3740 Nist Jobs - Page 26

About REA Group: In 1995, in a garage in Melbourne, Australia, REA Group was born from a simple question: “Can we change the way the world experiences property?” Could we? Yes. Are we done? Never. Fast forward 30 years, REA Group is a market leader in online real estate in three continents and continuing to grow rapidly across the globe.The secret to our growth is staying true to that ‘day one’ mindset; the hunger to innovate, the ambition to change the world, and the curiosity to reimagine the future. Our new Tech Center in Cyber City is dedicated to accelerating REA Group’s global technology delivery through relentless innovation. We’re looking for the best technologists, inventors and leaders in India to join us on this exciting new journey. If you’re excited by the prospect of creating something magical from scratch, then read on. While no two days are likely to be the same, your typical responsibilities will include: Lead, recruit, coach, and develop a high-performing Security Engineering team, building an inclusive and collaborative culture aligned with REA’s values and commitment to diversity. Act as a mentor for both junior and senior engineers, fostering a growth mindset, curiosity, and technical excellence. Collaborate with product and design teams to transform user needs into technical specifications. Contribute to REA's technical strategy and roadmap, aligning with business goals and stakeholders. Embed secure-by-design principles in all aspects of system, platform, application, and identity architecture spanning cloud, enterprise, and product environments. Coach teams to embed security practices throughout the full DevSecOps lifecycle, including code reviews, threat modelling, vulnerability management, and incident response. Define, advocate and exemplify best practices within the team like writing clean and reusable code using TDD, pair programming, and design patterns. Champion innovation adopting and adapting next-gen approaches such as AI-driven security, zero trust, and “paved road” patterns to stay ahead of the threat landscape. Actively collaborate with Product, Engineering, Platform, and other business units to ensure security is embedded and enables speed, quality, and trust. Who we are looking for: 8-13 years of progressive experience in software engineering, security engineering, or product / application security. Demonstrated experience leading, mentoring, and managing security engineering or product security teams in a high-scale, agile technology environment (preferably SaaS, cloud-native, or platform-centric). Track record of successfully delivering security programs, initiatives, or platforms in partnership with engineering leadership and technical program managers. Strong technical skillset (across one or more of) product / application security, enterprise IAM, endpoint security, cloud security, DevSecOps, vulnerability management, and security automation. Solid understanding of relevant security frameworks (e.g. OWASP Top 10, ASVS, NIST, MITRE ATT&CK), CI/CD security integration, and modern infrastructure-as-code. Practical knowledge of secure cloud services (e.g. AWS, Azure), with ability to design “paved roads” and security guardrails for developers. Is committed to lifelong learning, staying updated on the latest web development trends to tackle complex challenges. Collaborative, open-minded and experienced in scaling healthy team culture and contributing to diversity and inclusion. Networking or Endpoint Security. Knowledge of delivery approaches such as TDD, CI and infrastructure automation. Skilled communicator, able to influence and explain complex technical risks to diverse audiences, including engineers, business leaders, and executives. As a Bonus: Well-versed in two or more languages (JavaScript, TypeScript, React, and Node.js.) Advocate for code quality and security. Lead code reviews, unit testing, and deployments to ensure users trust the reliability and security of the code. What we offer: A hybrid and flexible approach to working. Transport options to help you get to and from work, including home pick-up and drop-off. Meals provided on site in our office. Flexible leave options including parental leave, family care leave and celebration leave. Insurance for you and your immediate family members. Programs to support mental, emotional, financial and physical health & wellbeing. Continuous learning and development opportunities to further your technical expertise. The values we live by: Our values are at the core of how we operate, treat each other, and make decisions. We believe that how we work is equally important as what we do to achieve our goals. This commitment is at the heart of everything we do, from the way we interact with colleagues to the way we serve our customers and communities. Our commitment to Diversity, Equity, and Inclusion: We are committed to providing a working environment that embraces and values diversity, equity and inclusion. We believe teams with diverse ideas and experiences are more creative, more effective and fuel disruptive thinking be it cultural and ethnic backgrounds, gender identity, disability, age, sexual orientation, or any other identity or lived experience.We know diverse teams are critical to maintaining our success and driving new business opportunities. If you've got the skills, dedication and enthusiasm to learn but don't necessarily meet every single point on the job description, please still get in touch. REA Group in India: You might already recognise our logo. The REA brand does have an existing presence in India. In fact, we set up our new tech hub in Gurugram to be their neighbours! REA Group holds a controlling interest in REA India Pte. Ltd., operator of established brands Housing.com, Makaan.com and PropTiger.com, three of the country’s leading digital property marketplaces.Through our close connection to REA India, we’ve seen first-hand the incredible talent the country has to offer, and the huge opportunity to expand our global workforce.Cyber City Tech Center is an extension of REA Group a satellite office working directly with our Australia HQ on local projects and tech delivery. All our brands, across the globe, connect regularly, learn from each other and collaborate on shared value initiatives.

Position Overview Job Title- I&A On-boarding Information Security Analyst, Associate Location- Pune, India Role Description: As “I&A On-boarding Information Security Analyst” you will be part of Access Lifecycle On-boarding global family which includes access management for application end user recertification On-boarding, user access for request & approval, user provision On-boarding and Functional Taxonomy SoD On-boarding & maintenance as well as IDAHO (Access concept) SME as central DB services. Deutsche Bank is looking for bright and open-minded individuals to support Business Identity & Access Services within Access Lifecycle Solution On-boarding team for application end user request & approval as well as end user access provision central service On-boarding. A key success factor of the Access Lifecycle Solution On-boarding team is the quick understanding of complex application set ups for Identity & Access Management and support Information Security Officer (ISO) and IT Application Owner (ITAO) along end-to-end central solution On-boarding process across DB. You will gain insights into the complete Identity & Access Management lifecycle as you will learn about the roles and entitlements and their set up, segregation of duties, application authentication and authorization process. What We’ll Offer You As part of our flexible scheme, here are just some of the benefits that you’ll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your Key Responsibilities As “I&A On-boarding Information Security Analyst” you will be responsible to perform On-boarding assessments if an IT asset is applicable for end user application access for request & approval and business requirement gathering (based on existing KOP ID Admin procedures) to identify, how future user provisioning (ID Admin via automated connector or manual, centrally or decentral managed) will be set up between central request & approval platform and to be on-boarded application in adhering to Information Security (IS) internal and regulatory requirements. Efficiently engage, manage, and influence the main stakeholders, along with application On-boarding process including Information Security Officer, IT Application Owner, Engineering and Operations teams Provide process improvement inputs to various stakeholders involved. Proactively seek ways to improve upon existing practices and processes. Display insight and ability in identifying issues and develop successful solutions. Report and escalate potential risks to the management to help avoid / minimize the impact. Work with multiple, distributed teams (across different locations) Support develops key operational procedures where necessary and ensure adherence to all such defined policies. Comfortable with associated disciplines of Security Policy and Governance in banking domain Very good presentation and communication skills allowing to communicate with our stakeholders. A structured and methodological way of working with the objective to deliver high quality results. Supports tough people decisions to ensure people performance is aligned with organization imperatives and needs. Addresses individual performance issues, where necessary, to drive for high performance. Pro-active and flexible working approach, Team spirit Your Skills And Experience Minimum 5 years working experience in Identity & Access Management, Governance, Risk and Control related topics. Team management experience Basic knowledge and/or willingness to work with industry best practices and frameworks like ISO27001, NIST, CSA CCM, COBIT, ITIL Good business analyses knowledge of system design, development, implementation, and user support principles and practices Knowledge of IT Service Management or IT Governance or IT Delivery Management or IT Project Management or IT Delivery background or IT Security Knowledge on Database Systems, application interactions and server operating systems Excellent Excel knowledge Competencies: Self-motivated and flexibility to work autonomously in virtual and multicultural teams. Good communication skills (both written and verbal), fluent in English (written/verbal) Good analytical skills and problem-solving abilities Pro-active and flexible working approach A structured and methodological way of working with the objective to deliver high quality results. Flexible mindset with an eye for detail and continuous improvement Good understanding in business related information Being flexible, open minded, able to share information, transfer knowledge and expertise to stakeholders and other team members. How We’ll Support You Training and development to help you excel in your career. Coaching and support from experts in your team. A culture of continuous learning to aid progression. A range of flexible benefits that you can tailor to suit your needs. About Us And Our Teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Job Title: IT Process Consultant with ISO 27001, Data Privacy & GRC focus Department: Information Technology / IT Governance & Process Standardization Reports To: IT Operations Head Location: Manesar, Haryana (On-site at Client Location) Employer: VVNT SEQUOR, Noida Summary: VVNT SEQUOR is seeking a talented professional to support our client in Manesar, Haryana (on-site role) in driving IT excellence. You will play a crucial role in ensuring IT operations adhere to industry best practices (ITIL, ISO 27001) and align with business objectives. Your key responsibilities will include: Establishing and maintaining IT governance frameworks aligning with ISO 27001, ITIL, and NIST standards. Developing and enforcing IT policies, SOPs, and regulatory compliance guidelines. Conducting regular audits and risk assessments to ensure IT processes meet compliance requirements. Driving process standardization and optimization to improve operational efficiency. Implementing IT Service Management (ITSM) best practices. Developing and maintaining Change Management and Continuous Improvement frameworks. Developing and enforcing incident response and problem management frameworks. Training IT staff on new processes, policies, and best practices. Acting as a liaison between IT teams, management, and external auditors on compliance matters. We are looking for someone with: Bachelor’s degree in IT, Computer Science, or a related field. 8-10 years of experience in IT process engineering, IT governance, or IT service management. Strong knowledge of ITIL frameworks and ISO 27001 compliance is essential. Experience in process mapping, automation, and optimization techniques. Hands-on experience with ITSM tools (e.g., ServiceNow, BMC Remedy, Jira Service Management). Familiarity with risk assessment methodologies and regulatory compliance audits. Excellent analytical, problem-solving, and communication skills. Bonus points for: ITIL v4 Certification. Experience with ISO 27001 implementation and audit processes. Knowledge of process automation tools and scripting. Understanding of Cloud Governance. Experience in automotive, manufacturing, or R&D environments. Why join VVNT SEQUOR? Opportunities for professional development and growth. Subsidized Cab and Lunch options. Exposure to a dynamic client environment in the automotive sector. Recognition of being associated with a leading organization. To Apply: Please submit your resume along with the cover letter to parveen.arora@vvntsequor.in Also, you can connect over WhatsApp +91-8802801739 IMPORTANT: Do mention clearly to Job Role that you are applying for along with your Last Salary Drawn information as well as your Earliest Joining Date in your covering letter or email.

Cloud Security Architecture : - Asses, help in design and development of AWS, Azure and AWS security architectures for protecting PII/PCI data deployed into different types of cloud and cloud/hybrid systems. - Improve the security around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). - Work part of Cyber team for Enterprise Security for other Technology teams and Vendors within the organisation for all matters related to cloud security. - Implement NIST framework on cloud-native architectures to mitigate the risk to Organisation PII, PCI data and with appropriate security controls present. - SSDLC Embed Security practices in development and implementation of the overall enterprise cloud architecture to ensure Secure Software Development Lifecycle. - Enhance/redesign existing cyber standards in partnership with Engineering, Infrastructure Services, and Application Development. - Act as the ambassador and senior technical representative to Lead initiatives designed to share knowledge across Security Platforms and/or Technology teams, identify, recommend, coordinate and deliver timely knowledge to support teams regarding technologies, processes or tools. - Ensures the effective translation of the security architecture is implemented into the solutions. - Assist to evaluate all the new initiatives/solutions (including Cloud) with the design recommendations and work with project managers and architects during implementation. - SAP GRC / AC 12 experience is good to have. New Technology & Risks : - Evaluate and recommend tools and solutions to enhance the security posture of the Enterprise. - Maintain contact with vendors regarding security system updates and technical support of security products. - Perform cost-benefit and risk analysisAnalyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks. Measures of Success : - Product/services are cyber compliant and risk reduced to minimal or zero. - Successful implementation/ adoption of any new solution, technology or framework. - Timely and inbudget delivery of security projects specifications within time and budget. Technical Skills / Experience / Certifications : - CCSP certification is mandatory, Any among like TOGAF, SABSA, OSCP or python certification is preferred. - Knowledge of enterprise IT Systems, infrastructure and security technologies. - Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc. - Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc. - Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred. - Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc. - Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments. - Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies. - Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies. - SAP GRC / AC 12 experience is good to have.

To enable the world to reach net zero, bp are looking for the brightest digital specialists to drive innovation as it transitions from an International Oil Company (IOC) to an International Energy Company (IEC). Are you passionate about protecting what matters most? We're seeking someone who is passionate about identifying and implementing security solutions that make bp a cyber resilient organisation! Our Business Information Security team partners with the business to help them understand cyber risk and be accountable for cyber security. We're looking for curious minds who are driven by opportunities to build value and deliver secure products and services to advance bp's strategy. Role Synopsis In the digital era, where data breaches and cyber threats are not just possibilities but realities, the role of a Global Information Security Specialist has never been more critical. Working closely with bp's business areas, you will support the protection of IT systems and business data that are important to bp's operations. You will conduct security assessments, respond to security queries, and provide security expertise. Your expertise will help ensure that business teams can operate with confidence, knowing their systems and processes are secure. Ready to make a real impact in energy security? Join us in safeguarding the people, processes and systems that power our transition to net zero! Key Accountabilities In this role you will deliver security activities to support bp's business. This role focuses on hands-on security assessment and advisory activities with the following key accountabilities: Security Assessments : We need someone that can conduct comprehensive assessments of systems, identifying risks and issues while recommending appropriate remediation measures. Technical & Non-Technical Risk Advisory : You'll assess and communicate cybersecurity risks. We want our customers to understand potential impacts and mitigation strategies clearly. Cyber Behaviour Promotion : We strive to build a strong cyber security culture. You'll assist with the development and promoting good cyber behaviours in day-to-day operations. Incident Management Support : When security incidents happen, we need you to provide specialist security expertise. You'll support incident response activities and improvement recommendations. Customer Support : We want you to act as the go-to point of contact for information security. You'll provide timely and accurate expertise on security matters affecting their systems or data. You will: Assess and Evaluate : You'll perform regular security assessments of business systems. We use established methodologies to identify potential risks, weaknesses and security gaps. Respond and Advise : We require someone who can offer our customers practical and tailored cyber security solutions. These solutions must align with operational requirements. Analyze and Report : You'll evaluate risks and prepare clear, actionable recommendations, and communicate these with both business and technical audiences. Support and Collaborate : We work closely with business teams to implement security measures. You'll help maintain robust security posture while aligning with operational needs. Promote and Educate : We nurture positive cyber security behaviours! You'll work through targeted awareness activities, training support, and expert guidance. Monitor and Review : We want someone who understands the security landscape affecting bp systems and stay ahead of emerging threats and industry standard methodologies. Education Bachelor's degree or equivalent experience in Information or Cyber Security, Computer Science, Engineering. Working towards professional certifications such as Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), or CompTIA Security+. Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework. Desirable Experience and Capability Previous track record in information security roles in Finance, HR, Trading, Retail, Supply or Oil and Gas companies. Ability to explain security concepts to a variety of audiences. Solid grasp of cyber risk assessment methodologies and the ability to translate technical findings into business impact assessments. Attention to detail and ability to work independently while balancing multiple activities. Ability to adapt security recommendations to different operating environments. Ability to use technology, data, and insights to enable decision making.

BASIC INFORMATION ON THE POSITION Position Name: Deputy Manager - ESGC PURPOSE OF THE ROLE To ensure Information Security Management System and Risk management framework including Business continuity are effectively planned & established in line with the business objectives. The job exists to ensure compliance to IS requirements, both from customer and organization. If this role did not exist, ensuring compliance to IS requirements is not possible. KEY RESPONSIBILITIES AND ACCOUNTABILITIES Compliance to client information security requirements as agreed in the MSA by ensuring that requirements are captured, documented, implemented and verified Ensure customer audits are cleared successfully without any critical non-conformances Propose cost effective solution and maintain compliance cost Contain Revenue Leakage by ensuring reduction in revenue leakages resulting from IS incidents and effective implementation of controls Ensure operational excellence through the following: 1. Develop and manage ISMS (Information Security Management System) framework including Business continuity and awareness 2. Identify and implement applicable industry practices (IT act and amendments, Data Privacy and Data Security framework etc) 3. Establish and implement measurement program to assess effectiveness of the framework/system 4. Ensure all internal / external audits are planned and successfully cleared. 5. Monitor and track all internal/external audit findings to closure. Highlight open findings and accepted risks Enable Innovation through Automation and New initiatives Ensure Effective People Management by keeping the team engaged and having diverse workforce, Creating accountability & ownership in the team, handling team members grievances and ensuring team attrition is within targets Ensure Capability Development in the team by upgrading competency (skills) in the team in line with the current industry practices and business objectives including both managerial and technical capability EDUCATION QUALIFICATION Degree: BE/M.tech or MBA Certifications: CISA/ CISM Certification - ISO27001 lead auditors certification MINIMUM EXPERIENCE REQUIRED Overall (in years): 10- 15 years Relevant (in years): 8-12 years DOMAIN/ FUNCTIONAL SKILLS Good understanding of various IS standards, framework such as ISO27001, PCIDSS, HIPAA, NIST, SOC/SSAE16 Standards & ISO27005, ISO 22301 Guidelines - Knowledge of risk management (ISO31000, ISO27005), business processes - Knowledge of IT Security, physical and environmental security and HR security controls - Knowledge of regulatory requirements

Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills.

About the Team The Compliance team at Meesho is like the Avengers safeguarding Meesho's S.H.I.E.L.D. As an Associate Compliance Manager, youll take the lead in fortifying our systems and ensuring they remain secure and compliant. After all, when 5% of Indian households shop with us, its important to build resilient systems to manage millions of orders every day. Weve done this with zero downtime! Sounds impossible? Well, thats the kind of Engineering muscle that has helped Meesho become the e-commerce giant that it is today. We value speed over perfection, and see failures as opportunities to become better. Weve taken steps to inculcate a strong Founders Mindset across our engineering teams, making us grow and move fast. We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As an AssociateCompliance Manager, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we arent building unparalleled tech solutions, you can find us debating the plot points of our favourite books and games or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join About the Role As an Associate Manager , youll play a key individual contributor role in driving security policies, ensuring adherence to compliance frameworks, and mitigating risks within Meeshos internal and external environments. Youll manage end-to-end compliance activities, oversee audits, and contribute to building a secure and compliant ecosystem. As part of the Security Compliance team, youll own and be accountable for the overall Information Security framework and program, helping to uphold the highest standards of security and privacy. What you will do Lead and own the end-to-end security compliance and certification charter. Define, roll out, and enforce Information Security policies and procedures. Define and ensure adherence to data privacy and data protection laws (e.g., DPDP). Collaborate with third-party vendors to maintain robust third-party security practices. Ensure compliance with IT Act, e-commerce guidelines, and regulations related to cryptography, information security, and data privacy. Conduct periodic information security awareness training programs for employees. Oversee information security risk management and privacy impact assessments. Develop and maintain Business Continuity Plans (BCP) and conduct Business Impact Assessments (BIA) to ensure organizational resilience Draft and enforce Data Protection Agreements and Information Security Agreements. Manage and coordinate internal and external audit-related activities. Collect and present audit evidence to ensure successful compliance assessments. Develop, implement, and maintain internal audit policies and procedures in line with standards such as ISO 27001, SOC 2, PCI DSS, or any other opted frameworks. Audit data, systems, and processes for policy and regulatory compliance. Provide actionable insights and reporting on the effectiveness of compliance programs. Conduct vendor audits and produce comprehensive reports. Plan and execute ad-hoc audits as necessary. What you will need Educational Qualification : Bachelor's/Master's degree in Computer Science, Information Security, or a related technical field. Experience : 47 years in information security, compliance, or audit roles. Demonstrated experience in startup environments or knowledge of regulatory frameworks (e.g., PCI DSS, ISO 27001). Strong problem-solving skills and hands-on experience implementing compliance standards. Familiarity with frameworks like ISO27001, NIST, Cyber Kill Chain, and MITRE ATT&CK. Working knowledge of cloud platforms (AWS, GCP) is highly advantageous. Excellent project planning, stakeholder management, and communication skills. Ability to adapt to evolving regulatory landscapes and implement best practices. Certifications like ISO Lead Auditor/Implementer, CISSP, CISM, CISA, or CCSP are a plus. Curious about life at Meesho? and they've made us the top-rated e-commerce workplace on Glassdoor. Our Mission Democratising internet commerce for everyone- Meesho (Meri shop) started with a single idea in mind -to be an e-commerce destination for the next billion Indian consumers and enable 100 million small businesses to succeed online. We provide sellers with a range of industry-first benefits such as zero commission and the lowest shipping cost. Over million sellers are registered on Meesho, growing their business by tapping the companys massive customer base, state-of-the-art tech infrastructure, pan-India logistics at the lowest cost through third-party logistics providers in an 'Everyday Lowest Cost' channel for sellers. Affordable, relatable merchandise mirroring local markets has helped us make inroads with first-time internet users in the country. We cater to an underserved and unique customer base and cover every serviceable pincode in the country. Our unique business model and continuous innovation has enabled us to become the first Indian horizontal E-commerce company.

IT Security Manager Job Location : Karapakkam OMR, Chennai Key Responsibilities Compliance : To assist the IT Security Head in the following Establish and maintain IT control environment and framework Develop and maintain IT Policies Communicate the IT control framework and IT objectives and direction Ensuring legal, contractual, policy & regulatory requirements from an IT Security perspective are met across the Infrastructure landscape Report, Monitor & review compliance of IT activities with IT policies, plans and procedures Proactive review and update of existing IT policies, plans and procedures in response to compliance requirements and implementation of new IT Policies, plans & procedures. Enable IT reporting on regulatory requirements with similar output from other business functions Risk : To assist the IT Security Head in the following Periodic monitoring and mitigate of risks associated with IT Security Management : To assist the IT Security Head in the following Review, maintain and update IT security plan Review and conduct regular vulnerability assessments and close noticed gaps Work with the Applications team in maintaining a high level of application and user security in-line with security policies Work with the IT Infrastructure team to maintain a high level of IT Infrastructure and user security in-line with security policies Skill Requirements Understanding on IT Security and compliance standards like ISO 27001, NIST Guidelines, CISSP security framework and risk management framework Hands on Experience in doing information security audits and Risk assessments. Experience in implementing information security policies and procedures for the organization Expertise in monitoring compliance with information security policies and procedures, while jointly working to solve the problems with the appropriate Domain Leads Expertise in monitoring the defined internal control systems to ensure that appropriate access levels are maintained Good understanding on disaster recovery and experience in driving DR Drills Qualifications B.E / B.Tech or M.Tech or MCA Desirable CISSP /CISA / ISO27001 certification Experience Essential 10+ Years of experience in IT Infra & IS Domains Experience in creating IT security controls At least 2 yrs experience in working in a Cloud environment At least 3 year of work experience in a Manufacturing company Desirable 1+ year of relevant experience as IT Security manager Work Experience as Inf Security Auditor in at least 1 project Experience in SAP environment would be an added advantage ITIL certification Interested Candidates can share their resume to stk3@sanmargroup.com

Key Responsibilities Monitor, identify, and respond to security incidents across systems and networks. Implement and maintain security measures such as firewalls, intrusion detection systems (IDS), and endpoint protection. Conduct regular vulnerability assessments and penetration tests on systems and applications. Collaborate with DevOps and Engineering teams to integrate security best practices into CI/CD pipelines. Manage and review access controls, identity management, and secure configurations. Investigate and remediate security breaches, threats, and anomalies. Stay current with the latest security trends, vulnerabilities, and threat intelligence. Document security processes, policies, incident response plans, and risk assessments. Assist in compliance efforts (e.g., ISO 27001, SOC 2, GDPR) as applicable. Required Skills and Qualifications Bachelor’s degree in Computer Science, Information Security, or related field. Proven experience in system/network/application security. Strong knowledge of cybersecurity frameworks and standards (OWASP, NIST, CIS). Familiarity with tools such as Wireshark, Nessus, Burp Suite, Metasploit, or similar. Hands-on experience with cloud platforms (AWS, Azure, or GCP) and securing cloud infrastructure. Understanding of secure coding practices and code review for security flaws. Scripting knowledge (e.g., Python, Bash, PowerShell) is a plus. Nice to Have Security certifications like CEH, CISSP, OSCP, or CompTIA Security+. Experience in automating security tasks or using SIEM tools. Knowledge of container security (e.g., Docker, Kubernetes). Job Types: Full-time, Permanent Pay: ₹500,000.00 - ₹800,000.00 per year Benefits: Flexible schedule Paid sick time Paid time off Provident Fund Ability to commute/relocate: Gandhinagar, Gujarat: Reliably commute or planning to relocate before starting work (Required) Experience: Security Engineer: 2 years (Required) Work Location: In person

Hiring for one of the leading Automobile Manufacturing Organization Location : Gurgaon Exp : 4-7 years Qualification : B.Tech Roles and Responsibilities: Develop and implement risk assessment models and frameworks. Identify potential threats and vulnerabilities, and assess their potential impact on business operations. Monitor and report on risk indicators, risk appetite thresholds, and key risk metrics. Collaborate with cross-functional teams to develop risk mitigation plans. Ensure the MSIL’s compliance with legal, regulatory, and internal policy requirements. Conduct regular audits and compliance reviews; report findings and recommend corrective actions. Stay up to date on relevant laws, regulations, and best practices (e.g., NIST, CSI, xx). Develop, implement, and maintain compliance training programs for employees. Liaise with Security Operation Team, IT Team, IS Governance Team and contribute towards investigation, compliance breaches and risk incidents. Liaise with Information & Cybersecurity Incident Response Team, perform root-cause analysis, and implement corrective actions. Prepare regular risk and compliance reports for executive leadership and the MSIL Board. Skills Required: 1.Cybersecurity Fundamentals 2.IT Infrastructure Knowledge 3. Risk Assessment frameworks & Tools – Proficiency in tools like RSA Archer, ServiceNow GRC, or MetricStream. 4. Data Privacy & Protection – Knowledge of data handling standards like GDPR, HIPAA, and ISO/IEC 27001. 5. Regulatory Frameworks – Deep understanding of SOX, PCI-DSS, NIST, COBIT, and other relevant standards 6.Audit Management – Ability to conduct internal audits, manage external audits, and respond to findings. 7.Policy Development – Experience in drafting, implementing, and updating IT compliance policies.4. Assertiveness and negotiation skill 8.Problem-Solving and Decision-Making 9.Communication – Clear reporting to stakeholders and translating technical risks into business language. 10.Managing cross-functional teams and training staff on compliance best practices.

Required Information Details 1 Role Network Security SME - Juniper 2 Required Technical Skill Set L2/3 Firewall Administrator - Juniper 4 Desired Experience Range 7 to 15 years 5 Location of Requirement TCS Siruseri, Chennai Desired Competencies (Technical/Behavioral Competency) Must-Have (Ideally should have at least 2 years of Juniper Security experience) · Hands-on experience in Operations for Juniper SRX series services gateway · Troubleshoot the network security incidents · Install, configure and support network firewall infrastructure · Create, manage, and troubleshoot next-generation firewall rules sets · Experience with pfSense and Junos OS · Able to work directly with clients to understand the needs and potential issues they are experiencing with network infrastructure · Knowledge in IDS/IPS · Support IPSec VPNs with a variety of hardware, policy-based routing and a variety of cloud based computing and multi-site, multi-platform connectivity · Working knowledge and support experience with Juniper firewalls and switches utilizing Juniper Mist and CLI Good-to-Have · Minimum of 4 years’ experience in Firewall administration · Providing the network support on 24/7 · Knowledge of NIST 800-171 or similar compliance standards · Experience in configuring or know-how on VXLAN · Relevant Network Certification (JNCP, Network+, etc.) preferred · Ability to set direction and prioritize work and resources based on operational and client needs. · Datacentre Networking Juniper product and technology knowledge. Expectations from the role · Reviews of functional and technical designs to identify areas of risk and/or missing requirements · Ensure that network devices are maintained and configured as per the security standards and operational needs · Experience in MPLS, VRF, VPN, and network routing · Experience of installing Juniper and other OEM networking equipment

About The Role Grade Level (for internal use): 13 The Team: The SPGI Market Intelligence (MI) InfoSec team works to increase value in our products through strong security posture. When we can show our customers their information is protected with us, they are more apt to bring new opportunities. Additionally, our work to reduce risk contributes to the value returned to our customers and shareholders. We engage closely with product teams to deliver security practices, capabilities, and advisory services to continually improve and ensure security is incorporated throughout the product lifecycle. Responsibilities And Impact The security resource will be aligned to an MI Tech business segment to collaborate in-depth with developers, SREs, DBAs, and other personnel to both instill a security mindset and support security improvement efforts. The individual will use their experience strategically and tactically in supporting products teams to find the most efficient and effective methods to close vulnerabilities, implement security capabilities and respond to issues or alerts. Product engagement Identify and prioritize critical business functions in collaboration with organizational stakeholders. Engage with business units to understand their security requirements and align security capabilities accordingly. Determine the protection needs (i.e., security controls) for the information systems, environments, and networks and document appropriately. Document and/or review security standards, architectures and blueprints for adoption by product teams to improve protection, visibility and transparency. Collaborate with stakeholders to implement security standards and procedures. Security Assessments Perform security reviews, identify gaps in security architecture and controls to develop security risk management plans. Support and expand ACF process to mature security oversight. Conduct security assessments of third-party applications and vendors as provided by the division or centralized teams. Support the M&A processes with security assessments, third-party engagements and integration or divestiture oversight. Education and enablement Provide technical guidance and support to the security and product teams in incident response, control adoption, and threat mitigation. Facilitate educational opportunities within the division to increase security awareness, secure coding practices and secure architecture and design. Application Security Design and implement secure coding practices and guidelines for application development teams. Collaborate with development teams to integrate security controls into the software development lifecycle. Requirements What We’re Looking For: Minimum of 8 years of experience in information security. Strong knowledge of security frameworks, such as ISO 27001 and NIST Cybersecurity Framework. Expertise in designing and implementing security controls, including cloud architectures, networks, monitoring, technical security policies. Stays up-to-date with the latest security technologies, approaches, and best practices. Experience with cloud security, network security, and secure coding practices. Excellent communication and interpersonal skills to collaborate with cross-functional teams. Relevant certifications such as CISSP, CISM, or CEH are preferred. About S&P Global Market Intelligence At S&P Global Market Intelligence, a division of S&P Global we understand the importance of accurate, deep and insightful information. Our team of experts delivers unrivaled insights and leading data and technology solutions, partnering with customers to expand their perspective, operate with confidence, and make decisions with conviction. For more information, visit www.spglobal.com/marketintelligence. What’s In It For You? Our Purpose Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress. Our People We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference. Our Values Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global. Our Benefits Include Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference. For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries Global Hiring And Opportunity At S&P Global At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here. Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group) Job ID: 315845 Posted On: 2025-07-23 Location: Gurgaon, Haryana, India

Role Overview: The Cyber & Technical Risk Assessment Officer will be responsible for identifying, analysing, and mitigating cyber and technical risks associated with banking systems, infrastructure, and digital assets. This role will ensure that the bank complies with regulatory requirements (such as RBI, SEBI, ISO, NIST, etc.), and internal risk frameworks, and maintains a strong security posture. Required Qualifications & Skills: Certifications (Preferred): CRISC, CISA, CISSP, ISO 27001 LA, CEH, or similar. Experience: 8-10 years of relevant experience in Information Security domain (minimum 3 years in cyber/IT risk assessment, preferably in BFSI). Familiarity with GRC tools (RSA Archer, ServiceNow GRC, etc.). Key Responsibilities: 1. Cyber & IT Risk Assessments: Conduct end-to-end cyber risk assessments for critical IT systems, applications, and infrastructure. Evaluate technology solutions and vendors for inherent risks. Perform periodic threat modelling and vulnerability assessments. Maintain risk registers and report on identified risks with remediation plans. 2. Control Reviews & Compliance: Assess and ensure compliance with applicable regulatory guidelines such as: RBI’s Cybersecurity Framework for Banks SEBI’s CSCRF (for REs, if applicable) ISO 27001, NIST CSF, PCI-DSS Validate implementation of security controls across endpoints, network, cloud, and application layers. 3. Governance and Reporting: Prepare cyber risk dashboards and submit periodic reports to senior management, CRO, and Board committees. Track and follow up on mitigation of identified risks. Coordinate with auditors (internal/external) during cyber/IT audits. 4. Third-party & Cloud Risk Management: Conduct third-party risk assessments for outsourced vendors and cloud service providers. Ensure that Service Level Agreements (SLAs) and contracts cover cyber risk clauses and responsibilities. 5. Incident Risk Evaluation: Participate in root cause analysis for cyber incidents. Assess risk impact of incidents and define compensating controls. 6. Policy and Process Development: Assist in drafting or updating Information Security and Risk Management policies. Ensure adherence to secure SDLC and DevSecOps practices. Technical Skills: Understanding of firewalls, IDS/IPS, DLP, SIEM, EDR, IAM tools. Knowledge of cybersecurity standards and frameworks (e.g., NIST, MITRE ATT&CK). Ability to interpret vulnerability scan results and threat intelligence reports. Soft Skills: Strong analytical and documentation skills. Communication and stakeholder management. Ability to work independently and handle multiple priorities. Desirable: Hands-on experience with risk scoring methodologies. Exposure to cloud platforms (AWS, Azure) and their risk models. Experience in cybersecurity exercises, RCSA, and BIA for IT systems.

About the Role: Grade Level (for internal use): 13 The Team: The SPGI Market Intelligence (MI) InfoSec team works to increase value in our products through strong security posture. When we can show our customers their information is protected with us, they are more apt to bring new opportunities. Additionally, our work to reduce risk contributes to the value returned to our customers and shareholders. We engage closely with product teams to deliver security practices, capabilities, and advisory services to continually improve and ensure security is incorporated throughout the product lifecycle. Responsibilities and Impact: The security resource will be aligned to an MI Tech business segment to collaborate in-depth with developers, SREs, DBAs, and other personnel to both instill a security mindset and support security improvement efforts. The individual will use their experience strategically and tactically in supporting products teams to find the most efficient and effective methods to close vulnerabilities, implement security capabilities and respond to issues or alerts. Product engagement Identify and prioritize critical business functions in collaboration with organizational stakeholders. Engage with business units to understand their security requirements and align security capabilities accordingly. Determine the protection needs (i.e., security controls) for the information systems, environments, and networks and document appropriately. Document and/or review security standards, architectures and blueprints for adoption by product teams to improve protection, visibility and transparency. Collaborate with stakeholders to implement security standards and procedures. Security Assessments Perform security reviews, identify gaps in security architecture and controls to develop security risk management plans. Support and expand ACF process to mature security oversight. Conduct security assessments of third-party applications and vendors as provided by the division or centralized teams. Support the M&A processes with security assessments, third-party engagements and integration or divestiture oversight. Education and enablement Provide technical guidance and support to the security and product teams in incident response, control adoption, and threat mitigation. Facilitate educational opportunities within the division to increase security awareness, secure coding practices and secure architecture and design. Application Security Design and implement secure coding practices and guidelines for application development teams. Collaborate with development teams to integrate security controls into the software development lifecycle. What We’re Looking For: Requirements: Minimum of 8 years of experience in information security. Strong knowledge of security frameworks, such as ISO 27001 and NIST Cybersecurity Framework. Expertise in designing and implementing security controls, including cloud architectures, networks, monitoring, technical security policies. Stays up-to-date with the latest security technologies, approaches, and best practices. Experience with cloud security, network security, and secure coding practices. Excellent communication and interpersonal skills to collaborate with cross-functional teams. Relevant certifications such as CISSP, CISM, or CEH are preferred. About S&P Global Market Intelligence At S&P Global Market Intelligence, a division of S&P Global we understand the importance of accurate, deep and insightful information. Our team of experts delivers unrivaled insights and leading data and technology solutions, partnering with customers to expand their perspective, operate with confidence, and make decisions with conviction. For more information, visit www.spglobal.com/marketintelligence . What’s In It For You? Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference. Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global. Our benefits include: Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference. For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert: If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com . S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here . ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group) Job ID: 315845 Posted On: 2025-07-23 Location: Gurgaon, Haryana, India

Job Description Job Title: Cloud Admin Location: Noida Reports To: CIO / CTO / Director of IT Department: IT Operations Job Summary: The Cloud Administrator will be responsible for the day-to-day administration, optimization, and secure operation of cloud infrastructure hosted on platforms such as AWS, Azure, or hybrid environments. This role will also include managing and maintaining on-premises servers, virtualization platforms, and related core infrastructure components. Working closely with SAP and Application teams, the Cloud Administrator will ensure high availability, system performance, cost-efficiency, and compliance for both cloud and on-prem environments. The role also involves identity and access control, monitoring, backup, automation, and support for enterprise platforms such as SAP, collaboration tools, and business-critical applications. Key Responsibilities: Hybrid Cloud & On-Premises Infrastructure Management Administer cloud resources and services across platforms such as AWS, Azure, or equivalent. Manage on-premises servers (Windows/Linux), virtualization platforms (e.g., VMware, Hyper-V), and storage systems. Monitor and maintain uptime, capacity, patch compliance, and performance of both environments. Coordinate hardware lifecycle activities such as provisioning, upgrades, and decommissioning. Support connectivity between cloud and on-prem environments via VPN, ExpressRoute, or Direct Connect. Identity, Access & Security Controls Implement and maintain access control policies across IAM (cloud) and Active Directory (on-prem). Ensure compliance with internal security policies and regulatory standards. Configure and monitor security services (firewalls, endpoint protection, security groups). Collaborate with cybersecurity teams on threat detection and incident containment in both environments. Monitoring, Alerting & Incident Response Implement and monitor system health via tools like CloudWatch, Azure Monitor, Zabbix, or SolarWinds. Create and manage alert rules for resource usage, failures, and security anomalies. Respond to and troubleshoot incidents across cloud and on-prem systems. Perform root cause analysis and document resolution steps for continuous improvement. Backup, Disaster Recovery & Compliance Maintain backup solutions for cloud and on-prem workloads, including virtual machines and databases. Conduct periodic testing of recovery procedures and ensure alignment with BCP/DR plans. Support security audits, documentation, and evidence collection for IT compliance frameworks (ISO 27001, NIST, DPDP). Cost Management & Resource Optimization Track cloud usage and optimize spending using platform-native tools (AWS Cost Explorer, Azure Cost Management). Identify underutilized or misconfigured resources across environments and recommend corrective actions. Support budgeting, licensing, and procurement planning for infrastructure components. Enterprise Workload Support (SAP) Provision and maintain infrastructure supporting critical business platforms such as SAP. Coordinate with application teams and Basis administrators for performance tuning, maintenance windows, and DR planning. Ensure infrastructure SLAs are met for business-critical applications. Documentation & Knowledge Management Maintain accurate documentation of infrastructure components, topology, configuration standards, and operational procedures. Contribute to a knowledge base for internal support teams and help desk escalations. Create technical guides and SOPs for new deployments or platform changes. Collaboration & Stakeholder Communication Work closely with various stakeholders for issue resolution, upgrades, and project rollouts. Provide regular updates on health, risk, and improvement plans for infrastructure. Train or assist users and teams on cloud tools, remote access, and compliance best practices. Qualifications & Skills: Bachelor's/Master’s degree in IT, Computer Science, or a related field. Minimum 10 years of overall IT experience, with at least 5 years in cloud administration (AWS, Azure, or equivalent). Experience in managing secure, scalable, and cost-efficient cloud infrastructure in enterprise environments Certifications: AWS Certified SysOps Administrator / Solutions Architect Strong understanding of o Public cloud platforms (AWS, Azure) and their core services (compute, storage, networking) o Virtualization platforms such as VMware ESXi, vCenter, or Hyper-V o Identity and access control principles using IAM, AD, and cloud-native identity services o Cloud networking concepts including VPCs, subnets, firewalls, NAT gateways, and peering Proven experience in : o Administering, configuring, and optimizing both cloud and on-premises servers o Managing Windows/Linux server operating systems and virtual machines o Implementing backup strategies and disaster recovery solutions across environments o Troubleshooting performance, availability, and connectivity issues in hybrid setups o Enforcing cloud cost optimization through resource planning and right-sizing Excellent problem-solving, communication, and leadership skills. Job Snapshot Updated Date 23-07-2025 Job ID AvaadaJob1013 Department Information Technology Location Noida 62, Noida, Uttar Pradesh, India Experience 7 - 15 Years Employee Type Permanent

Director, Security Architect Gurgaon, India Information Technology 315845 Job Description About The Role: Grade Level (for internal use): 13 The Team: The SPGI Market Intelligence (MI) InfoSec team works to increase value in our products through strong security posture. When we can show our customers their information is protected with us, they are more apt to bring new opportunities. Additionally, our work to reduce risk contributes to the value returned to our customers and shareholders. We engage closely with product teams to deliver security practices, capabilities, and advisory services to continually improve and ensure security is incorporated throughout the product lifecycle. Responsibilities and Impact: The security resource will be aligned to an MI Tech business segment to collaborate in-depth with developers, SREs, DBAs, and other personnel to both instill a security mindset and support security improvement efforts. The individual will use their experience strategically and tactically in supporting products teams to find the most efficient and effective methods to close vulnerabilities, implement security capabilities and respond to issues or alerts. Product engagement Identify and prioritize critical business functions in collaboration with organizational stakeholders. Engage with business units to understand their security requirements and align security capabilities accordingly. Determine the protection needs (i.e., security controls) for the information systems, environments, and networks and document appropriately. Document and/or review security standards, architectures and blueprints for adoption by product teams to improve protection, visibility and transparency. Collaborate with stakeholders to implement security standards and procedures. Security Assessments Perform security reviews, identify gaps in security architecture and controls to develop security risk management plans. Support and expand ACF process to mature security oversight. Conduct security assessments of third-party applications and vendors as provided by the division or centralized teams. Support the M&A processes with security assessments, third-party engagements and integration or divestiture oversight. Education and enablement Provide technical guidance and support to the security and product teams in incident response, control adoption, and threat mitigation. Facilitate educational opportunities within the division to increase security awareness, secure coding practices and secure architecture and design. Application Security Design and implement secure coding practices and guidelines for application development teams. Collaborate with development teams to integrate security controls into the software development lifecycle. What We’re Looking For: Requirements: Minimum of 8 years of experience in information security. Strong knowledge of security frameworks, such as ISO 27001 and NIST Cybersecurity Framework. Expertise in designing and implementing security controls, including cloud architectures, networks, monitoring, technical security policies. Stays up-to-date with the latest security technologies, approaches, and best practices. Experience with cloud security, network security, and secure coding practices. Excellent communication and interpersonal skills to collaborate with cross-functional teams. Relevant certifications such as CISSP, CISM, or CEH are preferred. About S&P Global Market Intelligence At S&P Global Market Intelligence, a division of S&P Global we understand the importance of accurate, deep and insightful information. Our team of experts delivers unrivaled insights and leading data and technology solutions, partnering with customers to expand their perspective, operate with confidence, and make decisions with conviction. For more information, visit www.spglobal.com/marketintelligence. What’s In It For You? Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference. Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global. Our benefits include: Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference. For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert: If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here. - Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf - 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group) Job ID: 315845 Posted On: 2025-07-23 Location: Gurgaon, Haryana, India

We are looking for Senior Cyber Security Engineer Position : 1 Location : Madurai Experience : 5+ Years 1. Nice and Energetic Working Environment 2. Attractive Annual Bonus 3. Excellent Career Growth, Learning, and Experience 4. Based on Performance, Probation confirmation hike will be provided. Roles and Responsibilities: 1. Security Infrastructure Design: Develop and design security architectures for complex systems. Implement security solutions that effectively protect information systems and data. 2. Implementation of Security Measures: Deploy security technologies, including firewalls, intrusion detection/prevention systems, antivirus software, and encryption solutions. Configure and manage security tools to detect and respond to security incidents. 3. Network Security: Implement and manage network security measures to protect against unauthorized access, attacks, and vulnerabilities. 4. Vulnerability Management: Conduct vulnerability assessments and penetration testing to identify and remediate security weaknesses. Develop and implement strategies for addressing vulnerabilities in a timely manner. 5. Identity and Access Management: Design and implement access controls to ensure only authorized users have appropriate access. Manage identity and access management solutions to protect against unauthorized access. 6. Security Policy and Compliance: Develop and enforce security policies, standards, and procedures. Ensure compliance with relevant laws, regulations, and industry standards. 7. Incident Response and Forensics: Participate in incident response activities, including investigation, analysis, and resolution of security incidents. Conduct digital forensics to identify the root cause of security incidents. 8. Security Awareness and Training: Provide security awareness training to employees to promote a security-conscious culture. Advise on best practices for maintaining security in daily operations. 9. Security Research and Evaluation: Stay informed about the latest security trends, threats, and technologies. Evaluate new security solutions and technologies for potential adoption. 10. Collaboration and Communication: Collaborate with other IT teams, departments, and stakeholders to implement security measures. Communicate security risks and recommendations to technical and non-technical audiences. 11. Impact study of various alerts and categorization based on priority. 12. Strong experience in managing Cyber Security within IT Application, Cloud, Network, IT Infrastructure, etc. 13. Having an active role in all aspects of the project - from first meeting with clients and identifying the Security issues to final recommendations and implementation of the Security change. 14. Good experience in troubleshooting and resolving issues related to Firewall, Cybersecurity Attack, Threat Management and etc 15. Good understanding of the current IT Security practices, threat analysis, privacy and risk policies especially covering Data Loss Prevention (DLP) and etc. 16. Consistently develop security procedures and standard operating documents related to IT Security Operations covering configuration, patching, troubleshooting guides etc. 17. Ability to handle high pressure situations with Good Analytical skills, Problem solving and Interpersonal skills. 18. Find cost-effective solutions to cyber security problems Required Skills and Qualifications: 1. More than 5 years of experience in the Cybersecurity of IT field 2. Strong understanding of network and systems security principles. 3. Proficiency in configuring and managing security technologies and tools. 4. Knowledge of encryption protocols, firewall configurations, and intrusion detection/prevention systems. 5. Experience with vulnerability assessment tools and methodologies. 6. Familiarity with security compliance frameworks (e.g., NIST, ISO 27001). 7. Understanding of identity and access management concepts. 8. Incident response and digital forensics skills. 9. Excellent problem-solving and analytical skills. 10. Strong communication and collaboration skills. Certifications : Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) Certified Information Security Manager (CISM) CompTIA Security+ Shift Timings: 8:30 AM to 5:30 PM / Monday to Friday Job Types: Full-time, Permanent Job Types: Full-time, Permanent Benefits: Health insurance Provident Fund Schedule: Day shift Monday to Friday Supplemental Pay: Performance bonus Experience: Ethical Hacking: 5 years (Required) Cybersecurity: 4 years (Required) Location: Madurai, Tamil Nadu (Required) Work Location: In person

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you’d like, where you’ll be supported and inspired by a collaborative community of colleagues around the world, and where you’ll be able to reimagine what’s possible. Join us and help the world’s leading organizations unlock the value of technology and build a more sustainable, more inclusive world. Your role Drive cybersecurity oversight and compliance across global accounts, ensuring alignment with IT, Engineering, and Business Line (BL) security teams. Monitor and report on mandatory security and data privacy training compliance; escalate non-compliance to supervisors and engagement managers. Conduct internal security sensitization sessions for new joiners and annual refresher sessions for existing employees. Distribute monthly security newsletters covering key topics, industry updates, and incident awareness. Organize and manage periodic security quizzes to enhance awareness across the account. Track cybersecurity, data privacy, and BCMS assessment scores (eMMX) for each engagement and ensure full compliance. Perform periodic audits on endpoint devices to assess and maintain endpoint compliance. Conduct quarterly User Access Reviews to identify and eliminate unauthorized access within engagements. Identify engagements requiring BCP/DR plans and coordinate implementation with the BCMS team. Manage the full lifecycle of security incidents: reporting, tracking, updating registers, and coordinating closures. Participate in internal and external audits (ISO 27001, 27701, NIST, TISAX) and ensure audit readiness. Support bid processes by providing cybersecurity and data privacy inputs, including compliance frameworks like SOWs, MSAs, and frame contracts. Your profile Experience (5–10years) in Information Security, Cybersecurity, and Data Privacy Lead Auditor with ISO 27001 experience Certified in ISO 27001 (mandatory); additional cybersecurity certifications are a plus. In-depth understanding of regulatory frameworks and data privacy laws, including GDPR. Demonstrated leadership, organizational, and team development capabilities with knowledge of industry best practices. What You'll Love About Working Here You can shape your career with us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work on cutting-edge projects in tech and engineering with industry leaders or create solutions to overcome societal and environmental challenges. Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, generative AI, cloud and data, combined with its deep industry expertise and partner ecosystem.

Job Description We’re hiring a skilled Compliance Lead to join our Information Security Group (ISG) at Grazitti Interactive. In this high-impact role, you’ll spearhead Governance, Risk, and Compliance (GRC) initiatives, drive external audit processes, develop compliance frameworks, and ensure organizational alignment with key regulatory standards. If you have a solid background in risk management, policy development, and IT audit readiness—with a deep understanding of frameworks like ISO27001, COBIT, and NIST—this is your opportunity to lead and create tangible impact. Key Skills 8+ years in GRC, compliance, or IT risk management. Bachelor’s degree in a relevant field; CISA, CISSP, or CISM preferred. Hands-on experience with ISO27001/2, ISO31000, NIST, COBIT, COSO, ITIL. Knowledge of GDPR, HIPAA, CCPA, ITGC, and SOX compliance. Strong understanding of internal controls and security policies. Experience in external/internal audits and incident response planning. Excellent communication and stakeholder management skills. Process-oriented with strong documentation and analytical capabilities. Roles and Responsibilities Design and execute enterprise-wide GRC strategies. Ensure compliance with GDPR, HIPAA, ISO, and other global standards. Lead documentation efforts for SOX controls and ITGCs. Collaborate with legal teams to interpret regulations. Act as the primary contact for external auditors. Lead planning, documentation, and closure of compliance audits. Conduct in-depth risk assessments and advise mitigation strategies. Maintain up-to-date risk registers and track remediation actions. Draft and implement information security policies. Establish and enforce internal controls for IT and SaaS environments. Apply COSO, COBIT, and ITIL best practices for governance. Review control effectiveness through regular audits. Design incident response plans and lead resolution efforts. Build awareness programs and train teams on compliance best practices. Drive a culture of compliance and operational integrity. Communicate risk and compliance posture to executive leadership. Document and maintain audit trails for transparency.

Job Title: Senior Cyber Security Delivery Specialist Job Location: Hyderabad Experience: 5 + years Responsibilities Implement data classification and labelling to categorise and protect sensitive information using Microsoft Purview Define, design and implement data governance policies using Microsoft Purview Review policies, generate insights and ensure that data governance practices are effective prior to making recommendation for policy enforcement Support training of SecOps, GRC and Pilot users as required Collaborate with cross-functional teams within and outside of technology Provide guidance on data protection, privacy, and security best practices Stay up to date with the latest security trends, threats, and technologies to continuously improve the organisation's security posture Development of project documentation and handover to operations teams Assist in the evaluation of solutions or security tools and technologies for projects assigned Experience Minium of 5 years work experience in a Security Analyst/ Delivery role A minimum of 2 years of work experience delivering Cyber projects Experience implementing MS Purview from end to end (labelling, policy design, policy enforcement) Ability to think laterally and strategically with a solution focused approach Ability to deliver to scope, schedule and budget Experience managing own work and prioritising workload to meet deliverables Experience working with both technical and non-technical stakeholders An understanding of how data is protected at rest and in transit Knowledge of information security frameworks (NIST, ISO27001, PCI-DSS, SOC) Experience implementing or operating Password Management, API Observability, Honey Tokens or Application Whitelisting tools will be highly regarded About Softobiz Innovation begins with like-minded people aiming to transform the world together. At Softobiz, we invite you to become a part of an organization that has been helping clients transform their business by fusing insights, creativity, and technology. With a team of 300+ technology enthusiasts, we have been trusted by leading enterprises around the globe for over 12+ years. At Softobiz, we foster a culture of equality, learning, collaboration, and creative freedom, empowering our employees to grow and excel in their careers. Our technical craftsmen are pioneers in the latest technologies like AI, machine learning, and product development. Why Should You Join Softobiz? Work with technical craftsmen who are pioneers in the latest technologies. Access training sessions and skill-enhancement courses for personal and professional growth. Be rewarded for exceptional performance and celebrate success through engaging parties. Experience a culture that embraces diversity and creates an inclusive environment for all employees. Softobiz is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will be afforded equal employment opportunities without discrimination based on race, creed, color, national origin, sex, age, disability, or marital status. For more information about our solutions and organization, visit www.softobiz.com , Follow us on LinkedIn , Twitter , and Facebook for more updates.

We are seeking a skilled and dynamic Security & Privacy Architect and SDL Coach to join our team and help strengthen the security posture of our software development lifecycle. This role combines a strong foundation in code analysis, security architecture, and coaching teams on security best practices. The ideal candidate will work closely with development teams, conducting security assessments, guiding secure coding practices, and ensuring compliance with industry standards. As a Security & Privacy Architect, you will be responsible for identifying vulnerabilities and providing actionable recommendations to reduce security risks. As an SDL Coach, you will help application teams adopt security-focused practices into their software development lifecycle (SDLC) while ensuring compliance with regulatory standards like PCI-DSS. Key Responsibilities Code Analysis, Scanning, and Remediation • Security Tool Configuration: Configure and operate security scanning tools (e.g., Snyk, Grit, Checkmarx, Coverity, Mend etc.) to scan applications and interpret results to identify potential security flaws. • Static and Dynamic Code Analysis: Perform static and dynamic code analysis to identify vulnerabilities in the source code. Help App teams in adopting best practices. • Vulnerability Remediation: Work directly with development teams to guide them in resolving identified vulnerabilities and promote secure coding practices. • Issue Prioritization: Prioritize critical security issues and escalate them for immediate remediation when necessary. Security & Privacy Architecture • Security Assessments: Conduct in-depth security assessments to identify potential attack vectors, vulnerabilities, and risks in the application architecture and source code. • Recommendations: Provide actionable recommendations to development and architecture teams to address security gaps and ensure compliance with security standards. • Security Design: Assist in the design of secure application architectures that meet both business and security requirements. SDL Coaching and Best Practices • SDL Awareness: Conduct Security Development Lifecycle (SDL) Coaching and Assessments with development teams to raise awareness of security practices and ensure they align with best security practices. • Security Best Practices Adoption: Guide teams in adopting and integrating Comcast Security practices into their SDLC, focusing on secure coding, testing, and deployment. • Coaching & Mentoring: Provide ongoing coaching and mentoring to developers to help them understand the importance of security throughout the development process. Compliance Lead (CGA, PCI, CPP) • Regulatory Compliance: Participate in security risk assessments and ensure that applications comply with relevant industry standards and regulations (e.g., PCI-DSS, CGA, CPP). • Audit Preparation: Assist application teams with preparation for security audits, providing guidance before and after audits to address any issues. • Documentation: Ensure that all security compliance requirements are well documented and tracked. Research and Continuous Improvement • Threat Intelligence: Stay updated on the latest security threats, vulnerabilities, and emerging trends in application security to proactively mitigate risks. • Tool & Framework Evaluation: Evaluate new security tools, frameworks, and technologies that can improve the effectiveness of security code scanning and remediation. Conduct comparative analysis and provide recommendations. • Process Improvement: Continually assess and improve security processes within the development lifecycle to enhance overall security posture. Required Qualifications • Experience: 8+ years of experience in application security, including hands-on experience with code analysis, security testing, and risk assessments. • Technical Skills: o Strong understanding of secure software development practices. o Familiarity with security tools such as Snyk, Grit, Checkmarx, Mend and other static/dynamic code analysis tools. o Knowledge of security vulnerabilities (e.g., OWASP Top 10, CVEs) and remediation techniques. o Experience with common security frameworks and methodologies (e.g., OWASP, NIST, CIS, PCI-DSS). o Proficient in at least one programming/scripting language (e.g., Python, Java, C#, JavaScript). • Compliance Knowledge: In-depth understanding of industry compliance standards such as PCI-DSS, CGA, and CPP. • Communication Skills: Excellent written and verbal communication skills with the ability to interact with technical and non-technical teams alike. Preferred Qualifications • Certifications: CISSP, CISM, CISA, or equivalent security certification is highly preferred. • Experience with Cloud Security: Knowledge of security best practices in cloud environments (AWS, Azure, GCP). • Experience with DevSecOps: Experience with integrating security practices into DevOps pipelines and workflows.

Description Job Title: Information Security Analyst/ Analyst – Identity Governance and Compliance Department: Information Security – Governance, Risk & Compliance (GRC) Experience: Level: 2 – 4 years Employment Type: Full-time Key Responsibilities Manage the Identity Governance and compliance activities, including periodic User Access Reviews (UAR) and RBAC activities. Ensure IAM practices comply with internal policies and external regulatory requirements. Maintain and enhance identity governance policies, standards, and procedures. Provide subject matter expertise on Active Directory (AD), including group policies and access provisioning/deprovisioning. Align identity governance practices with frameworks such as PCI DSS, ISO 27001, NIST CSF, and COBIT. Engage with IT, HR, and business units to enforce least privilege principles and maintain accurate access records. Conduct regular training sessions for the SM team on security controls and client requirements. Coordinate SME involvement in quarterly meetings and training initiatives. Maintain and organize SharePoint and Jira spaces for audit readiness and evidence management. Participate in incident management, change control meetings, and cloud migration initiatives. Engage in SOC operations and threat tracking. Drive continuous improvement initiatives in identity governance and GRC processes. Lead the annual review of security information presentations in collaboration with Compliance. Required Qualifications Bachelor’s degree in Information Security, Computer Science, or a related field. 2 – 4 years of experience in Information Security, with a focus on Identity Governance and Compliance. Strong understanding of User Access Review (UAR) processes and tools. Experience with Active Directory (AD) and identity lifecycle management. Familiarity with regulatory and compliance frameworks: PCI DSS, ISO 27001, NIST, COBIT. Excellent analytical, documentation, and communication skills. Ability to work independently and collaboratively in a fast-paced environment. Preferred Qualifications Relevant certifications such as CISSP, CISA, CISM, CRISC, or GIAC. Experience with IAM tools (e.g., SailPoint, Saviynt, Okta, Azure AD). Prior experience supporting internal or external audits. Knowledge of GRC tools and platforms. Understanding of legal and regulatory standards such as FERPA, CIS, and data protection laws. Knowledge of Cloud Identity (AWS or Azure Identity).

Description Job Title: Information Security Lead / Lead – Identity Governance and Compliance Department: Information Security – Governance, Risk & Compliance (GRC) Experience: Level: 5 – 7 years Employment Type: Full-time Key Responsibilities Lead and manage the Identity Governance and compliance activities, including periodic User Access Reviews (UAR) and RBAC activities. Ensure IAM practices comply with internal policies and external regulatory requirements. Maintain and enhance identity governance policies, standards, and procedures. Provide subject matter expertise on Active Directory (AD), including group policies and access provisioning/deprovisioning. Align identity governance practices with frameworks such as PCI DSS, ISO 27001, NIST CSF, and COBIT. Engage with IT, HR, and business units to enforce least privilege principles and maintain accurate access records. Conduct regular training sessions for the SM team on security controls and client requirements. Coordinate SME involvement in quarterly meetings and training initiatives. Maintain and organize SharePoint and Jira spaces for audit readiness and evidence management. Participate in incident management, change control meetings, and cloud migration initiatives. Engage in SOC operations and threat tracking. Drive continuous improvement initiatives in identity governance and GRC processes. Lead the annual review of security information presentations in collaboration with Compliance. Required Qualifications Bachelor’s degree in Information Security, Computer Science, or a related field. 5 – 7 years of experience in Information Security, with a focus on Identity Governance and Compliance. Strong understanding of User Access Review (UAR) processes and tools. Experience with Active Directory (AD) and identity lifecycle management. Familiarity with regulatory and compliance frameworks: PCI DSS, ISO 27001, NIST, COBIT. Excellent analytical, documentation, and communication skills. Ability to work independently and collaboratively in a fast-paced environment. Preferred Qualifications Relevant certifications such as CISSP, CISA, CISM, CRISC, or GIAC. Experience with IAM tools (e.g., SailPoint, Saviynt, Okta, Azure AD). Prior experience supporting internal or external audits. Knowledge of GRC tools and platforms. Understanding of legal and regulatory standards such as FERPA, CIS, and data protection laws. Knowledge of Cloud Identity (AWS or Azure Identity).

About the Team The Compliance team at Meesho is like the Avengers safeguarding Meesho's S.H.I.E.L.D. As an Associate Compliance Manager, youll take the lead in fortifying our systems and ensuring they remain secure and compliant. After all, when 5% of Indian households shop with us, its important to build resilient systems to manage millions of orders every day. Weve done this with zero downtime! Sounds impossible? Well, thats the kind of Engineering muscle that has helped Meesho become the e-commerce giant that it is today. We value speed over perfection, and see failures as opportunities to become better. Weve taken steps to inculcate a strong Founders Mindset across our engineering teams, making us grow and move fast. We place special emphasis on the continuous growth of each team member - and we do this with regular 1-1s and open communication. As an AssociateCompliance Manager, you will be part of self-starters who thrive on teamwork and constructive feedback. We know how to party as hard as we work! If we arent building unparalleled tech solutions, you can find us debating the plot points of our favourite books and games or even gossipping over chai. So, if a day filled with building impactful solutions with a fun team sounds appealing to you, join About the Role As an Associate Manager , youll play a key individual contributor role in driving security policies, ensuring adherence to compliance frameworks, and mitigating risks within Meeshos internal and external environments. Youll manage end-to-end compliance activities, oversee audits, and contribute to building a secure and compliant ecosystem. As part of the Security Compliance team, youll own and be accountable for the overall Information Security framework and program, helping to uphold the highest standards of security and privacy. What you will do Lead and own the end-to-end security compliance and certification charter. Define, roll out, and enforce Information Security policies and procedures. Define and ensure adherence to data privacy and data protection laws (e.g., DPDP). Collaborate with third-party vendors to maintain robust third-party security practices. Ensure compliance with IT Act, e-commerce guidelines, and regulations related to cryptography, information security, and data privacy. Conduct periodic information security awareness training programs for employees. Oversee information security risk management and privacy impact assessments. Develop and maintain Business Continuity Plans (BCP) and conduct Business Impact Assessments (BIA) to ensure organizational resilience Draft and enforce Data Protection Agreements and Information Security Agreements. Manage and coordinate internal and external audit-related activities. Collect and present audit evidence to ensure successful compliance assessments. Develop, implement, and maintain internal audit policies and procedures in line with standards such as ISO 27001, SOC 2, PCI DSS, or any other opted frameworks. Audit data, systems, and processes for policy and regulatory compliance. Provide actionable insights and reporting on the effectiveness of compliance programs. Conduct vendor audits and produce comprehensive reports. Plan and execute ad-hoc audits as necessary. What you will need Educational Qualification : Bachelor's/Master's degree in Computer Science, Information Security, or a related technical field. Experience : 4-7 years in information security, compliance, or audit roles. Demonstrated experience in startup environments or knowledge of regulatory frameworks (e.g., PCI DSS, ISO 27001). Strong problem-solving skills and hands-on experience implementing compliance standards. Familiarity with frameworks like ISO27001, NIST, Cyber Kill Chain, and MITRE ATT&CK. Working knowledge of cloud platforms (AWS, GCP) is highly advantageous. Excellent project planning, stakeholder management, and communication skills. Ability to adapt to evolving regulatory landscapes and implement best practices. Certifications like ISO Lead Auditor/Implementer, CISSP, CISM, CISA, or CCSP are a plus.