3740 Nist Jobs - Page 16

Flawit InfoSec Services Flawit InfoSec Services is a cybersecurity firm delivering comprehensive, end-to-end security solutions to enterprises, startups, and government organizations. Our core expertise includes vulnerability assessment and penetration testing (VAPT), red teaming, security operations center (SOC) implementation, risk and compliance advisory, cloud and DevSecOps security, identity and access management (IAM), and more. With a client-first approach, our certified professionals apply global frameworks like OWASP, NIST, and MITRE ATT&CK to secure digital environments and build long-term resilience against evolving threats. Role – Penetration Tester (On-site, Nashik) We are looking for a skilled Penetration Tester to join our team and lead offensive security engagements across diverse environments. The role involves simulating real-world attacks, identifying security flaws, and helping clients strengthen their cybersecurity posture through hands-on testing and tailored recommendations. Key Responsibilities: Conduct detailed vulnerability assessments and penetration tests on web applications, mobile apps, APIs, networks, wireless environments, cloud infrastructure, and thick client systems Perform red teaming exercises, social engineering assessments, and adversary simulations Reverse engineer malware and binaries to identify behavior and possible countermeasures Conduct secure code reviews to detect logic flaws, insecure implementations, and potential backdoors Prepare in-depth technical and executive reports, outlining vulnerabilities, impact, and remediation strategies Communicate findings to internal teams and client stakeholders, and support remediation discussions Develop custom scripts and tools to automate or enhance testing methodologies Stay updated with emerging threats, vulnerabilities, and attack vectors through continuous research Required Skills and Qualifications: Proven experience in web and mobile application penetration testing (OWASP Top 10, API Security) Proficient in tools such as Burp Suite, Metasploit, Nmap, Nessus, Nikto, sqlmap, Wireshark, and Dirbuster Understanding of red team operations, adversary tactics, and MITRE ATT&CK framework Hands-on knowledge of reverse engineering and malware analysis Familiarity with cloud platform security (AWS, Azure, GCP) and DevSecOps pipelines Good understanding of network protocols, operating system internals, and scripting languages (Python, Bash, PowerShell) Ability to write detailed documentation and deliver concise, clear reports to technical and non-technical audiences Bachelor's degree in Cybersecurity, Computer Science, or a related field Relevant certifications are a plus (OSCP, OSEP, OSCE, CRTP, eJPT, CEH, etc.)

Senior Cyber Security Partner Location: Hybrid at Bengaluru, Karnataka, India Experience - 6-11 years Roles and Responsibilities Collaborate closely with cross-functional teams to integrate security practices into the product lifecycle, ensuring robust application security. Lead efforts in threat modeling, risk analysis, and security code reviews to discover and mitigate vulnerabilities early in the development process. Develop and enforce security guidelines and standards to enhance overall product security, staying updated with the latest security technologies and trends. Design and implement security architectures that align with industry best practices and organizational requirements, ensuring scalable and secure applications. Act as a subject matter expert in security architecture, providing strategic guidance and mentorship to the junior team members and stakeholders. Drive incident response initiatives and coordinate with relevant teams to swiftly address and remediate security incidents, ensuring minimal disruption to operations. Promote a security-first culture within the organization by leading security training and awareness programs. Engage with external partners and vendors to evaluate and integrate third-party security solutions as needed. Required Qualifications Bachelor’s degree in Computer Science, Information Technology, or a related field. Minimum of 8 years of experience in cyber security, with a focus on application security and security architecture. Proficiency in conducting threat modeling, vulnerability assessments, and security audits. Strong knowledge of security standards and protocols such as OWASP, NIST, and ISO 27001. Experience designing secure applications in cloud-based environments, with knowledge of at least one major cloud provider (AWS, Azure, GCP). Strong problem-solving skills and the ability to work under pressure to address security challenges effectively. Excellent communication skills to articulate complex security concepts to non-technical stakeholders. Certifications such as CISSP, CISM, or CEH are strongly preferred. Key Responsibilities Partner with engineering teams to enhance product security features and foster a secure software development lifecycle (SDLC). Oversee the development and implementation of security solutions to protect information systems and infrastructure from cyber threats. Conduct ongoing security research and vulnerability scans to identify and remediate potential security weaknesses. Prepare and present detailed security findings and reports to executive management, facilitating informed decision-making. Lead the security incident management process, coordinating response efforts and post-incident analyses to prevent future occurrences. Evaluate, recommend, and leverage advanced security tools and technologies to enhance security posture. Maintain compliance with relevant legal, regulatory, and organizational standards and practices.

You will be joining LSEG, a leading global financial markets infrastructure and data provider, with a purpose to drive financial stability, empower economies, and enable sustainable growth. The core values of Integrity, Partnership, Excellence, and Change shape the culture at LSEG, guiding decisions and actions every day. As part of a diverse workforce comprising 25,000 individuals across 65 countries, your individuality will be valued, allowing you to contribute your true self to enrich the organization. At LSEG, you will be immersed in a collaborative and innovative environment that fosters new ideas and prioritizes sustainability in its global operations. You will play a crucial role in reshaping the financial ecosystem to support sustainable economic growth, with a focus on accelerating the transition to net zero, promoting the green economy, and creating inclusive economic opportunities. Your role will involve working closely with key stakeholders in Third Party Risk Management, Security Architecture, and Governance teams to ensure compliance with controls when onboarding new vendors. Collaborating with risk teams, you will develop and maintain risk profiles for key LSEG third parties. Additionally, you will be responsible for conducting security impact assessments of third-party suppliers, producing detailed reports, and providing guidance on Cyber Security Minimum Requirements. Furthermore, you will lead Application Health assessments for designated applications, liaising with Application Owners to understand assessment outcomes and support remediation efforts. Your contributions will extend to providing advice on Cyber Security Third Party Risk to business stakeholders, participating in internal Cyber Security forums, and enhancing risk management controls within the organization. In this Individual Contributor role, you will report to the Senior Manager and be viewed as a trusted partner within a "high support and high challenge" relationship. Your critical responsibilities will include ongoing third-party security assessments, management of third-party schedules, and aligning best practices for cyber security with Group Third Party Risk Management. Your role will also involve contributing to the collection, reporting, and management of Key Risk Indicators (KRIs) and Management Information (MIs). You will play a key part in developing feedback on thematic areas resulting from Application Health assessments to be addressed by Cyber and Engineering leadership. At LSEG, you will have the opportunity to be part of a forward-thinking organization that is dedicated to promoting diversity, inclusion, and sustainable growth. In addition to a competitive benefits package, LSEG offers tailored support including healthcare, retirement planning, paid volunteering days, and wellbeing initiatives.,

IT Security Manager Job Location : Karapakkam OMR, Chennai. Key Responsibilities : To assist the IT Security Head in the following : Establish and maintain IT control environment and framework. Develop and maintain IT Policies. Communicate the IT control framework and IT objectives and direction. Ensuring legal, contractual, policy & regulatory requirements from an IT Security perspective are met across the Infrastructure landscape. Report, Monitor & review compliance of IT activities with IT policies, plans and procedures. Proactive review and update of existing IT policies, plans and procedures in response to compliance requirements and implementation of new IT Policies, plans & procedures. Enable IT reporting on regulatory requirements with similar output from other business functions. Risk : To assist the IT Security Head in the following : Periodic monitoring and mitigate of risks associated with IT. Security Management To assist the IT Security Head in the following : Review, maintain and update IT security plan. Review and conduct regular vulnerability assessments and close noticed gaps. Work with the Applications team in maintaining a high level of application and user security in-line with security policies. Work with the IT Infrastructure team to maintain a high level of IT Infrastructure and user security in-line with security policies. Skill Requirements Understanding on IT Security and compliance standards like ISO 27001, NIST Guidelines, CISSP security framework and risk management framework. Hands on Experience in doing information security audits and Risk assessments. Experience in implementing information security policies and procedures for the organization. Expertise in monitoring compliance with information security policies and procedures, while jointly working to solve the problems with the appropriate Domain Leads. Expertise in monitoring the defined internal control systems to ensure that appropriate access levels are maintained. Good understanding on disaster recovery and experience in driving DR Drills. Qualifications : B. E / : CISSP /CISA / ISO27001 certification. Experience Essential : 10+ Years of experience in IT Infra & IS Domains. Experience in creating IT security controls. At least 2 yrs experience in working in a Cloud environment. At least 3 year of work experience in a Manufacturing company. Desirable 1+ year of relevant experience as IT Security manager. Work Experience as Inf Security Auditor in at least 1 project. Experience in SAP environment would be an added advantage. ITIL certification. (ref:hirist.tech)

Job Title : Senior Cyber Security Delivery Specialist. Job Location : Hyderabad. Experience : 5 + years. Responsibilities Implement data classification and labelling to categorise and protect sensitive information using Microsoft Purview. Define, design and implement data governance policies using Microsoft Purview. Review policies, generate insights and ensure that data governance practices are effective prior to making recommendation for policy enforcement. Support training of SecOps, GRC and Pilot users as required. Collaborate with cross-functional teams within and outside of technology. Provide guidance on data protection, privacy, and security best practices. Stay up to date with the latest security trends, threats, and technologies to continuously improve the organisation's security posture. Development of project documentation and handover to operations teams. Assist in the evaluation of solutions or security tools and technologies for projects assigned. Experience Minium of 5 years work experience in a Security Analyst/ Delivery role. A minimum of 2 years of work experience delivering Cyber projects. Experience implementing MS Purview from end to end (labelling, policy design, policy enforcement). Ability to think laterally and strategically with a solution focused approach. Ability to deliver to scope, schedule and budget. Experience managing own work and prioritising workload to meet deliverables. Experience working with both technical and non-technical stakeholders. An understanding of how data is protected at rest and in transit. Knowledge of information security frameworks (NIST, ISO27001, PCI-DSS, SOC). Experience implementing or operating Password Management, API Observability, Honey Tokens or Application Whitelisting tools will be highly regarded. About Softobiz Innovation begins with like-minded people aiming to transform the world together. At Softobiz, we invite you to become a part of an organization that has been helping clients transform their business by fusing insights, creativity, and technology. With a team of 300+ technology enthusiasts, we have been trusted by leading enterprises around the globe for over 12+ years. At Softobiz, we foster a culture of equality, learning, collaboration, and creative freedom, empowering our employees to grow and excel in their careers. Our technical craftsmen are pioneers in the latest technologies like AI, machine learning, and product development. Why Should You Join Softobiz ? Work with technical craftsmen who are pioneers in the latest technologies. Access training sessions and skill-enhancement courses for personal and professional growth. Be rewarded for exceptional performance and celebrate success through engaging parties. Experience a culture that embraces diversity and creates an inclusive environment for all employees. (ref:hirist.tech)

About The Company TSC Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications We are seeking a highly skilled L3 Cloud Engineer specializing in Microsoft Azure Cloud Service Provider (CSP) environments. The ideal candidate will have deep expertise in Azure cloud architecture, automation, security, and troubleshooting, as well as experience in managing enterprise-scale cloud deployments. This role requires advanced problem-solving skills, infrastructure automation expertise, and the ability to lead technical projects and mentor junior engineers. The L3 Cloud Engineer will be responsible for architecting, implementing, and maintaining complex Azure environments, providing technical escalation support, and working on cloud automation, optimization, and security initiatives. Major Duties & Responsibilities Azure Cloud Infrastructure Design & Operations: Architect, deploy, and maintain highly available and scalable Azure cloud environments. Optimize and manage Azure services such as Azure Virtual Machines (VMs), Virtual Networks (VNet), Azure Active Directory (AAD), Azure Kubernetes Service (AKS), Load Balancers, App Services, and Storage Accounts. Implement Azure Landing Zones and best practices for multi-subscription governance using Azure Policy, Management Groups, and Azure Blueprints. Optimize networking and connectivity between Azure services, on-premises infrastructure, and hybrid cloud solutions. Ensure high availability, disaster recovery (DR), and business continuity strategies using Azure Site Recovery (ASR) and Backup. Automation & Infrastructure As Code (IaC) Automate Azure infrastructure provisioning using Terraform, Bicep, ARM Templates, or Ansible. Develop PowerShell, Azure CLI, or Python scripts for cloud automation. Implement and optimize CI/CD pipelines using Azure DevOps, GitHub Actions, or Jenkins. Automate patching, configuration management, and compliance enforcement using Azure Automation, Log Analytics, and Desired State Configuration (DSC). Security, Compliance & Governance Implement Azure security best practices, including Role-Based Access Control (RBAC), Managed Identities, and Conditional Access Policies. Monitor and secure Azure environments using Azure Security Center, Microsoft Defender for Cloud, Sentinel (SIEM), and Azure Firewall. Ensure compliance with ISO 27001, NIST, CIS, SOC2, HIPAA, and GDPR security frameworks. Implement identity federation, MFA, and Just-In-Time (JIT) privileged access for Azure resources. Monitoring, Troubleshooting & Performance Optimization Act as the final escalation point for Azure cloud-related incidents. Implement Azure Monitor, Log Analytics, and Application Insights for real-time monitoring and alerting. Troubleshoot networking, storage, and compute performance issues in Azure environments. Perform root cause analysis (RCA) and implement long-term solutions for service interruptions. Cloud Migration & Optimization Lead cloud migration projects, including Lift-and-Shift, Refactoring, and Re-platforming strategies. Optimize Azure resource allocation and cost efficiency using Azure Cost Management and Reservations. Implement hybrid cloud solutions with Azure ExpressRoute, VPN, and Azure Stack. Collaboration & Technical Leadership Work closely with DevOps, networking, security, and application teams to improve Azure environments. Mentor and provide technical guidance to L1 and L2 engineers. Participate in design and architecture reviews for cloud implementations. Create and maintain technical documentation, SOPs, and knowledge base articles.

Role : AI Governance Director Department : Legal, AI Governance Job Location : Bangalore/Mumbai Experience Range : 12+ Years Job Summary The AI Governance director at LTIMindtree will play a pivotal role in shaping and safeguarding the organization’s enterprise-wide AI Governance and Compliance Program. This position acts as a critical bridge between business, technology, cybersecurity, data privacy, and governance functions, ensuring that AI is deployed responsibly, ethically, and in alignment with global regulatory standards. This role will drive the development and continuous evolution of AI policies, conduct Responsible AI assessments, ensure regulatory compliance, and champion stakeholder education. By embedding Responsible AI (RAI) principles into the organization’s DNA, the officer will ensure LTIMindtree remains a trusted and forward-thinking leader in the IT services and consulting industry. This role owns the enterprise accountability framework for Responsible AI, with binding authority to enforce compliance. The role will mandate collaboration with various stakeholders and drafting standards, tool kits and frameworks required for Responsible AI adoption. The role will be responsible for championing adoption of governance practices by embedding controls into business workflows, driving cultural change, and measuring policy uptake across teams." Key Responsibilities 1) AI Compliance Strategy & Governance Design and lead the enterprise-wide Responsible AI governance framework adoption. Develop compliance roadmaps for AI/ML initiatives in collaboration with business and technical stakeholders. Collaborate and coordinate with business and IT leadership for governing AI Risk & Ethics governance. Be a part of and provide inputs to the AI governance board Define and institutionalize “AI risk appetite” and “compliance thresholds” for AI/ML deployments. As a part of the AI governance office charter manage the “enterprise-wide AI governance framework” aligned with EU AI Act, NIST AI RMF, OECD AI Principles, and other emerging regulations Implement, Manage and Govern the AI assurance framework 2) Policy Development & Implementation Map and maintain the regulatory landscape in line with the Responsible AI framework Draft and maintain AI-related policies, procedures, and controls across the organization. Work with AI governance office and maintain the Regulatory compliance Ensure AI governance aligns with internal policies and external standards like ISO, GDPR, HIPAA, AI regulations and client-specific requirements. Build and manage standard operating procedures (SOPs) and Tool kits for AI lifecycle management and risk controls. Collaborate and assist “InfoSec” to integrate AI compliance into “DevSecOps & MLOps pipelines” 3) Responsible AI framework implementation, governance & Oversight Manage and improvise the Responsible AI assessment frameworks tailored for AI use cases (e.g., bias, security, explainability, and related risks). Collaborate with Technology teams to assess AI models and recommend mitigations. Collaborate with Technology and Quality assurance teams to implement the Responsible AI testing framework Own and represent AI governance for internal and external audits Maintain AI risk register, including use case risk profiling and residual risk monitoring. Implement “AI audit mechanisms” (model monitoring, impact assessments) Institutionalize the AI impact assessments from AI inventory, Risk categorization and AI assurance assessments Ensure all AI systems adopt the AI impact assessment framework through the AI lifecycle Implement, Institutionalize and monitor AI system approval process 4) Regulatory Monitoring and Engagement Track and analyze global regulatory developments (e.g., EU AI Act, NIST AI RMF, OECD Guidelines, India’s DPDP Act). along with the Privacy office and AI governance office Map and maintain the regulatory landscape in line with the Responsible AI framework Act as liaison to legal and government affairs teams to assess impact of evolving laws. Engage with industry bodies (Partnership on AI, IEEE, ISO) to shape AI standards. Prepare compliance documentation and assist in regulatory or client audits involving AI. 5) Training and Culture Building Own the design and roll out of Responsible AI training modules across technical, business, and executive audiences. Promote awareness of AI ethics and responsible innovation culture across the organization. Drive change management and accountability culture through internal campaigns and workshops. Create “AI playbooks” and “AI tool kits” for AI Development, Deployment teams. 6) Client Engagement & Advisory Advise clients on “Responsible AI framework” and “AI governance framework”. Support pre-sales & proposals with AI governance insights. Collaborate with the Delivery excellence team and Project teams to ensure AI solutions meet client contractual and regulatory obligations. 7) Accountability & Enforcement Own end-to-end accountability for implementing the Responsible AI framework, AI Governance, AI assurance, AI Literacy, Responsible AI toolkit adoption, AI risk management and AI compliance breaches. Escalate AI deployments failing risk/compliance thresholds and escalate to the AI governance office/AIGB. 8) Adoption & Change Management Drive **enterprise-wide adoption of Responsible AI practices, AI policies, responsible AI impact assessments through: AI impact assessments Mandatory compliance gates** in AI project lifecycles (e.g., ethics review before model deployment). Integration with existing workflows** (e.g., SDLC, procurement, sales). Define and track **adoption KPIs** (e.g., "% of AI projects passing RAI audits"). Key Competencies Domain: Strong understanding of Responsible AI framework and AI governance Domain: Understanding of AI regulations (EU AI Act, NIST RMF), AI ethics Technical: AI/ML lifecycle, MLOps, XAI, AI security, Agentic AI, GRC tools Technical: AI systems assessments and defining assessment parameters and standards Leadership: Stakeholder influence, compliance strategy, cross-functional collaboration Ability to adopt new technologies and have experience in putting together a compliance framework Ability to understand frameworks and translate them into process and enable the organization for effective adoption via frameworks, toolkits, guidelines etc. Excellent communication skills Excellent presentation skills Excellent collaborative skills Excellent research skills Ability to come up with frameworks for new tech adoption Proactively take on ownership of tasks and take them to closure Required Qualifications 12-18 years in Information Technology, Compliance, Technical governance, Risk management, with 3+ years in AI/ML-related domains. Strong knowledge of AI regulatory frameworks (EU AI Act, NIST AI RMF, OECD AI Principles). Experience working with cross-functional teams (Delivery, InfoSec, Legal, Data Privacy). Familiarity with AI/ML model lifecycle (training, validation, testing, deployment, monitoring). Preferred Qualifications (Optional) Background in Law, Public Policy, Data Governance, or AI Ethics. Certifications in AI Governance (AIGB, IAPP CIPM/CIPT, MIT RAII), Privacy (CIPP/E) Experience in Global IT services/consulting firms/product companies Exposure to data-centric AI product governance or AI MLOps platforms (e.g., Azure ML, SageMaker, DataRobot), Agentic AI implementation, etc.

Introduction In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology. Your Role And Responsibilities Vulnerability Identification & Assessment: Manage and oversee vulnerability scanning tools (Qualys, Tenable, Rapid7, etc.). Analyze vulnerability data from multiple sources and assess the impact on business operations. Perform risk assessments and categorize vulnerabilities based on severity and exploitability. Remediation & Risk Mitigation: Collaborate with IT and development teams to ensure timely remediation of identified vulnerabilities. Prioritize vulnerabilities based on risk to the business and potential exploitability. Track remediation efforts and ensure proper closure of security gaps. Process & Policy Development: Define and maintain vulnerability management policies, standards, and procedures. Establish workflows for vulnerability detection, reporting, remediation, and validation. Ensure compliance with security frameworks such as NIST, CIS, ISO 27001, and regulatory standards like GDPR, HIPAA, and PCI-DSS. Security Monitoring & Threat Intelligence Integration:Work with threat intelligence teams to understand emerging threats and vulnerabilities. Ensure vulnerability management aligns with incident response and threat-hunting processes. Continuously enhance detection mechanisms to improve vulnerability discovery and response. Compliance & Audit Readiness:Ensure that vulnerability management practices align with regulatory and compliance requirements. Maintain records of assessments, remediation efforts, and compliance reports for audits. Support internal and external audits related to vulnerability management. Reporting & Metrics: Develop and present vulnerability status reports to security leadership and executive teams. Track key performance indicators (KPIs) related to vulnerability remediation SLAs and risk reduction Provide insights on security posture improvements based on trend analysis. Security Awareness & Collaboration: Conduct training sessions to educate teams on vulnerability risks and remediation best practices. Work closely with DevSecOps, SOC, and infrastructure teams to integrate security best practices into the development lifecycle Preferred Education Master's Degree Required Technical And Professional Expertise Vulnerability Management Preferred Technical And Professional Experience Qualys

Location: Bangalore or Hyderabad Senior Digital Risk Advisor - DRG Join a team of digital risk governance and controls professionals helping Swiss Re to fulfil its mission in making the world more resilient. As a Senior Digital Risk Advisor, you will have first-line responsibility for ensuring an effective and efficient risk and control framework is implemented across the different IT domains at Swiss Re. What's more, you'll be working in a hybrid setup, perfectly balancing work from home and the office premises. About The Team The Digital Risk Governance & Controls team is a key part of Swiss Re's Security Team, focused on defining and managing risks related to digital topics. We're looking for an experienced and highly motivated expert who can define and develop an efficient first-line risk and control framework that supports a strong risk-aware culture within the company. In your role, you will… Actively manage the implementation of the digital and technology risk framework Maintain oversight on the quality of internal measures implemented to address digital risk, ensuring controls, processes and standards are appropriately designed and operating effectively Ensure compliance with rules, regulations, and policies – making sure we meet our risk appetite and driving corrective actions where opportunities exist Actively collaborate with key stakeholders across the three lines of defense to automate, measure performance and continuously improve our risk position Understand complex concepts and identify solutions to problems Be someone who believes in continuous innovation, is curious and relentless in finding a better way every day Your Qualifications A track record of successful delivery in IT risk and control-related roles, such as IT Governance, IT audit, or digital risk management Practical knowledge of external IT good practices – particularly NIST – but also others, such as ISO and COBIT Qualified in an appropriate discipline such as CISA, CGEIT, CRISC Good teamwork and strong collaboration as well as a willingness to share knowledge and evolve within and across different teams The ability to effectively communicate with a broad spectrum of stakeholders – from senior managers to IT engineers, developers and operations staff Be curious, proactive, result-oriented and confident in decision making at speed Passion, drive and a belief in the value of digital risk management as an enabler of business performance Fluency in spoken and written English About Swiss Re Swiss Re is one of the world’s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer, working to make the world more resilient. We anticipate and manage a wide variety of risks, from natural catastrophes and climate change to cybercrime. We cover both Property & Casualty and Life & Health. Combining experience with creative thinking and cutting-edge expertise, we create new opportunities and solutions for our clients. This is possible thanks to the collaboration of more than 14,000 employees across the world. Our success depends on our ability to build an inclusive culture encouraging fresh perspectives and innovative thinking. We embrace a workplace where everyone has equal opportunities to thrive and develop professionally regardless of their age, gender, race, ethnicity, gender identity and/or expression, sexual orientation, physical or mental ability, skillset, thought or other characteristics. In our inclusive and flexible environment everyone can bring their authentic selves to work and their passion for sustainability. If you are an experienced professional returning to the workforce after a career break, we encourage you to apply for open positions that match your skills and experience. Keywords Reference Code: 134243

Key Responsibilities Design and build LLM guardrails for prompt injection protection, toxicity/bias detection, and hallucination/jailbreak identification. Build and maintain evaluation frameworks to monitor LLM safety, fairness, and compliance. Develop automated pipelines to process, tag, and evaluate LLM outputs using Python and SQL. Leverage vector databases and embeddings to detect unsafe content or model drift. Create internal dashboards and visualizations (Streamlit, Dash, or lightweight React/JS) for POCs and internal tools. Collaborate with ML engineers and product teams to integrate LLM safety components into production APIs or applications. Stay current with AI safety research, emerging tools (Ragas, LangChain, Guardrails.ai), and regulatory standards (EU AI Act, NIST AI RMF). Required Qualifications 3 - 4.5 years of experience in data science, applied ML, or LLM-based applications. Strong programming skills in Python and experience writing SQL for data exploration or feature engineering. Solid understanding of NLP, deep learning (CNN/RNN/Transformers), and LLM architectures. Hands-on experience with Hugging Face, LangChain, LLM APIs (OpenAI, Anthropic), and vector stores (FAISS, Pinecone, Chroma). Familiarity with front-end basics (Streamlit, Dash, or simple HTML/CSS/JS) is a plus , not mandatory. Experience with model evaluation, red‑teaming, or safety interventions in NLP/LLM systems. (Preferred) Familiarity with deploying ML pipelines in production (Docker, FastAPI) and ability to thrive in a fast‑paced startup environment.

Exp: 4 to 8 Years Location: Hyderabad N.P: Immediate to 30 Days Role Summary: Cyber Risk Analyst to support and strengthen our enterprise cyber risk management program. The ideal candidate will be responsible for conducting risk and criticality assessments, maintaining the risk register, tracking mitigation efforts, and generating actionable risk reports to support leadership decision-making. Key Responsibilities: Conduct cyber risk assessments focusing on identifying and evaluating threats to the organization’s information assets. Collaborate with stakeholders per assessment to ensure accurate control identification and risk interpretation. Prepare and deliver comprehensive risk assessment reports with prioritized risks, likelihood, impact levels, and actionable mitigation recommendations. Monitor progress of risk mitigation plans on a weekly basis and validate timely completion. Evaluate the effectiveness of mitigation actions and recommend adjustments where necessary. Submit weekly status updates to the Director of Cyber Security and Manager of Cyber Governance. Deliver weekly and monthly risk activity status reports. Create detailed monthly risk dashboards and executive summaries with key metrics, mitigation progress, and trending threats. Provide actionable insights and KPIs to inform leadership of risk posture and required actions. Required Skills & Qualifications: Experience in Cyber Risk Management, Information Security, or GRC. Strong knowledge of risk assessment methodologies (e.g., NIST SP 800-30, ISO 27005). Hands-on experience with maintaining and analyzing a Cyber Risk Register. Excellent communication and reporting skills with the ability to simplify complex risk topics for non-technical stakeholders. Proficient in MS Excel/PowerPoint for risk reporting and dashboarding. Familiarity with industry frameworks such as NIST CSF, ISO 27001, or FAIR is a plus

Profile: Cybersecurity Application Security Consultant - DevSecOps Company: Digital Defense Position Type: Permanent Location: Bhopal, Madhya Pradesh, India Salary: ₹50,000 INR per month About the Role Digital Defense is seeking a highly motivated and skilled Cybersecurity Application Security Consultant with expertise in DevSecOps practices to join our growing team in Bhopal. This is a permanent position where you will play a crucial role in integrating security into every phase of the Software Development Life Cycle (SDLC), from design to deployment and operations. You will work closely with development, operations, and QA teams to ensure our applications are secure by design and by default. Key Responsibilities Security Integration: Integrate security tools and processes into CI/CD pipelines (DevSecOps) to automate security testing, vulnerability scanning, and compliance checks. Application Security Testing: Conduct various application security tests, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA). Vulnerability Management: Identify, analyze, and prioritize security vulnerabilities in applications and provide actionable recommendations for remediation. Security Architecture Review: Participate in the design and architecture reviews of new and existing applications to identify potential security risks and recommend secure design patterns. Threat Modeling: Perform threat modeling exercises to identify potential threats and vulnerabilities early in the development lifecycle. Security Best Practices: Advocate for and implement secure coding guidelines, industry standards (e.g., OWASP Top 10, SANS Top 25), and security best practices within development teams. Security Training & Awareness: Provide guidance and training to development teams on secure coding practices and application security principles. Incident Response Support: Assist in the investigation and resolution of application security incidents. Documentation: Maintain comprehensive documentation of security findings, remediation efforts, and security policies. Required Skills and Qualifications Education: Bachelor's degree or Engineer in Computer Science, Information Technology, Cybersecurity, or a related field. Experience: Proven experience (e.g., 3+ years) in application security, with a strong focus on DevSecOps principles and practices. Development Experience: Practical experience in software development, understanding the full development lifecycle. Technical Proficiency: Strong understanding of web application security vulnerabilities (OWASP Top 10) and secure coding practices. Experience with security testing tools (e.g., Burp Suite, OWASP ZAP, Nessus, SonarQube, Checkmarx, Fortify). Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI/CD, Azure DevOps, GitHub Actions, samgrep, open grep). Proficiency in at least one scripting language (e.g., Python, Bash) for automation. Understanding of cloud security principles (AWS, Azure, GCP) is a plus. Knowledge of containerisation technologies (Docker, Kubernetes) and their security implications. DevSecOps Mindset: A strong understanding of how to embed security into agile and DevOps methodologies. Communication: Excellent written and verbal communication skills, with the ability to explain complex security concepts to technical and non-technical stakeholders. Problem-Solving: Strong analytical and problem-solving skills with a keen eye for detail. Preferred Qualifications Engineering in Computer Science or Cybersecurity Relevant industry certifications, including CEH, OSCP, Offensive Security Web Application certifications. Experience with security frameworks and compliance standards (e.g., ISO 27001, NIST, GDPR). Familiarity with various programming languages (e.g., Java, .NET, Python, Node.js).

Job Description Security Risk and Compliance Expert will be instrumental in shaping the global Information Security Management System (ISMS) within our Group Security team. This role involves engaging with various Business Groups and Corporate Functions to identify and manage information security risks, ensuring compliance and enhancing our security posture. Facilitate risk assessments, develop training, and contribute to the continuous improvement of security policies and tools. Enhance the overall security and compliance of services provided to our customers. How You Will Contribute And What You Will Learn Implement and operate the global Information Security Management System (ISMS) to enhance overall security and compliance Conduct risk assessments with global stakeholders to evaluate and report information security risks Develop and maintain the information security risk register, tracking mitigation progress and presenting reports to stakeholders Provide recommendations for security risk mitigation strategies tailored to different business groups Create, update, and maintain ISMS documentation and a repository of reports and audit records Facilitate training sessions to educate employees on ISMS practices and promote a strong security culture Collaborate with cross-functional teams to identify evolving security trends and compliance requirements Contribute to the continuous improvement of Nokia ISMS and related tools, utilizing KPIs to measure effectiveness Key Skills And Experience You have: Master's or bachelor's degree in computer science, security engineering, or equivalent 5+ years of experience in information security in a multinational organization. Solid understanding of information security processes and technologies Practical knowledge of ISO/IEC 27001:2022 standard implementation Excellent documentation and communication skills It would be nice if you also had: Knowledge of security standards like CSA CCM, NIST CSF, NIS2, and SOC2 Experience delivering information security training Familiarity with RSA Archer and Microsoft Power BI or other GRC tools Certifications in information security (e.g., CRISC, CISSP and ISO 27001 LI/LA) About Us Come create the technology that helps the world act together Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world. We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work What we offer Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered. Nokia is committed to inclusion and is an equal opportunity employer Nokia has received the following recognitions for its commitment to inclusion & equality: One of the World’s Most Ethical Companies by Ethisphere Gender-Equality Index by Bloomberg Workplace Pride Global Benchmark At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect. Join us and be part of a company where you will feel included and empowered to succeed. About The Team Strategy and Technology lays the path for Nokia’s future technology innovation and identifies the most promising areas for Nokia to create new value. We set the company’s strategy and technology vision, offer an unparalleled research foundation for innovation, and provide critical support infrastructure for Nokia.

Summary Position Summary Job title: IoT/OT Cybersecurity - Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk We help organizations create a cyber-minded culture, reimagine risk to uncover strategic opportunities, and become faster, more innovative, and more resilient in the face of ever-changing threats. We provide intelligence and acuity that dynamically reframes risk, transcending a manual, reactive paradigm. The cyber risk services—Identity & access management (IAM) practice helps organizations in designing, developing, and implementing industry-leading IAM solutions to protect their information and confidential data, as well as help them build their businesses and supporting technologies to be more secure, vigilant, and resilient. The IAM team delivers service to clients through following key areas: User provisioning Access certification Access management and federation Entitlements management Work you’ll do Roles & Responsibilities: Consulting and Advisory Provide expert guidance on cybersecurity strategies and best practices for deployment of cybersecurity safeguards IoT and OT environments. Conduct OT risk assessments and recommend mitigation strategies including identification of vulnerabilities, threats and consequences on OT systems. Advise clients on regulatory and compliance requirements related to IoT and OT security. Develop and implement tailored cybersecurity frameworks and policies. Collaborate with clients to design secure IoT and OT architectures. Technical Implementation Deploy, configure and manage cybersecurity solutions within OT environments such as Claroty, Nozomi, Palo Alto IoT Security, Tenable.OT, Dragos Implement network segmentation and access control measures ensuring Safety, Reliability and Productivity of operations. Build sandbox or lab environments at client sites to enable testing of OT cybersecurity solutions and patches Conduct vulnerability assessments on IoT and OT devices leveraging network and device scanning solutions Practice Development Stay current with the latest cybersecurity trends, threats, and technologies. Conduct research on emerging IoT and OT security challenges and solutions. Develop innovative approaches to address complex security issues in IoT and OT environments. Contribute to the development of whitepapers, articles, and thought leadership materials. Required Skills Understanding of: IoT and OT protocols: OPC UA, Modbus, Profibus, Profinet, DNP3, MQTT, Zigbee etc. Industrial Network Architectures: ZTNA, Purdue Model, Software Defined Network SegmentaExperience in deployment or operations of at-least one of the following solutions: OT Security Monitoring: Claroty, Nozomi, Defender for IoT, Cisco Cyber Vision, Dragos, Palo Alto IoT Security, Tenable.OT etc. Knowledge of regulatory and compliance frameworks such as ISA/IEC 62443, NIST 800-82, NOG 104 Qualification Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Preferred specialization in Cyber Physical Systems (CPS) or IoT Security 4+ years of experience in cybersecurity, with a focus on IoT and OT environments. Proven track record of successfully securing IoT and OT systems for large organizations. Relevant certifications such as CISSP, CISM, CEH, or equivalent. Great to have IoT/OT certifications such as GICSP, GRIP or ISA 62443 How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2024. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301434

Summary Position Summary Job title: Azure Cloud Security Engineer (Senior Consultant) About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk We help organizations create a cyber-minded culture, reimagine risk to uncover strategic opportunities, and become faster, more innovative, and more resilient in the face of ever-changing threats. We provide intelligence and acuity that dynamically reframes risk, transcending a manual, reactive paradigm. The cyber risk services—Identity & access management (IAM) practice helps organizations in designing, developing, and implementing industry-leading IAM solutions to protect their information and confidential data, as well as help them build their businesses and supporting technologies to be more secure, vigilant, and resilient. The IAM team delivers service to clients through following key areas: User provisioning Access certification Access management and federation Entitlements management Work you’ll do As a Cloud Security Engineer, you will be at the front lines with our clients supporting them with their Cloud Cyber Risk needs: Executing on cloud security engagements across the lifecycle – assessment, strategy, design, implementation, and operations. Performing technical health checks for cloud platforms/environments prior to broader deployments. Assisting in the selection and tailoring of approaches, methods and tools to support cloud adoption, including for migration of existing workloads to a cloud vendor. Designing and developing cloud-specific security policies, standards and procedures. e.g., user account management (SSO, SAML), password/key management, tenant management, firewall management, virtual network access controls, VPN/SSL/IPSec, security incident and event management (SIEM), data protection (DLP, encryption). Documenting all technical issues, analysis, client communication, and resolution. Supporting proof of concept and production deployments of cloud technologies. Assisting clients with transitions to cloud via tenant setup, log processing setup, policy configuration, agent deployment, and reporting. Operating across both technical and management leadership capacities. Providing internal technical training to Advisory personnel as needed. Performing cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments using tools like Terraform, Ansible, Puppet, Chef, Salt etc. Experience with multiple security technologies like CSPM, CWPP, WAF, CASB, IAM, SIEM, etc. Required Skills 4+ years of information technology and/or information security operations experience. Ideally 2+ years of working with different Cloud platforms (SaaS, PaaS, and IaaS) and environments (Public, Private, Hybrid). Familiarity with the following will be considered a plus: Solid understanding of enterprise-level directory and system configuration services (Active Directory, SCCM, LDAP, Exchange, SharePoint, M365) and how these integrate with cloud platforms Solid understanding of cloud security industry standards such as Cloud Security Alliance (CSA), ISO/IEC 27017 and NIST CSF and how they help in compliance for cloud providers and cloud customers Hands-on technical experience implementing security solutions for Microsoft Azure Knowledge of cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments using tools like Terraform, Ansible, Puppet, Chef, Salt etc. Knowledge of cloud access security broker (CASB) and cloud workload protection platform (CWPP) technologies Solid understanding of OSI Model and TCP/IP protocol suite and network segmentation principles and how these can be applied on cloud platforms Preferred: Previous Consulting or Big 4 experience. Hands-on experience with Azure, plus any CASB or CWPP product or service. Understanding of Infrastructure-as-Code, and ability to create scripts using Terraform, ARM, Ansible etc. Knowledge of scripting languages (PowerShell, JSON, .NET, Python, Javascript etc.) Qualification Bachelor’s Degree required.Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology. How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2023. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300461

Summary Position Summary Job title: IoT/OT Cybersecurity - Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk We help organizations create a cyber-minded culture, reimagine risk to uncover strategic opportunities, and become faster, more innovative, and more resilient in the face of ever-changing threats. We provide intelligence and acuity that dynamically reframes risk, transcending a manual, reactive paradigm. The cyber risk services—Identity & access management (IAM) practice helps organizations in designing, developing, and implementing industry-leading IAM solutions to protect their information and confidential data, as well as help them build their businesses and supporting technologies to be more secure, vigilant, and resilient. The IAM team delivers service to clients through following key areas: User provisioning Access certification Access management and federation Entitlements management Work you’ll do Roles & Responsibilities: Consulting and Advisory Provide expert guidance on cybersecurity strategies and best practices for deployment of cybersecurity safeguards IoT and OT environments. Conduct OT risk assessments and recommend mitigation strategies including identification of vulnerabilities, threats and consequences on OT systems. Advise clients on regulatory and compliance requirements related to IoT and OT security. Develop and implement tailored cybersecurity frameworks and policies. Collaborate with clients to design secure IoT and OT architectures. Technical Implementation Deploy, configure and manage cybersecurity solutions within OT environments such as Claroty, Nozomi, Palo Alto IoT Security, Tenable.OT, Dragos Implement network segmentation and access control measures ensuring Safety, Reliability and Productivity of operations. Build sandbox or lab environments at client sites to enable testing of OT cybersecurity solutions and patches Conduct vulnerability assessments on IoT and OT devices leveraging network and device scanning solutions Practice Development Stay current with the latest cybersecurity trends, threats, and technologies. Conduct research on emerging IoT and OT security challenges and solutions. Develop innovative approaches to address complex security issues in IoT and OT environments. Contribute to the development of whitepapers, articles, and thought leadership materials. Required Skills Understanding of: IoT and OT protocols: OPC UA, Modbus, Profibus, Profinet, DNP3, MQTT, Zigbee etc. Industrial Network Architectures: ZTNA, Purdue Model, Software Defined Network SegmentaExperience in deployment or operations of at-least one of the following solutions: OT Security Monitoring: Claroty, Nozomi, Defender for IoT, Cisco Cyber Vision, Dragos, Palo Alto IoT Security, Tenable.OT etc. Knowledge of regulatory and compliance frameworks such as ISA/IEC 62443, NIST 800-82, NOG 104 Qualification Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Preferred specialization in Cyber Physical Systems (CPS) or IoT Security 4+ years of experience in cybersecurity, with a focus on IoT and OT environments. Proven track record of successfully securing IoT and OT systems for large organizations. Relevant certifications such as CISSP, CISM, CEH, or equivalent. Great to have IoT/OT certifications such as GICSP, GRIP or ISA 62443 How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2024. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301434

Cloud & Compliance Security Specialist (4–6 Years Experience) Job Title: Cloud & Compliance Security Specialist Experience Required: 4–6 Years Location: Noida Job Type: Full-Time Department: Cyber Security Reporting to: Head/CISO Cyber Security. Role Overview: We are seeking a highly experienced and detail-oriented Cloud & Compliance Security Specialist to join our cybersecurity team. The ideal candidate will have a strong background in Governance, Risk, and Compliance (GRC), security technologies, and reporting/documentation. This role demands a strategic thinker with hands-on expertise in securing cloud environments across Various Cloud platforms. Key Responsibilities: 1. Security Technology & Operations – 50% · Design and implement cloud-native security controls and architectures (e.g., IAM, encryption, firewalls, WAFs, SIEM, CSPM, CWPP). · Monitor and respond to cloud security incidents using industry-standard tools and platforms for threat detection and analysis. · Integrate DevSecOps practices into CI/CD pipelines to ensure secure code deployment. · Perform threat modeling, vulnerability assessments, and penetration testing of cloud infrastructure. · Collaborate with DevOps and IT teams to ensure secure configuration and hardening of cloud resources. 2. Governance, Risk & Compliance (GRC) – 35% · Develop, implement, and maintain overall organizational security policies, standards, and procedures including Cloud security aligned with industry frameworks (e.g., ISO 27001, NIST, CIS, CSA). · Conduct risk assessments and cloud security audits to identify gaps and recommend mitigation strategies. · Ensure compliance with regulatory requirements such as DPDP, GDPR, HIPAA, PCI-DSS, and local data protection laws. · Collaborate with internal audit and legal teams to manage third-party risk assessments and vendor security reviews. · Lead security awareness and training programs across the organization. 3. Reporting & Documentation – 15% · Prepare detailed security reports, dashboards, and metrics for executive leadership and stakeholders. · Maintain comprehensive documentation of cloud security architecture, incident response plans, and audit findings. · Track and report on remediation efforts and risk mitigation progress. · Support internal and external audits with accurate and timely documentation. Required Skills & Qualifications: Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. 4–6 years of experience in cybersecurity with at least 4 years in cloud security. Strong knowledge of AWS, Azure, and/or GCP security services. Hands-on experience with security tools: Next Gen Firewalls, SIEM, WAF, CSPM, EDR, etc. Hands-on experience with DevSecOps, container security (Kubernetes, Docker), and Infrastructure as Code (Terraform, CloudFormation). Hands-on experience with various VA/PT tools including open source like OpenVas/OWASP Zap/Veracode/Nessus/Qualys etc. Certifications (Preferred): Cloud Security: CCSP, AWS Security Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer (any one of them) General Security & Compliance: CISA/ISO 27001 Lead Implementer/Auditor (any one of them)

Seeking a dynamic and experienced professional to lead its Cyber Security Practice, with core expertise in vulnerability management, DevSecOps, penetration testing, application and network security. This leader will play a key role in shaping and scaling attack management services, delivering high-impact solutions to clients, and guiding the next generation of cyber professionals. Key Responsibilities: Lead delivery of Cyber Defense projects across vulnerability management, DevSecOps integration, penetration testing, and secure SDLC. Lead and guide advanced penetration testing - covering internal/external networks, web/mobile applications and cloud environments - with actionable reporting. Design and implement enterprise-wide vulnerability management programs, establish metrics, and advise clients on remediation strategy. Oversee advanced security assessments, including application security (SAST/DAST), network penetration testing, and infrastructure assessments. Embed security into CI/CD pipelines, driving automation across development and deployment. Support testing strategy and execution across on-premise, cloud and converged infrastructure. Serve as a strategic advisor to clients, presenting findings, driving executive communications, and aligning solutions to business goals. Mentor diverse cybersecurity teams and contribute to the growth of Deloitte's security offerings. Qualifications: Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field. Experience: 15+ years of relevant experience, with 5+ years in leadership roles across cyber domains. Certifications: CISSP, OSCP, CISM, CEH, GPEN, or equivalent expert-level certification(s). Deep hands-on expertise in threat & vulnerability management, security testing tools/methodologies, and secure application development practices. Strong communication, client management, and team leadership skills. Preferred Skills: Knowledge of cloud security frameworks and risk regulations (NIST, ISO 27001, PCI DSS, etc). Experience managing large-scale consulting engagements or security programs.

Job Title: Cyber Threat Intelligence Analyst Job Location: UniOps Bangalore About Unilever Be part of the world’s most successful, purpose-led business. Work with brands that are well-loved around the world, that improve the lives of our consumers and the communities around us. We promote innovation, big and small, to make our business win and grow; and we believe in business as a force for good. Unleash your curiosity, challenge ideas and disrupt processes; use your energy to make this happen. Our brilliant business leaders and colleagues provide mentorship and inspiration, so you can be at your best. Every day, nine out of ten Indian households use our products to feel good, look good and get more out of life – giving us a unique opportunity to build a brighter future. Every individual here can bring their purpose to life through their work. Join us and you’ll be surrounded by inspiring leaders and supportive peers. Among them, you’ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we’ll work to help you become a better you. About Uniops Unilever Operations (UniOps) is the global technology and operations engine of Unilever offering business services, technology, and enterprise solutions. UniOps serves over 190 locations and through a network of specialized service lines and partners delivers insights and innovations, user experiences and end-to-end seamless delivery making Unilever Purpose Led and Future Fit. Unilever is one of the world’s leading consumer goods companies with operations in over 190 countries and serving 3.4 billion consumers every day. Unilever delivers best in class performance with market making, unmissably superior brands which include Dove, Knorr, Domestos, Hellmann’s, Marmite and Lynx. Our strategy beings with a purpose that places our consumers at the heart of everything we do, “Brighten everyday life for all”. Role Purpose This role will support the Cyber Threat Intelligence (CTI) team in proactively collecting cyber security information and events and converting them into actionable intelligence that will be used by various technologies and stakeholders for securing Unilever. The ideal candidate will have a strong understanding of cyber threat intelligence processes, tools, and technologies, and will play a key role in identifying, analysing, and reporting on cyber threats that could impact our organization. Role Summary The Threat Intel Analyst will play a key role in identification, interpretation, transformation, and dissemination of threat intelligence crucial to the protection of Unilever. The candidate will support the daily operations of the CTI team in areas ranging from Strategic, Tactical and Operational intelligence. The role should possess analytical skills to be able to assess and prioritize signals from the noise to ensure resources are utilized optimally at CTI and dependent teams. This role involves continuous monitoring of the threat landscape, profiling threat actors and malware, tracking vulnerabilities, and the production of actionable intelligence to support decision-making, and keeping the stakeholders informed of threats that could have an adverse impact on the organization. The role is key to transforming the produced intelligence to cater to audiences ranging from technical to business stakeholders. This role is also crucial to Unilever's overall cyber threat management efforts, as it helps to drive the right focus on cyber threats and instilling confidence that adequate countermeasures in line with the NIST Cyber Security Framework (version 2.0). Main Accountabilities Threat Profiling: Monitor surface, deep and dark web for cyber threats impacting the manufacturing sector and Unilever in specific. Ensure 0-days and critical vulnerabilities are analysed and raised with the Threat and Vulnerability Management team to identify exposure and drive remediation. Support campaigns with the human risk team to increase threat awareness across the organization. Tools and Technology Management Work with Security Engineering team to maintain the technology stack used by the CTI team. Drive innovative integrations using the existing toolsets to automate workflows resulting in efficient ways of working. Incident Response Support Work with the Security Operations Centre (SOC) and Cyber Emergency Response Team (CERT) in supporting them with cyber investigations. Enrich and contextualize threat intelligence to support the investigations and containment efforts. VIP Protection Support investigations to ensure scams and frauds against / impersonation Executives are thwarted in a quick and efficient manner. Support in creation of digital footprints for Executives to create awareness about their sensitive information present in publicly accessible forums. Metrics And Reporting (Including Cloud Resilience) Create and maintain cyber threat intelligence content in Unilever’s central collaboration spaces. Collaborate with Unilever’s Cyber Security Analytics (CSA) team for alignment on reporting of CTI metrics. Skills Key Skills and Relevant Experience The role is highly responsive, and responsible for identification, analysis, processing, and distribution of intelligence related to threats and vulnerabilities. Stay up to date on the threat landscape. Excellent analytical, problem solving and presentation skills with a flair for technical aspects of cyber security. Prioritize and use information derived from open and commercial intelligence disciplines to determine new / changes in actor activity, capabilities, intent, and resources. Lead research efforts tracking threats and actors across industry verticals Performing and adding structured intelligence analysis to the Threat Intelligence Platform (TIP). Technical analysis of Tactics, Techniques and Procedures (TTPs) used in cyber incidents and campaigns: Analyzing attack vectors, finding adversary infrastructure, establishing intrusion chain, structured documentation of findings on the TIP. Focus on integration and automation of threat intelligence to security tools using STIX / TAXII Providing Intelligence support to Incident Response teams in Security Operations, Cyber Security teams and Business stakeholders. Engage with IT and Security teams to apprise them of threats to the technology landscape and drive remediation. Producing intel reports on incidents, campaigns and emerging threats for technical and Executive audience. Usage of AI to simplify and automate CTI activities with working knowledge of automation using API integrations and webhooks. Experience Minimum 4 – 5 years of experience in Information / Cyber Security domain with at least 3 years as Threat Intelligence Analyst. Strong experience analyzing and synthesizing actionable threat intelligence via open-source tools. Solid understanding of threat intelligence lifecycle, cyber kill chain and Mitre ATT&CK framework. Experience with cloud platforms (Azure, Google Cloud) and their resilience features. Solid understanding of network and endpoint security concepts in on-prem and cloud environments. Solid understanding of vulnerabilities, how they affect systems, organizations and their corresponding context and severity (CVEs, CVSS, CPE and vulnerability disclosures). Ability to identify, create, execute, and adjust standard operating procedures for day-to-day operations. Ability to document technical analysis and articulate outcomes to non-technical audiences Understanding of current events in the security and threat intelligence world. Strong experience with SIEM, EDR, NDR tools. Good to have, but not mandatory – Cyber security certifications Note: "All official offers from Unilever are issued only via our Applicant Tracking System (ATS). Offers from individuals or unofficial sources may be fraudulent—please verify before proceeding."

Job Title: Attack Surface Management Analyst Job Location: UniOps Bangalore About Unilever Be part of the world’s most successful, purpose-led business. Work with brands that are well-loved around the world, that improve the lives of our consumers and the communities around us. We promote innovation, big and small, to make our business win and grow; and we believe in business as a force for good. Unleash your curiosity, challenge ideas and disrupt processes; use your energy to make this happen. Our brilliant business leaders and colleagues provide mentorship and inspiration, so you can be at your best. Every day, nine out of ten Indian households use our products to feel good, look good and get more out of life – giving us a unique opportunity to build a brighter future. Every individual here can bring their purpose to life through their work. Join us and you’ll be surrounded by inspiring leaders and supportive peers. Among them, you’ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we’ll work to help you become a better you. About Uniops Unilever Operations (UniOps) is the global technology and operations engine of Unilever offering business services, technology, and enterprise solutions. UniOps serves over 190 locations and through a network of specialized service lines and partners delivers insights and innovations, user experiences and end-to-end seamless delivery making Unilever Purpose Led and Future Fit. Unilever is one of the world’s leading consumer goods companies with operations in over 190 countries and serving 3.4 billion consumers every day. Unilever delivers best in class performance with market making, unmissably superior brands which include Dove, Knorr, Domestos, Hellmann’s, Marmite and Lynx. Our strategy beings with a purpose that places our consumers at the heart of everything we do, “Brighten everyday life for all”. Role Purpose This role supports the Threat Intelligence & EASM Lead in identifying, monitoring, and managing Unilever’s external digital footprint. The EASM Analyst will leverage open-source intelligence (OSINT), commercial EASM platforms, and reconnaissance tools to discover, assess, and reduce Unilever’s exposure to external cyber threats. Role Summary The External Attack Surface Management (EASM) Analyst plays a critical role in Unilever’s proactive cybersecurity strategy by continuously identifying, analyzing, and mitigating risks associated with the organization’s internet-facing assets. As digital transformation accelerates and cloud adoption expands, the external attack surface becomes increasingly dynamic and complex. This role is designed to provide visibility into that evolving landscape and ensure that Unilever’s digital perimeter is secure, monitored, and well-managed. The analyst will be responsible for leveraging a combination of commercial EASM platforms (such as Mandiant, Wiz, and Qualys) and open-source reconnaissance tools (like Shodan, FOFA, and Censys) to discover unknown or unmanaged assets, detect misconfigurations, and identify potential vulnerabilities. This includes domains, IP addresses, cloud services, APIs, and third-party integrations that may be exposed to the internet. The EASM Analyst will work closely with Threat Intelligence, Vulnerability Management, and Incident Response teams to contextualize findings, prioritize risks, and support remediation efforts. They will also contribute to the development of automated discovery and alerting mechanisms, ensuring that new exposures are detected in near real-time. In addition to technical responsibilities, the role requires strong communication and collaboration skills to engage with asset owners, IT teams, and business stakeholders across the organization. The analyst will help drive awareness of external risks, support secure asset lifecycle management, and contribute to the overall maturity of Unilever’s cyber defense capabilities. Main Accountabilities External Asset Discovery & Mapping: Use EASM tools (e.g., Mandiant, Wiz, Qualys) to identify and catalog Unilever’s external-facing assets. Perform continuous monitoring to detect changes in the external attack surface. Reconnaissance & Threat Identification Utilize OSINT and reconnaissance tools (e.g., Shodan, FOFA, Censys) to identify exposed services, misconfigurations, and potential vulnerabilities. Correlate findings with threat intelligence to assess risk and prioritize remediation. Risk Assessment & Reporting Collaborate with vulnerability management and security operations to triage and remediate high-risk exposures. Provide regular reports and dashboards on EASM findings, trends, and KPIs. Collaboration & Process Improvement Work with IT and cloud teams to validate asset ownership and ensure secure configurations. Contribute to the development of EASM processes, playbooks, and automation strategies. Skills Key Skills and Relevant Experience Strong understanding of internet protocols, DNS, SSL/TLS, and cloud infrastructure. Proficiency with EASM and OSINT tools (e.g., Mandiant, Wiz, Qualys, Shodan, FOFA). Ability to analyze large datasets and identify patterns or anomalies. Excellent communication skills to convey technical findings to non-technical stakeholders. Familiarity with vulnerability management and threat intelligence workflows. Experience 3–5 years of experience in cybersecurity, with at least 1–2 years in EASM, threat intelligence, or vulnerability management. Experience with cloud platforms (Azure, AWS, GCP) and their security configurations. Knowledge of security frameworks such as MITRE ATT&CK, NIST CSF, or CIS Controls. Relevant certifications (e.g., CEH, OSCP, Security+, GIAC GOSI) are a plus. Note: "All official offers from Unilever are issued only via our Applicant Tracking System (ATS). Offers from individuals or unofficial sources may be fraudulent—please verify before proceeding."

Job Description The Product Security Principal Architect is a valued professional within the Stryker organization. They work with product development team members during the digital systems development processes on effective security controls. Stryker has products that reside on bespoke embedded devices, applications on mobile devices (iOS, and Android) or personal computers, along with services deployed in the clouds (Azure, AWS, GCP). This person has the ability to shape the security of Stryker products before release to market, and the responsibility to guide teams to build Security by Default, enabling products to be resilient in the marketplace. This role will help through consistent generation of threat models with risk scoring, identifying the effective security controls during requirements, refined during design, then applied at build and configuration, provide oversight through verification and validation. Once the product is on-market, this team also aids others with the security investigations and response, as needed throughout the product life. What You Will Do: Technical Responsibilities: Collaborate with product teams to assess security risks and drive design decisions for new and evolving products and related systems, ensuring secure by design. Guide product development teams in completing threat models towards security as it relates to product risk. Assemble Security requirements applicable to the new or evolving product under consideration. Working with product teams to remediate issues or vulnerabilities found by security tooling or reports for Stryker’s variety of medical device technologies. Support product security incident response (PSIRT) teams, when needed, so they can effectively address (contain or remediate) and then document security incidents. Draft internal and external communications summarizing details concerning security concepts used in requirements, design, and build phases related to medical products and related systems. Provide product security guidance to internal taskforce teams. Knowledge and Capabilities: Understanding of the current revisions from FDA, NIST, ISO, IEC on the related security topics. Expertise in applying security control frameworks, threat modeling, and scoring the severity of security threats and vulnerabilities. Experience analyzing and supporting enablement of security controls, along with designing secure products, as part of a broad eco-system (embedded devices + clouds + mobile devices) in the IoT ecosystems that healthcare providers need and expect to support safety. Driven to stay up to date on vulnerabilities and exploits that may affect the Stryker eco-system across several areas of computing such as cloud, distributed applications, embedded systems, or IoT. What You Will Need: Basic Qualifications: Bachelor's Degree in product security, computer science, mathematics, statistics, or related field 8+ years of applicable (product) security work experience Preferred Qualifications: Master’s degree in security related discipline Understands quality management systems in the healthcare, medical device, or industries that leverage cyber-physical systems. Experience implementing secure technologies in embedded devices, clouds and mobile devices using secure controls, including but not limited to transport and communication protocols. One or more active, industry recognized, and relevant cybersecurity certifications. Insert Detailed Job Description Here. Stryker is a global leader in medical technologies and, together with its customers, is driven to make healthcare better. The company offers innovative products and services in MedSurg, Neurotechnology, Orthopaedics and Spine that help improve patient and healthcare outcomes. Alongside its customers around the world, Stryker impacts more than 150 million patients annually.

The role is to support the development and maintenance of robust control frameworks and a unified Technology & Cyber Security Control library. You will help implement process control monitoring capabilities to coordinate control execution across Engineering and contribute to driving a positive risk culture within Engineering by implementing processes for control efficiency demonstration. This role requires organized, methodical thinking with strong attention to detail for creating control test plans and documentation. Your responsibilities will include: - Maintaining and regularly updating the centralized Technology & Cyber Security control library, ensuring controls align with industry frameworks (NIST, ISO, COBIT) and regulatory requirements (e.g. DORA). You will help translate complex framework/regulatory requirements into clear, actionable controls. - Conducting Tests of Design Assurance and Operating Effectiveness Assurance for key controls at both group and divisional levels, providing critical support for Group Engineering, Risk & Control Assessments. Documenting test results and identifying areas for improvement. - Establishing and overseeing processes to ensure control evidence is properly documented, stored, and accessible at required frequencies. Creating standardized templates for evidence collection to improve consistency. Reviewing monitoring results for completeness and accuracy, driving corrective actions as needed. - Planning and coordinating periodic independent assurance activities with internal audit teams and external assessors, preparing documentation and facilitating access to evidence. - Implementing, tracking, and analyzing Key Control Indicators (KCIs) aligned to the control library, helping to identify trends and potential weaknesses before they impact operations. - Maintaining detailed control performance dashboards and metrics that clearly communicate control status to various partners, from technical teams to executive leadership. Performing sample-based testing of control operating efficiency. - Identifying thematic control weaknesses and collaborating with control/process owners to develop and implement effective remediation strategies with clear timelines and accountability. Representing Engineering in risk discussions with internal team members. - Leading a team of GRC analysts, providing mentorship, technical guidance, and career development opportunities while ensuring high-quality results. Qualifications: - Relevant degree in IT, Cybersecurity, or Risk Management (Desirable). - 5+ years of experience in technology controls or compliance. - Strong knowledge of control frameworks (NIST, ISO, COBIT). - Demonstrable knowledge of key controls across Technology process areas (e.g. incident, change, capacity management). - Experience in control implementation across Technology process areas. - Experience in control testing and evidence validation. - Proven team management and project delivery skills. - Excellent analytical, communication abilities, and presentation skills. - Experience with GRC tools and control automation. About Us: LSEG (London Stock Exchange Group) is a diversified global financial markets infrastructure and data business dedicated to excellence in delivering services to customers. With extensive experience and deep knowledge across financial markets, we enable businesses and economies worldwide to fund innovation, handle risk, and build jobs. LSEG values integrity, partnership, excellence, and change, guiding our decision-making and actions every day. We are committed to sustainability and driving sustainable economic growth.,

We are seeking an experienced Cybersecurity TechGRC Consultant with over 10 years of expertise in Governance, Risk, and Compliance (GRC) and Technology Risk Management. The ideal candidate will have a strong background in cybersecurity frameworks, risk assessments, control testing, cloud security, and policy development. You will collaborate with global Fortune 500 companies and industry-leading organizations to enhance their cybersecurity and risk management programs. Day-to-Day Responsibilities • Collaborate daily with client-facing teams to gain an understanding of project tasks and deliverables. • Work closely with the Global Delivery Team Manager (GDTM) to execute project tasks and deliverables. • Attend client meetings on behalf of CyberVigilance LLC, take notes, and highlight key project deliverables. • Participate in internal team meetings to provide updates on client deliverables. • Support additional initiatives assigned by the GDTM. Key Responsibilities • Lead and manage cybersecurity risk assessments and gap analysis projects, ensuring compliance with frameworks such as ISO 27001:2022, GLBA OCC, SOC2, NIST CSF, NIST SP 800-53, and CIS Controls V8. • Conduct control testing and remediation for complex environments, identifying vulnerabilities, assessing risks, and implementing mitigation strategies. • Manage compliance readiness projects (e.g., ISO 27001, SOC2, PCI-DSS, GLBA OCC), including the development of policies, procedures, and remediation plans. • Perform cybersecurity due diligence for mergers and acquisitions by evaluating technical controls, governance processes, and risk exposure. • Develop and update cybersecurity policies, standards, and procedures in line with industry best practices. • Oversee risk exception processes and 3rd-party risk assessments, including stakeholder management, risk analysis, and remediation planning, using GRC tools like Archer. • Collaborate with cross-functional teams (IT, OT, Risk, Legal) to provide strategic recommendations for improving cybersecurity posture and risk management. Location: Remote Job Type: Full-time/Contract Work Timings: 5 PM to 2:00 AM India Standard Time Qualifications • Experience deploying security solutions that meet standards such as NIST, SOC2, ISO 27001, PCI-DSS, GDPR, FedRAMP, HIPAA, and cloud security frameworks like CSA CCM. • Strong understanding of regulations, industry standards, and best practices in security, including platform, network, cloud, data security, and privacy. • Proficiency in developing and reviewing information security policies, standards, and procedures, particularly for cloud security. • Experience collecting security metrics, assessing cloud security risks, and developing management reports. • Hands-on experience with GRC tools (e.g., Archer, OneTrust, Vanta) and CSPM tools (e.g., Wiz, Palo Alto Prisma). • Experience in conducting internal security risk assessments, cloud security assessments, and documenting findings. • Must be self-motivated, able to work in a fast-paced, agile environment, and collaborate effectively to meet business objectives. • Experience with incident response, security breaches, and cloud security incident analysis. Qualifications • 10+ years of experience in Cybersecurity, GRC, or Technology Risk Management roles. • Bachelor’s degree in computer science, Information Security, or a related field from an accredited institution is preferred. • Relevant certifications such as CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are a plus. • Strong verbal, written, and presentation skills with the ability to engage effectively at all levels of management. Preferred Qualifications (Good to Have): • Prior experience working with global consulting or service delivery firms such as Accenture, Deloitte, PwC, KPMG, EY, IBM, Wipro, TCS, Cognizant, HCL, Protiviti, or similar. • Demonstrated career progression within the same organization (e.g., promotion from Analyst to Senior Analyst to Consultant within a 5–7 year window), indicating high performance, adaptability, and long-term client delivery success—especially in servicing Western or US-based clients. • Strong communication skills and experience collaborating across cross-functional and cross-regional teams, preferably in client-facing roles. • Familiarity with US-based enterprise environments, regulatory expectations, or delivery frameworks (e.g., NIST, SOX, ISO, PCI, FedRAMP, HIPAA) is a plus.

Line of Service Advisory Industry/Sector Not Applicable Specialism Operations Management Level Senior Associate Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Responsibilities - Experience in managing implementation of ISO 22301 certification programmes · Extensive experience of the BCP framework components such as Business Resiliency Planning, Crisis Management Planning, Incident Response Planning, Disaster Recovery Planning, Plan Exercising/ Testing, BIAs etc. · Strong understanding of the planning, development, program execution, maintenance and testing of Enterprise Business Continuity, Disaster Recovery, and Crisis/Incident Management programs · Hands on experience in implementing and assessing business resiliency program for organization of various sizes and complexity. · Should be able to support BC/ DR audit and examination activities including development and maintenance of policies, procedures and standards that are aligned with best practices (standards, frameworks) such as ISO 22301, NIST · Should be able to understand the Enterprise Risk Management methodologies and map it to the Business Resiliency Program · Support the identification of Business Continuity related risks (internal / external), the assessment of their likelihood, as well as potential impacts and risk mitigation plans. · Conduct Business Impact Assessment for various business functions · Support internal reporting and tracking of business continuity related issues and remediation activities. · Design, coordinate and execute BCP/DR annual test exercises for critical business processes and produce test reports including lessons learned. · Develop recovery priorities, timelines, and strategy for proper sequence of recovery components · Assist Crisis Management / Incident Management teams during service disruption events and contribute to process improvement initiatives. · Should understand complete assessment lifecycle from assessment scoping to project deliverables · Collaboration with the different stakeholders on the complex assessment issues to develop possible recommendations · Monitor progress, manage risk, and verify key stakeholders are kept informed about progress and expected outcomes · Presents findings and proposes recommendations that deal with root cause of issues and impact to the organization · Manages the approved budget and resources for the assigned audit; assigns and reviews the work done by all team members Coaches team members and colleagues in the best use of company & teams methodologies and tools · Educate team members in the correct implementation of BC & DR processes, standards and impart training to ensure recoverability of business processes and supporting services across business functions. · Demonstrates excellent people management capabilities and is able to think out of the box · Great communication skills and the ability to break down and explain complex data security problems · Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels Mandatory Skills - BCM Preferred skills - BCP Education Qualification: BE/ BTech · Postgraduates in any stream would be preferred (not mandatory) · Prior Big 4 experience would be an added advantage · Relevant experience in Business Continuity and Disaster Recovery for varied industry segments preferred · Excellent communication skills - both written and oral Years of experience Required - 4 years Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology, Bachelor of Engineering Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Business Continuity Management (BCM), SAP BCM Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Analytical Thinking, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Creativity, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Embracing Change, Emotional Regulation, Empathy, Financial Accounting, Financial Audit {+ 24 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date

Position: Java Cloud Developer Location: Jaipur (WFO) Experience: 7+ Years Location: Jaipur , BLR , Hyderabad and Pune Quick Reach Appy directly on Form Link : https://forms.gle/2ZkjYhAcMztSnuH87 Required Parameters: 7+ years of hands-on experience in Java development and cloud-native application architecture Strong expertise in Java (8/11/17+) , with solid understanding of OOP, design patterns, and multithreading Proficiency with Spring Framework (Spring Boot, Spring MVC, Spring Cloud) and Hibernate/JPA Extensive experience with cloud platforms : AWS, Azure, or Google Cloud Platform Deep understanding of microservices architecture , API design (REST/GraphQL), and service orchestration Experience with CI/CD pipelines (Jenkins, GitLab CI/CD, GitHub Actions, or Azure DevOps) Strong exposure to Docker , Kubernetes , and containerized deployments Experience with Infrastructure as Code (Terraform, CloudFormation, or Pulumi) Familiarity with NoSQL & SQL databases : MongoDB, PostgreSQL, MySQL, DynamoDB Proficient in API integration, cloud security best practices, and modern deployment strategies Excellent troubleshooting, debugging, and performance optimization skills Key Responsibilities Cloud-Native Application Development Design and develop scalable microservices using Java (Spring Boot) deployed on AWS/Azure/GCP Build RESTful APIs and integrate third-party services to support complex business workflows Implement secure, high-performance back-end systems for web/mobile applications Cloud Engineering & Infrastructure Deploy and manage cloud resources using IaC tools like Terraform or CloudFormation Configure and monitor compute, storage, and networking services (EC2, S3, Lambda, Azure Functions, etc.) Apply cloud security best practices and ensure resiliency and high availability of applications DevOps & CI/CD Integrate code repositories with CI/CD pipelines for seamless build, test, and deploy cycles Automate unit/integration testing and container deployment using Docker and Kubernetes Monitor cloud applications using tools like Prometheus , Grafana , CloudWatch , or ELK Collaboration & Agile Delivery Collaborate with cross-functional teams including frontend, QA, DevOps, and Product Managers Participate in sprint planning, code reviews, and architectural discussions Write clean, maintainable, and well-documented code following industry best practices Monitoring & Optimization Implement logging, alerting, and application performance monitoring Continuously optimize existing services for cost, performance, and reliability Conduct root cause analysis and troubleshoot production issues with minimal downtime Nice to Have / Bonus Skills Experience with Serverless Architectures (AWS Lambda, Azure Functions) Exposure to message brokers (Kafka, RabbitMQ, SQS) Knowledge of OAuth2.0, JWT , and Spring Security Familiarity with GraphQL APIs Understanding of event-driven architecture and CQRS patterns Website : www.medhansolutions.com, HR Consulting Quick Reach Appy directly on Form Link : https://forms.gle/2ZkjYhAcMztSnuH87