3740 Nist Jobs - Page 29

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Cyber Risk Compliance and Resilience – Senior Manager As part of our EY-Cyber Security Risk and Compliance Consulting team, you’ll contribute technically to Cyber Security client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. The opportunity We’re looking for Senior Manager who should have Deep technical understanding of risk and compliance solutioning for enterprise including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your Key Responsibilities Reporting to the competency leader for Cyber Risk, Compliance, Resilience and Emerging Technology and will be responsible for: Defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in region. Own end-to-end sales opportunity qualification and pursuit, including drafting RFP responses, proposal defence during Orals, drafting State of Work (SoW) leveraging expertise in scoping, solutioning and costing for Enterprise and Cloud security solutions. Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Support refinement of service approach and service delivery methodology for Enterprise and Cloud security solutions. Identify and pursue strategic opportunities for partnerships and acquisitions. Develop and rollout branding and marketing strategy including items such as solution brochures, sales videos, thought leadership, community engagement etc. Inspire and motivate direct and in-direct reporting professionals while fostering an environment of collaboration and participation. Manage engagements across the client and ensure teams delivers value to the customers and ensure horizontal growth in the accounts. Skills And Attributes For Success Deep knowledge of services and service delivery approach and methodology for Cyber Risk, Compliance and resilience including governance and operating models. Proven track record and success in collaborative sales bringing together internal and external stakeholders across Cyber competencies, Digital & Technology practices (Engineering, Analytics, Automation etc.) and business functions (Branding & Marketing, Legal, HR etc.). Proven track record in building and maintaining trusted relationships with key internal and external stakeholders. Deep technical understanding of architecture and solutioning of risk and compliance including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. Willingness to travel and flex work timings as and when required. Ability to change and adapt in a hyper-growth environment. Self-starter and strategic thinker. Cyber Strategy & Governance, Cyber Transformation and co-sourcing, Cyber Cost Optimization, Cyber Operating Model Compliance Management - Regulations/standards such as ISO 27001, PCI DSS, HITRUST, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, NIST- CSF, HIPPA, GDPR Cyber Risk management Cyber Resilience, Business Continuity & Disaster Recovery Application security and Threat Modelling Vendor Risk Management/Supplier Security To qualify for the role, you must have At least 15 years of overall experience At least 10 years architecture and solutioning for enterprise and cloud security Bachelor or college degree in related field or equivalent work experience MBA (Good to have) Ideally, you’ll also have Project management skills CISSP/CISA/CISM ITIL of Equivalent What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Cyber Risk Compliance and Resilience – Senior Manager As part of our EY-Cyber Security Risk and Compliance Consulting team, you’ll contribute technically to Cyber Security client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. The opportunity We’re looking for Senior Manager who should have Deep technical understanding of risk and compliance solutioning for enterprise including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your Key Responsibilities Reporting to the competency leader for Cyber Risk, Compliance, Resilience and Emerging Technology and will be responsible for: Defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in region. Own end-to-end sales opportunity qualification and pursuit, including drafting RFP responses, proposal defence during Orals, drafting State of Work (SoW) leveraging expertise in scoping, solutioning and costing for Enterprise and Cloud security solutions. Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Support refinement of service approach and service delivery methodology for Enterprise and Cloud security solutions. Identify and pursue strategic opportunities for partnerships and acquisitions. Develop and rollout branding and marketing strategy including items such as solution brochures, sales videos, thought leadership, community engagement etc. Inspire and motivate direct and in-direct reporting professionals while fostering an environment of collaboration and participation. Manage engagements across the client and ensure teams delivers value to the customers and ensure horizontal growth in the accounts. Skills And Attributes For Success Deep knowledge of services and service delivery approach and methodology for Cyber Risk, Compliance and resilience including governance and operating models. Proven track record and success in collaborative sales bringing together internal and external stakeholders across Cyber competencies, Digital & Technology practices (Engineering, Analytics, Automation etc.) and business functions (Branding & Marketing, Legal, HR etc.). Proven track record in building and maintaining trusted relationships with key internal and external stakeholders. Deep technical understanding of architecture and solutioning of risk and compliance including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. Willingness to travel and flex work timings as and when required. Ability to change and adapt in a hyper-growth environment. Self-starter and strategic thinker. Cyber Strategy & Governance, Cyber Transformation and co-sourcing, Cyber Cost Optimization, Cyber Operating Model Compliance Management - Regulations/standards such as ISO 27001, PCI DSS, HITRUST, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, NIST- CSF, HIPPA, GDPR Cyber Risk management Cyber Resilience, Business Continuity & Disaster Recovery Application security and Threat Modelling Vendor Risk Management/Supplier Security To qualify for the role, you must have At least 15 years of overall experience At least 10 years architecture and solutioning for enterprise and cloud security Bachelor or college degree in related field or equivalent work experience MBA (Good to have) Ideally, you’ll also have Project management skills CISSP/CISA/CISM ITIL of Equivalent What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Cyber Risk Compliance and Resilience – Senior Manager As part of our EY-Cyber Security Risk and Compliance Consulting team, you’ll contribute technically to Cyber Security client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. The opportunity We’re looking for Senior Manager who should have Deep technical understanding of risk and compliance solutioning for enterprise including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your Key Responsibilities Reporting to the competency leader for Cyber Risk, Compliance, Resilience and Emerging Technology and will be responsible for: Defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in region. Own end-to-end sales opportunity qualification and pursuit, including drafting RFP responses, proposal defence during Orals, drafting State of Work (SoW) leveraging expertise in scoping, solutioning and costing for Enterprise and Cloud security solutions. Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Support refinement of service approach and service delivery methodology for Enterprise and Cloud security solutions. Identify and pursue strategic opportunities for partnerships and acquisitions. Develop and rollout branding and marketing strategy including items such as solution brochures, sales videos, thought leadership, community engagement etc. Inspire and motivate direct and in-direct reporting professionals while fostering an environment of collaboration and participation. Manage engagements across the client and ensure teams delivers value to the customers and ensure horizontal growth in the accounts. Skills And Attributes For Success Deep knowledge of services and service delivery approach and methodology for Cyber Risk, Compliance and resilience including governance and operating models. Proven track record and success in collaborative sales bringing together internal and external stakeholders across Cyber competencies, Digital & Technology practices (Engineering, Analytics, Automation etc.) and business functions (Branding & Marketing, Legal, HR etc.). Proven track record in building and maintaining trusted relationships with key internal and external stakeholders. Deep technical understanding of architecture and solutioning of risk and compliance including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. Willingness to travel and flex work timings as and when required. Ability to change and adapt in a hyper-growth environment. Self-starter and strategic thinker. Cyber Strategy & Governance, Cyber Transformation and co-sourcing, Cyber Cost Optimization, Cyber Operating Model Compliance Management - Regulations/standards such as ISO 27001, PCI DSS, HITRUST, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, NIST- CSF, HIPPA, GDPR Cyber Risk management Cyber Resilience, Business Continuity & Disaster Recovery Application security and Threat Modelling Vendor Risk Management/Supplier Security To qualify for the role, you must have At least 15 years of overall experience At least 10 years architecture and solutioning for enterprise and cloud security Bachelor or college degree in related field or equivalent work experience MBA (Good to have) Ideally, you’ll also have Project management skills CISSP/CISA/CISM ITIL of Equivalent What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

Position Overview Job Title: I&A On-boarding Information Security Analyst, Associate Location: Pune, India Corporate Title: AS Role Description As “I&A On-boarding Information Security Analyst” you will be part of Access Lifecycle On-boarding global family which includes access management for application end user recertification On-boarding, user access for request & approval, user provision On-boarding and Functional Taxonomy SoD On-boarding & maintenance as well as IDAHO (Access concept) SME as central DB services. Deutsche Bank is looking for bright and open-minded individuals to support Business Identity & Access Services within Access Lifecycle Solution On-boarding team for application end user request & approval as well as end user access provision central service On-boarding. A key success factor of the Access Lifecycle Solution On-boarding team is the quick understanding of complex application set ups for Identity & Access Management and support Information Security Officer (ISO) and IT Application Owner (ITAO) along end-to-end central solution On-boarding process across DB. You will gain insights into the complete Identity & Access Management lifecycle as you will learn about the roles and entitlements and their set up, segregation of duties, application authentication and authorization process. What We’ll Offer You As part of our flexible scheme, here are just some of the benefits that you’ll enjoy Best in class leave policy Gender neutral parental leaves 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Employee Assistance Program for you and your family members Comprehensive Hospitalization Insurance for you and your dependents Accident and Term life Insurance Complementary Health screening for 35 yrs. and above Your Key Responsibilities As “I&A On-boarding Information Security Analyst” you will be responsible to perform On-boarding assessments if an IT asset is applicable for end user application access for request & approval and business requirement gathering (based on existing KOP ID Admin procedures) to identify, how future user provisioning (ID Admin via automated connector or manual, centrally or decentral managed) will be set up between central request & approval platform and to be on-boarded application in adhering to Information Security (IS) internal and regulatory requirements. Efficiently engage, manage, and influence the main stakeholders, along with application On-boarding process including Information Security Officer, IT Application Owner, Engineering and Operations teams Provide process improvement inputs to various stakeholders involved. Proactively seek ways to improve upon existing practices and processes. Display insight and ability in identifying issues and develop successful solutions. Report and escalate potential risks to the management to help avoid / minimize the impact. Work with multiple, distributed teams (across different locations) Support develops key operational procedures where necessary and ensure adherence to all such defined policies. Comfortable with associated disciplines of Security Policy and Governance in banking domain Very good presentation and communication skills allowing to communicate with our stakeholders. A structured and methodological way of working with the objective to deliver high quality results. Supports tough people decisions to ensure people performance is aligned with organization imperatives and needs. Addresses individual performance issues, where necessary, to drive for high performance. Pro-active and flexible working approach, Team spirit Your Skills And Experience Minimum 5 years working experience in Identity & Access Management, Governance, Risk and Control related topics. Team management experience Basic knowledge and/or willingness to work with industry best practices and frameworks like ISO27001, NIST, CSA CCM, COBIT, ITIL Good business analyses knowledge of system design, development, implementation, and user support principles and practices Knowledge of IT Service Management or IT Governance or IT Delivery Management or IT Project Management or IT Delivery background or IT Security Knowledge on Database Systems, application interactions and server operating systems Excellent Excel knowledge Competencies: Self-motivated and flexibility to work autonomously in virtual and multicultural teams. Good communication skills (both written and verbal), fluent in English (written/verbal) Good analytical skills and problem-solving abilities Pro-active and flexible working approach A structured and methodological way of working with the objective to deliver high quality results. Flexible mindset with an eye for detail and continuous improvement Good understanding in business related information Being flexible, open minded, able to share information, transfer knowledge and expertise to stakeholders and other team members. How We’ll Support You Training and development to help you excel in your career Coaching and support from experts in your team A culture of continuous learning to aid progression A range of flexible benefits that you can tailor to suit your needs About Us And Our Teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

Role Overview: The OT Security Analyst – Level 2 (L2) plays a pivotal role in defending operational technology (OT) environments against evolving cyber threats. This role requires a deep understanding of security incident analysis, threat detection, and incident response, specifically tailored to Industrial Control Systems (ICS) and OT networks. The analyst will investigate complex security incidents within the OT infrastructure, collaborate with IT/OT teams, and enhance security posture through actionable insights. ________________________________________ Key Responsibilities: • Conduct in-depth analysis of security events and incidents within OT environments, leveraging SIEM and OT-specific monitoring tools. • Perform root cause analysis and develop incident timelines to support forensics and remediation efforts. • Apply standard incident response frameworks (e.g., NIST, MITRE ATT&CK for ICS, Cyber Kill Chain) for threat classification and response. • Use threat intelligence platforms and sandbox environments to investigate malware and suspicious artifacts in OT networks. • Analyze access logs, network traffic, and protocol behaviours across OT systems (e.g., SCADA, DCS, PLCs). • Support investigations related to unauthorized device communications, anomalous behaviours, or compromised industrial assets. • Collaborate with OT security engineers and external vendors to escalate and remediate incidents. • Refine alert rules and detection logic to reduce false positives and improve signal-to-noise ratio in OT SOC operations. • Document incident findings and support continuous improvement of the OT SOC playbooks and knowledgebase. • Liaise with the IT SOC and CIR (Cyber Incident Response) teams to align incident handling and cross-domain investigations. • Participate in threat hunting activities tailored for OT environments using behavioural analysis and attack-path simulation. ________________________________________ Technical Skills & Knowledge: • Strong understanding of OT/ICS protocols (Modbus, DNP3, OPC, etc.) and industrial network topologies. • Hands-on experience with OT cybersecurity tools and platforms (e.g., Nozomi Networks, Claroty, Dragos). • Familiar with ISA/IEC 62443, NIST SP 800-82, NIST CSF, and ISO 27001 compliance requirements for OT. • Proficiency in using SIEM systems (e.g., Microsoft Sentinel, Splunk, QRadar) for log correlation and event triage. • Understanding of firewalls, WAFs, proxies, and network segmentation principles in OT. • Working knowledge of tools such as THOR Scanner, VMRay, or Recorded Future is a plus. • Experience in vulnerability management and patch advisory for OT assets with limited patch cycles. ________________________________________ Nice to Have: • Exposure to Red Team/Blue Team exercises focused on OT/ICS. • Familiarity with GRC platforms and risk assessment tools tailored to OT.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY- Cyber Risk Compliance and Resilience – Senior Manager As part of our EY-Cyber Security Risk and Compliance Consulting team, you’ll contribute technically to Cyber Security client engagements and internal projects. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. The opportunity We’re looking for Senior Manager who should have Deep technical understanding of risk and compliance solutioning for enterprise including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop. Your Key Responsibilities Reporting to the competency leader for Cyber Risk, Compliance, Resilience and Emerging Technology and will be responsible for: Defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in region. Own end-to-end sales opportunity qualification and pursuit, including drafting RFP responses, proposal defence during Orals, drafting State of Work (SoW) leveraging expertise in scoping, solutioning and costing for Enterprise and Cloud security solutions. Support and drive the overall growth strategy for the Cybersecurity practice as part of the leadership team. Identify and drive development of market differentiators including new products, solutions, automation etc. Support refinement of service approach and service delivery methodology for Enterprise and Cloud security solutions. Identify and pursue strategic opportunities for partnerships and acquisitions. Develop and rollout branding and marketing strategy including items such as solution brochures, sales videos, thought leadership, community engagement etc. Inspire and motivate direct and in-direct reporting professionals while fostering an environment of collaboration and participation. Manage engagements across the client and ensure teams delivers value to the customers and ensure horizontal growth in the accounts. Skills And Attributes For Success Deep knowledge of services and service delivery approach and methodology for Cyber Risk, Compliance and resilience including governance and operating models. Proven track record and success in collaborative sales bringing together internal and external stakeholders across Cyber competencies, Digital & Technology practices (Engineering, Analytics, Automation etc.) and business functions (Branding & Marketing, Legal, HR etc.). Proven track record in building and maintaining trusted relationships with key internal and external stakeholders. Deep technical understanding of architecture and solutioning of risk and compliance including products and capabilities, service competitor landscape, pricing methodologies, brand positioning and management, etc. Willingness to travel and flex work timings as and when required. Ability to change and adapt in a hyper-growth environment. Self-starter and strategic thinker. Cyber Strategy & Governance, Cyber Transformation and co-sourcing, Cyber Cost Optimization, Cyber Operating Model Compliance Management - Regulations/standards such as ISO 27001, PCI DSS, HITRUST, CCPA, FISMA/FEDRAMP, COBIT, OWASP Top 10, NIST 800-53, NIST- CSF, HIPPA, GDPR Cyber Risk management Cyber Resilience, Business Continuity & Disaster Recovery Application security and Threat Modelling Vendor Risk Management/Supplier Security To qualify for the role, you must have At least 15 years of overall experience At least 10 years architecture and solutioning for enterprise and cloud security Bachelor or college degree in related field or equivalent work experience MBA (Good to have) Ideally, you’ll also have Project management skills CISSP/CISA/CISM ITIL of Equivalent What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 2000 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

Role & RESPONSIBILTY Conduct threat modeling and risk assessments to evaluate potential security risks associated with the organization. Provide guidance on risk remediation strategies and the implementation of countermeasures to address identified security risks. Ensure GDPR & PCI-DSS compliance across all areas of the organization. Work with the development team to ensure compliance with SDLC lifecycle and secure coding practices. Lead encryption efforts and disable deprecated protocols to maintain data security while in transit or at rest. Incorporate NIST framework into the organization's security practices and stay up-to-date with the latest controls. Review penetration testing reports, static and dynamic application security testing results, SaaS platforms, Azure Defender reports, and third-party application integration risks to identify vulnerabilities and evaluate overall security posture. Provide expertise in security and network architecture and design. Create comprehensive data flow diagrams to identify potential threats and identify areas for improvement. Evaluate cloud security posture and provide recommendations to enhance overall security. Continuously identify potential flaws in the entire architecture and implement security controls and practices to prevent future breaches. REQUIREMENTS: Bachelor's degree in Computer Science, Information Technology, or related fields 8+ years of experience in information security or related fields Strong understanding of GDPR & PCI-DSS requirements Experience with threat modeling, risk assessment, and remediation Familiarity with secure application development principles and secure coding practices Experience with identity and access management (IAM) solutions and authentication protocols such as SAML, OAuth, and OpenID Connect Understanding of network security protocols such as TCP/IP, DNSSEC, SSL/TLS, IPSec, and firewalls Experience in encryption technologies and protocols for data security Knowledgeable in NIST framework controls Strong analytical and problem-solving skills Expertise in security architecture and network design Proficiency with creating detailed data flow diagrams Familiarity with cloud security trends and best practices Experience with DevOps and CI/CD pipelines and creating a DevSecOps culture Excellent communication and interpersonal skills Professional Certifications: CISSP, CCSP, CCSK, CEH

ROLE & RESPONSIBILTY: Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. Risk Consulting IT Advisory Cyber Security: Cyber Risk Assessments The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2020 KPMG, an Indian Registered Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. REQUIREMENTS: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments.•Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices.•Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review. Conceptual knowledge of OT Security/ISA 62443 standard is preferable. >>CRITERIA oEducation 60% above throughout academicsoOne 3 years (at least) regular course is must either Diploma or GraduationoCourse: B.E. / B. Tech / MCA / M. Tech / MBA degree or equivalentoCertification: CISM / CISSP / CCSP / CISA / CRISC / ITIL / ISO 27001/22301/20000 LI/LA (At least one)oCCNA (Mandatory), CCNP or equivalent(optional).

Senior/Lead Penetration Tester Location: In Office, Ahmedabad, Gujarat, India (not remote) Full-time Salary: Up to ₹12.5L (1,250,000) INR per year Must undergo background check and security clearance Candidates must already have the right to work and live in India About Asite Asite’s vision is to connect people and help the world build better. Asite’s platform enables organizations working on large capital projects to come together, plan, design, and build with seamless information sharing across the entire supply chain. Asite SCM is our supply chain management solution, which helps owners and Tier-1 contractors to integrate and manage their extended supply chain for delivering on capital projects. Asite PPM is our project portfolio management solution, which gives you and your extended supply chain shared visibility of your capital projects through one common data environment. Together they enable organizations to build digital engineering teams that can deliver digital twins and just plain build better. The company is headquartered in UK (London) and has regional offices in US (New York and Houston), UAE (Dubai), Australia (Sydney), China (Hong Kong) and India (Ahmedabad). Job Summary: We are seeking an experienced Penetration Tester to join our team of security professionals. As a senior/lead penetration tester, you will be responsible for conducting comprehensive penetration testing on web applications, mobile and desktop apps, APIs, infrastructure, and other systems such as IoT devices. You will utilize your expertise in threat modelling, automation of testing, and advanced techniques to identify vulnerabilities and provide actionable recommendations to improve the overall security posture of Asite SDLC and systems. You will manage a small team that you also must mentor and guide in the best practices and help grow at both professional and managerial level. You’ll report to the Information Security Officer ME & APAC based in India) and to the CISO (based in London) You must have a passion for knowledge sharing and continuous learning. You are willing to undergo background checks and Security Clearance. Key Responsibilities: Conduct thorough threat modelling, risk assessments and vulnerability scanning of web applications, mobile and desktop apps, APIs, infrastructure, and other systems Identify and exploit vulnerabilities using various penetration testing tools, techniques, and methodologies – PTES, NIST 800-115, OWASP Develop and maintain a comprehensive understanding of systems, including architecture, design patterns, and application logic Design and implement effective threat models to identify potential entry points for attackers using STRIDE and OWASP ASVS Automate testing using tools and integrating them such as vulnerability scanners, SAST, DAST, SCA and other relevant technologies including Collaborate with external penetration testing companies and clients to digest and review the risk of reports back to clients within their security requirements, provide recommendations to implement fixes to address identified vulnerabilities to internal stakeholders Stay up to date with the latest threats, vulnerabilities, red teaming, and penetration testing techniques through ongoing training and professional development Manage and mentor a team of juniors and interns. Requirements: 7+ years of experience in penetration testing, with a strong focus on web applications, mobile and desktop apps, APIs, and infrastructure testing. Willing to undergo background checks and security clearance. Good level of Indi and English both spoken or written to a bilingual or at least Professional level, other languages at a bilingual/Professional level such as Arabic, Mandarin, French or German highly preferred. Experience with cloud-based infrastructure and services - AWS, Azure, Google Cloud – containers, k8s and virtual machines. Proven expertise in threat modelling, automation of testing, and advanced techniques (e.g., exploit development, reverse engineering) OSCP or similar certification, GIAC Penetration Tester a plus Strong knowledge of web application security frameworks, such as OWASP Familiarity with mobile app security testing tools and techniques Experience with desktop application security testing, including reverse engineering and exploit development In-depth understanding of API security testing, including protocol analysis and exploitation. Strong networking fundamentals, including TCP/IP, DNS, DHCP, BGP, etc. Proficiency in scripting languages, such as Python, Ruby, PowerShell Experience with agile development methodologies and collaboration tools like JIRA and their integrations Excellent communication, problem-solving, and analytical skills Nice to Have: Familiarity with DevOps practices and security orchestration, automation, and monitoring (SOAM) tools Knowledge of containerization technologies (e.g., Docker) and container-based vulnerability testing Experience with OWASP ASVS and similar frameworks Knowledge of machine learning models and associated security issues at the implementation and bypassing security restrictions. Using API’s to automate work and systems along with reporting. What We Offer: Competitive salary and benefits package. Opportunities for professional growth and development in a fast-paced and innovative environment Collaborative team culture that values open communication, mutual respect, and teamwork Access to cutting-edge security technologies and tools Flexible work arrangements, including remote work options If you are a motivated and experienced penetration tester looking for new challenges and opportunities, we encourage you to apply! Join and help build a better, more efficient, safer and more secure world.

Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills.

JOb Dicription: Role & responsibilities : Technical Strong experience in review of guideline defined, conducting regulatory assessments for BFSI (E.g. RBI, SEBI, IRDAI). Global guidelines knowledge which includes NIST, ISO27001, PCI-DSS, COBIT, etc. Assisting in remediating gaps on the defined guidelines for the client. Performing System Audit and conducting technology landscape review. Having worked on Information Technology Risk Assessment areas such as NIST, ISO27001, PCI-DSS, COBIT, etc. Experience of handling IT audits and reviews. Good understanding on technology topics related to cyber security, encryption, architecture resiliency , business continuity, disaster recovery, IT Governance, Third party outsourcing risk and information security/technology risk. Certification - CISA, CISSP, ISO27001 Soft Skills Good presentation and report writing skills is mandatory. Excellent communication skills and confident demeanor Experience of working with client stakeholders Good problem-solving skills. Specially for Managers Experience of writing proposal and responding to RFP’s Handling team of 4-5 people Profiles from consulting background to be preferred. Qualification Any full time bachelor’s degree with relevant technical work experience.

Role Description : As a Senior Network Security Specialist at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Provide leadership, guidance, and support to team members, ensuring the successful completion of tasks, and promoting a positive work environment that fosters collaboration and productivity, taking responsibility of the whole team. Qualifications 4-6 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred

Role Description : As a Technical Lead - Network Security at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Should be open to new ideas and be willing to learn and develop new skills. Should also be able to work well under pressure and manage multiple tasks and priorities. Qualifications 7-9 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred .

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Security Consultant EY Technology: Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 250,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization. EY Technology supports our technology needs through three business units: Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly. Enterprise Workplace Technology (EWT) – EWT supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. EWT will also support our internal technology needs by focusing on a better user experience. Information Security (Info Sec) - Info Sec prevents, detects, responds and mitigates cyber-risk, protecting EY and client data, and our information management systems. The opportunity As a Security Consultant within EY’s internal Global Information Security team, the individual will be a trusted security advisor to the Client Technology Platforms Delivery organization within IT Services. The Client Technology Platforms delivery organization is responsible for end-to-end delivery of technology programs and projects supporting EY’s Client Techmology service lines including delivery of a global managed services platform, big data and analytics solutions as well as individual line of business solutions and services. This role will directly engage in delivery on programs and projects, defining security architectures, providing security guidance, identifying and prioritizing security-related requirements, promoting secure-by-default designs and facilitating delivery of information security services throughout the system development life cycle (SDLC). The role will also direct consultants in developing appropriate risk treatment and mitigation options to address security vulnerabilities to translate these vulnerabilities into business risk terminology for communication to business stake holders. Your Key Responsibilities Define security architectures and provide pragmatic security guidance that balance business benefit and risks. Design and develop cloud platform-specific security policies, standards, and procedures for management group and account/subscription management and configuration (e.g. Azure Policy, Azure Security Center, AWS Config), identity management and access control, firewall management, auditing and monitoring, security incident and event management, data protection, user and administrator account management, SSO, conditional access controls and password/secrets management. Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls Perform risk assessments of information systems and infrastructure Maintain and enhance the Information Security risk assessment methodology Define security configuration standards for platforms and technologies Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders Provide knowledge sharing and technical assistance to other team members Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios Skills And Attributes For Success Experience with Cloud Identity and Access management solutions (AAD, Federation services, SAML, Ping) in implementation and operations. experience with Big Data and advanced analytics, AI/ML services (such as /Azure SQL/Google Cloud SQL /Azure HDInsight/Key management solutions, Storage and backup, Load balancing, Security Management, Databases and EC2 or VM machine hosting Databricks, Data Factory, Data Lake Storage/BigQuery, Azure Analysis Services, Synapse Analytics, Machine Learning, etc.) Experience in working with different Cloud platforms (Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS)) and environments (Public, Private, Hybrid) in a security role. hands-on technical experience implementing security solutions for leading Cloud service providers e.g., Amazon AWS, Microsoft Azure, Google Cloud. Ability to appropriately balance firm security needs with business impact & benefit Ability to facilitate compromise to incrementally advance security strategy and objectives Ability to team well with others to facilitate and enhance the understanding & compliance to security policies Experience facilitating meetings with multiple customers and technical staff, including building consensus and mediating compromise Five or more years Working experience with the architecture, design and engineering of web-based multi-tier information systems or network infrastructures Experience conducting risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies Experience working with common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT To qualify for the role, you must have Five or more years of experience in the management of a significant Information Security risk management function 5 or more years of experience in an Information Security or Information Technology discipline Experience in managing the communication of security findings and recommendations to IT project teams and management Ideally, you’ll also have Exceptional judgment, tact, and decision-making ability Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change Outstanding management, interpersonal, communication, organizational, and decision-making skills Strong English language skills are required Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM or Azure certifications (AZ500, AZ303, AZ304, AZ900) What Working At EY Offers We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY is committed to be an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

About The Position A Security Operations Centre (SOC) Engineer is a professional responsible for monitoring, detecting, investigating, analysing, and responding to cybersecurity incidents within an organization. The primary goal of a SOC Engineer is to ensure the security and integrity of the organization's information systems and data. Here is a typical job description for a SOC Engineer. You will play a crucial role in safeguarding the organization's information systems from cyber threats. You will be responsible for monitoring security alerts, conducting incident response, and implementing security measures to protect the organization's assets. Responsibilities Monitor security alerts and events generated by security systems, including intrusion detection/prevention systems, firewalls, antivirus, and other security tools. Analyze and investigate alerts to identify potential security incidents. Respond to and mitigate security incidents in a timely and effective manner. Coordinate with cross-functional teams to contain and remediate security threats. Document and report incidents, including root cause analysis and recommended actions for improvement. Conduct vulnerability assessments and work with system owners to remediate identified vulnerabilities. Stay informed about the latest security vulnerabilities, threats, and mitigation strategies. Collaborate with the IT and security teams to enhance security architecture and ensure the implementation of best practices. Participate in the design and implementation of security solutions. Stay current with the latest cybersecurity threats and trends. Incorporate threat intelligence into security monitoring and incident response processes. Assist in the development and maintenance of security policies, standards, and procedures. Ensure compliance with regulatory requirements and industry best practices. Contribute to the development of security awareness training programs for employees. Promote a culture of security within the organization. Qualification Bachelor’s degree in computer science, Information Technology, or a related field. Relevant certifications such as CISSP, CompTIA Security+, GIAC, or others are preferred. Proven experience in a SOC environment or a similar cybersecurity role. Strong knowledge of cybersecurity concepts, tools, and techniques. Familiarity with security frameworks and standards (ISO 27001, NIST, etc.). Excellent analytical and problem-solving skills. Effective communication and collaboration skills.

Role Description : As a Senior Network Security Specialist at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills : Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Provide leadership, guidance, and support to team members, ensuring the successful completion of tasks, and promoting a positive work environment that fosters collaboration and productivity, taking responsibility of the whole team. Qualifications 4-6 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred

Job Description Key Responsibilities, Deliverables / Outcomes: Project Leadership Lead and manage large, complex penetration testing and security testing engagements end-to-end. Act as the primary technical and engagement lead for key client accounts. Ensure timely delivery, quality assurance, and stakeholder communication throughout project lifecycles. Provide mentorship and guidance to junior and mid-level consultants. Technical Execution Perform and review web, mobile, API, network, cloud, and configuration security assessments. Maintain technical excellence across multiple service lines, staying updated on the latest vulnerabilities, tools, and attack techniques. Conduct business logic reviews, threat modeling, and red teaming exercises as needed. Client Engagement Act as a trusted advisor to clients, providing strategic security recommendations and actionable insights. Be ready for onsite visits, workshops, and executive-level presentations when required. Handle sensitive engagements with professionalism and discretion. Presales Support Support RFP responses, proposal writing, and technical solutioning. Participate in client sales meetings and scoping discussions. Provide accurate effort estimations and help define delivery models. Practice Development Contribute to the development and refinement of security testing services and methodologies. Drive internal initiatives to improve quality, efficiency, and innovation in service delivery. Create technical content, whitepapers, or knowledge base articles to support team growth. Key Skills 3â5 years of hands-on experience in penetration testing or offensive security. Proven track record of leading complex security assessments with large clients. Expertise in Web, Mobile, Network, API, Cloud, Configuration Reviews, and/or Red Teaming. Familiarity with security standards such as OWASP, PTES, NIST, and MITRE ATT&CK. Strong communication and client-facing skills. Experience supporting presales efforts, including proposals, SOWs, and client discussions. Certifications such as OSCP, OSWA, CRTO, CREST CRT/CCT, or similar are preferred. Key Competencies Accountability Communications - Oral & Written Analysis Skills Passion Adaptability

Document chronic issues related to web proxy implementation. Ramp up web proxy initiatives, train individuals and mentor individuals on the team. Proficient and thorough knowledge in installation, configuration and troubleshooting on web proxies. Extensive troubleshooting experience on VPN related issues in an enterprise space. Knowledge on Firewall administration and orchestration tools such as Tufin. Expert knowledge of the firewalls and Mc Afee web proxy is mandatory Prior experience in CheckPoint/web proxies in a large enterprise network space is recommended. Experience in supporting large enterprise level network infrastructure with more than 5000 devies Routing - BGP, OSPF, EIGRP + Switching, NXOS F5-APM and web proxy certifications preferred. Responsibilities: Take the lead in outage calls Own and drive root cause and permanent resolution Change management Problem management Request management DR exercises Device Compliance management Good communication and presenting skills Device Vulnerability management Device upgrades Be actively involved in audits, pen tests, security topics Optional but added advantage (skills): Experience on NIST proceeses is an added advantage. Good to have Skills: expert understanding of Proxies Familiarity in handling complex Network Infras containing multi-VRF architecture DHCP, DNS, AD Knowledge Mandatory Skills: 8+ years of experience and at least 7 years relevant experience in handling Firewalls (CheckPoint or Fortigate or both) Well versed with Security skills (firewall coding, policy pushes ) Experience on CheckPoint and/or Fortinet Firewall Upgrades and Replacements (as part of legacy refresh, vulnerability management, compliance management) Expert knowledge on web proxy VPN (F5-APM) solutions to perform end to end route check Hands on experience on designing/ managing VPN infrastructure and solutions on Checkpoint and Fortigate firewalls. - Remote access solutions for internal users (SSL VPN) F5-APM and web proxy certifications preferred.

Within the Socit Gnrale group, you will join the Global Banking and Investor Solutions - Service Unit. You will be part of IAM (ISR/GBI).Some of the teams missions on IAM PAM are localized within the SGGSC Bengaluru which oversees the Detection, Remediation Deployment related activities. This implies working with extended Business lines and stakeholders within the GBSU world. The candidate will be working in a high-pressure environment, it calls for assertiveness and flexibility to ensure deadlines / milestones are met based on agreements. In Bangalore (SGGSC Pvt Ltd), main responsibilities of the Senior analyst would be: A. Delivery: This constitutes the following axis: Execution Onboarding of applications in SGIAM/DIAMAR/UCT/GARFIELD Response Management Anomaly resolution SOD review Ensure delivery of Transversal IAM activities Ensure SOP update to trace change management and be in Sync with latest operating procedures. Stakeholder Build and oversee strong client/partner relationship. Establish a strong and effective working relationship. Ensure counterpart satisfaction is maintained, feedback collected, and corrective actions implemented. RACI and SLAs with the stakeholders involved in each of the managed processes. Setup and run operations governance meet to address operational challenges and create a channel to management to highlight overall performance with challenges. Ensure precise response management to end users and stakeholders. Risk Continuously and closely monitor the risks in the process. Implement necessary process docs to ensure traceability of actions performed and for audit. Operational Excellence Setup Monitor performance and service commitments through continuous evaluation, quality assurance and focused improvement efforts Monitor progress of continuous improvement initiatives and take appropriate corrective actions when required. B. Transformation / Change: Be responsible for transformation and change management in department. Process Reengineering a. Industrialize Identify redundancies to bring efficiency in controls. b. Contribute to global transformation (e.g. project mode to run mode with sustainable control implementation to push for run mode) Tech / Functional Skills Investment banking Understanding for IAM perspective. Good knowledge of IAM controls, tools and processes; Knowledge of Information Security principles is an advantage Understanding of ISO 27001 NIST is a plus; Good command of MS Excel and MS PowerPoint Qualifications: Degree preferably in Tech, with knowledge of Investment banking operations Abilities/skills required: At least 5 years experience. Experience in IAM: authentication, authorization, user management, central user repository. Work on high volume high-pressure environment. Fluency in English and French would be good. Excellent communication skills across all levels and formats. Excellent stakeholder management and engagement skills. Ability to work under pressure and be flexible to meet critical deadlines / milestones. Strong interpersonal and communications skills to build/ maintain ongoing business relationships.

1) Transversal topics related to the security of Digital Workplace environments: - Recommendations to project management and architecture for the consideration of security constraints in accordance with the guidelines of the group. - Risk analysis on the different subjects followed. - Presentation of the risks to the business / sponsor for acceptance. - The implementation of mitigation measures. - Drafting of PASFs for outsourced services. - Piloting the pen tests on the entrusted perimeters. 2) Contributions to the activities of the entity's Security Run - Resolution of incidents on managed perimeters - Monitoring of vulnerability on managed perimeters The expected deliverables are: Security specification for new projects and new solutions Security and risk analysis aligned to Societe Generale Processes: Risk analysis on target infrastructure Mitigation proposal with expert and architects Presentation to worldwide security community Follow up of mitigation implementation and pentest Risk review with management and ORM Security rules SSAP documents for external services and contractors Security RUN deliverable Incident/Vulnerability follow up on target perimeter. Control definition and industrialization Recurrent risk review: Sensitivity Assessments / Risk Assessments Security validation: Flows, Rights, Exceptions and, Profiles Profile required MS Exchange/IronPort MS Windows administration and hardening Teams Tlphonie/SBC EBC Security Standards: ISO 27001/27005, NIST, CIS, EBIOS

Your Role Evaluate software/product architecture to ensure security is embedded at the design phase. Develop cybersecurity artifacts such as threat models and lead mitigation discussions. Support engineering teams in triaging and resolving identified product vulnerabilities. Coordinate internal and external security and privacy assessments, including VAPT. Assist in formulating and implementing product security and privacy policies, standards, and procedures. Ensure compliance with defined security and privacy requirements and verify effectiveness of protection measures. Guide resolution of security audit findings and ensure timely closure. Provide strategic security risk management and advisory support for product and information security. Participate in incident response and assess risk and impact of security breaches. Review engineering changes, new services, and feature requests for security implications. Collaborate with tech leads and architects to ensure secure product development. Promote a culture of security awareness and continuous improvement across teams. Your Profile Strong experience in application, mobile, network, OS, and cloud security (experience range 7 to 15 years). Proficiency in AWS security, including AWS Solution Architect Associate and Security Specialty certifications. Hands-on expertise in static/dynamic code analysis, container security, and Kubernetes. Familiarity with security frameworks and standards like NIST 800-53, CIS/STIG, HI-TRUST, and SOC2. Knowledge of cryptography, PKI, OAUTH, 2FA, and secure software development lifecycle (SDLC).

Your role We are seeking an experienced and highly motivated Cloud Security Engineer to lead the implementation and optimization of security solutions across our public and hybrid cloud infrastructure. This role requires hands-on expertise in Microsoft Defender for Cloud, Cloud Access Security Broker (CASB), Cloud Workload Protection Platforms (CWPP), and Cloud Security Posture Management (CSPM) tools. The ideal candidate will be responsible for ensuring robust visibility, security, and compliance across all cloud-native assets, workloads, and applications. Design, deploy, and manage cloud-native security architectures across Azure, AWS, and GCP environments. Implement and optimize Microsoft Defender for Cloud, CASB solutions, and CWPP/CSPM tools to secure cloud workloads and assets. Monitor cloud environments for anomalies, vulnerabilities, and potential threats. Ensure compliance with regulatory standards (e.g., ISO, NIST, GDPR, HIPAA) and internal security policies. Conduct risk assessments and threat modeling of cloud services and applications. Collaborate with DevOps and Cloud Engineering teams to embed security into CI/CD pipelines. Develop automated security alerts, incident responses, and logging mechanisms. Provide recommendations for cloud architecture adjustments to strengthen security posture. Create and maintain documentation for cloud security strategies, policies, and procedures. Your profile Hands-on experience with Microsoft Defender for Cloud and CASB solutions (e.g., Microsoft Defender for Cloud Apps). Proven expertise with CWPP and CSPM platforms (e.g., Prisma Cloud, Wiz, Microsoft Defender CSPM). Strong understanding of cloud platforms Azure, AWS, GCP. Proficiency in scripting languages (e.g., PowerShell, Python) and infrastructure-as-code (e.g., Terraform, ARM templates). Knowledge of cloud security frameworks and best practices. Familiarity with SIEM solutions and cloud-native logging (e.g., Azure Monitor, AWS CloudWatch). Relevant certifications (e.g., Microsoft CertifiedAzure Security Engineer Associate, CISSP, CCSP, AWS Certified Security Specialty) are highly preferred. Excellent communication skills and stakeholder management experience.

Risk Consulting helps clients across various industries by addressing the increasingly complex strategic, operational, compliance, and governance challenges faced by those responsible for managing or overseeing dynamic businesses. Risk Consulting major offerings includes AML & Regulatory Compliance; ERP Advisory; Automation and Analytics; Enterprise Risk Management; Internal Audit; SOX Advisory; Contract Compliance; Credit Reviews; Information & Technology Audits; Cybersecurity risk management; Third-party risk management; IT due diligence; SOC1 / SOC2; Security and Privacy Risk; Governance Risk and Compliance; PCI; Cyber Transformation; Manage Security Services; Secure Architecture Solutions; Cyber Testing; Digital Forensics and Incident Response; and Cyber Threat Intelligence. The ERP, Risk and Automation Services (ERAS) Consulting practice, assists with various consulting, internal, and external audit clients by bringing in-depth ERP, automation, and data analytics skills where needed. The practice performs security and controls designs/assessments, complex data analytics, security role design, security managed services, segregation of duties assessments, as well as ERP implementation risk reviews. We desire a confident individual who is able to both think strategically about risk and control management, while also being task oriented and capable of meeting the tight deadlines that often come with implementation-related work. We are in search of a candidate with an experience in Oracle technologies who has experience scoping, supervising, and executing ERP security & controls, segregation of duties assessments, security role designs, and operationalizing user access management. Qualification and Minimum Entry Requirements Bachelor or Master degree with a minimum of 4-5 years of professional experience in public accounting or relevant compliance industry experience Deep understanding of business processes and controls in Oracle (various versions). Preferred secondary ERP of similar skills ERP implementation experience; functional Oracle background is a plus Broad industry experience or deep expertise in a specific industry Minimum 4-7 years in Oracle, audit, internal audit, or internal control roles Technical knowledge of controls monitoring/auditing tools such as fastpath, ACL, Tableau, Alteryx, a plus Experience working with clients in multiple industry's Experience training others on ERP controls and security knowledge Experience with SOX, COSO, COBIT and other related IT controls methodology and frameworks, such as ISO, NIST, HIPAA, or FDA is a plus. Candidate should have CISA/CA certification Candidate with CIA, CISSP, CPA will be preferred Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments Excellent verbal, written, interpersonal communication (English) as the position requires frequent communications with RSM International clients Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Execute ERP Oracle engagements, specifically related to audit, risk and control related issues highly visible ERP clients. Execute Oracle IT automated controls (ITACs), IT general controls (ITGCs), and Key Report assessments, Oracle security role and configuration reviews, Oracle Implementation Risk Assessments, Oracle SOD assessments, and other ERP services as needed Execute testing of Oracle application control design and effectiveness; validate test scripts and review results Handle multiple client projects while contributing to internal initiatives (talent, practice, business development) Help to maintain our multiple segregation of duties tools and revise security rulesets Execute Oracle security role and user security managed services support. Execute Oracle security role build and testing activities. Proactively driving the continued maturation and industrialization of our current Oracle Security methodology, associated work programs, accelerators, and testing procedures. Provide first choice advisor experience to existing clients while working to maximize client value Ability to exceed client expectations in a sophisticated consulting or accounting firm environment Develop and maintain strong relationships with centers of influence and professionals Understand their impact and contribute to the fundamentals of practice (i.e. realization, utilization, resource leverage) Engage with automation, analytics, and business/application control specialists to address Oracle risk management needs in a holistic manner. Professionally presents themselves at all times at the office and the clients meetings. This includes but is not limited to appearance, communication, and actions. Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, supervisors, and senior management in the U.S. on a daily basis

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. In digital assurance at PwC, you will focus on providing assurance services over clients' digital environment, including processes and controls, cyber security measures, data and AI systems, and their associated governance, to help organisations and their stakeholders build trust in their technology while complying with relevant regulations. Driven by curiosity, you are a reliable, contributing member of a team. In our fast-paced environment, you are expected to adapt to working with a variety of clients and team members, each presenting varying challenges and scope. Every experience is an opportunity to learn and grow. You are expected to take ownership and consistently deliver quality work that drives value for our clients and success as a team. As you navigate through the Firm, you build a brand for yourself, opening doors to more opportunities. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Apply a learning mindset and take ownership for your own development. Appreciate diverse perspectives, needs, and feelings of others. Adopt habits to sustain high performance and develop your potential. Actively listen, ask questions to check understanding, and clearly express ideas. Seek, reflect, act on, and give feedback. Gather information from a range of sources to analyse facts and discern patterns. Commit to understanding how the business works and building commercial awareness. Learn and apply professional and technical standards (e.g. refer to specific PwC tax and audit guidance), uphold the Firm's code of conduct and independence requirements. Job Description ▪ We are looking for a self-motivated individual who will relish the opportunity to join a growing part of the PwC business, using their skills in developing key internal relationships. ▪ Participate in a wide range of projects and collaborate across multiple work streams or teams; consistently demonstrating creative thinking, individual initiative and timely completion of assigned work ▪ Consistently demonstrate teamwork dynamics by working as a team member: understand personal and team roles; contribute to a positive working environment by building solid relationships with team members; and proactively seek guidance, clarification and feedback. ▪ Serve as participant on communications with numerous engagement teams ▪ The individual should have the ability to work effectively under pressure without compromising professional standards or quality of the work being performed. ▪ Knowledge and understanding of cyber security frameworks, standards, and best practices such as NIST, ISO 27001,etc ▪ Familiarity with Identity and Access Management (IAM) systems and processed would be a plus ▪ Has a basic understanding of SOC1/SOC2/SOX reporting ▪ Has a basic understanding of Internal controls and compliance. ▪ Staying up-to-date on the latest information technology (IT) and cybersecurity developments Responsibilities ▪ Perform Audit procedures and provide related deliverables in accordance with PwC’s documentation and quality standards. ▪ Perform IT security assessments for clients (e.g. security risk assessments, IT network infrastructure reviews, system technical configurations review, information security policies and processes/procedures review etc. ▪ Evaluate and analyze threat, vulnerability, impact and risk to security issues discovered from security assessments ▪ Advise clients on the security issues, including explanation on the technical details and how they can remediate the vulnerabilities in the processes and controls ▪ Perform assessment (pre and post implementation) of security solutions and advise client on Industry best practices. ▪ Conduct in-depth research on emerging cybersecurity threats, trends, and technologies, and incorporate findings into actionable recommendations. ▪ Collaborate with cross-functional teams to ensure the effective implementation of security policies, standards, and best practices ▪ Maintain working knowledge of IAC User Guides and Audit Standards ▪ Monitor time and manage deadlines ▪ Adhere to PwC IAC policies and procedures ▪ Participate in training, coaching and other developmental opportunities. Requirements Minimum Degree(s): ▪ Bachelors or Masters degree in engineering with specialization in Management Information Systems, Computer Science, Information Systems, Information Technology or equivalent ▪ Understanding of audit concepts and latest regulations ▪ 1 -3 years’ experience in the domains mentioned in the Job Description above & Candidates with “Big 4” or equivalent experience would be preferred Certification(s) Preferred ▪ CISSP / ISO 27001 LA / CRISC / CISM / certifications are preferred. ▪ Understanding of Cyber security concepts and audit regulations Knowledge And Skill Set Required ▪ Working knowledge of appropriately applying internal control principles and business/technical knowledge including Application Controls, IT General Controls and Financial Reporting Concepts. ▪ Working knowledge of security controls, programming, networks and operating systems would be an added advantage ▪ Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.), including an understanding of the v-lookup, text, reference and logical and information functionality in excel. ▪ Team player, committed to providing high quality and maintaining timeliness ▪ Effective written and verbal communication skills including English ▪ Demonstrated self-motivation and a desire to take responsibility for personal growth and development ▪ Commitment to continuous training and to proactively learn new processes. ▪ Should have strong work ethics and commitment to delivering/ownership of work deliverables as per agreed timelines.

Job Description Be part of the solution at Technip Energies and embark on a one-of-a-kind journey. You will be helping to develop cutting-edge solutions to solve real-world energy problems. We are currently seeking Cybersecurity Risk Analyst to join our team based in Noida. The IT Risk Analyst reports directly to the IT Risk Manager and is in charge for Risk identification, assessment, mitigation and follow-up processes for both IT and OT environments. About us: Technip Energies is a global technology and engineering powerhouse. With leadership positions in LNG, hydrogen, ethylene, sustainable chemistry, and CO2 management, we are contributing to the development of critical markets such as energy, energy derivatives, decarbonization, and circularity. Our complementary business segments, Technology, Products and Services (TPS) and Project Delivery, turn innovation into scalable and industrial reality. Through collaboration and excellence in execution, our 17,000+ employees across 34 countries are fully committed to bridging prosperity with sustainability for a world designed to last. Global Business Services India At Technip Energies, we are continually looking for ways to become more efficient, and ways to improve our quality, customer focus and cost competitiveness. The Global Business Services (GBS) organization is key to executing this strategy, by standardizing our processes and centralizing our services. Our Vision : A customer-focused, cost-efficient, innovative, and high performing organization that drives functional excellence. GBS provide streamlined and consistent services to our internal customers in the domain of Finance and Accounting, Human Resources, Business Functional Support, Procurement and Legal. Our services fit our global organization and allow us to focus on business strategy and priorities. GBS also maintains continuous improvement plans to enhance our customer-oriented service culture. Responsibilities: Responsible for Digiteam and cybersecurity risk identification, assessment, mitigation and follow-up Maintains the documentation relating to risk management processes. Responsible for maintaining a Risk Register at group level Responsible for risk management Indicators (KRI) calculation and communication relating to the whole cybersecurity department. Collaborate with Security Operations Center (SOC) teams to analyze incident trends and integrate findings into risk assessments. Support the development and implementation of risk treatment plans, including technical controls and compensating measures About You At least 5 years of experience in IT Risk Management Certifications (preferred but not mandatory): ITIL, CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), ISO 27005 Risk Manager Certification or equivalent on filed experience. Hands-on experience conducting cybersecurity risk assessments in hybrid environments (on-premises and cloud). Experience working with DevSecOps teams to integrate risk management into CI/CD pipelines. Familiarity with incident response processes and post-incident risk re-evaluation. Technical Skills Strong understanding of cyber threat intelligence and its application in risk management. Familiarity with GRC platforms (e.g., SureCloud, ServiceNow GRC) for risk tracking and reporting. Experience with vulnerability management tools (e.g., Tenable, Qualys, Rapid7) and interpreting scan results. Knowledge of cloud security frameworks (e.g., CSA CCM, Azure Security Benchmark, AWS Well-Architected Framework). Understanding secure architecture principles and ability to review system designs for risk exposure. Familiarity with compliance frameworks such as GDPR, SOX, and industry-specific standards (e.g., IEC 62443 for OT). Familiarity with ISO2700x, NIST, CIS frameworks. Your career with us: Working at Technip Energies is an inspiring journey, filled with groundbreaking projects and dynamic collaborations. Surrounded by diverse and talented individuals, you will feel welcomed, respected, and engaged. Enjoy a safe, caring environment where you can spark new ideas, reimagine the future, and lead change. As your career grows, you will benefit from learning opportunities at T.EN University, such as The Future Ready Program, and from the support of your manager through check-in moments like the Mid-Year Development Review, fostering continuous growth and development What’s next? Once receiving your application, our Talent Acquisition professionals will screen and match your profile against the role requirements. We ask for your patience as the team completes the volume of applications with reasonable timeframe. Check your application progress periodically via personal account from created candidate profile during your application. We invite you to get to know more about our company by visiting and follow us on LinkedIn, Instagram, Facebook, X and YouTube for company updates.