Your primary responsibilities include planning, executing, and overseeing the program to ensure maximum security compliance status across IT Operations in the continent. You will enforce Marriott Security Standards and requirements for properties, while reporting directly to the Senior Director/Director, Continent Information Security Partnerships. Building strong relationships with Area Operation/IT Leaders, you will offer support to continent operations and collaborate with various Information Security teams. This role involves up to 75% travel for work purposes. **Candidate Profile:** **Education and Experience:** - 5+ years of Information Technology or information security work experience, with a focus on technology plans and/or information security projects. - 3+ years of experience in implementing enterprise security risk management frameworks. - Bachelor's degree in Computer Sciences, Information Technology, Information Security, Cybersecurity, or equivalent field experience. - Proficiency in spoken and written English. **Preferred:** - Professional certifications related to security assessment (e.g., CISA, CRISC, PCI ISA, ISO/IEC 27001 Lead Auditor). - Knowledge of Hotel IT Management and Cybersecurity. - Understanding of PCI DSS, NIST CSF, and global regulatory standards. - Expertise in network and technical security controls. - Experience in coordinating security incident responses. - Ability to apply organizational information security policies effectively. - Familiarity with IT security in an infrastructure environment. - Proven ability to prioritize tasks in high-pressure environments. - Graduate/postgraduate degree. **Core Work Activities:** - Conduct audits, security assessments, and control reviews across various domains. - Evaluate the effectiveness of information security controls aligned with corporate standards. - Perform risk-based assessments and identify vulnerabilities and improvement opportunities. - Develop and manage audit or assessment programs from planning to follow-up. - Collaborate with stakeholders to develop remediation plans and track progress. - Prepare detailed audit reports with actionable findings. - Contribute to the enhancement of information security internal audit methodology. - Additional Functions include representing Security in new property openings, providing tactical communications, tracking compliance performance, and reporting on security & compliance metrics. **Additional Responsibilities:** - Keep supervisors and team members informed through effective communication. - Attend relevant meetings and present information clearly. - Use problem-solving methodology for decision-making. - Maintain positive working relationships and manage time effectively. - Perform any other duties as assigned by the manager. Marriott International is an equal opportunity employer, committed to a diverse workforce and an inclusive, people-first culture. Non-discrimination based on any protected basis is our principle, ensuring fairness and respect for all employees.,

Role & responsibilities : Design and comply with applicable ISO27001 and NIST CSF standards. Monitor and protect against IT security threats with regular and effective oversight, testing, awareness building and employee training. Help develop a company-wide cultural mentality regarding the importance of information security. Prepare reports on IT security issues, testing, threats and incidences on a regular basis. Perform information security risk assessments. Identify and track the resolution of security incidences and vulnerabilities. Develop communication plans in advance of incidents to ensure a prompt and strategic response to both internal and external personnel. Ensure that adequate physical security controls exist to protect sensitive data and information systems. Responsibilities include asset, building, and network protection. Participate in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all security concerns, requirements, and responsibilities are addressed. Qualifications: Bachelors degree or masters degree in a computer field. Ten years or more IT operations experience and management. Ten years or more of experience leading technology projects in a high uptime, telecom, call center and/or Software-as-a-Service environment. CISSP or CISM qualifications Track record of ISO27001 program implementation, certification and maintenance In-depth knowledge of Windows and Linux server environments Ability to maintain composure and sound judgment in high-pressure environments Demonstrated leadership and personnel/project management skills Highly self-motivated and directed Proven analytical and problem-solving abilities Strong customer service orientation Experience working in a team-oriented, collaborative environment

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Solution Development Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Solution Architect (SA), candidate would be primarily responsible for solution architecture/presales effort on medium to large complexity or owns multiple components of large complex deals. Lead or work as Lead Solution Architect on complex deals. Independently and with little oversight can come up with the solution. Conduct the solution reviews with SMEs and the delivery approver. Attend calls with the client team to understand the requirement to bring value and differentiated solution. Roles & Responsibilities:Able to participate in requirements gathering, gathering data requirements, and assisting in the reconciliation of technical requirements.Prepare end to end solution including effort estimation & costing.Involved in preparing the client proposal & response. Develop statement of workPerforms reviews with the delivery leadership.Participation in the client Orals or presentations.Leads negotiations or develop business terms & conditions.Has led solution development for multiple deal types.Work with delivery leads for the approval of solution/efforts.Bring out technical differentiators and value in the solution.Active ownership or accountability in delivering the solution within the specified time frame.Should be good to work as individual contributor and good team player. When assigned responsibilities to lead the team, candidate should show leadership qualities to manage the team and get the work done. Professional & Technical Skills: Candidate must have been a Presales experience with maximum coverage around following GRC or Privacy or Strategy domains. Skill around domains like Risk & Compliance Advisory and Operation, Compliance Management, Security Strategy Frameworks, Risk and Compliance Strategic Advisory, Cyber Security Assessments, Security Architecture Advisory, NIST CSF, Data Privacy, Third Party Risk Assessment ISO 27001, SOX, GDPR, Risk Assessment Services and GRC automation platforms like Archer, ServiceNowInterpret customer needs and design appropriate GRC, eGRC, Cyber Security Strategy, & Data Privacy Management solutions, experience in developing value based customer proposal closely working with delivery and sales teams.Hands on delivery experience across these domains would be added advantage to utilize the experience while solutioning.Maintain current knowledge of applicable Risk and Data Privacy requirements and accreditation standards, and monitor changes in technology impacting privacy, risk, and compliance posture.Knowledge of leveraging innovation, automation, Gen Ai in GRC solutioning Work with delivery and capability team keep abreast with latest assets, offerings, solution accelerators to bring in value adds while solutioning.Overall knowledge of GRC, TPRM, Data Privacy tool stackPre-Sales knowledge on Non GRC Security domains will be an added advantage to work in cross functional deals.Flexibility on need basis in line with the nature the nature of SA Strong verbal and written communication are a must to be able to document and present complex topics and solutions.Strong interpersonal and problem-solving skillsStay informed about new products, services, technologies, and other information as required to deliver effective solutionsCISSP, CISM, CISA, CGRC Cloud Security knowledge and certification AWS, AzureISO 27k1, 22301, Privacy, Archer, ServiceNow GRC certifications Additional Information:Minimum 15 year full time educationThe candidate should have minimum 12 years of experience This position is based at our Bengaluru office. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Solution Development Good to have skills : NAMinimum 15 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Solution Architect (SA), candidate would be primarily responsible for solution architecture/presales effort on medium to large complexity or owns multiple components of large complex deals. Lead or work as Lead Solution Architect on complex deals. Independently and with little oversight can come up with the solution. Conduct the solution reviews with SMEs and the delivery approver. Attend calls with the client team to understand the requirement to bring value and differentiated solution. Roles & Responsibilities:Able to participate in requirements gathering, gathering data requirements, and assisting in the reconciliation of technical requirements.Prepare end to end solution including effort estimation & costing.Involved in preparing the client proposal & response. Develop statement of workPerforms reviews with the delivery leadership.Participation in the client Orals or presentations.Leads negotiations or develop business terms & conditions.Has led solution development for multiple deal types.Work with delivery leads for the approval of solution/efforts.Bring out technical differentiators and value in the solution.Active ownership or accountability in delivering the solution within the specified time frame.Should be good to work as individual contributor and good team player. When assigned responsibilities to lead the team, candidate should show leadership qualities to manage the team and get the work done. Professional & Technical Skills: Candidate must have been a Presales experience with maximum coverage around following GRC or Privacy or Strategy domains. Skill around domains like Risk & Compliance Advisory and Operation, Compliance Management, Security Strategy Frameworks, Risk and Compliance Strategic Advisory, Cyber Security Assessments, Security Architecture Advisory, NIST CSF, Data Privacy, Third Party Risk Assessment ISO 27001, SOX, GDPR, Risk Assessment Services and GRC automation platforms like Archer, ServiceNowInterpret customer needs and design appropriate GRC, eGRC, Cyber Security Strategy, Data Privacy Management solutions, experience in developing value-based customer proposal closely working with delivery and sales teams.Hands on delivery experience across these domains would be added advantage to utilize the experience while solutioning.Maintain current knowledge of applicable Risk and Data Privacy requirements and accreditation standards, and monitor changes in technology impacting privacy, risk, and compliance posture.Knowledge of leveraging innovation, automation, Gen Ai in GRC solutioning Work with delivery and capability team keep abreast with latest assets, offerings, solution accelerators to bring in value adds while solutioning.Overall knowledge of GRC, TPRM, Data Privacy tool stackPre-Sales knowledge on Non GRC Security domains will be an added advantage to work in cross functional deals.Flexibility on need basis in line with the nature the nature of SA Strong verbal and written communication are a must to be able to document and present complex topics and solutions.Strong interpersonal and problem-solving skillsStay informed about new products, services, technologies, and other information as required to deliver effective solutionsCISSP, CISM, CISA, CGRC Cloud Security knowledge and certification AWS, AzureISO 27k1, 22301, Privacy, Archer, ServiceNow GRC certifications Additional Information:Minimum 15- year full time educationThe candidate should have minimum 15 years of experience This position is based at our Gurugram office. Qualification 15 years full time education

Role Overview: The OT Security Analyst – Level 2 (L2) plays a pivotal role in defending operational technology (OT) environments against evolving cyber threats. This role requires a deep understanding of security incident analysis, threat detection, and incident response, specifically tailored to Industrial Control Systems (ICS) and OT networks. The analyst will investigate complex security incidents within the OT infrastructure, collaborate with IT/OT teams, and enhance security posture through actionable insights. ________________________________________ Key Responsibilities: • Conduct in-depth analysis of security events and incidents within OT environments, leveraging SIEM and OT-specific monitoring tools. • Perform root cause analysis and develop incident timelines to support forensics and remediation efforts. • Apply standard incident response frameworks (e.g., NIST, MITRE ATT&CK for ICS, Cyber Kill Chain) for threat classification and response. • Use threat intelligence platforms and sandbox environments to investigate malware and suspicious artifacts in OT networks. • Analyze access logs, network traffic, and protocol behaviours across OT systems (e.g., SCADA, DCS, PLCs). • Support investigations related to unauthorized device communications, anomalous behaviours, or compromised industrial assets. • Collaborate with OT security engineers and external vendors to escalate and remediate incidents. • Refine alert rules and detection logic to reduce false positives and improve signal-to-noise ratio in OT SOC operations. • Document incident findings and support continuous improvement of the OT SOC playbooks and knowledgebase. • Liaise with the IT SOC and CIR (Cyber Incident Response) teams to align incident handling and cross-domain investigations. • Participate in threat hunting activities tailored for OT environments using behavioural analysis and attack-path simulation. ________________________________________ Technical Skills & Knowledge: • Strong understanding of OT/ICS protocols (Modbus, DNP3, OPC, etc.) and industrial network topologies. • Hands-on experience with OT cybersecurity tools and platforms (e.g., Nozomi Networks, Claroty, Dragos). • Familiar with ISA/IEC 62443, NIST SP 800-82, NIST CSF, and ISO 27001 compliance requirements for OT. • Proficiency in using SIEM systems (e.g., Microsoft Sentinel, Splunk, QRadar) for log correlation and event triage. • Understanding of firewalls, WAFs, proxies, and network segmentation principles in OT. • Working knowledge of tools such as THOR Scanner, VMRay, or Recorded Future is a plus. • Experience in vulnerability management and patch advisory for OT assets with limited patch cycles. ________________________________________ Nice to Have: • Exposure to Red Team/Blue Team exercises focused on OT/ICS. • Familiarity with GRC platforms and risk assessment tools tailored to OT.

AWS Security Architecture & Strategy: Design and implement comprehensive security architectures for Redaptive's AWS cloud environments Develop cloud security roadmaps aligned with business objectives and compliance requirements Establish security standards, policies, and procedures for AWS deployments Evaluate and recommend security enhancements to strengthen the cloud security posture Lead security aspects of cloud migration initiatives and new AWS service adoptions Implement zero-trust security principles in cloud architecture designs Provide expert guidance on AWS security best practices to stakeholders across the organization Establish metrics to measure the effectiveness of cloud security controls Security Automation & CI/CD Integration: Develop and maintain security as code implementations for AWS environments Integrate security controls and checks into CI/CD pipelines Automate security scanning, compliance verification, and remediation processes Implement infrastructure as code (IaC) security practices for AWS CloudFormation and Terraform Create automated security testing frameworks for cloud resources Develop custom security rules and policies for automated enforcement Collaborate with DevOps teams to ensure security requirements are met throughout the development lifecycle Design and implement automated incident response playbooks for cloud security events Cloud Security Monitoring & Operations: Configure and manage cloud security monitoring solutions including AWS Security Hub, GuardDuty, and CloudTrail Implement and tune cloud-native SIEM solutions for comprehensive security visibility Develop and maintain cloud security dashboards and reporting mechanisms Perform advanced cloud security investigations and threat hunting Respond to and remediate cloud security incidents Conduct cloud security posture assessments and vulnerability management Implement and manage cloud security logging and audit mechanisms Develop and maintain cloud security incident response procedures Identity & Access Management: Design and implement AWS IAM policies, roles, and permission boundaries following least privilege principles Develop automated solutions for identity lifecycle management in cloud environments Implement and manage privileged access management for AWS resources Configure and maintain AWS Single Sign-On and federation with corporate identity providers Design and implement secure service-to-service authentication mechanisms Conduct regular access reviews and implement automated compliance checks Develop and maintain IAM security frameworks and governance processes Implement automated detection and remediation of IAM policy violations Compliance & Risk Management: Ensure AWS environments meet relevant regulatory requirements and industry standards (e.g., SOC 2, ISO 27001, NIST) Develop and implement cloud security compliance frameworks and controls Perform cloud security risk assessments and develop risk treatment plans Technical Skills AWS Security Architecture & Strategy: Design and implement comprehensive security architectures for Redaptive's AWS cloud environments Develop cloud security roadmaps aligned with business objectives and compliance requirements Establish security standards, policies, and procedures for AWS deployments Evaluate and recommend security enhancements to strengthen the cloud security posture Lead security aspects of cloud migration initiatives and new AWS service adoptions Implement zero-trust security principles in cloud architecture designs Provide expert guidance on AWS security best practices to stakeholders across the organization Establish metrics to measure the effectiveness of cloud security controls Security Automation & CI/CD Integration: Develop and maintain security as code implementations for AWS environments Integrate security controls and checks into CI/CD pipelines Automate security scanning, compliance verification, and remediation processes Implement infrastructure as code (IaC) security practices for AWS CloudFormation and Terraform Create automated security testing frameworks for cloud resources Develop custom security rules and policies for automated enforcement Collaborate with DevOps teams to ensure security requirements are met throughout the development lifecycle Design and implement automated incident response playbooks for cloud security events Cloud Security Monitoring & Operations: Configure and manage cloud security monitoring solutions including AWS Security Hub, GuardDuty, and CloudTrail Implement and tune cloud-native SIEM solutions for comprehensive security visibility Develop and maintain cloud security dashboards and reporting mechanisms Perform advanced cloud security investigations and threat hunting Respond to and remediate cloud security incidents Conduct cloud security posture assessments and vulnerability management Implement and manage cloud security logging and audit mechanisms Develop and maintain cloud security incident response procedures Identity & Access Management: Design and implement AWS IAM policies, roles, and permission boundaries following least privilege principles Develop automated solutions for identity lifecycle management in cloud environments Implement and manage privileged access management for AWS resources Configure and maintain AWS Single Sign-On and federation with corporate identity providers Design and implement secure service-to-service authentication mechanisms Conduct regular access reviews and implement automated compliance checks Develop and maintain IAM security frameworks and governance processes Implement automated detection and remediation of IAM policy violations Compliance & Risk Management: Ensure AWS environments meet relevant regulatory requirements and industry standards (e.g., SOC 2, ISO 27001, NIST) Develop and implement cloud security compliance frameworks and controls Perform cloud security risk assessments and develop risk treatment plans Nice-to-have skills Experience with multi-cloud security strategies and implementations Knowledge of regulatory compliance requirements relevant to cloud environments Experience with container security (Docker, Kubernetes, ECS, EKS) Background in implementing Zero Trust architecture in AWS environments Experience with AWS automated incident response and remediation Knowledge of cloud-native security tools and platforms Experience with Hashicorp Vault or similar secrets management solutions Background in implementing security for data lakes and analytics platforms Experience with cloud workload protection platforms (CWPP) Knowledge of serverless security best practices Experience with cloud security in the energy efficiency or sustainability industries Background in threat modeling for cloud architectures Experience working with global teams and offshore development models Qualifications Bachelor's degree in Cybersecurity, Computer Science, or related field; Master's degree preferred Minimum of 7+ years of experience in cybersecurity, with at least 5 years focused on cloud security Advanced expertise with AWS security services including GuardDuty, Security Hub, IAM, KMS, and CloudTrail Strong understanding of cloud security frameworks (AWS Well-Architected Framework, NIST CSF, CSA CCM) Hands-on experience implementing security controls in CI/CD pipelines Expert knowledge of infrastructure as code (IaC) security for AWS CloudFormation and/or Terraform Experience with cloud security posture management (CSPM) tools and processes Strong understanding of identity and access management principles in cloud environments Experience with automated security testing and continuous security validation Proficiency in scripting and programming (Python, Bash, etc.) for security automation Excellent understanding of network security, containerization security, and serverless security In-depth knowledge of DevSecOps principles and practices Excellent written and verbal communication skills Relevant security certifications (AWS Certified Security - Specialty, CCSP, CISSP, or equivalent)

As a Technical Writer at PwC, your primary responsibility will be to work as part of a team in producing high-quality documentation for threat actor simulation services, device and application assessments, and penetration test results. You will collaborate closely with the business team to gather information and understand documentation requirements. Your role will involve creating, editing, and maintaining documentation for penetration testing reports, procedures, guidelines, and standards. It is essential to explain complex technical concepts clearly and concisely, tailoring the content to various audiences, including both technical and non-technical stakeholders. Staying updated on the latest cybersecurity trends and technologies is crucial to ensure that the documentation reflects current practices and solutions. You will also be analyzing existing content to recommend and implement improvements and ensuring that the documentation meets industry standards, regulatory requirements, and organizational compliance needs. Identifying opportunities to enhance documentation processes and tools, managing diverse viewpoints to build consensus, and focusing on building trusted relationships are integral aspects of this role. Upholding the firm's code of ethics and business conduct is a fundamental expectation. The skills, knowledge, and experiences required to excel in this position include responding effectively to diverse perspectives, utilizing a broad range of tools to generate new ideas, employing critical thinking to break down complex concepts, understanding project objectives in the broader business context, and interpreting data to inform insights and recommendations. Additionally, developing self-awareness through reflection, upholding professional and technical standards, and adhering to the firm's code of conduct and independence requirements are vital components of this role. For this management level role, the basic qualifications include a bachelor's degree and 4-9 years of experience. Preferred qualifications encompass fields of study such as Computer and Information Science, Information Security, Information Technology, Management Information Systems, Computer Applications, and Computer Engineering. Certification in Technical Writing is also preferred. Demonstrating extensive abilities and success in technical concepts related to application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management is essential. Familiarity with security testing tools like BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Responder, Nmap, and others within the Kali Linux distribution is advantageous. Knowledge of networking protocols, TCP/IP stack, systems architecture, and operating systems is beneficial. Additionally, familiarity with cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS is desirable. Experience in writing cybersecurity articles, reports, tools, protocols, and best practices, translating technical jargon into clear language for various audiences, and developing a library of technical documentation are valuable assets. Collaborating with cybersecurity professionals, analyzing information from multiple sources, managing multiple documentation requirements effectively, ensuring accuracy and consistency, and adapting writing styles to suit different platforms and audience needs are essential skills for this role. Leveraging graphic design and visualization tools, proactively seeking feedback, and keeping leadership informed of progress and issues are critical competencies expected in this position. Professional and Educational Background: A Bachelor's Degree is preferred for this role.,

Let me tell you about the role We are looking for an Information Security Engineering Specialist with great knowledge in security fundamentals and is eager to apply them in complex environments. In this role, you will assist in implementing security controls, executing vulnerability assessments, and supporting automation initiatives. This position will have an emphasis in one or more of the following areas cloud security; infrastructure security; and/or data security. You will have an opportunity to learn and grow under the mentorship of senior engineers, while also contributing to critical security tasks that keep our organization safe. What you will deliver Define security policies that can be used to improve our cloud, infrastructure or data security posture. Integrate our vulnerability assessment tooling into our environments, to provide continuous scans, uncovering vulnerabilities, misconfiguration or potential security gaps. Work with engineering teams to support the remediation and validation of vulnerability mitigations and fixes. Integrate security validations into continuous integration/continuous deliver (CI/CD) pipelines and develop scripts to automate security tasks. Maintain clear, detailed documentation of security procedures and policies, including how to embed and measure security on our cloud, infrastructure or data environments. What you will need to be successful (experience and qualifications) Seasoned security professional with 3+ years delivering security engineering services and/or building security solutions within a complex organization. Practical experience designing, planning, productizing, maintaining and documenting reliable and scalable data, infrastructure, cloud and/or platform solutions in complex environments. Firm foundation of information and cyber security principles and standard processes. Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus. Development experience in one or more object-oriented programming languages (e.g., Python, Scala, Java, C#) and/or cloud environments (including AWS, Azure, Alibaba, etc.) Exposure/experience with full stack development. Experience with security tooling (vulnerability scanners, CNAPP, Endpoint and/or DLP) and automation and scription for security tasks (e.g., CI/CD integration). Familiarity with basic security frameworks such as NIST CSF, NIST 800-53, ISO 27001, etc. Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX) Continuous learning and improvement approach. This position is a hybrid of office/remote working

Key Responsibilities: Serve as a trusted security advisor and designated vCISO for assigned clients, providing executive-level guidance on cybersecurity strategy, risk posture, governance, and compliance initiatives. Lead the development, implementation, and continuous improvement of client security policies, procedures, and frameworks aligned with standards such as NIST 800-53/CSF, ISO 27001, HIPAA, CMMC, SOC 2, and others. Define and deliver comprehensive security programs, including security risk assessments, maturity roadmaps, control gap analysis, and compliance reporting. Guide clients through technical and strategic decision-making related to infrastructure, applications, third-party tools, and data protection strategies. Coordinate and oversee vulnerability assessments, penetration tests, and the design and implementation of technical and administrative controls. Interpret the results of threat and vulnerability assessments to identify gaps and recommend remediation actions, ensuring alignment with each client's operational risks and compliance obligations. Engage with client stakeholders across IT, DevOps, legal, operations, and executive leadership to drive a security-by-design culture across projects and teams. Manage and deliver high-impact cybersecurity engagements with a focus on scope definition, schedule, budget, documentation, and successful client outcomes. Facilitate client discovery, build proposals, and articulate engagement scope, deliverables, and level of effort required for custom security solutions. Identify cross-functional improvement opportunities, recommending enhancements to client systems and infrastructure (hardware, software, networks). Communicate technical concepts and security strategy effectively to both technical and non-technical audiences, demonstrating leadership and executive presence. Provide mentorship and guidance to junior consultants, engineers, and analysts; when serving in a team lead capacity, manage workload, project direction, and performance feedback for 35 team members. Contribute to business development by identifying upselling and cross-selling opportunities based on client needs, emerging security challenges, or regulatory changes. Plan and execute projects independently with limited oversight, consistently delivering high-quality advisory services and exceeding client expectations. Minimum Qualifications: Bachelors degree in business, computer science, information systems, engineering, or a relevant discipline, or equivalent experience. 10+ years of technical experience. 5+ years of Information Security experience. Familiarity and experience with Microsoft 365, Azure, and AWS. Familiar with Security Frameworks (FedRAMP, ISO, NIST, COBIT, HIPAA/HITECH, PCI, SOC, SOX, etc.) and regulatory requirements. Understanding of Data Loss Prevention, Zero Trust, etc. Excellent written, verbal, and presentation communication skills. Excellent customer service skills. Comfortable in a sales environment and interest in negotiation statements of work. Experience collaborating and supporting clients and executives. Innovative and analytical problem-solving skills. Entrepreneurial and forward-thinking mindset. Strong management consulting skills. Ability to make decisive decisions and exhibit executive presence. Proven ability to lead a team of analysts and engineers effectively.

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Imagine you're a superhero, with the power to transform businesses from ordinary to extraordinary. As a Business Process Consultant at Kyndryl, you'll be just that – a trusted advisor helping customers achieve their goals and surpass even their own expectations. As a Business Process Consultant, you will play a crucial role in helping our customers reach their full potential by developing process-driven solutions that drive measurable results. You will work closely with our customers to gain a deep understanding of their unique business needs, challenges, and opportunities. Armed with this knowledge, you will leverage your expertise in aligning processes to technology to design, develop, and deploy custom solutions that exceed their goals. You will be responsible for analyzing our customers' current business processes, identifying bottlenecks, inefficiencies, and areas for incremental improvement. With your strong analytical skills, you will recommend process changes, new technologies, or appropriate organizational changes that drive efficiency, reduce costs, and improve overall business performance. In this role, you will also develop a large-scale strategic vision and ensure that all new business processes align with it. You will manage sales processes beyond day-to-day procurement to maintain strong customer relations and ensure that all stakeholders are on board with the recommended solutions. At Kyndryl, we value collaboration and teamwork. As a Business Process Consultant, you will work closely with all stakeholders, including customers, project managers, and technical teams, to ensure that our solutions meet the highest standards of quality, efficiency, and effectiveness. Our consultants are restless for innovation. They are at the edge of technology, changing the way our customers implement business solutions – so, if you’re a problem-solver, an innovative thinker, and a self-starter with a passion high impact assignments which align technology to business outcomes, then we want to hear from you! Apply today to join our dynamic team that has a host of exciting projects and customers waiting for you to work with them to solve complex transformation puzzles through technology. We are seeking an experienced ServiceNow Asset Management Specialist to lead and optimize enterprise-wide asset management initiatives. The ideal candidate will have strong technical and process expertise across Asset Data Modeling, Asset Process Optimization, and both IT and OT Asset Management. This role requires a strategic thinker capable of designing scalable, compliant, and data-driven asset processes aligned with industry standards such as ITIL, ISO 19770, and CSDM (Common Service Data Model). Key Responsibilities We are seeking an experienced ServiceNow Asset Management Specialist to lead and optimize enterprise-wide asset management initiatives. The ideal candidate will have strong technical and process expertise across Asset Data Modeling, Asset Process Optimization, and both IT and OT Asset Management. This role requires a strategic thinker capable of designing scalable, compliant, and data-driven asset processes aligned with industry standards such as ITIL, ISO 19770, and CSDM (Common Service Data Model). Define and maintain asset data structures aligned with ServiceNow CMDB and CSDM. Ensure data model supports cross-domain asset visibility (hardware, software, OT, network). Evaluate existing ITAM and HAM processes. Conduct gap analyses and maturity assessments using frameworks such as Gartner’s ITAM maturity model. Design and implement Software Asset Management (SAM) processes for end-user and developer environments. Integrate with software discovery tools to ensure licensing compliance and optimization. Extend asset management practices into the OT and network infrastructure domains Coordinate with OT/ICS teams to harmonize IT and OT asset lifecycle tracking. Redesign ServiceNow asset workflows to improve lifecycle traceability, exception handling, and process automation. Collaborate with Process Owners and Governance to align workflows with compliance and audit readiness. Identify automation and improvement opportunities across the asset lifecycle (procurement to retirement). Leverage AI/ML and AIOps insights to enable predictive asset lifecycle interventions. Your Future at Kyndryl As a Business Process Consultant at Kyndryl you will join the Kyndryl Consultant Profession, working with other Kyndryl Consultants, Architects, Project Managers, and cross-functional Technical Subject Matter Experts – presenting unlimited opportunities with unmatched support through our investment in your learning, training, and career growth. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Experience 12 + years hands on software development experience in ServiceNow, IT Asset Management with a focus on ServiceNow platform. Proven experience in implementing ServiceNow ITAM, HAM, SAM Pro, and CMDB modules. Deep understanding of asset lifecycle management across IT, software, and OT domains. Familiarity with industry standards: ITIL v4, ISO/IEC 19770, NIST CSF. Experience in working with cross-functional teams including IT Operations, Security, and Finance. Strong analytical, documentation, and stakeholder communication skills. Preferred Technical and Professional Experience ServiceNow Certified Implementation Specialist – SAM. Knowledge of discovery tools (e.g., ServiceNow Discovery, SCCM, Tanium, etc.) Experience with CSDM and data normalization techniques. Familiarity with automation and orchestration tools for asset tasks. Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

New requirement - JD for Cybersecurity risk manager: Key responsibilities As a Cyber Risk & compliance Professional in our Group CISO office, you will be occupied in the following domainsa) Risk management b) Compliance.This role is responsible for planning, managing and coordinating various cybersecurity risk management activities focused on identifying, assessing, and mitigating risks for the enterprise from a business perspective. Skill requirement: Degree, or equivalent, in Information Security or Cyber Security or Computer science or similar course Self-motivation to continuously develop in the areas of cybersecurity Ability to prioritize and complete multiple complex projects under tight deadlines Ability to translate security issues into business risks Excellent interpersonal skills and ability to work effectively within a team at all hierarchical levels Willingness to research client inquiries and emerging issues, including regulations, industry practices, and new technologies Experience, knowledge and strong interest in information and cyber security domains are essential for this role Experience Cyber / technology risk assessments & management methodologies Hands on with assessment report preparation and presenting to senior technical and business stakeholders Articulative and confident in presentation to senior stakeholders Knowledge of use of and risks related to modern and emerging technologies Cybersecurity audit Advanced knowledge and understanding of ITGC, NIST 800-53, NIST CSF controls and Risk management frameworks Expertise in complex business processes and technological risks Deep understanding of security technologies including firewalls, proxies, SIEM, XDR, CSPM, IGA, PAM, Data protection Experience8 12 years. Applications from people with disabilities are explicitly welcome.

Lead internal/external security audits (HITRUST, ISO27001, SOC2) collect evidence, map controls, Maintain compliance docs, risk registers, track remediation. Coordinate cross-functional teams, review policies, assess vendors.

The Lead Analyst, Cybersecurity Operations will be part of the Cybersecurity team that analyzes, implements, monitors, troubleshoots, and audits the cybersecurity of the Frontier network infrastructure. The analyst provides timely and comprehensive intelligence on internal/external threats for detection, monitoring, threat hunting, and incident response. The scope of environment includes system-monitoring platforms, anti-virus, DLP, URL filtering, and PCI environments. The analyst will be responsible for performing alert analysis, incident response, digital forensics, and supporting penetration remediation on applications/systems. Essential Functions Monitor, investigate, analyze, respond, and report to cyber incidents identified through detection/response platforms. Lead support to Management in detecting and responding to cybersecurity alerts and incident activity. Responsible for engaging and escalating incidents to Cyber Operations Management and other Cyber Incident Response Team members. Actively support incident response activities, efforts, and training exercises (e.g., incidents, tabletops, threat simulations) and be the lead incident response analyst. Actively drive risk reduction efforts for known cyber security vulnerabilities and known attack traffic patterns/indicators of compromise (IOC). Actively monitor security threats and risks, provide in-depth incident analysis, evaluate security incidents, provide proactive threat research, and recommend mitigation strategies. Evaluate and determine if/when cybersecurity violations have occurred through examination of network/application logs, open-source research, vulnerability and configuration scan data, and user provided reports. Proactively conduct investigations, analysis, and evaluation of projects to determine cybersecurity risk and feasibility as required. Administer, maintain, tune, and perform heath checks on cybersecurity products and services (such as: secure mail gateway, SIEM, IDS/IPS, EDR, vulnerability management, brand monitoring, threat intelligence, security rating, DDoS, web proxy, file integrity monitoring (FIM), data loss prevention (DLP), User Entity Behavioral Analytics (UEBA), and other). Provide and implement recommendations for new technical controls to help mitigate security vulnerabilities. Responsible for leading the vulnerability management program functions including hosting weekly meetings with Stakeholders and the operations team, creating and tracking tickets for all vulnerabilities, holding stakeholder teams to meet SLAs, and reporting to the Manager of Cybersecurity on a weekly basis. Actively perform threat hunting activities in the environment to detect cyber threats in the network. Coordinate and support purple, red, and blue team engagements. Provide cybersecurity technical assistance when needed by system/application owners. Support multiple day-to-day cybersecurity tasks and projects efforts. Provide regular status updates to Management on projects and remediation efforts. Solid understanding of cybersecurity policies and procedures, ability to draft, modify and create standard operating procedures (SOPs) for use of other team members. Support organizational Security Awareness Training efforts (suggest training topics, coordinate phishing campaigns, enable awareness to end-users in support of incidents). Support vulnerability assessments functions (such as: enterprise pen testing, application pen testing, static/dynamic testing, scorecard assessments). Participate and support afterhours/on-call rotation requirements for cybersecurity incidents. Responsible for developing, monitoring, and tracking cyber security metrics on a recurring basis, including creating Powerpoint slide decks for presentations. Coordinate response and remediation efforts across various departments in a cooperative and beneficial manner. Responsible for maintaining Incident Response documentation and auditing member contact information on at least a semi-annual basis or as needed. Responsible for attending all vendor meetings and acts as the point of contact for our Cybersecurity vendors. Demonstrate ownership and understanding of tasks when engaging with other team members. Provide leadership, guidance and partnership to Analyst(s) and Senior Analyst(s). Responsible for the onboarding and training of new analysts to the Cybersecurity Operations team. Provide support to management team. Qualifications Bachelors degree in computer science, technology, or equivalent combination of education and relevant experience (required). 6+ years of relevant IT/Cybersecurity experience (required). 5+ years in security operations with hands-on experience with enterprise cybersecurity products, such as Qualys, SentinelOne, Proofpoint, Office365, Microsoft Defender for Cloud, Microsoft Defender for Identity (required). 5+ years of SIEM (security information and event management) platform experience (required). 4+ years supporting adversary tactics and techniques based on MITRE attack framework (required). Knowledge of cyber security standards and frameworks such as ISO 27001, NIST CSF, NIST-800- 53, PCI DSS ASV (highly desired). Hands-on experience with tools like PowerShell, Vulnerability Management suite, Wireshark, and NMAP (required). Position Description Industry cybersecurity certification: CompTIA: Security+ or Pentest+, CEH, CISSP, OCSP, SANS: GCIH or GSEC, CISSP, ISACA: CISA or CISM, Security+, SSCP, or CCNA (required, or willing to attain within 3 months of start date). Hands-on Cloud infrastructure (Azure/AWS/GCP) cybersecurity remediation experience (desirable). Hands-on experience with next-gen endpoint detection/response (EDR), Enterprise Firewall, IPS, Log Management, Cisco, and Checkpoint experience (desirable). URL Filtering (web proxy) and troubleshooting experience (desirable). Solid

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you’d like, where you’ll be supported and inspired bya collaborative community of colleagues around the world, and where you’ll be able to reimagine what’s possible. Join us and help the world’s leading organizationsunlock the value of technology and build a more sustainable, more inclusive world. Your Role Minimum 3-8 years’ experience assessing against standards and frameworks including one or more of the followingDOE C2M2, IEC-62243/ISA-99, NIST CSF, NERC CIP, etc. Minimum 3-5 years’ experience working with ICS technologies and/or environments on one or more of the followingSCADA, DCS, EMS, DMS, ADMS, PCN, RTUs, IACS, PLCs, HMIs, etc. Minimum 3-5 years working with cybersecurity functions of one or more of the followingvulnerability assessment and management processes, identity and access management, incident response and monitoring, etc. Problem-solving ability and strong analytical skills Experience of working with diverse teams and is a team player Relevant certifications (CISSP, GICSP, GRID, GCIP, etc.). Keep abreast with the latest technology trends and predictions Ability to drive the creation of prototypes and proof of concepts Able to effectively communicate, interact and influence business and operational stakeholders and partners Ability to deliver innovative solutions and consistently demonstrate customer outcomes. Primary Skills DOE C2M2 IEC-62243/ISA-99 NIST CSF NERC CIP

Lead risk analysis efforts to assess how technical control issues, vulnerabilities, and compliance exceptions contribute to overall enterprise risk posture. Maintain and improve governance and risk methodologies aligned with standards such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, SOX, GDPR, HIPAA, and PCI DSS. Act as a liaison between technical teams and business stakeholders to translate risk-related insights into actionable strategies. Support internal and external audit readiness by coordinating risk assessments, tracking issue remediation, and reporting on compliance gaps. Contribute to GRC tool usage (e.g., ServiceNow GRC, Archer, or MetricStream) for monitoring control health, exceptions, and residual risk. Collaborate with legal, compliance, audit, and IT operations to ensure integrated risk management practices across the enterprise. Aggregate data from multiple risk domains to develop executive-level dashboards, reports, and risk narratives that influence decision-making. Participate in the development and rollout of risk governance models, exception handling processes, and control improvement initiatives. Roles and Responsibilities Required Qualifications: 7–12 years of professional experience in IT Risk, Governance, or Cybersecurity GRC functions. Strong working knowledge of risk frameworks such as NIST CSF, ISO 27001, COBIT, SOC 2, SOX, and GDPR. Demonstrated ability to interpret and connect vulnerabilities, policy violations, and exceptions to broader business risks. Experience with risk aggregation, remediation tracking, and reporting for internal/external stakeholders. Skilled in stakeholder engagement across risk, audit, compliance, and technical functions. Familiarity with GRC tools and platforms used to manage controls, exceptions, and assessments. Preferred Qualifications: Certifications such as CISA, CRISC, CISSP, CGEIT, or equivalent. Experience working in regulated sectors such as finance, healthcare, insurance, or critical infrastructure. Hands-on experience with exception governance processes, risk acceptance workflows, and issue management. Understanding of how to design and implement scalable metrics for KRIs, control effectiveness, and risk trends. Key Competencies: Strategic thinker with a strong grasp of enterprise risk management principles. Highly analytical with the ability to synthesize complex technical data into actionable business insight. Effective communicator skilled in developing risk reports, briefings, and dashboards for both technical and executive audiences. Strong collaboration and leadership skills within matrixed environments. Proactive, organized, and results-driven with a continuous improvement mind-set.

Lead governance, risk, and compliance initiatives across cyber domains. Develop risk frameworks, align with global regulations, and interface with leadership and auditors. Required Candidate profile Strategic cyber risk leader with experience in GRC, regulatory compliance, and cyber risk frameworks. Ability to drive governance programs and manage stakeholder communication

Develop the culture of risk management across the organisation, and ensure effective identification, quantification, communication, and management of risks focusing on root cause analysis and resolution recommendations across domains Cyber, HR, Legal, Finance, etc. Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance. Provide SME support to functional managers or Internal stakeholders in understanding and applying responsibilities towards risk and compliance providing recommendations as appropriate. Support the CIO and CISO, and work with internal stakeholders to: Participate in consultation and conduct gap analysis against new requirements Coordinate and facilitate IT / cyber security audits. Support Risk Owners and Tech teams in documenting control procedures, guidelines, etc. Ensure risk and control activities are completed in a timely and appropriate manner applying the correct governance route Report and publish Risks to senior leadership inclusive of providing content for Senior Leadership risk and control review forums/Committees. Ensure all governance attestations and sign-off from Senior leadership are completed including the conduct risk measures. Co-ordinate and track the tickets / findings in areas likeIT Operational Risks and Information Security Risks,Control Self assessments ,Internal/External Audit findings with appropriate CAPA,BCP / Disaster recovery ,Problem tickets with root cause analysis. Audit event co-ordination, Audit liaison and issue closure oversight (SOC 2 Type 2, ISO 27001, etc.) Lead pre-audit preparation activities with stakeholders (SOC 2 Type 2, ISO 27001, etc.) Provide first line of defense support in assessing risk and reviewing control issues Documentation of control procedures, standards and guidelines, etc. What youll bring: Bachelor s degree in IT or relevant field with a strong academic background A minimum of 7-10 Years of experience in Risk management and internal controls governance Strong communication & strategic influencing skills. Relevant experience working with senior leaders, building internal networks, and delivering high impact programs in complex -matrixed environments. Formal training or certification in Information Security, and/or 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation. Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies. Proficient in MS Office productivity suite (e.g., Word, Excel, PowerPoint, SharePoint). Advanced Excel skills strongly preferred CISM/CRISC/CISA/CISSP/CIA/MBA or relevant Risk Management / Audit certification Basic working knowledge of following (Majority of the points, if not all): -COBIT Control Objectives for Information and Related Technology -ISO/IEC 27001:2013 Code of Practice for Information Security Management -NIST SP 800-53 -NIST CSF -SOC1/SOC2/SOC3 -HIPAA/HITECH Security and Privacy Audit Protocol -Shared Assessments Standard Information Gathering (SIG) framework -US SOX Sarbanes Oxley Act -US HIPAA/HITECH Act -EU GDPR General Data Protection Regulation -US EU Privacy Shield -India Companies Act Additional Skills: Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives. Program level management up to and including Executive presentation and reporting. Knowledge and Experience of Technology Infrastructure. Understanding of Infrastructure Security Stakeholder management Willingness to adapt to evolving industry standards and technologies Ability to manage a wide variety of tasks and meet deadlines, and reliability/dependability Proven ability to work creatively and analytically in a problem-solving environment

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Solution Development Good to have skills : NAMinimum 15 year(s) of experience is required Educational Qualification : 15 years full time educationAs a Security Solution Architect (SA), candidate would be primarily responsible for solution architecture/presales effort on medium to large complexity or owns multiple components of large complex deals. Lead or work as Lead Solution Architect on complex deals. Independently and with little oversight can come up with the solution. Conduct the solution reviews with SMEs and the delivery approver. Attend calls with the client team to understand the requirement to bring value and differentiated solution. Roles & Responsibilities:Able to participate in requirements gathering, gathering data requirements, and assisting in the reconciliation of technical requirements.Prepare end to end solution including effort estimation & costing.Involved in preparing the client proposal & response. Develop statement of workPerforms reviews with the delivery leadership.Participation in the client Orals or presentations.Leads negotiations or develop business terms & conditions.Has led solution development for multiple deal types.Work with delivery leads for the approval of solution/efforts.Bring out technical differentiators and value in the solution.Active ownership or accountability in delivering the solution within the specified time frame.Should be good to work as individual contributor and good team player. When assigned responsibilities to lead the team, candidate should show leadership qualities to manage the team and get the work done. Professional & Technical Skills: Candidate must have been a Presales experience with maximum coverage around following GRC or Privacy or Strategy domains. Skill around domains like Risk & Compliance Advisory and Operation, Compliance Management, Security Strategy Frameworks, Risk and Compliance Strategic Advisory, Cyber Security Assessments, Security Architecture Advisory, NIST CSF, Data Privacy, Third Party Risk Assessment ISO 27001, SOX, GDPR, Risk Assessment Services and GRC automation platforms like Archer, ServiceNowInterpret customer needs and design appropriate GRC, eGRC, Cyber Security Strategy, Data Privacy Management solutions, experience in developing value-based customer proposal closely working with delivery and sales teams.Hands on delivery experience across these domains would be added advantage to utilize the experience while solutioning.Maintain current knowledge of applicable Risk and Data Privacy requirements and accreditation standards, and monitor changes in technology impacting privacy, risk, and compliance posture.Knowledge of leveraging innovation, automation, Gen Ai in GRC solutioning Work with delivery and capability team keep abreast with latest assets, offerings, solution accelerators to bring in value adds while solutioning.Overall knowledge of GRC, TPRM, Data Privacy tool stackPre-Sales knowledge on Non GRC Security domains will be an added advantage to work in cross functional deals.Flexibility on need basis in line with the nature the nature of SA Strong verbal and written communication are a must to be able to document and present complex topics and solutions.Strong interpersonal and problem-solving skillsStay informed about new products, services, technologies, and other information as required to deliver effective solutionsCISSP, CISM, CISA, CGRC Cloud Security knowledge and certification AWS, AzureISO 27k1, 22301, Privacy, Archer, ServiceNow GRC certifications Additional Information:Minimum 15- year full time educationThe candidate should have minimum 15 years of experience This position is based at our Gurugram office. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Solution Development Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time educationAs a Security Solution Architect (SA), candidate would be primarily responsible for solution architecture/presales effort on medium to large complexity or owns multiple components of large complex deals. Lead or work as Lead Solution Architect on complex deals. Independently and with little oversight can come up with the solution. Conduct the solution reviews with SMEs and the delivery approver. Attend calls with the client team to understand the requirement to bring value and differentiated solution. Roles & Responsibilities:Able to participate in requirements gathering, gathering data requirements, and assisting in the reconciliation of technical requirements.Prepare end to end solution including effort estimation & costing.Involved in preparing the client proposal & response. Develop statement of workPerforms reviews with the delivery leadership.Participation in the client Orals or presentations.Leads negotiations or develop business terms & conditions.Has led solution development for multiple deal types.Work with delivery leads for the approval of solution/efforts.Bring out technical differentiators and value in the solution.Active ownership or accountability in delivering the solution within the specified time frame.Should be good to work as individual contributor and good team player. When assigned responsibilities to lead the team, candidate should show leadership qualities to manage the team and get the work done. Professional & Technical Skills: Candidate must have been a Presales experience with maximum coverage around following GRC or Privacy or Strategy domains. Skill around domains like Risk & Compliance Advisory and Operation, Compliance Management, Security Strategy Frameworks, Risk and Compliance Strategic Advisory, Cyber Security Assessments, Security Architecture Advisory, NIST CSF, Data Privacy, Third Party Risk Assessment ISO 27001, SOX, GDPR, Risk Assessment Services and GRC automation platforms like Archer, ServiceNowInterpret customer needs and design appropriate GRC, eGRC, Cyber Security Strategy, & Data Privacy Management solutions, experience in developing value based customer proposal closely working with delivery and sales teams.Hands on delivery experience across these domains would be added advantage to utilize the experience while solutioning.Maintain current knowledge of applicable Risk and Data Privacy requirements and accreditation standards, and monitor changes in technology impacting privacy, risk, and compliance posture.Knowledge of leveraging innovation, automation, Gen Ai in GRC solutioning Work with delivery and capability team keep abreast with latest assets, offerings, solution accelerators to bring in value adds while solutioning.Overall knowledge of GRC, TPRM, Data Privacy tool stackPre-Sales knowledge on Non GRC Security domains will be an added advantage to work in cross functional deals.Flexibility on need basis in line with the nature the nature of SA Strong verbal and written communication are a must to be able to document and present complex topics and solutions.Strong interpersonal and problem-solving skillsStay informed about new products, services, technologies, and other information as required to deliver effective solutionsCISSP, CISM, CISA, CGRC Cloud Security knowledge and certification AWS, AzureISO 27k1, 22301, Privacy, Archer, ServiceNow GRC certifications Additional Information:Minimum 15 -year full time educationThe candidate should have minimum 12 years of experience This position is based at our Bengaluru office. Qualification 15 years full time education

Job Description Objective LabVantage Solutions is an industry leading provider of laboratory software products. Our products enable scientists and analysts across the globe to develop novel solutions, work effectively, and meet regulatory compliance. LabVantage solution is an OLTP system based on RDBMS platforms, including Oracle, SQL Server, and EDB (Postgres managed DB for our SaaS solution). This position plays a key role in the development and security of LabVantage Solutions software. The individual will be responsible for monitoring and analyzing security vulnerabilities, conducting risk assessments, and implementing security measures. They will ensure secure coding practices, perform security testing, and collaborate with DevOps to integrate security into the development lifecycle. The Security Engineer must have a solid understanding of core Java concepts such as imports, inheritance, and class conflicts, and should be capable of making necessary code changes. They will be responsible for identifying potential risks to LabVantage and recommending appropriate mitigation strategies, including suppression, smoke testing, soak testing, or limited regression. Role Responsibility Review and Monitor CVEs: Continuously monitor Common Vulnerabilities and Exposures (CVEs) to identify potential threats and vulnerabilities. Penetration Test Analysis: Analyze penetration test reports to understand vulnerabilities and recommend remediation steps. Dependency and Third-Party Software Management: Assess and manage dependencies and third-party software for security risks. Risk Assessment and Mitigation: Conduct risk assessments and develop mitigation strategies to address identified vulnerabilities. Static and Dynamic Analysis: Use tools for static and dynamic code analysis to detect vulnerabilities and ensure code quality. Integration with DevOps: Work closely with DevOps teams to integrate security into the CI/CD pipeline, ensuring automated and continuous security checks. Threat Modeling: Perform threat modeling to identify potential security threats and design countermeasures during the product design phase. Security Testing: Conduct various types of security testing, such as penetration testing, to identify and address vulnerabilities in the product. Security Requirements: Define and enforce security requirements for new features and products to ensure they meet the organization's security standards. Job Qualifications 5+ years of experience in information security, including roles as a Security Analyst and/or Security Engineer. Experience with secure coding practices, code reviews, and security testing. Experience with static and dynamic code analysis tools. Experience with CI/CD pipelines and integrating security into DevOps processes. Certifications: Relevant certifications such as CISSP, CEH, OSCP, or similar. Skills Strong understanding of security principles, protocols, and best practices. Proficiency in security tools and technologies (e.g., Wiz, SonarQube, vulnerability scanners). Knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001, SOC2). Familiarity with the OWASP Top 10 vulnerabilities and mitigation strategies Understanding of NIST cybersecurity standards and frameworks (e.g., NIST CSF, NIST SP 800-53) Strong communication and collaboration skills. Interested candidates apply!