About Agoda Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with a global network of 4.7M hotels and holiday properties worldwide, plus flights, activities, and more . Based in Asia and part of Booking Holdings, our 7,100+ employees representing 95+ nationalities in 27 markets foster a work environment rich in diversity, creativity, and collaboration. We innovate through a culture of experimentation and ownership, enhancing the ability for our customers to experience the world. Our Purpose – Bridging the World Through Travel We believe travel allows people to enjoy, learn and experience more of the amazing world we live in. It brings individuals and cultures closer together, fostering empathy, understanding and happiness. We are a skillful, driven and diverse team from across the globe, united by a passion to make an impact. Harnessing our innovative technologies and strong partnerships, we aim to make travel easy and rewarding for everyone. Get to Know our Team The Security Department oversees security, compliance, GRC, and security operations for all Agoda. We are vigilant in ensuring there is no breach or vulnerability threatening our company or endangering our employees in order to keep Agoda safe and protected. This would be a great challenge for those who want to work with the best technology in a dynamic and advanced environment. The Opportunity We are looking for a industry experienced, highly motivated and self driven, Incident Response Specialist, someone who can rapidly address security incidents and threats as they appear with the ability to strategize and lead Incident engagements with all staffing levels. On the ground level, your job is to monitor the threats targeting Agoda and keeping attacks from occurring and/or prevent them from getting worse. In This Role, You’ll Get to: Perform end-to-end handling of all critical, high and medium cyber security incidents at Agoda Drafting incident reports & communicating incident summaries to senior leadership, end users, legal teams Write playbooks for different types of cyber security incidents and use automation to reduce MTTR time Automating repetitive tasks of incident response using automation platforms and/or programming Optimizing existing security controls to finetune the alerts & reduce false positives Gather open source and commercial threat intelligence and perform hunting across the enterprise for undetected threats Support the legal & regulatory teams as a technical SME for cyber incidents with regulatory requirements Evaluate new technologies and Driving POCs for new security products What you’ll Need to Succeed: 5+ years experience in Cyber Security specifically in Incident Response field and working with 24/7 SOC teams Must have strong understand of NIST, CSF, MITRE and other cyber security framework Skilled in programming or scripting skills (e.g., Python or C++) are required for automating incident response tasks and developing custom security tools. Ability to write and tune detection rules in different security platforms Must have hands-on knowledge of dealing with major security incidents Ability to automate using automation platforms or programming skills is a must Malware analysis experience and digital forensics experience is a plus Certification of Cyber Security, Forensic and Incident Response is a plus (CISSP, ECSA, GISP, GCIH, GCFE, GCFA) We need you to be flexible, fast moving, adaptable and down-to-earth and an expert in multi-tasking Very good communication skills in English (both oral and written) Relocation package is provided in case you prefer to relocate to Bangkok, Thailand. Our benefits are… Hybrid Working Model WFH Set Up Allowance 30 Days of Remote Working from anywhere globally every year Employee discount for accommodation globally Global team of 90+ nationalities 40+ offices and 25+ countries Annual CSR / Volunteer Time off Benevity Subscription for employee donations Volunteering opportunities globally Free Headspace subscription Free Odilo & Udemy subscriptions Access to Employee Assistance Program (third party for personal and workplace support) Enhanced Parental Leave Life, TPD & Accident Insurance #sanfrancisco #sanjose #losangeles #sandiego #oakland #denver #miami #orlando #atlanta #chicago #boston #detroit #newyork #portland #philadelphia #dallas #houston #austin #seattle #sydney #melbourne #perth #toronto #vancouver #montreal #shanghai #beijing #shenzhen #prague #Brno #Ostrava #cairo #alexandria #giza #estonia #paris #berlin #munich #hamburg #stuttgart #cologne #frankfurt #dusseldorf #dortmund #essen #Bremen #leipzig #dresden #hanover #nuremberg #athens #hongkong #budapest #jakarta #bali #dublin #telaviv #jerusalem #milan #rome #venice #florence #naples #turin #palermo #bologna #tokyo #osaka #yokohama #nagoya #okinawa #fukuoka #sapporo #kualalumpur #malta #amsterdam #oslo #manila #warsaw #krakow #bucharest #doha #alrayyan #moscow #saintpetersburg #riyadh #jeddah #mecca #medina #singapore #capetown #johannesburg #seoul #barcelona #madrid #stockholm #zurich #taipei #tainan #taichung #kaohsiung #bangkok #Phuket #istanbul #dubai #abudhabi #sharjah #london #manchester #edinburgh #kiev #hcmc #hanoi #amsterdam #bucharest #lodz #wroclaw #poznan #katowice #rio #salvador #newdelhi #Hyderabad #bangalore #Mumbai #Bengaluru #Chennai #Kolkata #Lucknow #bandung #yokohama #nagoya #okinawa #fukuoka #IT #4 Equal Opportunity Employer At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person’s merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics. We will keep your application on file so that we can consider you for future vacancies and you can always ask to have your details removed from the file. For more details please read our privacy policy . Disclaimer We do not accept any terms or conditions, nor do we recognize any agency’s representation of a candidate, from unsolicited third-party or agency submissions. If we receive unsolicited or speculative CVs, we reserve the right to contact and hire the candidate directly without any obligation to pay a recruitment fee. Show more Show less

Job Title Security Analyst Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies.The Security analyst will be professional, independent, impartial, and fair in all interactions. The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units\u2019 information, applications, and infrastructure. Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to IPS/IDS alerts; change detection (FIM) alerts application firewall alerts; malware alerts rogue wireless network alerts security system health alerts; exploit attempt alerts Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to audits of system security to ensure compliance with Corporate security framework NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS emerging country, state, and Federal privacy laws Primary POC in a vulnerability management program of the account that includes external and internal vulnerability scans of applications and systems external and internal penetration tests of applications and systems documentation and remediation of identified vulnerabilities and exploits routinely monitoring various communication avenues for security vulnerabilities and security patches taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement Acts as the initial point of contact to facilitate the handling of security audits and client requests Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks).

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title And Summary Lead Technology Risk Analyst Overview The Technology Risk & Control (TR&C) organization is a business enabler and industry leader of technology and security risk management practices, supported by a multi-disciplinary team of top security, technology, and risk professionals. Our mission is to drive enhanced awareness, visibility, and proactive management of technology risks to ensure a secure and sound operational environment. Role You will be responsible for engaging with internal and market facing programs on Technology Risk matters. Oversee the embedding and alignment to the requirements of Mastercard technology policies and standards. Transform the implementation of technology risk management principles and practices by focusing on the reusability of core components, quantitative assessment, and education of key stakeholders. This role will also support the following capabilities: identification, assessment, treatment, and monitoring of technology risks across the environment; providing an aggregate view of controls, issues and exceptions, to inform strategic decision making. All About You/Experience Strong knowledge of the risk management lifecycle and processes (e.g., methods for identifying, assessing treating and monitoring risk) Background in technology audit, risk management, technology operations, information systems management, information security management, regulatory engagement, etc. Strong knowledge of baseline Technology and Security processes, risks, and controls Familiarity with technology/security frameworks and mechanisms (e.g., SOC 1, SOC 2, PCI-DSS, ISO 27001, COBIT, CRI, PFMI, NIST) Experience with regulatory technology and security risk management expectations; Strong influence and collaboration skills cross-functionally and geographically to identify and drive implementation of best practice risk processes Systematic problem-solving approach, coupled with strong communication skills and a sense of ownership and drive Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines. R-246512 Show more Show less

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology and management consulting, tax and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. RSM USI is a member of RSM International, the sixth largest global network of independent accounting, tax and consulting firms. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Risk Consulting helps clients across various industries by addressing the increasingly complex strategic, operational, compliance, and governance challenges faced by those responsible for managing or overseeing dynamic businesses. Risk Consulting major offerings includes AML & Regulatory Compliance; ERP Advisory; Automation and Analytics; Enterprise Risk Management; Internal Audit; SOX Advisory; Contract Compliance; Credit Reviews; Information & Technology Audits; Cybersecurity risk management; Third-party risk management; IT due diligence; SOC1 / SOC2; Security and Privacy Risk; Governance Risk and Compliance; PCI; Cyber Transformation; Manage Security Services; Secure Architecture Solutions; Cyber Testing; Digital Forensics and Incident Response; and Cyber Threat Intelligence. The ERP, Risk and Automation Services (ERAS) Consulting practice, assists with various consulting, internal, and external audit clients by bringing in-depth ERP, automation, and data analytics skills where needed. The practice performs security and controls designs/assessments, complex data analytics, security role design, security managed services, segregation of duties assessments, as well as ERP implementation risk reviews. We desire a confident individual who is able to both think strategically about risk and control management, while also being task oriented and capable of meeting the tight deadlines that often come with implementation-related work. We are in search of a candidate with an experience in Oracle technologies who has experience scoping, supervising, and executing ERP security & controls, segregation of duties assessments, security role designs, and operationalizing user access management. Qualification And Minimum Entry Requirements Bachelor or Master degree with a minimum of 4-5 years of professional experience in public accounting or relevant compliance industry experience Deep understanding of business processes and controls in Oracle (various versions). Preferred secondary ERP of similar skills ERP implementation experience; functional Oracle background is a plus Broad industry experience or deep expertise in a specific industry Minimum 4-7 years in Oracle, audit, internal audit, or internal control roles Technical knowledge of controls monitoring/auditing tools such as fastpath, ACL, Tableau, Alteryx, a plus Experience working with clients in multiple industry's Experience training others on ERP controls and security knowledge Experience with SOX, COSO, COBIT and other related IT controls methodology and frameworks, such as ISO, NIST, HIPAA, or FDA is a plus. Candidate should have CISA/CA certification Candidate with CIA, CISSP, CPA will be preferred Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments Excellent verbal, written, interpersonal communication (English) as the position requires frequent communications with RSM International clients Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Execute ERP Oracle engagements, specifically related to audit, risk and control related issues highly visible ERP clients. Execute Oracle IT automated controls (ITACs), IT general controls (ITGCs), and Key Report assessments, Oracle security role and configuration reviews, Oracle Implementation Risk Assessments, Oracle SOD assessments, and other ERP services as needed Execute testing of Oracle application control design and effectiveness; validate test scripts and review results Handle multiple client projects while contributing to internal initiatives (talent, practice, business development) Help to maintain our multiple segregation of duties tools and revise security rulesets Execute Oracle security role and user security managed services support. Execute Oracle security role build and testing activities. Proactively driving the continued maturation and industrialization of our current Oracle Security methodology, associated work programs, accelerators, and testing procedures. Provide first choice advisor experience to existing clients while working to maximize client value Ability to exceed client expectations in a sophisticated consulting or accounting firm environment Develop and maintain strong relationships with centers of influence and professionals Understand their impact and contribute to the fundamentals of practice (i.e. realization, utilization, resource leverage) Engage with automation, analytics, and business/application control specialists to address Oracle risk management needs in a holistic manner. Professionally presents themselves at all times at the office and the client’s meetings. This includes but is not limited to appearance, communication, and actions. Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. on a daily basis At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com. Show more Show less

Job Area: Finance & Accounting Group, Finance & Accounting Group > Internal Audit General Summary: Auditor, IT Internal Audit- Hyderabad Qualcomm is a company of inventors that unlocked 5G - ushering in an age of rapid acceleration in connectivity and new possibilities that will transform industries, create jobs, and enrich lives. But this is just the beginning. It takes inventive minds with diverse skills, backgrounds, and cultures to transform 5Gs potential into world-changing technologies and products. This is the Invention Age - and this is where you come in. This is a unique opportunity to join Qualcomms finance and accounting organization based in Hyderabad in the Corporate Internal Audit & Advisory Services (IA & AS) team. The department focuses on assisting the Audit Committee and management teams in the improvement of processes that manage risks related to achieving Qualcomms business objectives. Using Qualcomms risk-based audit methodology, the IT auditor will assist in the execution of internal audits. Specifically, the responsibilities include: Providing U.S. based time zone coverage as needed (up to 50% of time) Supporting the creation of initial planning memos and process flowcharts Identifying and assessing initial risks and control activities Designing audit procedures to evaluate control effectiveness Performing audit testing, identifying deviations from expected control activities, and effectively communicating observations to the audit team Leveraging data analytics throughout the audit process where feasible Staying abreast of changes in the business and industry to assess impacts to the companys risk profile Contributing to the development of new concepts, techniques, and making continuous process improvements for the overall IA team All Qualcomm employees are expected to actively support diversity on their teams, and in the Company. One to three years of relevant experience in internal auditing, external auditing, or SOX compliance within a global public company (preferably in the high-tech industry), Big 4/mid-tier accounting firm or other fast-paced corporate setting Strong understanding of IT general controls, cybersecurity frameworks (e.g. NIST, COBIT), and ERP systems Fluent English; multi-lingual capability is a plus Successful candidate will possess the following characteristics: As feasible, ability to travel (infrequently) to Qualcomms domestic and international locations (e.g., U.S., Europe) Semiconductor business experience or familiarity Strong communication (oral and written) and presentation skills Fast learner with strong interpersonal, organization, analytical, critical thinking, and problem-solving skills Ability to work in a flexible and non-hierarchical team environment Willingness to get things done and take responsibility Ability to recognize and apply a sense of urgency, when necessary Comfortable with ambiguity Positive attitude, professional maturity, good work ethic Ability to work independently, handle multiple projects simultaneously and multi-task to meet deadlines with high-quality deliverables Controls, risk assessment, risks, internal audit, IT Bachelor's degree in Accounting, Finance, Computer Science, cyber security, or related field. CPA, CA, CIA, CISA, CFE, or other credentials, a plus. Minimum Qualifications: Bachelor's degree. 1+ year of Finance, Accounting, or related work experience. *Completed advanced degree in a relevant field may be substituted for up to one year (Masters = one year) of work experience.

Summary about Organization A career in our Advisory Acceleration Center is the natural extension of PwC’s leading global delivery capabilities. The team consists of highly skilled resources that can assist in the areas of helping clients transform their business by adopting technology using bespoke strategy, operating model, processes, and planning. You will be at the forefront of helping organizations adopt innovative technology solutions that optimize business processes or enable scalable technology. Our team helps organizations transform their IT infrastructure, modernize applications and data management to help shape the future of business. An essential and strategic part of Advisory's multi-sourced, multi-geography Global Delivery Model, the Acceleration Centers are a dynamic, rapidly growing component of our business. The teams out of these Centers have achieved remarkable results in process quality and delivery capability, resulting in a loyal customer base and a reputation for excellence. Job Description & Summary PwC’s Hybrid Cloud & Technical Resilience capability helps clients transform their business with innovative technology solutions. It enables organizations to optimize applications and services across various cloud solutions (e.g., public, private, edge, etc.), achieving greater value through innovation while enhancing customer and employee experiences. Responsibilities As a Manager, you'll join a team solving complex business issues, focusing on hybrid cloud solutions and IT system resilience from strategy to execution. This role requires technical knowledge and strong client engagement skills as well as the capability of leading small teams through the delivery lifecycle of projects and programs. PwC Professional responsibilities at this level include but are not limited to: Serve as a trusted advisor to client executives, providing strategic guidance on IT resilience, Disaster Recovery (DR), and Business Continuity (BC). Lead teams in the design and delivery of comprehensive hybrid and multi-cloud and resilience programs that align with clients’ business objectives and risk appetites. Drive innovation by identifying and integrating emerging technologies and practices into client solutions. Foster a collaborative environment where people and technology excel together. Contribute to open discussions with teams, clients, and stakeholders to build trust. Understand basic infrastructure technologies and be eager to learn more. Adhere to the firm's code of ethics and business conduct. Basic Qualifications Job Requirements and Preferences: Minimum Degree Required Bachelor’s degree in Information Technology, Computer Science, Risk Management, or a related field. Minimum Years Of Experience 5-7 years of relevant experience designing and delivering public, private, hybrid, or multi-cloud solutions and migrating applications and services to these hosting environments with a focus on modernization, disaster recovery and resilience. Preferred Qualifications Certification(s) Preferred: Certification(s) from a leading cloud service provider (AWS, Azure, GCP) Certification(s) from a leading on-premises infrastructure provider (VMware, Nutanix Microsoft, RedHat, NetApp, EMC, Cisco, Arista) Certified Business Continuity Professional (CBCP) ITIL Certification Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) AWS or Azure certifications related to resilience or infrastructure Preferred Knowledge/Skills Demonstrates thought leader-level abilities with, and/or a proven record of success directing efforts in the following areas: Demonstrates public, private, hybrid, and multi-cloud Infrastructure experience. (Network, Server, Storage, and Database) discovery, design, build, and migration; Experience with private and public, private, and/or hybrid cloud architectures with migration and infrastructure/application migration modernization experience; Experience in IT resilience, disaster recovery, or technical risk consulting, preferably in a professional services environment; Collaborate with clients to identify critical business functions and their dependencies on IT systems; Provide expert advice on developing IT resilience strategies tailored to client-specific environments and challenges; Lead workshops and training sessions to educate client teams on resilience best practices. Develop and refine Business Continuity Plans (BCPs) that integrate technology resilience considerations; Recommend and configure tools and processes to enhance client resilience capabilities, including backup and recovery solutions; Excellent communication and presentation skills, with the ability to translate technical details into business value for clients; and, Strong organizational and project management skills in a fast-paced environment. Demonstrates abilities and/or success in one or many of the following areas: Architectural and / or engineering exposure to Windows, Linux, UNIX, VMware ESXi, Hyper-V, XenServer, Oracle DB, SQL Server, IIS Server, SAN, NAS, and other on-premises hosting technologies; Workload migration and automation toolsets (CloudEndure, Azure, Turbonomics, Python, TerraForm, etc.); Strong knowledge of IT infrastructure (e.g., cloud systems, networks, and cybersecurity); Experience with resilience tools, such as disaster recovery as a service (DRaaS), backup platforms, or monitoring solutions; and, Familiarity with risk management frameworks (e.g., ISO 22301, ISO 27001, NIST, ITIL). Travel Requirements 50% Show more Show less

Who are we and what do we do? BrowserStack is the world's leading software testing platform powering over two million tests every day across 19 global data centers. BrowserStack's products help developers build bug-free software for the 5 billion internet users accessing websites and mobile applications through millions of combinations of digital environments—devices, browsers, operating systems, and versions. We help Tesco, Shell, NVIDIA, Discovery, Wells Fargo, and over 50,000 customers deliver quality software at speed by moving testing to our Cloud. With BrowserStack, Dev and QA teams can move fast while delivering an amazing experience for every customer. BrowserStack was founded by Ritesh Arora and Nakul Aggarwal in 2011 with the vision of becoming the testing infrastructure for the internet. We recently secured $200 million in Series B funding at a $4 billion valuation in June 2021. At BrowserStack We Solve Real Problems—each Day Is a Unique Challenge And An Opportunity To Make a Difference. We Strive To Be Open, Transparent, And Collaborative, So No Feat Is Too Big To Achieve. BrowserStack Is An Extension Of Its People And a Place Where They Can Grow Both Professionally And Personally. To That Effect, We’re Humbled To Be Recognized By Leading Organizations Around The World BrowserStack is Great Place to Work-Certified™ 2020-21 Named “SaaS Startup of the Year” in 2022 by SaaSBOOMi Ranked in Forbes Cloud 100 in 2021 - for the second time Featured in LinkedIn Top Startups India 2018 Note - Please note this is a One year Fixed Term Contract role. What will you do? Coordinate the information security compliance activities. Monitors compliance with the organisation's security policies and procedures among employees, contractors, alliances, and other third parties and takes corrective action. Manages information security incident response. Monitors internal control systems to ensure appropriate information access levels and security clearances are maintained. Initiates, facilitates and promotes activities to foster information security awareness within the organisation. Filling in Security assessment questionnaires required for customers pre-onboarding Communicating with customers through various channels. Contribute to risk assessments, focusing on compliance-related risks and mitigation strategies. Implement controls to address compliance risks and track risk reduction progress. Acknowledging and resolving customer queries related to information security and data privacy Adheres to the SLAs Conduct periodic Information Security and Business continuity awareness sessions Conduct security compliance due diligence for vendors and third-party products Keep abreast of internal standards and business goals Maintains detailed status for all activities in the area Maintain Stakeholder relationship Contribute to Support Documentation and Knowledge Base articles Desired Experience Bachelor's degree in Computer Science/Information Technology, or a related field. Relevant certifications such as CISA, CIPM, or ISO27001 LA/LI. 4+ years of experience in IT-GRC roles with a focus on compliance activities. In-depth knowledge of regulatory frameworks such as GDPR/SOC2/NIST. Experience in conducting compliance audits and assessments. Strong understanding of control frameworks and their application. Excellent communication and interpersonal skills, with the ability to explain complex compliance concepts to diverse audiences. Benefits In addition to your total compensation, you will be eligible for following benefits, which will be governed by the Company policy: Medical insurance for self, spouse, upto 2 dependent children and Parents or Parents-in-law up to INR 5,00,000 Gratuity as per payment of Gratuity Act, 1972 Unlimited Time Off to ensure our people invest in their wellbeing, to rest and rejuvenate, spend quality time with family and friends Remote-First work environment that allows our people to work from anywhere in India Remote-First Benefit for home office setup, connectivity, accessories, co-working spaces, wellbeing to ensure an amazing remote work experience Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. JD 2 – Risk Consulting - Protect Tech – Senior (IT audit – General skills) No. of positions (India): 4 Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

About Us We are a leading ERP software and solutions provider to dealers and rental companies of heavy equipment. We specialize in working with the construction, mining, forestry, material handling, and agriculture industries. We aim to be the ERP thought leader in our space and a trusted IT advisor to all dealers and rental companies. Today, we have over 700 employee associates, offices on four continents, and customers in over 20 countries. We are privately held, and our headquarters are in beautiful Cary, NC. We seek talented individuals to join our team and help us aggressively grow our North American footprint for our on-premises and 100% cloud-based ERP solutions. Director – Corporate IT The purpose of this role is to deliver a seamless, secure, and world-class digital experience that empowers every employee to thrive, innovate, and drive value : anywhere, anytime, Incombent shall lead a Global team of multi-level IT professionals with potential to expand as the organization scales. Travel may be needed to all locations primary being Pune and Mumbai. Job Summary : The “Director – Corporate IT” at VitalEdge will lead our organization's Corporate IT infrastructure, support operations, end user services and implementation of Corporate IT specific security initiatives. This role demands a proactive leader with extensive experience in managing end-user support, office IT operations, vendor relationships, and policy development and governance. The ideal candidate will ensure seamless IT services, drive upgrades and innovation, and lead a high-performing team aligned with ITIL and Six Sigma standards. If selected, you will be expected to establish end-user policies and performance benchmarks for your team. The candidate will require a focus on building a high-performance team and delivering World Class End User Experience Modern Workplace with Microsoft 365 Deliver A Value Driven Connected Business Application & Operations Support Eco System Robust & Scalable Core Corporate Infrastructure Trusted Corporate Domains & Governance Develop VitalEdge Business Continuity Plan Key Responsibilities : Deliver User-Centric Design : Design every IT touchpoint with empathy and usability at the core. Deliver Cloud-First, Secure-Always – Embrace modern architectures and secure-by-design practices. Deliver Data-Driven Decisions – Leverage analytics and telemetry to continuously improve IT services. Deliver Business Alignment – Act as a strategic partner, not just a service provider. · Demonstrate strategic thinking, cross functional leadership, innovative mindset, be able to develop operating models, own a budget, and be able to deliver optimal tangible value. · Lead and manage Corporate IT Infrastructure, including office network, laptops, printers, desktop systems, and overall tech ecosystem across locations. · Own and optimize end-user IT operations, including 24/7 support channels (call, chat) for hardware, software, and configuration-related issues. · Oversee employee tech support (laptop/desktop troubleshooting, printer services, IT configuration) ensuring smooth issue resolution and high customer satisfaction. · Define, implement, and regularly upgrade IT policies, including security standards, inventory lifecycle, asset rotation (old vs. new), and infra upgrades. · Ensure compliance with ITIL standards and process matrices; drive process maturity using Six Sigma methodologies to reduce downtime and enhance service quality. · Monitor, report, and act on monthly IT performance metrics, service delivery benchmarks, and audit findings. · Manage vendor relationships for hardware, software, and managed services; enforce SLA adherence and negotiate for cost-effective solutions. · Lead the planning and execution of infrastructure upgrades and ensure alignment with business continuity and scalability goals. · Oversee IT budgeting, strategic planning, and roadmap development to support business growth and efficiency. · Provide leadership to a team of IT managers and support specialists, drive talent development, mentoring, and succession planning. · Collaborate cross-functionally with business leaders to align IT operations with company objectives and evolving tech needs. · Ensure cybersecurity compliance, risk mitigation, and regulatory adherence across all Corporate IT systems and processes . Qualifications : · 10–15 years of progressive experience in IT, with at least 5+ years in leadership roles. · Proven experience leading enterprise-wide IT operations in a mid-sized organization (e.g., $100M–$500M range). · Hands-on leadership in: o Infrastructure & Operations (networking, cloud, cybersecurity) o Business Applications (ERP, CRM, HRIS, etc.) o Data Management/BI o IT Governance & Compliance · Experience managing global or distributed teams is a plus, especially if your company is geographically spread out · Familiarity with hybrid cloud environments (Azure/AWS + on-prem). · Understanding of enterprise systems (e.g., Infor, SAP, Oracle, Microsoft Dynamics). · Strong grasp of cybersecurity frameworks (NIST, ISO 27001). · Knowledge of modern workplace tools (e.g., Microsoft 365, collaboration platforms). · Experience with ITIL, DevOps, and Agile practices is beneficial. · Strong business acumen and ability to align IT with corporate strategy. · Excellent stakeholder management, especially with Finance, HR, Operations, and Sales. · Demonstrated ability to build and mentor high-performing teams. · Effective communicator with board-level presence. · Strong vendor management and negotiation experience. · Preferred Certifications o PMP or Prince2 o ITIL Foundation or higher o CISSP, CISM, or similar for security-oriented leaders o AWS/Azure certifications for cloud fluency · Strong understanding and practical application of ITIL frameworks (certification will be added on advantage). · Working knowledge of Six Sigma methodologies (Green Belt or higher will be added on advantage) for process improvement and service excellence. · Experience with security policy management, risk mitigation, and compliance frameworks. · Demonstrated capability in vendor management, SLA governance, and driving KPI-based performance tracking. · High ownership mindset, capable of leading 24/7 operations, handling escalations, and driving operational continuity. · Excellent analytical, reporting, and strategic planning skills; experience in IT budgeting and digital transformation initiatives. · Strong stakeholder communication, collaboration, and crisis management abilities across cross-functional teams. · Bachelor’s degree in computer science, Information Systems, Engineering, or related field. · MBA or Master’s in IT Management, Business Administration, or similar is a strong plus, especially if the role is business-facing.kills Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. JD 2 – Risk Consulting - Protect Tech – Senior (IT audit – General skills) No. of positions (India): 4 Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Job Title: Consultant / Manager / Senior Manager – VAPT Location: Gurgaon Experience Required: 2 to 10 years Work Mode: Onsite (Gurgaon) Certification: OSCP – Mandatory Role Overview: We are looking for skilled cybersecurity professionals across levels ( Consultant to Senior Manager ) to join our Vulnerability Assessment & Penetration Testing (VAPT) team in Gurgaon . You will play a critical role in executing and leading security assessments across applications, infrastructure, network, and source code to identify vulnerabilities and recommend effective remediation. Key Responsibilities: For All Levels: Perform end-to-end VAPT on web applications, mobile applications, network, infrastructure, cloud, and source code . Identify, exploit, and document vulnerabilities with clear technical and business impact. Use both manual and automated tools to conduct deep-dive penetration testing. Prepare and present technical reports with actionable recommendations. Ensure adherence to OWASP, NIST, ISO 27001, PCI-DSS, and RBI cybersecurity guidelines . Additional Responsibilities Based on Experience Level: Manager / Senior Manager: Lead a team of consultants and guide them through complex assessments. Oversee project timelines, quality, and client deliverables. Engage with senior stakeholders (CIOs, CISOs, Security Heads) to discuss findings and mitigation strategies. Support practice development, training initiatives, and RFP support. Consultants / Senior Consultants: Execute hands-on penetration testing under guidance from seniors. Maintain high-quality documentation and assist in tool integration. Continuously upgrade skills through research and certification prep. Required Skills & Qualifications: 2 to 10 years of hands-on experience in penetration testing and vulnerability assessment . Strong knowledge of manual testing techniques beyond automated scanners. Expertise with tools such as Burp Suite, Metasploit, Nmap, Nessus, Qualys, AppScan, Fortify, Wireshark , etc. OSCP certification is mandatory. Familiarity with secure coding , scripting, and one or more programming languages (e.g., Python, Java, JavaScript). Good understanding of cloud security testing (AWS, Azure, GCP) is a plus. Strong analytical, communication, and report-writing skills. Show more Show less

The Splunk Global Security (SGS) organization is seeking a Technical Program Manager (TPM) to drive projects and programs across SGS as well as with teams outside of SGS. This role is ideal for anyone with some years of experience as a TPM. This role requires the TPM to run technical projects/programs across globally distributed teams, ensuring accountability to deliver results. You'll lead and influence decision makers and business partners at all levels, and help effect change inside and outside the organization! Meet the Team Our SGS organization is led by Splunk’s Chief Information and Security Officer (CISO). The team's purpose is to deliver a comprehensive set of services, crafted to successfully defend and protect Splunk and its customers. The Strategy, Planning and Operations (SPO) Team within the SGS organization consists of three functions Technical Program Management, Service Delivery Management, and Service Operations. Learn more about SGS, meet our leaders, and hear more from our Splunk security experts at splunk.com/careers/splunk-global-security. Responsibilities Delivery Oversight Lead multiple cross-functional cyber security related and achievement based projects/programs with a coherent approach. Project/Program Facilitation Facilitate communication and coordination between multiple teams (i.e., between SGS and non-SGS partners (e.g., Finance, Procurement, Engineering)) to ensure successful delivery of the defined project/program outcomes. Apply the concepts of project management including running Sprints and continuous process improvement. Collaborate across a wide range of team members to support the organization's corresponding objectives and results. Drive and maintain attention to quality and detail and hold yourself accountable to the expectations and results. Lead difficult conversations in a professional way and apply judgment to assess criticality and prioritize efforts in alignment with organizational goals. Establish “The Definition of Done” for project/program tasks and handle expectations for all relevant partners. Coordinate with global partners, adapting to varied time zones and cultural contexts to ensure flawless project/program delivery and collaboration. Reporting and Metrics Define and hold project/program teams to respective operational metrics and Key Performance Indicators. Define and use dashboards and reports that provide transparency into project/program status, and risk areas. Collaborator Management Develop strong relationships with internal and external partners and multi-functional teams to ensure clarity and accountability to drive the project/program goals. Must-have Qualifications Demonstrated ability post bachelor (of 3 years+) experience in technical program management with strong exposure to cybersecurity technology. Proficient knowledge of cybersecurity areas (examples Secure Software Development Life Cycle (SDLC); Security controls / Risk frameworks (e.g., ISO, NIST, PCI, FedRAMP); Security Operations; Identity and Access Management (IAM)). Cybersecurity certification CompTIA Security+ or similar cybersecurity industry certifications. Knowledge of and being able to apply project management methodologies (e.g., Agile, Waterfall, DevOps, DevSecOps, SDLC). Proficient with tools such as JIRA, GSuite, Microsoft 365 Suite, Confluence, and Service Now. Excellent verbal and written communication skills. Ability to thrive in ambiguity and bring structure to sophisticated, unstructured problems. Preferred Qualifications Experience with managing financials surrounding a project/program. Exposure to Splunk products (e.g., Enterprise, SOAR, or Splunk Cloud). Splunk is an Equal Opportunity Employer Splunk, a Cisco company, is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Show more Show less

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Director Job Description & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary: We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As a Director, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Responsibilities: Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure. Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements, maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall, web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory skill sets: Bachelor’s degree (minimum requirement). 12+years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NY-DFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred skill sets: Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.). Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years of experience required: 12 + years Education qualification: B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Accenture Managed Detection and Response (MDR) Ops Security Engineering Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Analytical Thinking, Azure Data Factory, Coaching and Feedback, Communication, Creativity, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Influence, Innovation, Intellectual Curiosity, Learning Agility, Managed Services, Optimism {+ 20 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

Acronis is a world leader in cyber protection—empowering people with cutting-edge technology that enables them to monitor, control, and protect the data that their businesses and lives depend on. We are looking for a Senior Product Manager who is ready to join our mission in creating a #CyberFit future! Our Cybersecurity Product Team is seeking an energetic, growth-oriented Senior Product Manager for Acronis RMM (Remote Monitoring and Management),a solution encompassing endpoint management, network monitoring, M365 security posture, SaaS security posture, and Center for Internet Security (CIS) compliance. As a key member of the product management team, you will drive innovation, align development efforts with customer needs, and ensure our RMM solution delivers exceptional value to Managed Service Providers (MSPs). This role demands a strong technical background, in-depth market understanding, and the ability to collaborate across functions to develop best-in-class RMM solutions. Experience with and a solid understanding of international regulatory compliance for MSPs is highly desirable. What You'll Do Shape Product Strategy: Assist in defining the vision and strategy for Acronis RMM, including endpoint management, network monitoring, M365 security posture, SaaS security posture, and compliance management, aligning with business goals and market trends. Engage Stakeholders: Collaborate with MSPs, customers, and internal teams to identify opportunities for innovation and differentiation based on market trends and customer needs. Own the Product Roadmap: Develop and maintain a roadmap aligned with business objectives, prioritizing features based on customer feedback, competitive analysis, and technology trends. Drive Execution: Work with R&D and UX teams to deliver clear requirements, oversee development, and ensure timely, high-quality rollouts. Collaborate Across Teams: Partner with marketing, sales, support, and design teams to ensure successful product launches and mentor teams on best practices. Measure Success: Track key metrics (e.g., user adoption, NPS, feature usage) to evaluate performance and guide product iterations. Present insights and updates to stakeholders. Be a Product Advocate: Promote product features and benefits to clients and internal teams. What You Bring Product Management Experience: 3+ years in product management, focusing on security, compliance, or IT governance tools, with a proven ability to identify opportunities and deliver impactful products. Expertise in Development and Integration: Experience in in-house development, OEM integration, managing complex roadmaps, and delivering compliance-focused solutions. Compliance Knowledge: Strong understanding of Center for Internet Security (CIS) benchmarks, including implementation and significance in securing systems. Familiarity with frameworks like NIST, ISO 27001, GDPR, HIPAA, and Essentials 8. CIS Tools and Frameworks: Hands-on experience with CIS compliance tools or frameworks in enterprise or SMB environments. IT Operations Platforms: Knowledge of platforms like RMM, SIEM, or ITSM tools. MSP and Enterprise Collaboration: Experience working with Managed Service Providers (MSPs) or large enterprises to manage compliance. Technical Expertise: Strong understanding of cybersecurity, endpoint security and management, or vulnerability management tools. MSP/IT Persona Insight: Deep understanding of MSP and IT team personas is essential. Leadership and Collaboration: Proven ability to lead, build consensus, and deliver results in a multi-stakeholder environment. Customer Engagement: Experience conducting customer discussions, gathering requirements, and effectively communicating roadmaps. Tool Proficiency: Proficient in using tools like Jira, Confluence, or similar platforms. Requirement Breakdown: Skilled in decomposing requirements into actionable work items, such as user stories. Communication Skills: Excellent verbal and written communication skills, with fluency in English. Please submit your resume and application in English. Who We Are Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), enterprise IT departments and home users. Our all-in-one solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. We offer the most comprehensive security solution on the market for MSPs with our unique ability to meet the needs of diverse and distributed IT environments. A Swiss company founded in Singapore in 2003, Acronis offers over twenty years of innovation with 15 offices worldwide and more than 1800 employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses. Our corporate culture is focused on making a positive impact on the lives of each employee and the communities we serve. Mutual trust, respect and belief that we can contribute to the world everyday are the cornerstones of our team. Each member of our “A-Team” plays an instrumental role in driving the success of our innovative and expanding business. We seek individuals who excel in dynamic, global environments and have a never give up attitude, contributing to our collective growth and impact. Our Interview Practices To maintain a fair and genuine hiring process, we kindly ask that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to assess your individual skills, experiences, and communication style. We value authenticity and want to ensure we’re getting to know you—not a digital assistant. To help maintain this integrity, we ask to remove virtual backgrounds and include in-person interviews in our hiring process. Use of AI-generated responses or third-party support during live interviews may be grounds for disqualification from the recruitment process and a full criminal, education and identification background check is required for all new hires. Acronis is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, marital status, national origin, physical or mental disability, medical condition, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, gender identity or expression, or any other characteristic protected by applicable laws, regulations and ordinances. Show more Show less

Are you insatiably curious and do you lean into uncertainty, take risks, and learn quickly from Are you passionate about cybersecurity? Do you enjoy working on a high-performing, fast-paced sales team? Are you insatiably curious and do you lean into uncertainty, take risks, and learn quickly from your mistakes? If so, we are looking for you! The Microsoft Security organization’s mission of making the world a safer place has never been more important. As threats become more frequent and sophisticated, we should work to keep our customers safe through our Security Solutions. The Solution Specialist Unit team within the Microsoft Security organization is at the forefront of this effort, engaging directly with customers to contribute to their success. With thousands of global security experts worldwide, $1 billion+ invested annually in security research and development, and the cutting edge AI- based Security innovations, Microsoft is ideally placed to think outside of the box and protecting customers, and partners around the world. We are looking for passionate, experienced, and credible Security Technical Specialists with a drive to help solve complex security challenges for our customers, enabling them to help modernize their security architecture and posture. We are keen to hear your thoughts on how we can further achieve our purpose. Join our team and discover unique opportunities to grow, develop and learn. As a Security Technical Specialist , you will be a senior technical sales leader and trusted customer advisor, working with cutting-edge security technologies such as Microsoft M365 Defender, Defender for Cloud and Sentinel. You will lead a virtual team of other internal, partner and consulting resources to help map Microsoft solutions to customer security challenges and priorities, demonstrate and prove our solutions, and win the technical decision enabling the team to achieve and even exceed quarterly and annual revenue targets. You will spend 75% of your work hours a week on qualified customer work – planning and orchestration, preparation, meetings (technical presentations, demos, POCs, compete positioning, workshops, etc.), while the other 25% of your time will be focused on further growing your technical, industry and competition acumen. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. By applying to this role, you will be considered for multiple opportunities within Microsoft across the United States including locations beyond where the role is posted. This role is flexible in that you can work up to 50% from home. Travel percentages will vary according to role. Responsibilities You will be the primary technical point of contact for potential customers during the sales process, owning and driving technical win for security opportunities. Deep technical understanding of cloud security architectures, solutions/technologies including Microsoft M365 Defender, Defender for cloud and Sentinel. Coordinate weekly with sellers and manager to understand opportunities, compete scenarios and engagements to focus on, engaging and driving to own and win the technical decisions Remediate blockers; leads and ensures technical wins for Microsoft Security and adjacent technologies. Engages with and reaches out to customers proactively and independently; builds credibility with customers as a trusted advisor for Microsoft Security; and searches for and uses Microsoft Security customer references; and drives customer intent to buy and facilitates handoff to customer success for post sales deployment. Develop strategies and recommendations to improve the client's security posture, shapes technical win plan and tailors Microsoft messaging to audience for security opportunities. Enhances team capabilities for extended detection and response (XDR), zero trust and cloud security and develops differentiated compete strategies for Microsoft Security for assigned customers. Lead technical presentations, demonstrations, workshops, architecture design sessions, explain, demonstrate, and architect the solution to help solve customer security challenges and priorities. Demonstrates and oversees proof of concepts, presents and applies architecture patterns, proves capabilities and integration into customer environment, and drives cross-workload support for Microsoft solutions for security. Leverages insights and coaches' teams to align new or changing technology to customer security needs. A technical specialist is responsible for engaging with other teams within and outside the organization throughout the sales cycle. Engaging partners in sell-with scenarios and supporting their technical capabilities is key to scaling solution delivery. You will stay sharp, share your knowledge and best practices enabling further scale and growth for the security business. You would spend 20% of your work hours maintaining deep theoretical and experiential technical knowledge of MS security solutions, competitive landscape and industry trends. As a technical specialist you would document and share best practices and learning with others enabling and contributing to the success of others on your team Share knowledge and learnings with partners to drive the sale, deployment, and adoption of Microsoft solutions. Completes required training and obtains relevant product and role certifications aligned to the role and workload/industry. Other Embody our culture and values Qualifications 5+ years of Security Technology pre-sales or Security Technology consulting experience. OR Bachelor's Degree in Computer Science, Information Technology, or related field AND 4+ years of technical pre-sales or technical consulting experience. OR Master's Degree in Computer Science, Information Technology, or related field AND 3+ years of technical pre-sales or technical consulting experience OR equivalent experience. Experience with Microsoft security solutions (M365 Defender, Defender for Cloud, Sentinel) or, one or more related technologies such as Prisma Cloud, Crowdstrike, Proofpoint, Splunk, etc. Experience presenting the value of technology solutions and architectures through customer presentations, design sessions, POCs accelerating technical wins. Preferred Qualifications 8+ years technical pre-sales, technical consulting, or technology delivery, or related experience OR equivalent experience. 6+ years experience with cloud and hybrid, or on premises infrastructures, architecture designs, migrations, industry standards, and/or technology management. Certification in relevant technologies or disciplines (e.g., Office 365, Power BI, Azure Architect and Development exams, Cloud Platform Technologies, Information Security, Architecture). Certification in Microsoft 365 Security Administration or Azure Security One or more of Industry certifications such as CISSP, CCSP, iAPP, etc. Hands on technical knowledge of relevant products and solutions, but not limited to: Security Information and Event Management (SIEM) systems Next Gen Web Application Firewalls and Secure Web Gateways. Threat detection technologies Log analysis and Incident Response Cloud security technologies, architectures and concepts such as Zero Trust, cloud security posture management, cloud workload protection, Cloud code security and Cloud infrastructure entitlement management. Cloud Computing: Infrastructure as a service (IaaS), Platform as a Services (PaaS), and Software as a service. Demonstrated knowledge and understanding of one or more cloud security standards and frameworks such as CIS, NIST, CSA, etc. Technical Sales Acumen: Experience presenting the value of technology solutions and architectures through customer presentations, design sessions, POCs accelerating technical wins. Expertise in extended detection and response (XDR), zero trust and cloud security solutions & architectures Professional interpersonal skills, with the ability to present technical information clearly and concisely. Develop and maintain technical expertise: A technical specialist should stay up to date with the latest developments and advancements in security space including new tech, competitors, and internal product and services offerings. Growth Mindset. Experience and passion for learning (technical and professional skills); implementing practices from others; trying, failing, and learning from both successes and failures; sharing practices and knowledge for others’ benefit. Problem Solving: Excellent analytical and problem-solving skills, with the ability to think creatively and develop innovative solutions to technical challenges. Multi-Tasking: Ability to work independently and manage multiple priorities simultaneously. Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations. Show more Show less

Senior Analyst - Vendor Risk Assessment Position summary Do you thrive on developing creative and innovative insights to solve complex challenges? Want to work on next- generation, cutting-edge products and services that deliver outstanding value and that are global in vision and scope? Work with other experts in your field? Work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture? Want to make an impact that matters? Consider Deloitte Global. Work you'll do The Deloitte Global Cybersecurity function is responsible for the firm’s overall objectives of enhancing data protection, standardizing and securing critical infrastructure and gaining cyber visibility through security operations centers. We are seeking a Vendor Risk Assessment Analyst to join the team. The VRA Analyst will participate in and lead assessments of vendor risk, develop mitigation plans and partner with internal stakeholders to manage responsibility. In this role you will also ensure strong oversight of all vendors’ risks and provide member firms and business partners visibility of existing and emerging risks. As part of the Global Cyber Risk team, the VRA Analyst must: Prepare and complete risk assessments and assist with policy, regulatory and accreditation audit preparation Help lead and support continuous improvement, implementation and deployment of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/ State Regulatory requirements Facilitate workflow and record keeping within the VRA platform (ServiceNow) Help develop, maintain, and document workflow processes to ensure data & system controls are adequate, meet internal baselines and optimize current processes to meet emerging risks Provide guidance to the business, procurement and other stakeholders to ensure requirements of VRM are fully understood Support development and execution of a robust communication and training plan to facilitate the effective application and awareness of VRM Monitor risk findings, remediate resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoring Contribute to development of terms and security specific contract language and security clauses related to risk mitigation Perform data analytics & reporting activities. Provide & maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities. Stay informed about the latest developments in the vendor risk management field Improve awareness of operational risks faced by Business from vendor failure/poor performance and work with Strategic Sourcing/Legal/Business to mitigate any losses through vendor compensation achieved through establishment of robust contracts What you'll be part of - our Deloitte Global Culture: At Deloitte, we expect results. Incredible—tangible—results. And Deloitte Global professionals play a unique role in delivering those results. We reach across disciplines and borders to serve our global organization. We are the engine of Deloitte. We develop and implement global strategies and provide programs and services that unite our network. In Deloitte Global, everyone has opportunities. We see the importance of your perspective and your ability to create value. We want you to fit in—with an inclusive culture, focus on work-life fit and well-being, and a supportive, connected environment; but we also want you to stand out—with opportunities to have a strategic impact, innovate, and take the risks necessary to make your mark. Who you'll work with: Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in "what is" but rather "what can be" to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived. Qualifications: Required At least 3 years of Information Security, Risk Assessment or IT audit experience Working familiarity with Vendor Risk Assessments and production of Risk Analysis Reports Experience in management of vulnerability and/or risk remediation Specific knowledge of and experience with applicable concepts and methodologies such as continuous quality improvement and auditing experience Deep familiarity with risk assessments and threat models Strong familiarity with ISO27000 standards and ISO27002 controls standards Experience with Archer, ServiceNow or another industry standard enterprise Vendor Risk Assessment solution Strong knowledge and working understanding of information security legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard Strong working familiarity with common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework Working familiarity with the NIST 800-30 standard for Risk Assessment Education Bachelor’s degree: preferably in an information technology-related field of study, or equivalent years of experience required Preferred: At least 5 years of Information Security, Risk Assessment or IT audit experience Experience working in Cyber Risk, Business Risk Management, Operational Risk, Internal Audit, and/or Controls related function Familiarity with application, server, and network security Professional IT or Security Management certification One or more of CISA or CRMA, CISSP, CCSP, CISM, GIAC certifications How you'll grow: Deloitte Global inspires leaders at every level. We believe in investing in you, helping you embrace leadership opportunities at every step of your career, and helping you identify and hone your unique strengths. We encourage you to grow by providing formal and informal development programs, coaching and mentoring, and on-the-job challenges. We want you to ask questions, take chances, and explore the possible. Benefits you'll receive: Deloitte’s Total Rewards program reflects our continued commitment to lead from the front in everything we do — that’s why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being needs. We provide the benefits, competitive compensation, and recognition to help sustain your efforts in making an impact that matters. Corporate citizenship: Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 304278

Required Skills and Qualifications Proven experience using Splunk SIEM, including the ability to analyze prepared use cases, contribute to the creation of custom dashboards, and fine-tune false positive alerts. Good knowledge of SIEM architecture. Excellent skills in email security incident handling, including investigating phishing emails and providing verdicts, as well as basic knowledge of Office 365 Email Exchange. Experience with CrowdStrike EDR for security monitoring and threat detection, along with static and dynamic malware analysis and interactive sandbox report analysis capabilities. ITIL tool experience, particularly with Service-Now. Exposure to firewall and WAF log analysis. Strong knowledge of security SOP creation and maintenance. Basic knowledge of file integrity monitoring. Understanding of security compliance frameworks such as PCI and NIST. Basic understanding of vulnerability management and experience with tools such as Rapid7 and Nessus. Experience with cloud security monitoring, including AD risky detections and Defender for Cloud. Excellent communication and presentation skills. Commitment to continuous learning and professional development. Flexibility to work shifts from 1 PM to 10 PM and 3 PM to 12 AM. Key Responsibilities Pursue specialization in specific areas of security operations, such as threat hunting, malware analysis, or digital forensics, through targeted training and hands-on experience. Utilize Splunk SIEM and CrowdStrike EDR tools to monitor, detect, and respond to security incidents. Develop and execute security monitoring strategies and initiatives, working closely with the SOC management team to align efforts with organizational goals. Create and maintain standard operating procedures (SOPs) to ensure consistent and effective security operations. Support Monitoring Team to take remote session with user for troubleshooting the user machines to remove malware. Lead the preparation and delivery of weekly presentations to provide executive-level insights into SOC operations, including key metrics, trends, and emerging threats. Take ownership of false positive report preparations, ensuring accurate identification and documentation of false positives to improve detection and response capabilities. shift-leading capabilities, managing SOC operations during assigned shifts, including supervision of GET/Associate Security Analysts and coordination of incident response activities. Collaborate with the Security Specialist team on high-priority security incidents, providing expertise and assistance as needed to facilitate incident resolution. Flexible to Provide support to 24/7 L1 Monitoring shift members. Show more Show less

Since our launch in 2015, we’ve lent over £10bn to ambitious entrepreneurs up and down the UK. That’s led to the creation of over 40,000 new jobs and over 29,000 new homes – and we’re not about to stop there. We’re dedicated to helping trailblazing businesses’ thrive and our Finance team are the drivers of our growth. As an IT and Cyber Security Auditor , you will be responsible for planning, executing, and reporting on a wide range of audits covering IT security, business automation, cloud infrastructure, and digital transformation across OakNorth Bank plc. You will provide independent assurance to senior management that the Bank’s technology environment—including its growing use of Generative AI—is secure, resilient, and well-governed. This role also includes guiding the Bank’s responsible adoption of Generative AI (GenAI) technologies while helping build capabilities within the Internal Audit team, including mentoring and developing junior staff members. This is a fantastic opportunity to join a fast-paced, growing bank with a reputation for doing things differently. We don’t want another cog in the machine, we’re looking for self-starters and bold thinkers who want to pave their own career paths. Are you ready to step up to the challenge? Key Responsibilities: Lead and Deliver Audits : Plan, execute, and report IT and cyber security audits covering ITGCs, cloud (AWS/Azure), networks, data protection, automation, and digital transformation initiatives. Manage audits independently or with co-sourced partners, ensuring end-to-end delivery. Support GenAI Risk Assurance : Assess risks and controls related to the Bank’s adoption of Generative AI—covering governance, data integrity, ethical usage, access controls, and operational safeguards. Leverage GenAI tools to enhance audit execution and insight generation. Evaluate Cybersecurity and Resilience : Review threat detection capabilities, cybersecurity controls (e.g., IAM, DLP, IDS/IPS), and response readiness. Challenge business continuity, disaster recovery, and incident response plans, including backup processes and RPO/RTO targets. Stakeholder Engagement and Reporting : Provide clear, actionable reporting to senior management and collaborate with Technology, Risk, and Operations teams to strengthen control environments and drive improvements. Team Development and Methodology Improvement : Guide, coach, and mentor junior auditors; contribute to the evolution of IT audit methodology to reflect emerging technologies, risks, and regulatory expectations. What We’re Looking For: Must-Haves: Overall experience of 8 years with Minimum 3 years of experience in IT audit or cyber risk, ideally within banking, fintech, or a Big 4 advisory firm. Degree in Information Technology, Computer Science, or a related field with a strong academic record. At least one globally recognized IT audit/security certification (e.g., CISA, CISSP, ISO 27001 LA); Familiarity with GenAI use cases and associated risks in an enterprise setting. Strong understanding of frameworks like NIST, ISO 27001, COBIT, COSO, and ITIL. Experience using GRC tools and a passion for applying technology in audit work. Preferred Traits: High drive and bias for action—brings energy and momentum to audit delivery. Clear and structured communicator who simplifies complexity and delivers insights. A collaborative leader who uplifts others—coaches, mentors, and supports junior colleagues. Operates with integrity and directness—“say it as it is” mindset. Trusted and respected by peers and stakeholders at all levels of the organization. Fast learner and problem-solver who thrives in a changing environment. ₹0 - ₹0 a year Benefits & Perks: Equity. We want people to have a stake in the business so that all our interests are aligned Health Insurance for employee and dependents Wellbeing and social events Support causes that matter to you – Volunteering time off

Close date: Wednesday, 30 July 2025 Working pattern: Full time Contract Type: Permanent Location: Gurgaon (SEZ1) Department: 13 - 13 Security Description & Requirements: Bravura’s Commitment and Mission At Bravura Solutions, collaboration, diversity and excellence matter. We value your ideas, giving you room to be curious and innovate in an exciting, fast-paced, and flexible environment. We look for many different skills and abilities, as well as how you can add value to Bravura and our culture. As a Global FinTech market leader and ASX listed company, Bravura is a trusted partner to over 350 leading financial services clients, delivering wealth management technology and products. We invest significantly in our technology hubs and innovation labs, which inspire and drive our creative, future-focused mindset. We take pride in developing cutting-edge, digital first technology solutions that support our clients to achieve financial security and prosperity for their customers. About The Team/Project The Information Security Officer is responsible for supporting the implementation and operation of the organisation's Information Security Management System (ISMS) within their region. This role will support security risk management, policy compliance, audits (internal, external and client), training and awareness, supply chain risk, and support security operations in incident management. As a Managed Service Provider (MSP) and data processor for clients, the analysts will enable security controls aligning with client contractual obligations, regulatory requirements, and industry best practices. The analyst will work closely with global security leadership, regional stakeholders and clients to address both internal and client-specific security challenges What You’ll Do The position is within the Information Security team. Main activities will include but are not limited to: Internal Audit & Assurance: Support the implementation and operations of the ISMS within the region. Support alignment with global security policies and regulatory requirements including ISO27001, SOC2 type II and PCI-DSS. Support continuous assessment and improvement of security controls and processes. Information Security Risk Management Support, identify, assess, and mitigate security risks. Maintain the risk register and track remediation activities. Provide risk-based guidance to business units, IT teams, and client-facing operations. Information Security Policy & Standards Ensure compliance with corporate security policies, frameworks, and client-specific security mandates. Develop and enforce security standards and client requirements. Input into periodic reviews and updates to security policies to align with evolving requirements. Information Security Audit & Compliance Support internal and external security audits, ensuring timely remediation of findings. Provide security assurance to clients by responding to security questionnaires and participating in client audits. Coordinate with service delivery teams to meet client-specific obligations. Monitor and report on security posture, client security commitments, and compliance status. Information Security Training & Awareness Support the delivery of security awareness programs Support phishing exercises and other training initiatives to enhance security culture. Collaborate with HR and other departments to ensure security education is embedded in employee onboarding and ongoing training. Supply Chain Risk Management Support the assessment and management of security risks associated with third-party vendors and suppliers. Support security requirements are included in vendor contracts and SLAs. Enable regular security assessments of critical suppliers, considering the impact on client services. Security Operations & Incident Management Support Assist in managing and responding to security incidents within the region, to ensure rapid containment and remediation. Work with the Security Operations team to protect both internal and client environments. Support post-incident reviews and contribute to continuous improvement in incident handling, including lessons learned for client operations. Qualifications and Experience Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). 3+ years of experience in an information security role, preferably with regional oversight in an MSP or data processing environment. Good understanding of ISO27001, NIST, GDPR, and other security and data protection frameworks. Experience in security risk management, audits, compliance, and client security assurance. Knowledge of security operations, incident response, and managed security services. Familiarity with supply chain security and third-party risk management. Good communication and stakeholder management skills, with experience working with clients on security matters. Ideally security certifications such as CISSP, CISM, or CRISC are preferred. Working at Bravura Our people are the heart of our business. We work hard to provide a rich employee experience and a robust framework for ongoing career development. Competitive salary and employee benefits scheme. Flexible working hours, we value work-life balance. Maternity/ Parental (including secondary) leave policy. Cab facility available in Delhi/NCR. Meal facility available Free Medical Insurance So, what’s next? We make hiring decisions based on your experience, skills and passion so even if you don’t match every listed skill or tick all the boxes, we’d still love to hear from you. Please note that interviews are primarily conducted virtually and if you require any reasonable adjustments or would like to note which pronouns you use, please let us know. All final applicants for this position will be asked to consent to a criminal record and background check. Please note that people with criminal records are not automatically barred from applying for this position. Each application will be considered on its merits. Youtube Video

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology. Position: Sr. Information Security Analyst Grade: IT3 Location: Noida/Bangalore Job Description: Key Responsibilities Led and implement security architecture and solutions to safeguard enterprise systems, networks, and data. Conduct vulnerability assessments, penetration testing, and risk assessments to identify and mitigate security threats. Develop and enforce security policies, procedures, and best practices to ensure compliance with internal standards and industry regulations. Collaborate with cross-functional teams to design secure systems and provide guidance on secure coding practices and vulnerability management. Continuously monitor the security landscape for new threats and ensure proactive defense mechanisms are in place. Required Skills & Qualification Hands-on experience in securing corporate environment. Hands-on experience in security frameworks (NIST, ISO 27001, CIS) and experience with risk management and compliance Hands-on experience securing Windows (Workstations and Servers), Linux (Workstations and Servers), and Mac Hands-on experience conducting risk management by identifying gaps and providing strategies for mitigation. Hands-on experience documenting vulnerability assessment results in a clear and actionable format. Expertise in network security, firewalls, IDS/IPS, and security monitoring tools such as SIEM Proficiency with cloud security technologies (AWS, Azure, GCP) and securing cloud-based infrastructure. Experience with incident response, forensics, and managing security incidents from detection to resolution. Determines security violations and inefficiencies. Knowledge of mergers and acquisitions Experience: Should have relevant experience of at least 6-10 years. Qualification: Engineering (Computers, Electronics, IT) or equivalent We’re doing work that matters. Help us solve what others can’t.

About The Role Grade Level (for internal use): 13 S&P Global Ratings The Role : Director, Application Operations, SRE (Site Reliability Engineering) The Team : This team is part of the global SRE group that provides Site Reliability Engineering Services for the critical applications used by the analysts for conducting the business. Application Operations team is responsible for the Stability (Uptime), Reliability (Quality & Performance) and Engineering of these applications to improve business outcomes, user experience and efficiencies. The Team operates at the intersection of IT operations and software development, ensuring that our services are not only robust but also agile enough to adapt to the ever-evolving business needs. Impact and Responsibilities : The Impact of this role extends far beyond the immediate team. You will be instrumental in shaping the reliability and performance standards of our critical applications, ensuring they meet the highest benchmarks. By driving advancements in automation and cloud technologies, you will contribute significantly to the organization's strategic goals and toil reduction, enhancing both the user experience and operational efficiency. You will nurture the team members to be the best-in-class by upskilling and cross-skilling. General & Team Management Ensure the team balances its focus between daily operational tasks and strategic long-term projects Drive the adoption of new technologies and processes through training and mentoring Lead/Mentor/Guide/Coach and transform a team of Application Operations to SRE’s Create/maintain documentation for systems and processes to ensure continuity and knowledge sharing within the team. Adoption of Gen AI to leverage knowledge repository Collaborate with cross-functional teams to ensure seamless integration and support for new technologies and initiatives Oversee daily operations and ensure the shifts are adequately managed Set the roadmap; derive goals for each team member; review, motivate and support to make them successful Stability Build a SRE practice that improves system stability with Monitoring & AIOps. Avert P1/P2 incidents and minimize business impact Analyze system vulnerabilities, SPOFs and address them proactively to improve stability Refactor monolithic apps and databases to containerized services to improve delivery/scale Work with business users to understand needs, issues, develop root cause analysis and work with the cross functional teams to address them permanently Reliability Monitor system performance and create strategies to improve it Reduce the number of incidents and the time taken to resolve them (MTTR) Develop and implement disaster recovery plans to ensure business continuity Lead DevOps transformation to improve the delivery of value to business, reduction of costs & manual errors, increased velocity of releases and improved config management Engineering Involvement in Architecture and Development design reviews (Shift-left) for new implementation and integration projects to build SRE best practices into the SDLC Continuously look for opportunities to automate tasks, simplify processes, Self-service to reduce the toil Value Stream Alignment While alignment as horizontal lead is expected to begin with, it’s expected that you also handle the role of a SRE value stream lead going forward. Ensure smooth inter-working with value streams (VS) to meet the objectives & realize value Foster a 2-way knowledge sharing with VS and reduce dependency on SRE Help shepherd VS to improve SRE maturity levels; implement & prioritize best practices like monitoring, post-mortem, toil reduction, retrospectives etc. Application to User Journey orientation and transformation What’s In It For You In this role, you will have the opportunity to collaborate with a diverse and talented team, working on cutting-edge technology solutions to drive efficiency and innovation within the organization. You will be at the forefront of implementing best practices in site reliability engineering, with a strong emphasis on automation, cloud technologies, and performance optimization. You will interface with the value stream leads to improve the SRE practices and maturity levels within the value streams. Basic Qualifications What We’re Looking For: Bachelor’s degree in computer science or equivalent is required, or in lieu, a demonstrated equivalence in work experience 15+ years of experience in Information Technology domain including cloud, systems & database administration, networking, performance, and application operations Proven experience in IT Operations and/or Site Reliability Engineering, successful handling of Application Operations in a complex IT setup Manage Multi-cloud (AWS/Azure) environments Engineering and implementing proactive monitoring of applications, infrastructure & databases. Engineering automation to self-heal and mature towards AIOps Manage, innovate, and create processes, software and tools that continuously improve the availability, reliability, scalability, latency and efficiency of platforms Engineer Self-service portals, Scalable platforms and repeatable processes that allow product teams to own the entire life cycle of their products, reducing the SRE dependency Excellent communication skills with experience in managing, coaching, and building highly effective teams. Manage and inspire a team of full stack Site Reliability Engineers across regions and time zones, emphasizing collaboration and efficiency. Establish relationships with business teams & other IT partners. Identifying and measuring KPIs like CSAT/NPS scores, establishing feedback channels which have a direct correlation to UX Cost management through forecasting consumption, budgeting, tagging assets & tracking cost, disposing unused allocations & right sizing, optimizing usage & correlating cost to business value Establish incident & defect review process to help guide and continually improve stability of applications Shapes and leverages advanced conceptual thinking to solve complex and/or completely new or novel situations that have never been dealt with before. Actively pursues innovative solutions that align with the company’s tolerance for risk (business and reputational) Looks at external companies, products and capabilities and how they may accelerate Ratings technology initiatives Preferred Qualifications Experience in application & data architecture, system design, algorithms, data structures, complexity analysis, and software design Ability to architect high availability application and servers on cloud adhering best practices. Ability to perform technical deep-dives into code, networking, systems, databases and storage configuration Experience working in Agile software product development Experience working with stakeholders and collaborating across organizational boundaries. Configuration management, automation of patching, threat and vulnerability management, security monitoring, network security, endpoint security, cloud application and data security Awareness of security frameworks like NIST to address technology, information and resilience risk, information security and risk management Support & transform ITSM process – Incident, Change & Problem management to align with DevOps maturity About S&P Global Ratings At S&P Global Ratings, our analyst-driven credit ratings, research, and sustainable finance opinions provide critical insights that are essential to translating complexity into clarity so market participants can uncover opportunities and make decisions with conviction. By bringing transparency to the market through high-quality independent opinions on creditworthiness, we enable growth across a wide variety of organizations, including businesses, governments, and institutions. S&P Global Ratings is a division of S&P Global (NYSE: SPGI). S&P Global is the world’s foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help many of the world’s leading organizations navigate the economic landscape so they can plan for tomorrow, today. For more information, visit www.spglobal.com/ratings What’s In It For You? Our Purpose Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress. Our People We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference. Our Values Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global. Our Benefits Include Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference. For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries Global Hiring And Opportunity At S&P Global At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. S&P Global has a Securities Disclosure and Trading Policy (“the Policy”) that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policy’s requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy. Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf 10 - Officials or Managers (EEO-2 Job Categories-United States of America), IFTECH103.2 - Middle Management Tier II (EEO Job Group) Job ID: 314557 Posted On: 2025-06-04 Location: Hyderabad, Telangana, India Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. JD 2 – Risk Consulting - Protect Tech – Senior (IT audit – General skills) No. of positions (India): 4 Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Summary Position Summary Job title: Third Party Cyber Risk Services- Consultant (Solution Delivery Associate) About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk We help organizations create a cyber-minded culture, reimagine risk to uncover strategic opportunities, and become faster, more innovative, and more resilient in the face of ever-changing threats. We provide intelligence and acuity that dynamically reframes risk, transcending a manual, reactive paradigm. Third Party Risk Management (TPRM) capability is part of the wider Cyber & Strategic Risk portfolio within Deloitte Risk and Financial Advisory. The TPRM team is focused on helping our clients identify and manage the cyber risks arising from their association with third parties or service providers. We help our clients to define their overall third-party cyber risk strategy, design and implement enterprise-wide programs and technology that focus on identifying and reducing risks; help them evaluate their priorities, strengths and weaknesses and roll out large scale organizational changes to achieve goals. Work you’ll do The key job responsibilities will be to: Perform ongoing third-party cyber risk assessments to help clients identify and evaluate complex business and technology risks related to their third parties, and provide recommendations for managing those risks Provide periodic status updates including potential risks and delays to the project delivery to project manager and client Assist in the selection and tailoring of third-party cyber risk management approaches, methods and tools to support delivery of third-party cyber risk assessment services Required Skills 2 to 3 years of relevant experience in information security Good understanding of information security and risk frameworks/standards (ISO 27001/2, NIST 800 series, PCI-DSS, etc.) Demonstrate knowledge of key risk areas such as cyber risk, compliance risk and regulatory risk Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management Security Policies and Procedures Application Security Controls Access Controls Network Security Operations Security Architectures Identity Management Disaster Recovery & Business Continuity Incident Response Risk Management Privacy and Data Protection Encryption Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing Excellent verbal and written communication skills Excellent inter-personal skills Preferred Skills CISSP/CISA (or equivalent) Good understanding of legal and regulatory requirements around information security and data privacy, such as OCC Bulletin 29, FFIEC, HIPAA Security/Privacy, etc. Prior consulting experience Experience with internal controls, risk assessments, business process, and internal IT control testing or operational auditing Qualification Bachelor’s/ Master’s degree in information technology or related field Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 301301 Show more Show less

Job Summary The AIML Security Risk Assessment Specialist will play a critical role in validating reports and making final risk assessments for AIML models used in various business applications and use cases. This role will work closely with the Digital Risk Management Portfolio team to ensure the security and integrity of AIML models, use case along with applications. Key Responsibilities 1. Risk Assessment: understand the business requirement, finalise the scope and perform end to end risk assessment. 2. Validate reports from various sources and make final risk assessments for AIML models, considering factors such as data quality, model performance, and potential security threats. 3. Conduct Security Risk assessment for GenAI models, tools, and platforms risk assessment. 4. Perform in-depth risk assessments of GenAI systems and associated data pipelines, both internally developed and third party. 5. Evaluate the risk profile of different model architectures (e.g. transformer-based LLMs, multimodal models) and deployment types (cloud, edge, open-source, API-based) 6. AIML Model Review: Review AIML models for potential security vulnerabilities, including data poisoning, model evasion, and adversarial attacks. 7. Report Analysis: Analyse reports from AIML model testing and validation teams to identify potential security risks and provide recommendations for mitigation. 8. Risk Classification: Classify risks associated with AIML models and provide recommendations for risk mitigation and remediation. 9. Collaboration: Work closely with cross-functional teams, including data science, engineering, and security, to ensure secure AIML system development and deployment. 10. Review AIML use cases and provide assurance/feedback/confirmation on feedback. 11. Reasonable understanding on LLM security, Agentic and RAG security Required Skills 1. AIML Fundamentals: Strong understanding of AIML concepts, including machine learning, pipelines, model architecture deep learning, and natural language processing. 2. Secure software development and MLOps (DevSecOps Principles) 3. Hands-on experience with GenAI toolkits and APIs (e.g. OpenAI, Claude,Bard,LLaMA, Hugging face transformers. 4. Security Expertise: Experience with security risk assessment, threat modelling, and vulnerability management. 5. Analytical Skills: Excellent analytical and problem-solving skills, with the ability to interpret complex data and reports. 6. Communication: Strong communication and collaboration skills, with the ability to provide clear and concise recommendations. 1. Experience with AIML Security Frameworks: Familiarity with AIML security frameworks and guidelines Gartner / NIST 100 / ISO 42001 2. Knowledge of Regulatory Requirements: Understanding of regulatory requirements, such as GDPR, HIPAA, or CCPA. 3. Experience with Risk Management: Familiarity with risk management frameworks and methodologies, such as NIST or ISO 27001, ISO 31000. 4. Experience overall in Information & cyber security domain 5. Understanding of BFSI domain so that terms like DPSC, payments ecosystem, API banking, Cloud, IAM, application security etc in context of risk assessment and management. Education and Experience 1. Bachelor's or Master's degree in Computer Science, Information Security, or related field. 2. Minimum 12 years of experience with 2-3 years of experience* in AIML / GenAI security, risk management, or related field. 3. CISA, CISM or at least AIML security certification This job description highlights the key responsibilities and required skills for an AIML / GenAI Security Risk Assessment Specialist role. The focus is on validating reports, making final risk assessments, and providing recommendations for risk mitigation and remediation. Show more Show less