3740 Nist Jobs - Page 28

Job Title: SOC Consultant Location: Gurgaon / Bangalore Experience: 3+ Years Position Type: Full-time Immediate Joiners Preferred Job Description: We are seeking a skilled SOC (Security Operations Center) Consultant with 3+ years of experience in security operations, threat analysis, and incident response. The ideal candidate should have hands-on experience with SIEM tools and a strong understanding of cybersecurity principles and frameworks. Key Responsibilities: Monitor, analyze, and respond to security events and incidents Operate and manage SIEM platforms (e.g., Splunk, QRadar, ArcSight, etc.) Perform real-time threat analysis, detection, and triage of security incidents Support vulnerability management and threat intelligence integration Work closely with clients and internal teams to implement security best practices Document security incidents and contribute to knowledge base development Assist in the development of security playbooks and incident response plans Required Skills: 3+ years of experience in SOC operations or a similar cybersecurity role Proficiency in SIEM tools and log analysis Good understanding of TCP/IP, IDS/IPS, firewalls, and malware analysis Familiarity with threat hunting techniques and cybersecurity frameworks (NIST, MITRE ATT&CK) Strong analytical and problem-solving skills Excellent communication and documentation skills Certifications (Preferred): CEH / CompTIA Security+ / SSCP / Splunk Certified / Microsoft SC-200 or equivalent

🚨 Job Opening: Chief Information Security Officer (CISO) 📍 Location: Thane 🕒 Employment Type: Full-Time | Senior Leadership 💼 Department: Security & Compliance About the Role We’re looking for an experienced and visionary Chief Information Security Officer (CISO) to lead our company-wide information security strategy. As a key member of the senior leadership team, you’ll be responsible for protecting our systems, data, and applications while aligning security initiatives with our business goals. This role requires a strong leader with deep technical expertise, a strategic mindset, and a passion for building secure, scalable, and compliant environments—especially within fast-paced, SaaS or technology-driven companies. Key Responsibilities 🔐 Strategic Leadership Define and drive the overall information security vision, strategy, and roadmap. Provide executive-level guidance on risk management, compliance, and emerging threats. Embed security best practices into business operations through cross-functional collaboration. 🛡️ Risk & Security Program Management Develop and enforce comprehensive security policies, standards, and procedures. Lead enterprise-wide risk assessments, threat modeling, and vulnerability analysis. Monitor and respond to security threats, alerts, and reports in real time. 🚨 Incident Response & Recovery Lead the development and execution of incident response strategies and playbooks. Oversee security investigations and coordinate cross-functional remediation efforts. Act as point-of-contact for stakeholders and regulators during security events. ✅ Compliance & Audit Ensure compliance with frameworks and regulations like ISO 27001, GDPR, SOC 2, etc. Support internal and external audits, and drive closure of any findings. Maintain comprehensive documentation of security policies and incident history. 📣 Security Awareness & Culture Promote a culture of security through ongoing training and awareness programs. Collaborate with department leaders to ensure security is part of everyday practices. 🧠 Technical Leadership Oversee the implementation and management of tools like SIEM, IDS/IPS, firewalls, and encryption. Conduct regular penetration testing and vulnerability assessments. Stay ahead of industry trends and technologies to continually improve defenses. 💻 Application Security Oversight Partner with engineering teams to integrate security into the SDLC. Lead secure code reviews, vulnerability assessments, and application threat modeling. Define and enforce secure coding standards; train teams on AppSec best practices. What We’re Looking For 🎓 Education & Certifications Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field. Advanced certifications preferred: CISSP, CISM, OSCP, CEH, or equivalent. 💼 Experience 12+ years in information security, with leadership in enterprise environments. Strong background in SaaS or technology-led companies. Proven ability to align security programs with business strategy. 🧩 Skills & Competencies Deep knowledge of security frameworks (NIST, ISO 27001) and compliance standards (GDPR, SOC 2). Expertise in cloud security (AWS, GCP, or Azure). Strong communication and leadership skills to influence at all levels. Hands-on experience with security tools (SAST, DAST, SIEM, IDS/IPS, encryption). Analytical and data-driven approach to problem-solving. Why Join Us? Influence and own the end-to-end security strategy at the highest level. Work with a collaborative, mission-driven leadership team. Drive innovation in a high-impact role where security is a top priority.

Are you ready to power the World's connections? If you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others. About The Role Kong is establishing a global Customer Assurance team that will play an important role in helping Kong gain and keep the trust of its customers around the world with respect to its information security, operational resilience and data governance practices. Reporting to Kong’s US-based Director, GRC, the Customer Assurance Senior Manager will be the first hire into this India-based team, and will play an important role in helping build the team. What You'll Be Doing Manage Customer Assurance :Oversee customer assurance initiatives, focusing on completing customer security questionnaires, RFP security sections, certification documentation sharing, and other due diligence requests to build trust in Kong's product and service security.Lead the customer assurance team and communicate program issues to leadership as needed.Ensure a deep understanding of the product and maintain a well-organized library of resources. Coordinate Cross-Functional Responses:Serve as the primary point of contact for customer security and compliance inquiries.Collaborate with internal teams (Compliance, Security, Engineering, Legal, etc.) to gather necessary information and provide thorough, prompt and accurate responses to customer questionnaires and inquiries. Develop Scalable Processes:Create and refine processes to efficiently handle questionnaire completion and information security inquiry responses.Maintain a repository of standard answers, templates, and documentation to enhance efficiency and consistency.Leverage tools or automation to manage repetitive questionnaire content. Proactive Customer Assurance:Produce and maintain customer-facing security documentation and collateral (such as FAQ and trust portal content).Anticipate and address common customer questions proactively to build trust. Cross-Department Collaboration: Work closely with global Sales and Customer Success teams during pre-sales and renewal cycles to address security and compliance questions.Attend customer calls as the company’s Customer Assurance representative, providing clear explanations of our security posture and practices to shorten sales cycles and reassure customers. Program Monitoring and Improvement:Track and report on customer assurance activities and metrics (such as questionnaire turnaround times, common security concerns, and customer feedback).Use these insights to continuously improve the customer assurance program, streamlining workflows, enhancing answer quality, and maintaining thorough and timely communication. What You'll Bring Experience: Over 5 years of experience in information security or compliance, with substantial involvement in security assurance or GRC programs. At least 1 year of experience in a customer-facing role, such as responding to client security questionnaires or participating in trust-building activities. Total professional experience is less than 15 years. Security Knowledge:Understanding of security and compliance frameworks/standards (such as SOC 2, ISO 27001, NIST, GDPR, CCPA).Working knowledge of cloud security principles and IT controls related to SaaS environments. Technical Skills:Expertise with cloud platforms such as GCP, Azure, or AWS, as well as containerization technologies like Docker and Kubernetes. Strong background in SaaS security. Non-Technical Skills:Experienced in creating clear and accessible documentation that explains complex technical scenarios to non-technical audiences. Process Management:Ability to manage multiple requests simultaneously and meet deadlines.Experience maturing customer assurance processes, such as implementing tools for security questionnaire automation or knowledge bases.Experience developing or improving processes to increase efficiency is a plus. Communication Skills:Ability to translate complex security concepts into clear, customer-friendly written and verbal communication.Comfortable interacting with enterprise customers and internal stakeholders. Collaboration:Ability to collaborate effectively with diverse groups (engineering, legal, sales, etc.) through proactive and customer-service-focused approaches. Education:Bachelor’s degree in Information Security, Computer Science, or a related field (or equivalent work experience). This opportunity requires you to work from our office in Bangalore, India in a hybrid manner with three days in the office and Two days working from home. Preferred Qualifications Certifications:Professional certifications such as CISSP or CISA (preferred but not required). SaaS/Industry Experience:Experience working in a SaaS company, especially in cloud services or API management. About Kong Kong Inc., a leading developer of cloud API technologies, is on a mission to enable companies around the world to become “API-first” and securely accelerate AI adoption. Kong helps organizations globally — from startups to Fortune 500 enterprises — unleash developer productivity, build securely, and accelerate time to market. For more information about Kong, please visit www.konghq.com or follow us on X @thekonginc.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Integrated Security Risk Management Good to have skills : Security Risk and Audit Operations, Governance Risk & Compliance (GRC) Platform Operations Minimum 3 Year(s) Of Experience Is Required Educational Qualification : Bachelors degree in computer science, IT, information systems management or equivalent area Summary: As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. A typical day involves collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. Roles & Responsibilities: - Expected to perform independently and become an SME. - Required active participation/contribution in team discussions. - Contribute in providing solutions to work related problems. - Engage in continuous learning to stay updated with the latest security trends and technologies. - Assist in the development and implementation of security policies and procedures. Professional & Technical Skills: - Must To Have Skills: Proficiency in Integrated Security Risk Management. - Good To Have Skills: Experience with Security Risk and Audit Operations, Governance Risk & Compliance (GRC) Platform Operations. - Strong understanding of cloud security principles and practices. - Experience with risk assessment methodologies and frameworks. - Familiarity with compliance standards such as ISO 27001, NIST, and GDPR. Additional Information: - The candidate should have minimum 3 years of experience in Integrated Security Risk Management. - This position is based at our Chennai office. - A Bachelors degree in computer science, IT, information systems management or equivalent area is required.

Location: Bengaluru Designation: Assistant Manager Entity: Working knowledge in one or more security domains such as: Security Governance policies and procedures, Risk Management, Compliance, Access Control, Network Security, Security Architecture, Security Incident Response Experience in leveraging industry standards and frameworks such as NIST, HIPAA, ISO/EC 27001, ?????, ITIL, etc. Demonstrates in-depth knowledge of security controls and risk management process Experience in data protection technologies such as encryption, data discovery, data masking, data redaction, etc. The key skills required are as follows: Responsible for ISO 27001 based Information Security Management System implementation and sustenance Assess client information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk Responsible to assist client in review / implement Information Security controls in areas as mentioned, but not limited to: Change management process, Incident management process, Backup process, User identity and access management, Antivirus management, SLA performance and monitoring, Media handling & Exchange of information, Physical and environmental Security, and Media & Information Handling Responsible for conducting clients vendors risk assessment and providing a holistic view of clients risk exposure due to outsourcing Responsible for advising and assisting clients to develop and implement Information classification framework Conduct Information Systems audits covering IT infrastructure assets Serves as technical lead or subject matter specialist on security and privacy implementation projects, responsible for design, build, testing and deployment of solutions Demonstrates ability to work independently on projects with limited supervision Demonstrates understanding of complex business and information technology management processes Demonstrates working knowledge of firm tools and methodologies that may be suitable for the engagement Manages day-to-day client relationships at mid and lower levels. Participates in proposal development efforts to sell add-on work to clients Identifies opportunities to improve engagement economics Plays substantive role in designing and implementing business development plan for the service line Plays substantive/lead role in retention of professionals and in building staff complement, mix, and recruiting Undertakes initiatives in people and practice development Desired qualifications B.E / B.Tech (Tier 1/2) in Computer Science, Information Technology or related fields ISO 27001 LA/LI, ISO 31000 LA/LI, CISA, CISSP, ITIL, or equivalent certification preferred

Req ID: 127900 Remote Position: Hybrid Region: Asia Country: India State/Province: Chennai City: Guindy, Chennai Summary We are seeking a highly motivated and experienced Senior Analyst to join our Third Party IT Risk Management team. This role is responsible for identifying, assessing, and mitigating information technology risks associated with our third-party relationships. The ideal candidate will possess a strong understanding of IT risk management frameworks, cybersecurity principles, and relevant regulatory requirements. You will play a crucial role in protecting our organization's data and systems by ensuring our vendors and partners adhere to our security standards. Detailed Description Performs tasks such as, but not limited to, the following: Vendor Risk Assessment: Conduct comprehensive IT risk assessments of new and existing third-party vendors. This includes evaluating their security policies, procedures, and controls against industry best practices and our internal security requirements. Due Diligence: Perform initial and ongoing due diligence on third-party vendors to ensure their security posture remains strong throughout the vendor lifecycle. Contract Review: Collaborate with legal and procurement teams to review and negotiate IT security-related clauses in third-party contracts and agreements. Continuous Monitoring: Implement and manage a continuous monitoring program to track the security performance of critical vendors. This includes analyzing security ratings, vulnerability reports, and incident notifications. Incident Response: Act as a key point of contact for any security incidents involving third-party vendors. This includes coordinating response efforts and ensuring timely resolution. Reporting: Develop and maintain risk dashboards and reports for senior management, providing a clear view of the third-party risk landscape. Policy and Procedure Development:Contribute to the development and enhancement of our third-party IT risk management policies, standards, and procedures Knowledge/Skills/Competencies Education: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field. Experience: 10-15 years of experience in IT risk management, cybersecurity, or a related field, with a specific focus on third-party risk management. Framework Knowledge: In-depth knowledge of IT risk management frameworks such as NIST (800-53, CSF), ISO 27001, and COBIT. Regulatory Familiarity: Understanding of relevant data privacy and protection regulations (e.g., GDPR, CCPA). Technical Skills: Proficiency with third-party risk management tools and platforms. Strong understanding of network security, cloud security, application security, and data protection principles. Experience with security assessment methodologies and tools. Soft Skills: Excellent analytical and problem-solving skills. Strong written and verbal communication skills, with the ability to effectively communicate technical concepts to both technical and non-technical audiences. Proven ability to manage multiple projects and priorities in a fast-paced environment. Strong interpersonal skills with the ability to build and maintain effective working relationships with internal and external stakeholders. Physical Demands Duties of this position are performed in a normal office environment. Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required. Typical Experience Certifications: Professional certifications such as CRISC, CISM, CISA, or CISSP are highly desirable. Industry Experience: Experience working in a manufacturing, and regulated industry (e.g., finance, healthcare) is a plus. Typical Education Education: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field. Experience: 10-15 years of experience in IT risk management, cybersecurity, or a related field, with a specific focus on third-party risk management. Notes This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time. Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law). At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them. Company Overview Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers. Celestica would like to thank all applicants, however, only qualified applicants will be contacted. Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.

Job Title: GRC Consultant Location: Ghansoli, Navi Mumbai Job Description: Candidate should have 5+ years of experience as GRC Consultant. Risk Management: Identify, assess, and manage risks related to information security, privacy, and regulatory compliance. ISO 27001 Implementation: Lead the implementation and maintenance of ISO 27001 standards, including conducting internal audits and managing certification processes. Policy Development: Develop, update, and enforce security policies, standards, and procedures to ensure compliance with regulatory requirements. Compliance Monitoring: Monitor and ensure adherence to industry regulations and standards, such as GDPR, NIST, and SOX. Audits and Assessments: Conduct regular audits and risk assessments to identify gaps and recommend improvements. Vendor Risk Management: Evaluate and manage third-party vendors to ensure they meet organizational security requirements. Security Controls: Test and monitor the effectiveness of security controls and recommend enhancements. Regulatory Research: Stay updated on regulatory changes and ensure the organization complies with new requirements.

Job Description & Summary: We are looking for an experienced Cloud Security Lead with deep technical expertise in Zscaler (ZIA/ZPA) and Fortinet security solutions. The ideal candidate will play a key role in architecting, implementing, and managing secure cloud on-prem and internet access strategies, supporting enterprise-wide digital transformation and security posture enhancement. Mandatory skill sets: Zscaler ZIA / ZPA / SIPA • Fortinet FortiGate / FortiManager / FortiAnalyzer • SIEM platforms (Splunk, QRadar, etc.) • Firewall platforms: Fortinet, Palo Alto, Check Point, Juniper • Security Frameworks: ISO 27001, NIST, CIS Controls, HIPAA, GDPR Years of experience required: 5-10 Years of experience Location: Pan India Responsibilities: Zscaler Security Operations • Design, implement, and manage Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) solutions. • Configure SIPA (Secure Internet & Private Access) policies for optimized secure remote and internet access. • Perform regular reviews, audits, and optimization of Zscaler configurations to align with industry best practices. • Provide technical support and guidance to L1 and L2 teams for Zscaler-related issues. • Stay up to date on Zscaler enhancements, threat intelligence, and security features to ensure proactive defense. Fortinet and Network Security • Implement and manage Fortinet firewall and security solutions for perimeter and cloud-based infrastructure. • Configure Fortinet firewalls to support SD-WAN, secure edge, and hybrid cloud environments. • Work closely with networking teams to design secure network topologies integrating Fortinet technologies. Cloud Security and Compliance • Design and assess cloud-native security architectures for AWS, Azure, or GCP environments. • Conduct cloud security assessments, vulnerability scans, and risk remediation. • Align security strategies with industry standards like ISO 27001:2022, SOC 2, HIPAA, GDPR, and CIS v3.0.0. • Assist in external security audits and privacy assessments related to cloud workloads. Collaboration and Strategy • Collaborate with cross-functional teams (Security, IT, DevOps, Engineering) to embed security into cloud and network initiatives. • Act as a Subject Matter Expert (SME) for Zscaler and Fortinet technologies in solution design and customer engagements. • Maintain documentation on security controls, configurations, SOPs, and incident response playbooks. Required Skills and Qualifications: Experience in network and cloud security domains. • Proven hands-on experience with Zscaler ZIA/ZPA design, implementation, and operations. • Strong working knowledge of Fortinet firewalls and FortiManager, FortiAnalyzer. • Experience with SD-WAN, SDN, VPNs, and secure web gateway technologies. • Strong understanding of network security principles, SIEM, threat intelligence, and incident response. Knowledge of cloud compliance standards and risk frameworks (NIST, CIS, ISO). • Excellent communication skills and ability to work in cross-functional environments. • Strong documentation, presentation, and stakeholder management skills. • Experience in SOC environment will be a plus

About Atlas Hello and welcome! Atlas Consolidated Pte Ltd. owns and operates two brands: Hugosave, a B2C consumer finance app, and HugoHub, a B2B Banking as a Service platform. Atlas is Headquartered in Singapore. Hugosave Hugosave is a personal financial management application that puts saving first. Our initial market is Singapore, but regional and global expansion is taking place swiftly. Through our product vision of Better Budgeting, Smarter Spending, and Sustainable Saving, we aim to build financially healthy and thriving communities. HugoHub HugoHub is a standalone B2B technology platform consisting of both frontend experience layer and backend platforms that offer a full suite of modular banking services through a single integration. HugoHub comprises 5 key Product Pillars: 1. Accounts, Wallets & Payments, 2. Card Programmes, 3. Wealth, Savings & Investments, 4. Full Stack BaaS (Banking as a Service) and 5. Bank of API's Using these Product Pillars built on our platform, our clients can build financial products that delight their customers in any part of the world. A regulated entity with strong credentials Atlas Consolidated Pte Ltd satisfies stringent corporate governance, operations, and regulatory integrity requirements to maintain licenses from regulatory bodies, such as: Monetary Authority of Singapore - Major Payment Institution license and Financial Advisors license Ministry of Law, Singapore - Regulated Precious Metals Dealers license Visa Inc. - Principal Members Issuing licence About the Role We are seeking an experienced Product Security Engineer to join our team and help build security into every aspect of our product development lifecycle. In this role, you'll work closely with engineering, product, and DevOps teams to identify, assess, and mitigate security risks while enabling rapid and secure product delivery. Key Responsibilities Threat Modeling & Risk Assessment Design and conduct comprehensive threat modeling sessions for new features and system architectures Identify potential attack vectors and security vulnerabilities early in the development process Collaborate with product and engineering teams to prioritize security requirements based on risk assessment Develop and maintain threat models for existing and new products Security Testing & Validation Perform security testing of web applications, mobile applications, and APIs Conduct static and dynamic application security testing Execute penetration testing and vulnerability assessments Review code for security vulnerabilities and provide remediation guidance Validate security controls and defensive measures DevSecOps Integration Implement and maintain Static Application Security Testing (SAST) tools in CI/CD pipelines Deploy and optimize Dynamic Application Security Testing (DAST) solutions Establish cloud security best practices and tooling for AWS environments Build security gates and quality checks into development workflows Collaborate with DevOps teams to secure infrastructure as code Security Automation & Tooling Develop automated security testing frameworks and scripts Build tools and integrations to streamline security processes Automate vulnerability scanning and reporting workflows Create self-service security tools for development teams Implement security orchestration and response automation Security Analytics & Monitoring Design and implement security metrics and KPIs for product security Analyze security testing results and trends to identify systemic issues Build dashboards and reporting for security posture visibility Conduct security data analysis to inform strategic decisions Monitor and respond to security alerts and incidents Cross-functional Collaboration Partner with engineering teams to provide security guidance and support Educate developers on secure coding practices and security requirements Work with product managers to balance security and business requirements Collaborate with infrastructure and platform teams on security architecture Requirements Required Qualifications 5+ years of experience in product security, application security, or related cybersecurity roles Strong background in threat modeling and secure design review Extensive experience with web application security testing and mobile application security for iOS and Android platforms Hands-on experience with DevSecOps practices and security tool integration Proficiency with SAST, DAST, Cloud Security tools Experience with security automation and scripting (Python, Bash) Background in security analytics and data analysis for security insights Preferred Qualifications Experience with container security (Docker, Kubernetes) Knowledge of infrastructure as code security (Terraform, CloudFormation) Familiarity with security frameworks (NIST, ISO 27001, SOC 2) Experience with bug bounty programs and responsible disclosure Experience with compliance requirements (PCI DSS, GDPR)

Company Description At Astra Cybertech, we are cybersecurity experts committed to safeguarding digital assets. With a team of seasoned professionals offering a comprehensive suite of cybersecurity services, we aim to build resilient defense strategies tailored to specific requirements. Our focus is on staying ahead of evolving cyber threats and providing customized training and security consulting services to bolster your cybersecurity framework. . Key Responsibilities: In this key role, you will lead comprehensive risk assessments, ensure compliance with standards like ISO 27001 and SOC 2, and oversee internal and external audits. Governance & Compliance Lead and perform end-to-end audits covering ITGC, cybersecurity, privacy, and third-party risk. Review governance structure, policy lifecycle, and enterprise risk posture. Ensure compliance with relevant regulatory requirements (e.g., RBI, SEBI, IRDAI, GDPR). Audit Execution Develop detailed audit plans, risk assessments, and testing procedures. Conduct control walkthroughs, validate control designs, and test operating effectiveness. Collect, analyze, and evaluate evidence to support audit conclusions. Reporting & Risk Management Draft comprehensive audit reports, highlighting findings, risks, and recommendations. Work with stakeholders to track remediation of audit issues and validate closure. Assist in risk register maintenance and the development of corrective action plans (CAPs). Stakeholder Engagement Collaborate with cross-functional teams including IT, InfoSec, Legal, and Risk. You will be responsible for enhancing security controls, developing policies, and leveraging GRC platforms to provide strategic insights to leadership. Present findings to senior leadership and support regulatory inspections and external audits. Conduct awareness/training sessions on audit readiness and compliance topics. Frameworks & Tools Apply frameworks like ISO 27001, NIST CSF, COBIT, CIS Controls. Utilize GRC tools (e.g., Archer, ServiceNow GRC, Metric Stream) for control and risk management. Leverage technical tools for control validation (e.g., SIEM, DLP, PAM, vulnerability scanners). Skills : Excellent analytical, documentation, and report writing skills. Deep technical understanding of IT infrastructure, security tools, and processes. Effective communication and stakeholder management skills. Qualification: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field. 4+ years of GRC experience, deep knowledge of frameworks like NIST, and strong analytical skills.. Exposure to regulatory guidelines (IRDAI, RBI, SEBI, etc.). ISO 27001 certification mandatory. Professional certifications such as CISSP, CISA, or CRISC are highly desirable. Immediate Joiners Preferred. .

Job Summary: We are seeking a skilled and proactive Security Engineer with strong experience in firewall management and AWS cloud security . The ideal candidate will be responsible for designing, implementing, and maintaining the organization's security posture across both on-premises and cloud infrastructure. This role plays a key part in defending our systems and data from threats and vulnerabilities. Key Responsibilities: Configure, maintain, and monitor network firewalls (e.g., Palo Alto, Fortinet, Check Point). Design and implement AWS security controls , including IAM policies, security groups, NACLs, GuardDuty, CloudTrail, and AWS WAF. Conduct regular vulnerability assessments , security audits , and incident response procedures. Collaborate with DevOps and cloud teams to integrate security best practices into CI/CD pipelines. Respond to and investigate security incidents and alerts . Enforce compliance with security policies, standards, and regulatory frameworks (e.g., ISO 27001, NIST, SOC 2). Manage SIEM tools and perform log analysis for threat detection and prevention. Provide security guidance for cloud architecture reviews and new product deployments. Required Skills & Qualifications: 3+ years of experience as a Security Engineer , Cloud Security Specialist , or similar role. Hands-on experience with firewalls (e.g., Fortinet, Palo Alto, Cisco ASA). Strong knowledge of AWS Security tools and services (IAM, KMS, VPC, GuardDuty, WAF, etc.). Familiarity with incident detection and response , threat modeling , and penetration testing . Interested Candidates please share your CV to hajeera.s@people-prime.com

Job Summary: We are looking for an experienced Cyber Security Analyst to join our team and help protect our organization’s systems, networks, and data from cyber threats. The ideal candidate will have 4–5 years of hands-on experience in threat detection, incident response, vulnerability assessment, and security monitoring. Key Responsibilities: Monitor and analyze security events using SIEM tools (e.g., Splunk, QRadar, or ArcSight). Perform threat hunting and investigate security incidents across endpoints, networks, and cloud environments. Conduct vulnerability assessments and coordinate remediation efforts. Develop and implement security policies, procedures, and best practices. Analyze malware, phishing attempts, and other suspicious activities. Respond to and contain cyber incidents and conduct root cause analysis. Generate reports on security trends, incidents, and risk assessments. Collaborate with IT and DevOps teams to ensure secure system configurations. Support security awareness training and ensure compliance with regulatory standards (e.g., ISO 27001, GDPR, HIPAA). Required Skills & Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 4 to 5 years of proven experience in a cyber security analyst or similar role. Proficiency in SIEM, IDS/IPS, endpoint protection, and vulnerability scanning tools. Knowledge of cybersecurity frameworks (NIST, MITRE ATT&CK, OWASP). Strong understanding of TCP/IP, DNS, HTTP/S, VPNs, and firewalls. Experience with cloud platforms (AWS, Azure, GCP) and their security controls. Familiarity with scripting (Python, PowerShell) is a plus. Relevant certifications preferred: CEH, CompTIA Security+, CISSP, CISM , or equivalent. Preferred Qualities: Analytical mindset with attention to detail. Ability to work independently and in a team. Strong communication and documentation skills. Quick learner with a passion for cybersecurity and ongoing professional development.

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY-cyber security team, you shall engage in Identity & Access Management projects in the capacity of execution of deliverables. An important part of your role will be to actively establish, maintain, and strengthen internal and external relationships. You'll also identify potential business opportunities for EY and GDS within existing engagements and escalate these as appropriate. Similarly, you'll anticipate and identify risks within engagements and share any issues with senior members of the team. We're looking for Senior Security Analyst / Senior Consultant in the Technology Consulting team to work on various Identity and Access Management projects for our customers across the globe. Also, the professional shall need to report any identified risks within engagements and share any issues and updates with senior members of the team. In line with EY's commitment to quality, you'll confirm that work is of the highest quality as per EY's quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you'll help to create a positive learning culture, coach and counsel junior team members, and help them to develop. Your key responsibilities include engaging and contributing to the Identity & Access Management projects, providing Level 3 and Level 4 support for the system within agreed service levels, working independently, adapting quickly, and maintaining a positive attitude. You should have at least 3-6 years of Active Directory / Azure Active Directory (Entra) experience, experience in maintaining & administering Active Directory, knowledge of Bulk updates using scripts, managing backup/restore of AD database, handling escalated issues and providing RCA, experience in AD server migration, deployment, and DC promotion, and more. To qualify for the role, you must have a Bachelor or master's degree in a related field or equivalent work experience, 3-6 years of experience implementing IAM projects (Active Directory and Azure AD) and migration, a strong command of verbal and written English language, and strong interpersonal and presentation skills. EY offers support, coaching, and feedback from engaging colleagues, opportunities to develop new skills and progress your career, and the freedom and flexibility to handle your role in a way that's right for you. EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets.,

Description Job Description We’re hiring a skilled Compliance Lead to join our Information Security Group (ISG) at Grazitti Interactive. In this high-impact role, you’ll spearhead Governance, Risk, and Compliance (GRC) initiatives, drive external audit processes, develop compliance frameworks, and ensure organizational alignment with key regulatory standards. If you have a solid background in risk management, policy development, and IT audit readiness—with a deep understanding of frameworks like ISO27001, COBIT, and NIST—this is your opportunity to lead and create tangible impact. Skills Key Skills 8+ years in GRC, compliance, or IT risk management. Bachelor’s degree in a relevant field; CISA, CISSP, or CISM preferred. Hands-on experience with ISO27001/2, ISO31000, NIST, COBIT, COSO, ITIL. Knowledge of GDPR, HIPAA, CCPA, ITGC, and SOX compliance. Strong understanding of internal controls and security policies. Experience in external/internal audits and incident response planning. Excellent communication and stakeholder management skills. Process-oriented with strong documentation and analytical capabilities. Responsibilities Roles and Responsibilities Design and execute enterprise-wide GRC strategies. Ensure compliance with GDPR, HIPAA, ISO, and other global standards. Lead documentation efforts for SOX controls and ITGCs. Collaborate with legal teams to interpret regulations. Act as the primary contact for external auditors. Lead planning, documentation, and closure of compliance audits. Conduct in-depth risk assessments and advise mitigation strategies. Maintain up-to-date risk registers and track remediation actions. Draft and implement information security policies. Establish and enforce internal controls for IT and SaaS environments. Apply COSO, COBIT, and ITIL best practices for governance. Review control effectiveness through regular audits. Design incident response plans and lead resolution efforts. Build awareness programs and train teams on compliance best practices. Drive a culture of compliance and operational integrity. Communicate risk and compliance posture to executive leadership. Document and maintain audit trails for transparency. Contacts Email: careers@grazitti.com Address: HSIIDC Technology Park, Plot No – 19, Sector 22, 134104, Panchkula, Haryana, India

As a Security Consultant at our organization, you will be responsible for providing expert guidance and support in the field of information security and data privacy. With a minimum of 5 years of experience in cybersecurity, ISO consulting, and implementation, you will play a crucial role in ensuring the confidentiality, integrity, and availability of our clients" information assets. Your key responsibilities will include conducting gap analysis and readiness assessments for ISO27001, developing and implementing Information Security Management Systems (ISMS) based on ISO27001 standards, and performing internal audits to support our clients during external audits. Additionally, you will assist in conducting data privacy impact assessments (DPIAs), develop data protection policies and procedures, and support the implementation of data privacy frameworks. In this role, you will be expected to identify, assess, and mitigate risks related to information security and data privacy, develop risk management strategies and frameworks, and provide recommendations for risk treatment. You will work closely with our clients from India and the Middle East to understand their specific needs and requirements, preparing detailed reports and presentations to address their concerns effectively. To qualify for this position, you should hold a Bachelor's degree in Computer Science, Information Security, or a related field, along with relevant certifications such as CISA or ISO Lead Implementer/Auditor. Familiarity with security frameworks such as NIST, CIS, and ISO 27001 is essential, as well as strong analytical and problem-solving skills. Excellent communication and interpersonal abilities are also crucial, as you will be required to work both independently and as part of a team. This is a full-time, permanent position with a hybrid working mode, offering benefits such as a flexible schedule, health insurance, paid sick time, and a Provident Fund. If you have a minimum of 5 years of experience in cybersecurity, data privacy impact assessments, ISMS based on ISO27001 standards, NIST, CIS, and data protection policies and procedures, and are located in Kozhikode, Kerala, we encourage you to apply.,

The Identity and Access Management RBAC Analyst is responsible for the management, oversight, maintenance, testing, support and optimization of Synchronys identity governance and role based access control (RBAC). Synchrony leverages SailPoint Identity IQ to maintain Business Roles, IT Roles, entitlements and approval groups. This role will have the responsibility to ensure these roles and workgroups have complete and accurate information in accordance to regulatory and Synchrony standards. This role will be a critical member of Synchronys identity governance configuration management agile product team. Enforce RBAC policies and standards to ensure compliance with regulatory requirements and organizational security policies and standards. Identify, test and remediate any roles and workgroups configured in Synchronys SailPoint IdentityIQ not appropriately configured to ensure effective access control across Synchrony systems. Provide support for RBAC-related inquiries, troubleshooting access issues, and performing role modifications as needed. Identify, develop, test and deploy updates to roles, entitlements and workgroups in accordance to Synchrony standards and procedures. Map entitlements and permissions to appropriate roles based on job functions and organizational requirements. Partner with role and workgroups owners, IAM security administration team and IAM identity technologies team to ensure accurate and complete role and workgroup configurations. Ensure all role based access control (RBAC) job aids and end user guides are accurate, maintained and effectively communicated regularly. Provide training and education to end users and stakeholders on RBAC principles, best practices, and procedures. Provide coverage to respond, triage and resolve incidents and requests through Synchronys ServiceNow platform within SLA based on priority. Develop and maintain RBAC metrics reporting to drive consistent visibility to role and workgroup compliance. Actively participate as a critical member of the SIAM Configuration Management agile product team. Develop, prioritize and ensure timely execution of all agile stories as assigned by the VP, Identity Governance Configuration Process. Identify, propose and remediate process and technical gaps in Synchronys RBAC service. Minimum of 5 years of IT experience and at least 2 years of Identity Access Management Role Based Access Control (RBAC) experience. Minimum 2 years of role administration experience within SailPoint IdentityIQ systems. Must have working knowledge of Entitlements, IT Roles and Business Roles. Must have working experience managing ServiceNow requests and incidents, resolving tickets within SLA. Must have proven strong analytical and problem solving skills. Desired Characteristics: Working knowledge of Jira and SAFE agile framework. Strong oral and written communication skills. Strong interpersonal skills. Working knowledge of Microsoft Teams, SharePoint and Excel. Knowledge of security related regulatory standards including HIPAA, PCI, SOX, NIST. Good understanding of AWS and O365 environments. Working knowledge of Oracle Database and SQL.,

Job Description (Summary) The primary responsibilities include managing vulnerability assessments using the Qualys tool, creating detailed metrics and reports, and collaborating with relevant teams to ensure timely remediation of identified vulnerabilities. To ensure the organization's IT infrastructure remains secure by proactively identifying, assessing, and mitigating vulnerabilities through effective use of the Qualys tool and coordinated efforts with cross-functional teams. The basic purpose of this position is to safeguard the organization's digital assets by maintaining a robust vulnerability management program that prioritizes risk reduction and compliance with security policies. Perform daily vulnerability assessments, create weekly metrics and reports, and handle ad-hoc requests as they arise. Work on analytical projects to enhance the vulnerability management process and develop strategies to address identified security issues. Prepare and present metrics and reports to senior leadership, showcasing trends in vulnerabilities over the year and how they are being addressed. Produce reports daily, weekly, and as needed on vulnerability assessments and remediation efforts. Responsible for training new hires and occasionally participating in candidate interviews. Technical/Job Specific Knowledge Vulnerability Management: In-depth knowledge of vulnerability assessment, prioritization, and remediation processes. Qualys: Proficiency in using Qualys for scanning, identifying, and managing vulnerabilities across various environments. Security Frameworks: Familiarity with industry standards and frameworks such as OWASP, NIST, and CIS. Network Security: Understanding of network protocols, firewalls, and intrusion detection/prevention systems. Skills Analytical Skills: Strong analytical abilities to identify and assess vulnerabilities and their potential impact. Technical Aptitude: Competence in using security tools and technologies to perform thorough assessments. Problem-Solving: Effective problem-solving skills to develop and implement remediation plans. Communication: Clear and concise communication skills to report findings and collaborate with different teams. Attention to Detail: High level of attention

As an Internal Auditor at Justdial Ltd in Bangalore, you will be responsible for projects in IT Advisory focusing on the assessment and evaluation of IT systems, along with the mitigation of IT-related business risks. Your role will involve IS audit, ITGC reviews, internal audit engagements, IT infrastructure review, and risk advisory, including supporting IT audit activities. Your responsibilities will include coordinating and managing statutory external audits for SOX (ITGC), providing management reports by collecting and analyzing audit information, conducting ISMS security awareness training programs within the organization, and supporting the Information Security Manager in managing and mitigating risk assessments. You will also be involved in implementing ISO 27001 controls across the organization, conducting risk assessments and gap analyses for ISO 27001/IT General Control, and performing internal audits for various business functions. Additionally, you will conduct data center audits as per ISO 27001 standards, develop and review information security policies and procedures, handle end-to-end ITGC statutory audit requirements, assist in the implementation of ISO 27001:2013 and managing the ISMS, and consult the organization on business continuity for critical functions. You will also be involved in implementing and consulting on PCI DSS SAQ A-EP certification. The ideal candidate for this role should have a bachelor's degree in engineering or BSc-IT, experience in performing IT audits of banking/financial sector applications, and knowledge of IT regulations, standards, and benchmarks used by the IT industry (e.g., NIST, PCI-DSS, ISO 27001). Technical knowledge of IT audit tools, experience in carrying out OS/DB/Network reviews, exposure to risk management and governance frameworks/systems, and proficiency in project management, communication, and presentation skills are essential. Being a team player with strong self-directed work habits, initiative, drive, creativity, maturity, self-assurance, and professionalism is crucial for success in this role. Preferred certifications include CISA, CISSP, ISO 27001 Lead Auditor/Implementer, and CISM. Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools is also required.,

Information Security Analyst Job Description Position Summary: The position will support the organizational initiatives and activities on Cyber Security/Information Security. This involves the development, im plementation, and support of various security programs, processes, best practices and controls across the organization. It also requires to continuously monitor, review and report of the compliance & security posture of the organization. Responsibilities  Conduct Risk assessments, information security internal audits  Provide consultation on remediating controls and follow up  Perform reviews and conduct internal security audits on Cyber Security/Information security and ensure the organizational security controls are appropriate and effective  Ensure compliance to client security requirements  Provide support for obtaining and maintaining Security Certification and Assurance programs like ISO 27001, PCI DSS, HITRUST, TISAX, SOC 2, etc.  Participate in various organizational initiatives and activities to maintain the Information Security Management System (ISMS) based on ISO 27001  Develop and maintain Information Security policies, procedures, standards and guidelines  Coordinate response to information security incidents  Provide awareness and training in relevant areas  Collaborate with IT, Finance, HR and other departments for various security related activities  Conduct security research and keep abreast of latest security trends and issues Desired Skills/Experience  4+ years of experience in Information Security  Knowledge of Information security standards & best practices (e.g., ISO 27001, NIST, etc.), and regulations related to information security and privacy  Strong analytical and problem solving skills  Excellent communication and interpersonal skills  Knowledge of security tools, techniques and methodologies  Professional/Technical Certifications (Security +, ISO 27001 LA, CISA, CISSP, CCSE, CCSP, etc.) desirable

Role & responsibilities Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either System audit, IT reviews, Technology Risk Assessments & Gap Assessments inline with circulars issued by SEBI/RBI/IRDAI. Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills. Preferred candidate profile

About Allica Bank Allica is the UK’s fastest growing company - and the fastest-growing financial technology (Fintech) firm ever. Our purpose is to help established SMEs, one of the last major underserved opportunities in Fintech. Established SMEs are the backbone of local communities - representing over a third of our economy - yet have been largely neglected both by traditional high street banks and modern fintech providers. Department Description The Allica Security team play a key role in protecting the bank and are responsible for all aspects of security surrounding Applications, Infrastructure and Security Operational Policy. Our mission is to provide the best-in-class security to protect the bank. We live and breathe the Allica values and deliver services intelligently using automation, intelligence, and innovation. Role Description We are seeking a highly skilled and hands-on Security Operations Engineer to oversee security incident response, threat intelligence, and cloud security operations. This role requires deep technical expertise and a proactive mindset to defend against evolving cyber threats. The ideal candidate will also collaborate closely with DevOps and infrastructure teams to ensure security is embedded across all layers of our environment. Principal Accountabilities . Design, implement, and manage SIEM and EDR/XDR solutions to enhance detection and response capabilities. Conduct in-depth threat intelligence analysis, threat hunting activities, and digital forensics investigations. Ensure robust security posture across cloud platforms including Azure and GCP. Collaborate with DevOps teams to integrate security controls and testing into CI/CD pipelines. Develop automation scripts and detection rules using Python, PowerShell, or Bash. Support red teaming, adversary simulations, and penetration testing exercises. Drive compliance initiatives aligned with ISO 27001, NIST, and other recognized frameworks. Personal Attributes & Experience Expertise in Security Operations, Incident Response, or Threat Hunting. Strong hands-on expertise with SIEM, EDR/XDR, and threat intelligence platforms. Proven experience in securing cloud environments (Azure, GCP). Scripting and automation proficiency in Python, PowerShell, or Bash. Strong understanding of MITRE ATT&CK, OWASP Top 10, and cloud security architecture. Ability to work independently and lead initiatives in a dynamic, fast-paced environment. Experience with M365/O365 security. Experience with AAD Conditional Access, risky sign-ins, and MFA. Experience in Netskope DLP in the data protection and monitoring M365/O365 Data Loss Prevention experience desirable. Azure Cloud Security experience desirable. Strong sense of ownership, urgency, and drive. Ability to build partnerships. Interest in continuous learning. Preferred Tools & Platforms Experience Experience with the following tools will be considered an added advantage. Security & Threat Detection: CrowdStrike, Abnormal, ZeroFox, KnowBe4, RiskSmart Cloud & Endpoint Security: Azure, Intune, Netskope, Microsoft Purview, Gatekeeper Vulnerability & Risk Management: Qualys, RiskLedger, Easy DMARC Data Protection & Monitoring: Varonis Working at Allica Bank At Allica Bank we want to ensure our employees have the right tools and environment in which to succeed in their role and in support of our customers. Our employees are at the heart of everything we do, so our benefits are designed with you in mind: Full onboarding support and continued development opportunities Options for flexible working Regular social activities Pension contributions Discretionary bonus scheme Private health cover Life assurance Family friendly policies including enhanced Maternity & Paternity leave Don’t tick every box? Don’t worry if you don’t have all the skills or requirements listed on the job description. If you think you’ll be a good fit, we’d still love to hear from you! Flexible working We know the ‘9-to-5’ isn’t right for everyone. That’s why Allica Bank is fully committed to flexible and hybrid working. Please let us know what is best for you and, if we can, we will do our best to accommodate. Diversity We’re a diverse bunch here at Allica, with all kinds of experiences, backgrounds and lifestyles. Our openness and differences make us stronger, and we want everybody to feel comfortable bringing as much of themselves to work with them as they like.

Job Title: Information Security Analyst / Analyst – Identity Governance and Compliance Department: Information Security – Governance, Risk & Compliance (GRC) Experience Level: 2 - 4 years Employment Type: Full-time Job Summary: We are seeking a highly motivated and detail-oriented Information Security Analyst / Sr. Analyst to join our GRC team, with a focus on Identity Governance and Compliance. This role is pivotal in ensuring that Identity and Access Management (IAM) practices align with regulatory requirements, internal policies, and industry best practices. The ideal candidate will have experience with User Access Reviews (UAR), Active Directory (AD), and a strong understanding of security frameworks such as PCI DSS, ISO 27001, NIST, and COBIT. Key Responsibilities: Manage the Identity Governance and compliance activities, including periodic User Access Reviews (UAR) and RBAC activities. Ensure IAM practices comply with internal policies and external regulatory requirements. Maintain and enhance identity governance policies, standards, and procedures. Provide subject matter expertise on Active Directory (AD), including group policies and access provisioning/deprovisioning. Align identity governance practices with frameworks such as PCI DSS, ISO 27001, NIST CSF, and COBIT. Engage with IT, HR, and business units to enforce least privilege principles and maintain accurate access records. Conduct regular training sessions for the SM team on security controls and client requirements. Coordinate SME involvement in quarterly meetings and training initiatives. Maintain and organize SharePoint and Jira spaces for audit readiness and evidence management. Participate in incident management, change control meetings, and cloud migration initiatives. Engage in SOC operations and threat tracking. Drive continuous improvement initiatives in identity governance and GRC processes. Lead the annual review of security information presentations in collaboration with Compliance. Required Qualifications: Bachelor’s degree in Information Security, Computer Science, or a related field. 2 – 4 years of experience in Information Security, with a focus on Identity Governance and Compliance. Strong understanding of User Access Review (UAR) processes and tools. Experience with Active Directory (AD) and identity lifecycle management. Familiarity with regulatory and compliance frameworks: PCI DSS, ISO 27001, NIST, COBIT. Excellent analytical, documentation, and communication skills. Ability to work independently and collaboratively in a fast-paced environment. Preferred Qualifications: Relevant certifications such as CISSP, CISA, CISM, CRISC, or GIAC. Experience with IAM tools (e.g., SailPoint, Saviynt, Okta, Azure AD). Prior experience supporting internal or external audits. Knowledge of GRC tools and platforms. Understanding of legal and regulatory standards such as FERPA, CIS, and data protection laws. Knowledge of Cloud Identity (AWS or Azure Identity).

Job Title: SailPoint IdentityIQ (IIQ) Engineer / Developer Job Summary: We are seeking an experienced SailPoint IdentityIQ (IIQ) Engineer to support the design, development, and administration of our identity governance and access management solutions. The ideal candidate will have hands-on experience with SailPoint IIQ and a strong understanding of identity lifecycle management, access certification, policy enforcement, and role-based access control (RBAC). Key Responsibilities: Design, develop, configure, and implement SailPoint IdentityIQ (IIQ) solutions to support user provisioning, de-provisioning, access requests, and certifications. Develop connectors and integrations between SailPoint and external systems (e.g., Active Directory, LDAP, databases, cloud platforms, and SaaS applications). Implement and maintain access review campaigns, identity workflows, and automated lifecycle events. Manage role engineering, entitlement discovery, and policy enforcement including Segregation of Duties (SoD). Develop and maintain custom rules, tasks, and workflows using BeanShell scripting and Java. Troubleshoot and resolve issues related to identity provisioning, connector failures, or access anomalies. Collaborate with IAM architects, system owners, and security teams to meet compliance and operational requirements. Maintain comprehensive documentation including design specs, runbooks, and support guides. Support audit and compliance activities by providing reports, logs, and evidence related to identity controls. Required Qualifications: Bachelor’s degree in Computer Science, Cybersecurity, or related field; or equivalent experience. 3+ years of hands-on experience with SailPoint IdentityIQ (IIQ). Strong understanding of IAM concepts such as provisioning, access certification, RBAC, SoD, and identity lifecycle management. Experience with Java, BeanShell scripting, XML, and web technologies (REST/SOAP APIs). Experience integrating IIQ with Active Directory, LDAP, databases, and cloud applications (e.g., Workday, ServiceNow, Office 365, AWS). Familiarity with security and compliance frameworks such as NIST, ISO 27001, SOX, HIPAA. Preferred Qualifications: SailPoint Certified IdentityNow or IIQ Engineer/Developer certification. Experience with Agile/Scrum, DevOps pipelines, or version control tools (e.g., Git). Experience with cloud identity solutions (e.g., Azure AD, Okta, Ping). Familiarity with IDN (SailPoint IdentityNow) is a plus. Soft Skills: Strong analytical and problem-solving abilities. Effective communication and documentation skills. Ability to work independently and collaboratively in a fast-paced environment.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Cyber Risk Compliance and Resilience – Senior Manager As part of our EY-Cyber Security Risk and Compliance Consulting team, you’ll contribute technically to Cyber Security client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. The opportunity We’re looking for Senior Manager who should have Deep technical understanding of risk and compliance solutioning for enterprise including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your Key Responsibilities Reporting to the competency leader for Cyber Risk, Compliance, Resilience and Emerging Technology and will be responsible for: Defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in region. Own end-to-end sales opportunity qualification and pursuit, including drafting RFP responses, proposal defence during Orals, drafting State of Work (SoW) leveraging expertise in scoping, solutioning and costing for Enterprise and Cloud security solutions. Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Support refinement of service approach and service delivery methodology for Enterprise and Cloud security solutions. Identify and pursue strategic opportunities for partnerships and acquisitions. Develop and rollout branding and marketing strategy including items such as solution brochures, sales videos, thought leadership, community engagement etc. Inspire and motivate direct and in-direct reporting professionals while fostering an environment of collaboration and participation. Manage engagements across the client and ensure teams delivers value to the customers and ensure horizontal growth in the accounts. Skills And Attributes For Success Deep knowledge of services and service delivery approach and methodology for Cyber Risk, Compliance and resilience including governance and operating models. Proven track record and success in collaborative sales bringing together internal and external stakeholders across Cyber competencies, Digital & Technology practices (Engineering, Analytics, Automation etc.) and business functions (Branding & Marketing, Legal, HR etc.). Proven track record in building and maintaining trusted relationships with key internal and external stakeholders. Deep technical understanding of architecture and solutioning of risk and compliance including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. Willingness to travel and flex work timings as and when required. Ability to change and adapt in a hyper-growth environment. Self-starter and strategic thinker. Cyber Strategy & Governance, Cyber Transformation and co-sourcing, Cyber Cost Optimization, Cyber Operating Model Compliance Management - Regulations/standards such as ISO 27001, PCI DSS, HITRUST, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, NIST- CSF, HIPPA, GDPR Cyber Risk management Cyber Resilience, Business Continuity & Disaster Recovery Application security and Threat Modelling Vendor Risk Management/Supplier Security To qualify for the role, you must have At least 15 years of overall experience At least 10 years architecture and solutioning for enterprise and cloud security Bachelor or college degree in related field or equivalent work experience MBA (Good to have) Ideally, you’ll also have Project management skills CISSP/CISA/CISM ITIL of Equivalent What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Cyber Risk Compliance and Resilience – Senior Manager As part of our EY-Cyber Security Risk and Compliance Consulting team, you’ll contribute technically to Cyber Security client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. The opportunity We’re looking for Senior Manager who should have Deep technical understanding of risk and compliance solutioning for enterprise including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your Key Responsibilities Reporting to the competency leader for Cyber Risk, Compliance, Resilience and Emerging Technology and will be responsible for: Defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in region. Own end-to-end sales opportunity qualification and pursuit, including drafting RFP responses, proposal defence during Orals, drafting State of Work (SoW) leveraging expertise in scoping, solutioning and costing for Enterprise and Cloud security solutions. Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Support refinement of service approach and service delivery methodology for Enterprise and Cloud security solutions. Identify and pursue strategic opportunities for partnerships and acquisitions. Develop and rollout branding and marketing strategy including items such as solution brochures, sales videos, thought leadership, community engagement etc. Inspire and motivate direct and in-direct reporting professionals while fostering an environment of collaboration and participation. Manage engagements across the client and ensure teams delivers value to the customers and ensure horizontal growth in the accounts. Skills And Attributes For Success Deep knowledge of services and service delivery approach and methodology for Cyber Risk, Compliance and resilience including governance and operating models. Proven track record and success in collaborative sales bringing together internal and external stakeholders across Cyber competencies, Digital & Technology practices (Engineering, Analytics, Automation etc.) and business functions (Branding & Marketing, Legal, HR etc.). Proven track record in building and maintaining trusted relationships with key internal and external stakeholders. Deep technical understanding of architecture and solutioning of risk and compliance including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. Willingness to travel and flex work timings as and when required. Ability to change and adapt in a hyper-growth environment. Self-starter and strategic thinker. Cyber Strategy & Governance, Cyber Transformation and co-sourcing, Cyber Cost Optimization, Cyber Operating Model Compliance Management - Regulations/standards such as ISO 27001, PCI DSS, HITRUST, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, NIST- CSF, HIPPA, GDPR Cyber Risk management Cyber Resilience, Business Continuity & Disaster Recovery Application security and Threat Modelling Vendor Risk Management/Supplier Security To qualify for the role, you must have At least 15 years of overall experience At least 10 years architecture and solutioning for enterprise and cloud security Bachelor or college degree in related field or equivalent work experience MBA (Good to have) Ideally, you’ll also have Project management skills CISSP/CISA/CISM ITIL of Equivalent What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.