3740 Nist Jobs - Page 32

At Broadridge, we've built a culture where the highest goal is to empower others to accomplish more. If you’re passionate about developing your career, while helping others along the way, come join the Broadridge team. Roles and Responsibilities: Collaborate with the newly acquired entity to gain a thorough understanding of the network architecture and communications. Evaluate the effectiveness of current network security controls, identify potential risks, and recommend improvements. Lead the design and implementation of next-gen network security solutions, modernizing WAF, IDS, and IPS with cutting-edge alternatives while driving innovation in network security technologies. Oversee the modernization initiatives of the network infrastructure undertaken by the acquired entity, collaborating with cross-functional teams to ensure the seamless integration of next-gen security solutions into Broadridge security architecture, facilitating scalability and alignment with future growth objectives. Ensure that infrastructure updates and changes align with Broadridge security standards and best practices. Implement security architectures to safeguard container environments, ensuring robust defense mechanisms and compliance with industry best practices. Ensure seamless communication and integration of WAFs, IPS, IDS with our centralized Security Operations Center (SOC) for effective threat detection and response. Evaluate and integrate security solutions into our centralized Security Information and Event Management (SIEM) system, ensuring they align with our monitoring and incident response capabilities. Promote the use of Infrastructure as Code (IAC) to standardize and automate the configuration and management of network and application security solutions, while ensuring consistency and efficacy. Collaborate with developers to architect tailored protective controls to safeguard against web application threats and address specific security needs of individual web applications. Analyze vulnerability scan results and identify areas where WAF configuration adjustments can bolster defenses against potential attacks. Identify and explore opportunities to automate network security processes, leveraging innovative technologies to enhance efficiency, reduce manual effort, and improve threat detection and response capabilities. Stay current with the latest cybersecurity threats and trends, proactively identifying potential vulnerabilities and recommending measures to mitigate risks. Requirements: Bachelor’s degree in computer science, Information Technology, or Technology related field. Advanced degree or relevant certifications (e.g., CISSP, CCNP, CEH) preferred. Twelve or more years of experience in one, or a combination, of network, cloud, or infrastructure security domain, showcasing a comprehensive understanding of security principles and practices. Strong expertise in networking concepts, protocols, and security principles, with the ability to design and implement secure network architectures. Thorough knowledge of mainstream operating systems and a wide array of security technologies, including network firewalls and IPS. Expertise in designing and architecting container security strategies, including knowledge of container orchestration platforms such as Kubernetes and Docker Swarm and relevant security tools like Wiz, Aqua Security, or Prisma Cloud. Proficiency in full stack cloud automation using tools such as Git, Terraform, Ansible, and Jenkins. Past programming experience and knowledge of Python are a plus. Experience aligning security programs with industry benchmarks and standards such as NIST, CIS, FIPS, PCI DSS, HIPAA, and FIPS 140-2, ensuring adherence to best practices. Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and capability to communicate technical concepts to non-technical stakeholders. Proven ability to work independently, prioritize tasks, and manage multiple projects simultaneously in a fast-paced environment, ensuring timely and efficient completion of objectives. Commitment to continuous learning and staying updated on industry developments and emerging technologies, coupled with adaptability to evolving technology environments and requirements. Broadridge associates helped us envision our Connected Workplace - a work model that allows associates around the globe, dependent upon their role responsibilities, take advantage of the benefits of both on-site and off-site work to support our clients, one another, and the communities where we live and work. Our Connected Workplace is grounded in the concept of FACS: Flexible, Accountable, Connected, and Supported, which is our commitment to our associates. FACS supports our strong culture and allows us to achieve business goals while supporting meaningful work-life integration for our associates. We are dedicated to fostering a diverse, equitable, and inclusive environment and committed to providing a workplace that empowers associates to be authentic and bring their best to work. We believe that associates can only do their best when they feel safe, understood, and valued, and we work diligently and collaboratively to ensure Broadridge is a company—and ultimately a community—that recognizes and celebrates diversity in all its dimensions.

Description Join GlobalLogic, to be a valid part of the team working on a huge software project for the world-class company providing M2M / IoT 4G/5G modules e.g. to the automotive, healthcare and logistics industries. Through our engagement, we contribute to our customer in developing the end-user modules’ firmware, implementing new features, maintaining compatibility with the newest telecommunication and industry standards, as well as performing analysis and estimations of the customer requirements. Requirements Good to have knowledge in ISO 22301 Experience in Creating Business Contuity/Disaster Recovery Policy and Standard Documents Experience in Creating Business Impact Analysis Template and working experince in collecting and analyzing the data Experience in defining RTO and RPO Experience in managing various BCP and/or DR drills/tests Passionate to perform internal audits Job responsibilities Internal Audit: Develop an annual audit plan based on a thorough risk assessment and in alignment with organizational goals and regulatory requirements. Lead and coordinate internal audit engagements to evaluate the effectiveness of GRC controls, policies, and procedures around ISO 27001, 27701, NIST800-53, PCI/DSS, SOC2, IRAP, Conduct audits across various departments and functions to assess compliance with company policies, industry standards, and regulatory requirements. Identify and assess key risks related to governance, risk management, and compliance. Collaborate with stakeholders to develop risk mitigation strategies and action plans. Monitor and report on the implementation of risk mitigation initiatives to ensure effectiveness. Ensure compliance with relevant laws, regulations, standards, and internal policies. Focus on SOC2, ISO 27001, ISO 27701, PCI DSS, HIPAA, NIST and IRAP. Stay abreast of regulatory changes and industry trends to update audit procedures and compliance programs accordingly. Provide guidance and support to business units on compliance-related matters. Prepare clear and concise audit reports detailing findings, recommendations, and corrective actions. Present audit findings and recommendations to senior management and audit committee members. Facilitate discussions with stakeholders to address audit findings and promote continuous improvement in GRC practices. Supervise and mentor audit team members, providing guidance and professional development opportunities. Foster a culture of integrity, accountability, and continuous learning within the audit team. Conduct performance evaluations and provide constructive feedback to team members. PCI/DSS Conduct thorough assessments and audits of systems, processes, and controls to evaluate compliance with PCI/DSS (Payment Card Industry Data Security Standard) requirements. Identify gaps, vulnerabilities, and areas of non-compliance, and provide recommendations for remediation. Prepare detailed assessment reports documenting findings, observations, and recommendations for improving PCI/DSS compliance. Communicate assessment results to clients, including technical and non-technical stakeholders, in a clear and understandable manner. Provide expert guidance and advisory services to clients on PCI/DSS requirements, controls, and best practices. Assist clients in developing and implementing remediation plans to address identified compliance deficiencies. Assess and evaluate risks associated with payment card data processing and storage within client environments. Recommend risk mitigation strategies and controls to enhance security posture and compliance with PCI/DSS standards. Collaborate effectively with clients, internal teams, and external auditors to facilitate the PCI/DSS assessment process. Serve as a trusted advisor and subject matter expert on PCI/DSS compliance matters. ISO 27001: Lead the implementation of the ISO 27001/27701 standard across the organization, including scoping, planning, and executing ISMS initiatives. Develop and maintain project plans, timelines, and deliverables to ensure successful implementation of ISO 27001/27701 requirements. Conduct comprehensive risk assessments to identify information security risks and vulnerabilities. Develop risk treatment plans and controls to mitigate identified risks in alignment with ISO 27001/27701 guidelines. Develop, review, and update information security policies, procedures, and guidelines to comply with ISO 27001/27701 standards. Ensure policies and procedures are communicated effectively to all employees and stakeholders. Develop and deliver training programs on information security policies, procedures, and best practices for employees and stakeholders. Promote awareness of information security requirements and responsibilities throughout the organization. Plan and conduct internal audits of the ISMS to assess compliance with ISO 27001/27701 standards and organizational policies. Monitor and track corrective and preventive actions (CAPAs) to address audit findings and improve ISMS effectiveness. Maintain documentation of ISMS activities, including risk assessments, policies, procedures, audit reports, and records of compliance activities. Prepare regular reports and presentations for senior management on the status of ISMS implementation, compliance, and improvement initiatives. What we offer Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally. Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today. Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way! High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do. About GlobalLogic GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Job Title: Senior Manager – Cloud Strategy & Advisory Lead Job Summary: As a Senior Manager – Cloud Strategy & Advisory Lead , you will spearhead client engagements to define cloud-first, cloud-smart, and hybrid cloud strategies that accelerate digital transformation. You will help clients navigate complex decisions related to multi-cloud adoption, cloud operating models, FinOps, exit from legacy infrastructure (e.g., VMware), and cloud governance—all while ensuring business value, security, and compliance. You will work closely with client executives, technology leaders, platform providers, and EY global teams to deliver cloud advisory engagements aligned to enterprise modernization and transformation initiatives. Key Responsibilities: Client Delivery & Engagement Leadership Lead advisory engagements on cloud strategy, hybrid/multi-cloud architecture, data center modernization, and cloud governance frameworks. Shape client journeys from on-premise and legacy platforms to cloud-native ecosystems, aligned to business and industry needs. Develop actionable transformation roadmaps covering cloud adoption, cloud exit (e.g., VMware), operating models, security, compliance, and cost optimization. Guide clients on integrating emerging technologies (e.g., containers, AI workloads, edge computing) into cloud strategies. Ensure cloud recommendations comply with global and regional regulatory, privacy, and security requirements. Practice & Offering Development Co-develop EY’s strategic offerings across Cloud Economics & FinOps, Cloud Operating Models, Sustainable Cloud, VMware Exit, and AI-Optimized Infrastructure Architecture. Create standardized frameworks, assessment models, and accelerators for strategy and transformation programs. Collaborate with alliance partners (AWS, Azure, GCP, VMware, hyperscalers) to shape solution offerings and capability investments. Team Leadership & Capability Building Build and mentor a high-performing team of cloud advisors and consultants. Promote a culture of curiosity, innovation, knowledge sharing, and excellence in delivery. Lead internal training programs and knowledge management initiatives. Business Development Drive business development across global markets with proposal ownership, client pitches, and solutioning. Support account leaders and industry teams in identifying and shaping cloud-led opportunities. Contribute to thought leadership (white papers, articles, points of view) in cloud and infrastructure modernization. Required Qualifications: Bachelor’s degree in Engineering, Computer Science, Information Technology, or Electronics from a recognized university (e.g., B.E./B.Tech). Master’s degree: M.Tech or MBA with specialization in Information Systems, Infrastructure Management, or Technology Strategy Public cloud certifications: AWS/Azure/GCP Certified Architect FinOps Certified Practitioner is shall be an added advantage 12–16 years of experience in cloud and infrastructure consulting, transformation programs, or enterprise architecture roles. Demonstrated success in leading cloud strategy, infrastructure modernization, or cloud adoption engagements. Strong understanding of public cloud platforms (Azure, AWS, GCP), hybrid cloud, containers, and edge/cloud-native patterns. Familiarity with infrastructure cost models, FinOps frameworks, business case development, and optimization levers. Familiarity with modern tooling in IAC (Terraform, Ansible), AIOps, CMPs, Cloud Health/Apptio, and FinOps platforms. Experience advising on risk, security, compliance (e.g., NIST, ISO, GDPR), and resilience in cloud transformation. Proficiency in communicating with senior stakeholders (CTO, CIO, COO, CISO) and translating business goals into technology strategy. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Control & Risk Assessment Leader Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 950 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entire security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting and enabling the business through innovative, secure solutions that provide speed to market and business value. The opportunity The Technology Assurance, Risk, and Policy (TARP) function within Information Security strives to create and promote a holistic Governance, Risk, and Compliance (GRC) program by creating a robust, resilient, and proactive governance framework, supported by a strategic risk management approach and stringent compliance structures. It aims to integrate and align its GRC initiatives in line with the global firm's objectives and emerging threats within the cybersecurity landscape. Furthermore, the Policy, Risk, and Controls (PRC) Enablement & Awareness team aims to establish policies and procedures that reflect the value we place on safeguarding our digital environment, while ensuring that these policies are effectively communicated and enforced across all levels of the organization. The Control & Risk Assessment team sits within PRC Enablement & Awareness and aims to directly enables the GRC program by designing control testing and risk assessment methodology to measure and quantify compliance to policies and control objectives. Your key responsibilities The Control & Risk Assessment Leader will be responsible for building and owning a control testing and risk assessment program, following the model for 1st line and 2nd line testing best-practice strategies, that routinely tests and assesses the effectiveness and efficiency of Information Security controls put in place to mitigate risks to determine if they are supporting the desired business outcomes. They will need to rank and prioritize Information Security and Information Technology controls based on their risk profiles and design testing plans, inclusive of testing procedures, which will be used to measure effectiveness while, simultaneously looking for opportunities to enhance and improve EY’s control landscape. In certain instances, they will need to plan and execute risk assessments to quantify assumptions over the risk profiles. The Control & Risk Assessment Leader is responsible for building a team of experienced professionals to assist in executing the strategic vision and objectives of the Control & Risk Assessment testing and assessment program. The Control & Risk Assessment team will work collectively to support the Information Security Program in the areas of risk assessment methodology development and execution of risk assessments, control testing design and execution, and identification of gaps and areas of improvement utilizing testing and assessment results. Collaboration with other Information Security groups and external stakeholders across EY is key to this role. The Control & Risk Assessment Leader will need to build a network of multi-departmental and multi-level stakeholders inclusive of, but not limited to Information Security, Client and Enterprise Technology, Data Protection, Global and Enterprise Risk Management, Internal Audit, Area and Regional Risk & Data teams, Service Line Quality Leaders, etc. Skills and attributes for success Own and build multi-year roadmap to establish and mature the Control & Risk Assessment program. This includes development of the team’s charter, identification of resource needs, ongoing monitoring systems and tool requirements, performance metrics, and workstream prioritization. Build and manage control testing and risk assessment service offerings aimed at identifying potential risks and validates mitigation controls by conducting regular and systematic assessments of the organization's IT infrastructure, including networks, systems, applications, and data processes. Based on results of assessments and testing, assist control owners with the design and implementation of their controls in the organization's IT environment. Strategize on the appropriate amount of preventive, detective, or corrective controls which will have the most impact on reducing overall risk for the firm. Create a 1st Line Testing framework that can be shared with control owners that will enhance security culture and support control ownership roles and responsibilities. Conduct training and awareness campaigns to facilitate the adoption of the framework. Appropriately balance firm security needs with business impact and benefit when recommending advancements in policy and control objectives and directing those efforts to completion. Think strategically to assist with the development of a long-term vision for Information Security’s Technology Assurance, Risk, and Policy direction inclusive of its program improvement, technology adoption, and integration of security solutions into business objectives. Act as a thought leader in the firm, staying informed of changes in information security, regulatory requirements, audit standards, and industry trends, adjusting strategies, as necessary. Build and maintain appropriate relationships with internal and external leaders to ensure awareness and understanding of potential strategic directions. Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change. Outstanding management, interpersonal, communication, organizational, and decision-making skills. Ability to understand and integrate cultural differences and motives and to lead cross cultural teams. Demonstrate integrity and judgment within a professional environment. Evaluate, counsel, mentor and provide feedback on performance of others. Plan the training and development of staff to develop their skills and maintain state-of-the-art knowledge in information security. To qualify for the role you must have 12+ years of experience in the Information Technology, Information Security and/or Risk Management field(s). Audit experience or a demonstrated ability to design and test technology controls. 5+ years of experience in managing and mentoring junior and senior level staff. Experience leading global and virtual teams. High proficiency in technical and general writing skills in English. An advanced degree in Computer Science, Information Security, or a related field; equivalent work experience will be considered on a case-by-case basis. One or more of the following or equivalent certifications preferred: Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Processional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Internal Auditor (CIA), Global Information Assurance Certification (GIAC) in related area, CIPP, CIPT. Ideally, you’ll also have A working knowledge of external control standards like ISO 27001, NIST 800-53, COBIT, etc. and regulatory requirements like GDPR and SOX. Skilled in Microsoft Office and M365 products; primarily Word, Excel, PowerPoint, SharePoint, PowerApps, and PowerBI. Experience with RSA Archer or other GRC tools. Flexibility to work outside of normal business hours when engaging with team members and stakeholders in various time zones. What we offer As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer: Continuous learning : You will develop the mindset and skills to navigate whatever comes next. Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way. Transformative leadership : We will give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture : You will be accepted for who you are and empowered to use your voice to help others find theirs. We ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions and to receive other benefits and privileges of employment. Please contact us to request accommodations. EY is committed to being an inclusive employer, and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance. EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY-Digital Risk – OT – Manager As part of our Risk Consulting, you will be joining the Digital Risk Consulting Team. As part of the Consulting, you will handle leading and managing OT security engagements for various clients across the MENA region. Working with Digital Risk team, you will also perform IT/IS/OT Risk assessment, IT/IS Governance, ERP reviews and conduct maturity assessment on the client’s current IT/IS/OT posture. The client base spans across various sectors and includes collaboration with other teams within Consulting services. The opportunity We are looking for a manager with expertise in IT/ OT Assessments/Framework Implementation to join the Digital Risk team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of our service offering. Your key responsibilities Responsible for working with multiple client engagements and teams at a Senior level within the MENA region. Lead and deliver OT Risk assessments, Architecture review, and maturity evaluation across DCS and ICS environments. You can expect to work with high level client personnel to address Information security, IT/OT Security and Business continuity risks. You are also expected to perform internal control testing, develop control frameworks, and provide internal audit services in IT/OT/InfoSec space for the MENA stakeholders. You will assess the client’s current state of internal controls and identify risks and subsequent recommendations. Working with client personnel to analyse, evaluate and enhance systems facilitating the process control, and assisting clients and other technology professionals in performing IT/OT control audits, IT/OT security framework development engagements. Mentor and coach junior team members, fostering their technical and professional development. Help develop/respond to go to market, RFP/RFI responses. Practice building Skills and attributes for success Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies. Good understanding of how OT and IT devices interact with each other and how OT devices work. Good to have knowledge of regulatory requirements and standards related to ICS/OT security (e.g., NIST, IEC 62443) Excellent communication and stakeholder management skills, especially in cross functional industrial settings. Experience with network security solutions, including firewalls, intrusion detection systems (IDS) etc. Analytical skills to screen through data and logs to identify the patterns indicative of cyber threats or threat actor methods. Effective communication skills for interacting with technical and non-technical colleagues and stakeholders. Demonstrating and applying strong project management skills, inspiring teamwork, and responsibility with engagement team members Relevant certifications are desirable. To qualify for the role, you must have A bachelor’s degree A minimum of 10-15 years of experience working as Information security professional with IT/IS/OT internal audit background in a professional services firm. Excellent communication skills with consulting experience preferred. A valid passport for travel. Ideally, you’ll also have B. Tech/ B.E. / B.Sc. / M. Sc. in Computer Applications / Engineering, or a related discipline. ISA 62443 expert, CISA, CISSP, GICSP (anyone certification is desired) What working at EY offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Role Title : Associate Director-Regional Client Security Assurance Lead Sub Function: Client Security Assurance Objectives of the role The Regional Client Security Assurance Lead, Associate Director, plays a pivotal role in leading a team responding to security risk assessments and due diligence exercises from clients in the IN/MENA region. This position requires extensive collaboration with various global and local functional teams, such as Data Protection, Risk Management, Compliance, Counsel, Procurement, Information Security, Technology, and EY service lines. This role is responsible for leading and supporting client and regulatory inquiries about EY’s Global Information Security program. It assists EY client engagement teams by addressing client requests regarding how EY secures our client information using comprehensive technical controls and governance processes in line with EY Global Information Security requirements. This position involves managing multiple requests and responsibilities while supporting complex security assessments throughout various stages of the engagement life cycle. Additionally, it requires staying current with updates in EY's Information Security posture and technology offerings, thereby contributing to business growth and the development of new business opportunities. Key Responsibilities The Regional Client Security Assurance Lead serves as a dependable client security relationship manager for key EY clients throughout the client engagement lifecycle, aiming to sustain and expand business operations. Furthermore, this position involves leading a team, projects, performing data analytics, and management of operational processes within IN/MENA Client Security Assurance. Team Lead: Lead team members to foster career growth and help them become knowledgeable about the EY Information Security Program and facilitate client security assessments. Implement operating model for the IN/MENA Client Security Assurance team in alignment with our business objectives. Drive the Evolution of Client Security Assurance: Actively participate in the development, implementation, and ongoing enhancement of the Client Security Assurance function in alignment with industry best practices. Facilitate Security Assessments: Act as a key resource for client and engagement teams by providing expert guidance on inbound security assessments related to EY’s Global Information Security Program, fostering trust and confidence in the EY Global Information Security Program, and the controls in place to protect data along with safeguarding the confidentiality of our security controls. This also helps build EY’s reputation and brand in the market. Clearly communicate with clients and their appointed auditors, pertinent and appropriate details of the EY Global Information Security Program. Provide critical support to EY’s approach to winning new business and sustaining existing business relationships. Provide consulting services to account teams related to client security assessments and their Supplier Risk Management framework. Meet with Clients: Participate in client meetings as an Information Security representative, supporting EY account teams by addressing client inquiries related to the EY Global Information Security Program. Support Request for Proposal (RFP) process: Partner with client engagement teams to support the RFP process by addressing information security questions to help secure more business for EY. Engage with Regulators: Support inquiries and assessments from select local regulators, highlighting EY's commitment to transparency and compliance in governance processes, technologies, and information security controls. Support Contractual Compliance: Review and provide strategic commentary on information security requirements in client contracts, aligning with EY’s Information Security Program. Assist EY Legal Counsel and Client Account Teams in negotiating terms that protect both EY and client interests. Qualifications Minimum 15-19 years of recent progressive IT security compliance, risk management or related IT security experience with a large IT organization; preferably within a professional service firm, software product, cloud-based solutions, or other companies serving clients that are highly regulated entities. Bachelor’s degree from an accredited college or university is preferred. A good understanding of cloud infrastructure, networking, modern software development and technical security controls is required. Strong executive presence, negotiation, presentation, and communication skills are required. Excellent analytical and problem-solving skills to assess and solve complex security issues. Ability to work and navigate through EY’s Global firm understanding diverse perspectives and global client requirements. Ability to maintain calm during client assessments and respond to questions consistently and confirming internally the accuracy of responses before presenting them. Proven experience in client-facing roles, particularly in handling security assessments, ideally from client inquiries, but can also be the result of experience performing security assessment of suppliers. Demonstrated ability to adopt and strive for continuous process improvement, particularly in resulting from the innovation and integration of new technologies. Excellent collaboration skills, with the ability to engage effectively with cross-functional teams and stakeholders. Knowledge of various information security frameworks such as ISO27001/2, AICPA System and Organization Controls (SOC) Reports (SOC1, SOC2, and SOC3), NIST, COBIT and relevant regulatory requirements such as GDPR. Certifications such as CISSP, CISM, CISA, ISO 27001 Auditor, CRISC, CIPP are preferred. Keep up to date with industry trends, emerging technologies and best practices. Good understanding in the following concepts and domains: Governance Risk and Compliance : A system that ensures that organizations enforce governance, implement risk management strategies, and ensure regulatory compliance. Multitier Network Architecture: A design separating resources between the Internet and the internal infrastructure, incorporating multiple network layers. For on-premise solutions, this includes a DMZ (Demilitarized Zone) architecture. In cloud environments, it involves a combination of Network Security Groups (NSG), Virtual Networks (VNETs), IP-based restrictions on connections between resources, and Web Application Firewalls (WAF). Cloud security architecture : Cloud security architecture's purpose is to provide a structured framework for securing data, applications, and infrastructure in cloud environments. It includes the definition of security principles and a governance framework for all cloud services and applications from development through production. Distinction of Cloud Service Models such as IaaS, PaaS and SaaS and shared responsibility matrix : Infrastructure as a Service (IaaS): IaaS provides on-demand access to virtualized computing infrastructure, including servers, storage, and networking, allowing subscribers to build and manage their own applications, operating systems, and data while the cloud provider manages the underlying infrastructure. Platform as a Service (PaaS): PaaS offers a platform for developers to build, deploy, and manage applications without the need to manage the underlying operating systems and infrastructure. Software as a Service (SaaS): SaaS delivers software applications to users over the internet, allowing them to access and use the software without installing or managing it on their own devices. We will be dependent on the SaaS providers for the security controls to protect EY and client information. Application security : Measures taken to protect software applications from threats and vulnerabilities that can compromise the confidentiality, integrity, or availability of the data. Identity and access management : Includes use of authentication mechanisms, authorization measures, and privileged account management. Encryption standards: Standards for cryptography, used to protect data-at-rest and data-in-transit as well as provide a means of validating the authenticity, non-repudiation, and integrity of data. Endpoint security capabilities : Standards to protect endpoints such as laptops, desktops, smartphones, and tablets against cyberattacks. Incident response Plan : The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of malicious cyber-attacks against an organization’s information systems(s). Business impact analysis : Predicts the consequences of a disruption to your business, and gathers information needed to develop recovery strategies. Disaster recovery : Understand the disaster recovery plan for the applications used to support our clients. Stakeholder management This role is a combination of technical and business acumen capable of communicating and advocating EY’s brand as it relates to the Information Security Program, across a wide range of stakeholders. This requires communication skills adaptable to the appropriate audiences that address different perspectives, goals, and levels of technical knowledge. It also requires the ability to gain trust and act as a trusted consultant and liaison between clients, account teams and EY internal security functions. Stakeholders include: Product/Application owners – responsible for the full lifecycle of a technology solution that fulfills a business need or objective. Client Security Assurance provide useful feedback from clients to further enhance their products/applications. Architects and Engineers – EY technology leaders who design and build solutions based on business requirements. Information Security Leadership Team – responsible for all matters for security related to the security program. Extended Security Team – responsible for specific domains such as Security Consulting, Application Security Compliance, Supplier Risk Assessment, Cyber Defense, Business Impact Analysis, Information Security Policies related to the security program. EY Partners and Account teams: Ultimately responsible for the relationship with EY clients and the selection and usage of the technology leveraged for their services and deliverables. EY Clients and Client Security Auditors – The ultimate customer for EY’s technology or service delivery who expect EY’s technology solutions to adequately protect their data and maintain appropriate service levels. The Client Security Assurance Senior Consultant will participate in number of client meetings with the engagement team to answer questions and provide clarification on how EY secure client information. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Senior Security Consulting EY Technology: Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 250,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization. EY Technology supports our technology needs through three business units: Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly. Enterprise Workplace Technology (EWT) – EWT supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. EWT will also support our internal technology needs by focusing on a better user experience. Information Security (Info Sec) - Info Sec prevents, detects, responds, and mitigates cyber-risk, protecting EY and client data, and our information management systems. The opportunity As a Security Consultant within EY’s internal Global Information Security team, the individual will be a trusted security advisor to the Client Technology Platforms Delivery organization within IT Services. The Client Technology Platforms delivery organization is responsible for end-to-end delivery of technology programs and projects supporting EY’s Client Techmology service lines including delivery of a global managed services platform, big data and analytics solutions as well as individual line of business solutions and services. This role will directly engage in supporting a team of architects, engineers, and product managers for delivery on programs and projects, defining security risks and controls, providing security guidance, identifying and prioritizing security-related requirements, promoting secure-by-default designs and facilitating delivery of information security services throughout the system development life cycle (SDLC). The role will also develop and directly communicate appropriate risk treatment and mitigation options to address security vulnerabilities translated vulnerabilities into business risk terminology for communication to business stakeholders. Your key responsibilities Support a technical team with a focuse on the following responsibilities: Define security architectures and provide pragmatic security guidance that balance business benefit and risks Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls Perform threat modeling and risk assessments of information systems, applications and infrastructure Maintain and enhance the Information Security risk assessment and certification methodologies Define security configuration standards for shared and multi-tenant platforms and technologies Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders Provide knowledge sharing and technical assistance to other team members Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible services and technology portfolios Skills and attributes for success Significant working security experience and knowledge in the design, implementation, and operation of security controls in the following areas: Identity and Access Management – Experience with Azure Active Directory (AAD) based Identity and Access Management and Authorization design and integration with API, IDaaS, and Federation technologies. Cloud Security – Technical understanding of virtualization, cloud infrastructure, and public cloud offerings and experience designing security configuration and controls within cloud-based solutions e.g., Microsoft Azure and Azure PAAS services or another cloud platform (GCP, AWS, IBM, AliCloud, etc.) Infrastructure Security – Experience with the integration of cloud native infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, Web Application Firewalls (WAFs), Application and API Gateways, intrusion detection and prevention, security monitoring, and data encryption solutions. Application Security - Experience with the design and testing of security controls for multi-tier business solutions including the design of application-level access and entitlement management, data tenancy and isolation, encryption, and logging. Working familiarity with REST API and microservices architecture. Strong leadership and organizational skills Ability to appropriately balance firm security needs with business impact & benefit Ability to facilitate compromise to incrementally advance security strategy and objectives Ability to team well with others to facilitate and enhance the understanding & compliance to security policies Although not required, it is preferred that candidates possess additional working security experience and knowledge in one or more of the following areas: Operational Security – Experience with defining operational security models and procedures for business solutions including the operation and maintenance of infrastructure and application security controls. Information Security Standards – Knowledge of common information security standards such as: ISO 27001/27002, CSA and CIS Controls, NIST CSF, PCI/DSS, FEDRAMP. Product Management – working with broader business and technology teams on aspects of security that affect all phases of PI Planning from concept to design to implementation and then operational support. Agile & DevSecOps Methodologies – Experience promoting automated security features in pipelines and security testing as a central feature in Agile workflows as a contributing member within an Agile development or DevOps environment. To qualify for the role, you must have: Advanced degree in Computer Science or a related discipline; or equivalent work experience. Candidates are preferred to hold or be actively pursuing related professional certifications within the GIAC family of certifications or CISSP, CISM or CISA or similar cloud-security oriented certifications. Five or more years of experience in the management of a significant Information Security risk management function Experience in managing the communication of security findings and recommendations to IT project teams, business leadership and technology management executives Ideally, you’ll also have Exceptional judgment, tact, and decision-making ability Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change Excellent , communication, organizational, and decision-making skills Strong English language skills are required What working at EY offers We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings, and a wide range of discounts, offers and promotions. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following: Experience with infrastructure penetration testing and vulnerability assessments Good knowledge of OWASP and Secure SDLC standards Should have performed web/mobile/API penetration testing. Good knowledge of encryption technologies & MiTM attacks Experience in performing security code reviews and log analysis. Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model Good understanding of MITRE ATT&CK framework and how to leverage it. Good understanding of AD administration, different authentication mechanisms, trust boundaries etc. Experience in performing security configuration reviews for OS, Databases, Network & Security devices, applications etc. Should have good understanding of the cloud services (AWS, Azure and GCP), its architecture, potential attack vectors and mitigation plans Should have good understanding of the Container services, Kubernetes auditing and LLM security Experience in performing architecture design review for network and applications Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF, NCA, NIST, NESA, Qatar Cybersecurity Framework etc. Support in conducting technical reviews as part of IT/CS audits Should hold atleast 1 of the certifications or its equivalent : OSCP, GPEN, OSWE, OSWP, CRTP, LPT, ECSA, ISO27001, CEH Hands on experience will security testing tools/frameworks like Burp Suite, Nessus, Qualys etc. Hands on experience with programming using Python/Perl/PowerShell/C# Hands on experience with setting-up phishing and performing social engineering assessments Experience with AV/NAC evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc. Experience with Active directory assessments Experience with different stages of cyber kill chain Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events Analysis of the patches released by the vendors Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks. Experience with mentoring junior resources or managing stakeholders/client Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise Skills Network Vulnerability Scanning and Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Web service/API Security Assessment, Secure Code review, AD Security Assessments, Social Engineering Assessments, Configuration Audit (Automated and Manual), Wireless Penetration Testing, Threat Modelling Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication, or equivalent) Qualification preferred- Minimum 4+ years of IT/cyber risk consulting & penetration testing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job Description Senior Manager, Cybersecurity Engineering, PAM The Opportunity Based in Hyderabad, join a global healthcare biopharma company and be part of a 130-year legacy of success backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare. Be part of an organization driven by digital technology and data-backed approaches that support a diversified portfolio of prescription medicines, vaccines, and animal health products. Drive innovation and execution excellence. Be a part of a team with passion for using data, analytics, and insights to drive decision-making, and which creates custom software, allowing us to tackle some of the world's greatest health threats. Our Technology Centers focus on creating a space where teams can come together to deliver business solutions that save and improve lives. An integral part of our company’s IT operating model, Tech Centers are globally distributed locations where each IT division has employees to enable our digital transformation journey and drive business outcomes. These locations, in addition to the other sites, are essential to supporting our business and strategy. A focused group of leaders in each Tech Center helps to ensure we can manage and improve each location, from investing in growth, success, and well-being of our people, to making sure colleagues from each IT division feel a sense of belonging to managing critical emergencies. And together, we must leverage the strength of our team to collaborate globally to optimize connections and share best practices across the Tech Centers. Role Overview We are seeking an energetic, forward-thinking professional to join our IT Risk Management & Security group in Prague. This technical role serves as an Engineer in the Identity and Access Management (IAM) space with a focus on Privileged Access Management (PAM) and API security. What will you do in this role: Understand divisional and site business system requirements for Privileged Access Management. Must have experience in defining Privileged Access Management platform requirements, designing technical solutions and executing on those designs into a highly available, fault tolerant environment. Understanding of security best practices, administration and governance of Identity and Access Management the products and services including identify and evaluate security gaps. Perform vendor and technology assessments. Recommend improvements, corrections, remediation for projects or internal processes. Advocate secure computing practices and procedures and communicate Information Security and IAM best practices throughout the company. Maintain active and direct interaction with key stakeholders. Working with various technical teams to ensure we maintain high availability and uninterrupted outage of our production environment. Demonstrate ability to stay current with all industry trends/best practices, as well as new product releases so that we can maintain a proactive 3-year systems management roadmap. Ensure all third-party monitoring solutions that are integrated into the Identity & Access Management products are properly documented and function as designed. What should you have: 7+ years of experience with IAM solutions in the area of Privileged Access Management In-depth knowledge of Privileged Access Management solutions (e.g. Delinea Secret Server, CyberArk, BeyondTrust) and typical corporate use-cases and security requirements in this area. Previous work designing / implementing Privileged Access Management services and processes. Strong organizational skills and able to multitask and adjust to changing priorities Ability to work efficiently in a matrixed environment with a global team comprised of company staff, contractors, and vendors Excellent interpersonal, written, and oral communication skills to effectively communicate technical ideas in business- and user-friendly language Strong analytical and problem-solving skills and demonstrable ability to work independently as well as in a team environment Well versed in PAM, PAM in a cloud environment (AWS, Azure, GCP) and standard platforms (Windows, UNIX, Databases), Kubernetes, PowerShell and automation, CI/CD Pipelines Excellent communication skills and interpersonal skills are required. A demonstrated track record of making a difference and adding value. Strong organizational skills with the ability to multi-task. Ability to work and adjust to changing deadlines. Excellent interpersonal, written and oral communication skills with the ability to communicate effectively across all levels of an organization. Able to present technical ideas in business-friendly and user-friendly language Proven analytical, evaluative, and problem-solving abilities Desired Skills & Experience Previous work designing / implementing PAM Solutions (e.g. Delinea Secret Server, CyberArk, BeyondTrust) Hands-on experience with managing a PAM solution, understanding of PAM authentication patterns and typical challenges PAM Enhancements that support company’s strategy roadmap Experience working in a large healthcare environment Demonstrated understanding of Identity-related NIST standards (e.g. 800-63-3) Prior experience with the Our company enterprise environment and business applications Good working knowledge of the ITIL framework Working knowledge and understanding of Remedy for Change, Incident and Knowledge Management CISSP, Security+ or similar industry certification Our technology teams operate as business partners, proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver services and solutions that help everyone be more productive and enable innovation. Who we are: We are known as Merck & Co., Inc., Rahway, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world. What we look for: Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us—and start making your impact today. #HYDIT2025 Current Employees apply HERE Current Contingent Workers apply HERE Search Firm Representatives Please Read Carefully Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. Employee Status: Regular Relocation: VISA Sponsorship: Travel Requirements: Flexible Work Arrangements: Hybrid Shift: Valid Driving License: Hazardous Material(s): Required Skills: Animal Vaccination, Business Partnerships, Cybersecurity, Design Applications, Digital Transformation, Information Security, Information Technology (IT) Risk Management, Information Technology Operations, Management Process, New Product Release, Oral Communications, Privileged Access Management Operations, Security Operations, SLA Management, Social Collaboration, Software Development, Software Development Life Cycle (SDLC), Stakeholder Relationship Management, System Designs, Technical Advice, Technical Solution Development, Technical Solutions, Vulnerability Scanning, Working Independently Preferred Skills: Job Posting End Date: 08/18/2025 A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. Requisition ID: R357897

Job Description English Job Description: Manager, Cybersecurity Engineering, PAM The Opportunity Based in Hyderabad, join a global healthcare biopharma company and be part of a 130- year legacy of success backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare. Be part of an organization driven by digital technology and data-backed approaches that support a diversified portfolio of prescription medicines, vaccines, and animal health products. Drive innovation and execution excellence. Be a part of a team with passion for using data, analytics, and insights to drive decision-making, and which creates custom software, allowing us to tackle some of the world's greatest health threats. Our Technology Centers focus on creating a space where teams can come together to deliver business solutions that save and improve lives. An integral part of our company’s IT operating model, Tech Centers are globally distributed locations where each IT division has employees to enable our digital transformation journey and drive business outcomes. These locations, in addition to the other sites, are essential to supporting our business and strategy. A focused group of leaders in each Tech Center helps to ensure we can manage and improve each location, from investing in growth, success, and well-being of our people, to making sure colleagues from each IT division feel a sense of belonging to managing critical emergencies. And together, we must leverage the strength of our team to collaborate globally to optimize connections and share best practices across the Tech Centers. Role Overview We are seeking an energetic, forward-thinking professional to join our IT Risk Management & Security group in Prague. This technical role serves as an Engineer in the Identity and Access Management (IAM) space with a focus on Privileged Access Management (PAM) and API security. What will you do in this role: Understand divisional and site business system requirements for Privileged Access Management. Must have experience in defining Privileged Access Management platform requirements, designing technical solutions and executing on those designs into a highly available, fault tolerant environment. Understanding of security best practices, administration and governance of Identity and Access Management the products and services including identify and evaluate security gaps. Perform vendor and technology assessments. Recommend improvements, corrections, remediation for projects or internal processes. Advocate secure computing practices and procedures and communicate Information Security and IAM best practices throughout the company. Maintain active and direct interaction with key stakeholders. Working with various technical teams to ensure we maintain high availability and uninterrupted outage of our production environment. Demonstrate ability to stay current with all industry trends/best practices, as well as new product releases so that we can maintain a proactive 3-year systems management roadmap. Ensure all third-party monitoring solutions that are integrated into the Identity & Access Management products are properly documented and function as designed. What should you have: 4+ years of experience with IAM solutions in the area of Privileged Access Management In-depth knowledge of Privileged Access Management solutions (e.g. Delinea Secret Server, CyberArk, BeyondTrust) and typical corporate use-cases and security requirements in this area. Previous work designing / implementing Privileged Access Management services and processes. Strong organizational skills and able to multitask and adjust to changing priorities Ability to work efficiently in a matrixed environment with a global team comprised of company staff, contractors, and vendors Excellent interpersonal, written, and oral communication skills to effectively communicate technical ideas in business- and user-friendly language Strong analytical and problem-solving skills and demonstrable ability to work independently as well as in a team environment Well versed in PAM, PAM in a cloud environment (AWS, Azure, GCP) and standard platforms (Windows, UNIX, Databases), Kubernetes, PowerShell and automation, CI/CD Pipelines Excellent communication skills and interpersonal skills are required. A demonstrated track record of making a difference and adding value. Strong organizational skills with the ability to multi-task. Ability to work and adjust to changing deadlines. Proven analytical, evaluative, and problem-solving abilities Excellent interpersonal, written and oral communication skills with the ability to communicate effectively across all levels of an organization. Able to present technical ideas in business-friendly and user-friendly language Desired Skills & Experience Previous work designing / implementing PAM Solutions (e.g. Delinea Secret Server, CyberArk, BeyondTrust) Hands-on experience with managing a PAM solution, understanding of PAM authentication patterns and typical challenges PAM Enhancements that support company’s strategy roadmap Experience working in a large healthcare environment Demonstrated understanding of Identity-related NIST standards (e.g. 800-63-3) Prior experience with the Our company enterprise environment and business applications Good working knowledge of the ITIL framework Working knowledge and understanding of Remedy for Change, Incident and Knowledge Management CISSP, Security+ or similar industry certification Our technology teams operate as business partners, proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver services and solutions that help everyone be more productive and enable innovation. Who we are: We are known as Merck & Co., Inc., Rahway, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world. What we look for: Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us—and start making your impact today. #HYDIT2025 Current Employees apply HERE Current Contingent Workers apply HERE Search Firm Representatives Please Read Carefully Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. Employee Status: Regular Relocation: VISA Sponsorship: Travel Requirements: Flexible Work Arrangements: Hybrid Shift: Valid Driving License: Hazardous Material(s): Required Skills: Animal Vaccination, Business Partnerships, Cybersecurity, Design Applications, Digital Transformation, Information Security, Information Technology (IT) Risk Management, Information Technology Operations, Management Process, New Product Release, Oral Communications, Privileged Access Management Operations, Security Operations, SLA Management, Social Collaboration, Software Development, Software Development Life Cycle (SDLC), Stakeholder Relationship Management, System Designs, Technical Advice, Technical Solution Development, Technical Solutions, Vulnerability Scanning, Working Independently Preferred Skills: Job Posting End Date: 08/18/2025 A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. Requisition ID: R357899

Job Description: GRC Analyst Location: Delhi/NCR (Hybrid Work Model) Position Overview: We are seeking a dynamic and skilled GRC (Governance, Risk, and Compliance) Consultant to join our team. The ideal candidate will be ISO 27001 Lead Implementer Certified and possess extensive knowledge of various GRC frameworks. The candidate should have exceptional communication skills, be highly presentable, and have the ability to interact with clients at all levels. This role offers a hybrid work model, allowing a mix of remote work and on-site visits as well Key Responsibilities: • Governance and Compliance: • Assist organizations in designing, implementing, and maintaining robust GRC frameworks tailored to business needs. • Ensure compliance with ISO 27001 standards and other relevant industry regulations. • Develop and review policies, procedures, and risk management strategies. • Risk Management: • Conduct risk assessments and gap analyses to identify potential security and compliance risks. • Recommend risk mitigation strategies and monitor their implementation. • Audits and Assessments: • Prepare and lead clients through internal and external compliance audits. • Provide support during third-party audits and assessments. • Client Interaction: • Engage with clients to understand their specific GRC needs and offer tailored solutions. • Deliver presentations, training, and workshops to educate clients on GRC best practices. • Reporting and Documentation: • Create detailed reports and dashboards to provide insights into the organization’s compliance posture. • Maintain thorough documentation to support audits and ongoing compliance efforts. Required Qualifications and Skills: • Certification: ISO 27001 Lead Implementer Certified (Mandatory). • Knowledge of Frameworks: Comprehensive understanding of major GRC frameworks such as NIST, COBIT, GDPR, HIPAA, PCI DSS, and SOC 2. • Communication: Exceptional verbal and written communication skills in English. • Presentation Skills: Ability to present ideas and solutions clearly and professionally to diverse audiences. • Technical Skills: Familiarity with GRC tools and technologies is a plus. • Analytical Mindset: Strong analytical and problem-solving abilities to address complex compliance challenges. • Flexibility: Comfortable working in a hybrid environment and traveling to client locations within Delhi/NCR as required. Desired Traits: • Self-motivated and proactive approach to work. • Strong team player with the ability to work independently when needed. • Proven ability to manage multiple clients and projects simultaneously. Job Details: • Type: Full-time • Location: Delhi/NCR (Hybrid – Work from home with site visits as needed) • Compensation: Competitive salary based on experience and expertise.

About Providence Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services. Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US. Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale. Why Us? Best In-class Benefits Inclusive Leadership Reimagining Healthcare Competitive Pay Supportive Reporting Relation Cybersecurity at Providence is responsible for appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients) What will you be responsible for? Responsible for driving automation with Providence Enterprise security tools and services to bring in process efficiency and improvements in cyber security teams. Driving security automation workflows and build automation to bring impact in everyday workflows in threat management, security incident response and security operations teams. Identify scope for automation that improves security best practices and implement process workflows that strengthen the overall security posture. Participate in all Security operation and engineering meetings, including design, implementation, and identify scope for automation wherever needed in the overall workflow. Troubleshoot, debug, and optimize existing and new automation code/scripts and stay ahead of with cyber threats in healthcare and overall threat landscape and attack methods in cyber security industry. What would your work week look like? Collaborate with cross-functional teams and engage in building process and tool automation opportunities in threat and cyber incident response. Constantly look for healthcare-oriented threats and risks and build automation workflows using enterprise tools for alerting and response. Work in XSOAR automation tool to create new or review/optimize existing automation workflows. Identify and implement SOAR automation use cases that aligns with industry standard frameworks such as NIST, CIS and Providence information security policies etc. Set-up regular meetings with stakeholders to show progress of SOAR automation use cases and automation use cases implemented with applicable metrics. Clearly communicate security automation roadmap, backlog, and team updates across the organization. Who are we looking for? Bachelor’s degree in related filed, to include computer science, cyber security or equivalent combination of education and experience. 4-8 years of relevant post-qualification experience, with at least 3 years of proven experience in building automation workflows using SOAR for security engineering and security operation functions. Solid understanding of building or writing automation scripts using Python, PowerShell or any other scripting language. Hands-on experience in any vendor SOAR automation tool- Palo alto XSOAR preferred. Solid understanding in building secure API integration with industry standard EDR, SIEM, firewall and vulnerability management tools. Good understanding in implementing automation best practices and workflows- Secure key management and rotation, efficient resource handling etc. Understanding of AI and Large Learning Models (LLMs) and ability to leverage them to build security automation workflows. Familiarity with cloud native solutions, application containerization and container orchestration (Docker, Kubernetes), Infrastructure as Code (IaC), helm charts and YAML template configuration. Scripting or programming understanding with Shell scripting, Power Shell, KQL, CQL query languages is desirable. Providence’s vision to create ‘Health for a Better World’ aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct. Contact our Integrity hotline also, read our Code of Conduct.

TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers’ compensation insurance. TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you’re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients’ business success with extraordinary HR. Don't meet every single requirement? Studies have shown that many potential applicants discourage themselves from applying to jobs unless they meet every single requirement. TriNet always strives to hire the most qualified candidate for a particular role, ensuring we deliver outstanding results for our small and medium-size customers. So if you're excited about this role but your past experience doesn't align perfectly with every single qualification in the job description, nobody’s perfect – and we encourage you to apply. You may just be the right candidate for this or other roles. The Manager, Security-Compliance will be responsible for assuring information security and managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes. On a day-to-day, there will be responsibility to manage activities of a team, including research, analysis and documentation, evidence gathering and documenting compliance requirements. Essential Duties/Responsibilities Establishes, implements, and maintains information assurance programs, requirements, and standards based on the analysis of user, policy, regulatory, and resource demands Conducts compliance assessments of planned and implemented information systems Aligns NIST CSF framework requirements with business company processes to assist company stakeholders with determining appropriate controls, test steps, evidence collection, and documentation of risks associated with gaps to defined controls Authors and/or updates standards or documentation to align with company and regulatory guidelines Assists in facilitating audit requests by interfacing between control owners and auditors Assists with responding to customer security questionnaires Advises security administrators on normal and exception-based processing of security authorization requests Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes Works within the information security governance process to define control recommendations that are both efficient and effective Identifies, reports, and resolves security violations Job Requirements and Qualifications Education: Bachelor’s degree in Business, Computer Science, Finance, or other related business discipline preferred or equivalent work experience Training Requirements (licenses, programs, or certificates) : Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or equivalent are highly desirable Experience: 10+ years of experience in technology / IT audit or regulatory compliance role 3+ years of management experience Other Knowledge, Skills and Abilities Knowledge of information security management frameworks (e.g., NIST CSF, NIST 800-53, HIPAA, COBIT, etc.) Ability to understand and articulate security risks, as well as propose solutions and/or mitigate controls Familiar with Microsoft suite of security tools such as Purview, Sentinel, Defender and Entra Excellent written and verbal communication skills, interpersonal and collaborative skills An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one An ability to effectively influence others to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication Minimal travel required. Work Environment Work in a clean, pleasant, and comfortable office work setting. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable persons with disabilities to perform the essential functions. This position is 100% in office. Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity. TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact India.Careers@trinet.com to request such an accommodation.

Description Sr Info Security Risk Analyst I - (Hiring Across Multiple Regions) Syneos Health® is a leading fully integrated biopharmaceutical solutions organization built to accelerate customer success. We translate unique clinical, medical affairs and commercial insights into outcomes to address modern market realities. Every day we perform better because of how we work together, as one team, each the best at what we do. We bring a wide range of talented experts together across a wide range of business-critical services that support our business. Every role within Corporate is vital to furthering our vision of Shortening the Distance from Lab to Life®. Discover what our 29,000 employees, across 110 countries already know. WORK HERE MATTERS EVERYWHERE Why Syneos Health We are passionate about developing our people, through career development and progression; supportive and engaged line management; technical and therapeutic area training; peer recognition and total rewards program. We are committed to our Total Self culture – where you can authentically be yourself. Our Total Self culture is what unites us globally, and we are dedicated to taking care of our people. We are continuously building the company we all want to work for and our customers want to work with. Why? Because when we bring together diversity of thoughts, backgrounds, cultures, and perspectives – we’re able to create a place where everyone feels like they belong. Job Responsibilities This role is open to candidates based in the following locations: Belgrade, Serbia (Hybrid) Czech Republic: Prague (Hybrid) Spain: Barcelona (Hybrid), Madrid (Hybrid) Hungary: Budapest (Hybrid) Poland: Warsaw (Hybrid) India: Hyderabad (Hybrid) Argentina: Buenos Aires (Hybrid) JOB RESPONSIBILITIES Serves as a member of the working team for Risk Management within the Governance, Risk, and Assurance (GRA) function. Evaluates and manages security exception requests, ensuring compliance with security standards and mitigating associated risks. Conducts information security risk assessments of internal processes, and IT solutions as an information security risk subject matter expert. Prepares security exception risk profile and reports to relevant stakeholders. Collaborates with cross-functional teams to ensure risk management practices align with business objectives and compliance requirements. Identifies, analyzes, assesses, monitors, and tracks risks in the information security risk register. Monitors, tracks, and manages risk mitigations and exceptions to ensure cyber security policies and standards are established, implemented, and followed. Collaborates with internal stakeholders (Security Operations, Technology Solutions, Privacy, Regulatory & Compliance, etc.) as part of the risk management program. Participates in ad-hoc, non-systematic risk assessment requests. Stays updated with the latest cybersecurity trends, emerging threats, and industry developments to provide proactive risk mitigation recommendations. QUALIFICATION REQUIREMENTS Bachelor’s degree in computer science, Information Security, or a related field is required. Relevant certifications such as CISSP, CRISC, or ISO 27001 auditor will be considered as a plus. Minimum 3 years’ experience working as an Information Security Risk Analyst or in a similar role focused on information security risk management. Possess strong process knowledge, and ability to design and/or improve risk management processes. Experience in utilizing tools for risk profile data collection is desirable. Good knowledge of cybersecurity principles, governance, and regulatory compliance Deep understanding of risk assessment methodologies, vulnerability management, and security control frameworks (e.g., NIST RMF and CSF, ISO 27001, COBIT) Familiarity with security controls, technologies, and best practices to mitigate cyber risks. Proficient in Microsoft Office (Excel, PowerPoint, Word) Demonstrate sound judgment and decision-making skills when dealing with complex cybersecurity risks. Strong communication and interpersonal skills to collaborate effectively with cross-functional teams and stakeholders. Ability to work independently as well as collaboratively in a team environment, prioritize tasks, and manage time effectively. Excellent analytical and problem-solving skills. #LI-VM1 Get to know Syneos Health Over the past 5 years, we have worked with 94% of all Novel FDA Approved Drugs, 95% of EMA Authorized Products and over 200 Studies across 73,000 Sites and 675,000+ Trial patients. No matter what your role is, you’ll take the initiative and challenge the status quo with us in a highly competitive and ever-changing environment. Learn more about Syneos Health. http://www.syneoshealth.com Additional Information Tasks, duties, and responsibilities as listed in this job description are not exhaustive. The Company, at its sole discretion and with no prior notice, may assign other tasks, duties, and job responsibilities. Equivalent experience, skills, and/or education will also be considered so qualifications of incumbents may differ from those listed in the Job Description. The Company, at its sole discretion, will determine what constitutes as equivalent to the qualifications described above. Further, nothing contained herein should be construed to create an employment contract. Occasionally, required skills/experiences for jobs are expressed in brief terms. Any language contained herein is intended to fully comply with all obligations imposed by the legislation of each country in which it operates, including the implementation of the EU Equality Directive, in relation to the recruitment and employment of its employees. The Company is committed to compliance with the Americans with Disabilities Act, including the provision of reasonable accommodations, when appropriate, to assist employees or applicants to perform the essential functions of the job. Summary This role is open to candidates based in the following locations:- Belgrade, Serbia (Hybrid)- Czech Republic: Prague (Hybrid) - Spain: Barcelona (Hybrid), Madrid (Hybrid)-Hungary: Budapest (Hybrid) -Poland: Warsaw (Hybrid)-India: Hyderabad (Hybrid) -Argentina: Buenos Aires (Hybrid)Are you passionate about cybersecurity and ready to make a significant impact? We are looking for a talented Information Security Risk Analyst to join our dynamic team at Syneos Health. If you have a keen eye for detail, a deep understanding of security control frameworks, and a drive to stay ahead of the evolving threat landscape, we want to hear from you!

Policy Development & Documentation 1. 1. Draft, review, and maintain comprehensive information and Cyber security policies. Develop/review procedures to ensure they are aligned with the policy. 2. 2. Ensure policies are aligned and adhered with industry standards (e.g., ISO 27001, NIST, GDPR) Stakeholder Engagement 1. Collaborate with IT, legal, compliance, and business units to gather requirements and feedback. The policies have to be framed keeping in mind the context of the organization, hence experience of handling information security policies in a large organization with diverse business areas would be a added advantage. 2. Facilitate policy approval and endorsement from leadership. Regulatory & Standards Compliance 1. Ensure policies meet legal, regulatory, and contractual obligations. 2. Monitor changes in regulations and update policies and compliance check sheets Policy Communication & Training 1. Support awareness campaigns and training programs to promote policy understanding. 2. Ensure employees and contractors are informed of their responsibilities and compliance

Job Information Date Opened 07/18/2025 Job Type Full time City Saidapet State/Province Tamil Nadu Country India Zip/Postal Code 600096 Industry Technology Job Description Job Title: Cybersecurity Consultant Job Summary: The Cybersecurity Consultant is responsible for evaluating and strengthening the organization's cybersecurity posture across systems, networks, and user environments. This role involves conducting detailed audits, delivering threat intelligence and analysis, and developing incident response improvement plans. The consultant ensures that all cybersecurity practices align with national regulations and industry standards, helping the organization mitigate risks and maintain robust digital resilience. Key Responsibilities: Cybersecurity Audits & Assessments: Perform in-depth audits of IT systems, network infrastructure, and user access controls. Identify vulnerabilities, misconfigurations, and compliance gaps. Provide actionable recommendations to enhance security posture. Threat Analysis & Intelligence: Monitor and analyze emerging cyber threats and attack vectors. Conduct forensic investigations and root cause analysis of security incidents. Develop threat models and risk assessments to inform security strategies. Incident Response & Recovery Planning: Design and implement incident response frameworks and playbooks. Collaborate with internal teams to improve detection, containment, and recovery capabilities. Conduct post-incident reviews and update response protocols accordingly. Compliance & Regulatory Alignment: Ensure cybersecurity practices comply with national regulations and standards (e.g., NIST, ISO 27001, GDPR). Prepare documentation and reports for audits and regulatory reviews. Support certification and accreditation processes. Security Architecture & Best Practices: Advise on secure system and network architecture design. Promote adoption of best practices in identity management, encryption, and endpoint protection. Support implementation of Zero Trust and other modern security models. Training & Awareness: Conduct cybersecurity awareness sessions for employees and stakeholders. Develop training materials and simulate phishing or breach scenarios. Foster a culture of security across the organization. Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Information Security, Computer Science, or related field. Professional certifications such as CISSP, CISM, CEH, or equivalent. Proven experience in cybersecurity consulting, threat analysis, and incident response. Strong understanding of security frameworks, regulatory requirements, and risk management Excellent analytical, communication, and problem-solving skills. 8-12 years of relevant experience in IT Requirements We request the provision of the following resources on a priority basis for an upcoming engagement. These consultants are expected to operate independently as Subject Matter Experts (SMEs) within their respective domains, demonstrating proficiency across multiple technologies. The assignment will be on-site and is expected to extend for more than 12 months. The client will provide all the necessary logistical support required for the on-site deployment. We are looking forward to your confirmation and your support in mobilising these resources. City within KSA - Job will be based in Jeddah, but the resources need to go Makkah and Madina as and when needed

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech - Manager - IT Internal Controls The opportunity: your next adventure awaits. Are you a tech-savvy professional with a risk mindset who is passionate about building a better working world through the power of people, technology, and innovation? We have an incredible opportunity for you to join our dynamic Protech Tech team and make a real impact in the rapidly evolving world we live in. Within Risk Consulting, you will focus in the areas of areas of IT Risk Management, IT SOX, IT Regulatory Compliance, IT Audits, IT and Digital Transformations (including ERP and Cloud transformations), while enabling technology to better manage risk. As a member of our team, you will have the chance to work with industry leaders and help transform businesses by tackling the most complex challenges with our clients. This is client-facing role in a rapidly growing practice, where you’ll build client relationships with key stakeholders, including management executives for some of the most globally recognized brands. It makes this the perfect place to gain a deeper understanding of complex businesses transactions, all the while recommending solutions to some of the most pressing business challenges and process inefficiencies. You will also team up with our global professionals in multidisciplinary engagements, helping major global clients transform and sustain business performance. You will be leveraging emerging technologies like AI, ML, to build and enhance new solutions and actively work in building multiple tools and assets for efficient and effective client delivery. By plugging into our market-leading global network, you'll gain the experience you need to become an exceptional IT Risk Advisor Key responsibilities The purpose of this role will be to supervise delivery, provide technical and project leadership to your team members, as well as build relationships with clients. While delivering quality client services and enabling high-performing teams, you will drive high-value work products within expected timeframes and budget. You will monitor progress, manage risks and ensure key stakeholders are kept informed about progress and expected outcomes. Additionally, you will: Understand client’s challenges and industry related issues and offer solutions in the areas of IT Risk. Participate in go to market, create proposals and respond to RFPs, client orals etc. Identify opportunities for cross-selling to current clients/introduce colleagues from other service lines. Travel to client locations (India and abroad) for meetings, conduct workshops, walkthrough sessions, trainings etc. for existing and new clients. Jointly lead global account relationships along with onshore, manage engagement deliveries, quality and drive the growth agenda on accounts. Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Manage a team of Seniors and Staffs (across geographies) for delivery of engagements across clients. Foster an innovative and inclusive team-oriented work environment. Play an active role in counselling and mentoring junior consultants within the firm. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Assist with cultivating and managing business development opportunities. Understand EY and its service lines and actively assess/present ways to serve clients. Skills and attributes for success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 5-7 years of related work experience At least 3-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job Description Job Title: Cyber Security Expert Location: Noida Department: IT Operations Job Summary: Security Expert will manage the planning, implementation, and continuous enhancement of Avaada's cybersecurity program, including the establishment of a Security Operations Centre (SOC), modernization of tools and controls, policy upgrades, and alignment with global standards like ISO 27001:2022 and NIST. The role encompasses end-to-end responsibility across cybersecurity operations, strategictooling, governance, cloud, OT/ICS, and compliance. Key Responsibilities: Security Operations Centre (SOC) Setup & Management Design, plan, and manage the Security Operation Centre (SOC) aligned with business needs. Define log sources, event flows, SIEM integration points, and threat intelligence feeds. Develop operational playbooks, escalation workflows, shift schedules, and knowledge base documents. Implement SOC KPIs (MTTD, MTTR, False Positive Rates, etc.) and periodic SOC effectiveness reviews. Coordinate with IT, network, and cloud teams for 24/7 monitoring enablement. Perform ongoing tuning of correlation rules, alerts, and response procedures. Support audits by ensuring SOC processes are documented and control evidence is maintained. Cybersecurity Operations Management Manage threat detection, incident response, vulnerability remediation, and endpoint protection. Oversee daily security alerts, logs, and forensic investigations using existing platforms. Track zero-day threats, malware trends, and APT behavior impacting the renewable energy sector. Coordinate triage of cyber incidents and manage incident response teams during escalations. Manage KPIs for threat detection, incident closure, and endpoint compliance across locations. Security Strategy, Roadmap & Modernization Prepare and maintain Avaada’s Cybersecurity Roadmap with quarterly, half yearly and annual goals. Identify security gaps, outdated tools, or manual processes for modernization or automation. Benchmark current posture against global security trends, risks, and industry best practices. Coordinate with leadership for board-level reporting and long-term security investment planning. Ensure alignment of the roadmap with IT initiatives, OT expansion, and cloud-first transformation. Infrastructure, Cloud & Identity Security Ensure infrastructure and cloud services follow secure-by-design principles. Implement and monitor identity and access controls across cloud infrastructure and internal tools. Review firewall policies, VPN configurations, and segmentation zones for security gaps. Collaborate with cloud architects to align workloads with CIS Benchmarks and cloudnative controls. Enforce identity lifecycle management and privileged access workflows. OT/ICS & Plant Cybersecurity Manage cyber risk assessments for OT environments, SCADA systems, and substations. Oversee segmentation between IT and OT networks (e.g., firewalls, DMZ, whitelisting). Coordinate security hardening and asset inventory for field-level equipment. Implement monitoring tools for critical energy infrastructure events and access. Ensure physical security controls integrate with cybersecurity systems where feasible. Plan cybersecurity drills and simulations for plant-level scenarios. Awareness & Cyber Hygiene Conduct ongoing cybersecurity training, phishing simulations, and e-learning modules. Regularly update content based on real-world threats and incidents. Track and report user participation, risk scores, and improvement areas. Promote a security-first culture across employees, vendors, and partner ecosystems. Run executive awareness sessions to foster top-down risk ownership. Qualifications & Skills: Bachelor's/Master’s degree in IT, Computer Science, or a related field. 10+ years of experience in Cyber Security with At least 5 years in a cybersecurity leadership or specialist role, managing teams, SOC operations, or enterprise-wide security programs. Certifications : Either 2 or more of the following o CISSP o CISM o CEH o CCSP Strong understanding of o Enterprise security architecture and secure network design o Security tools (SIEM, XDR, SOAR, UEBA, PAM) o Cloud Security Experience with Cloud security OT/ICS/SCADA cybersecurity (preferred in energy/renewable sector) is a plus Proven experience in o Managing cybersecurity frameworks (ISO/IEC 27001, NIST CSF, CIS) o Threat detection and response (SOC, SIEM, SOAR) o Endpoint, cloud, and application security controls Excellent problem-solving, communication, and leadership skills. Job Snapshot Updated Date 19-07-2025 Job ID AvaadaJob1015 Department Information Technology Location Noida 62, Noida, Uttar Pradesh, India Experience 7 - 15 Years Employee Type Permanent

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. About the job As a global leader in assurance, tax, transaction and advisory services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom. At EY, we don't just focus on who you are now, but who you can become. We believe that it’s your career and ‘It’s yours to build’ which means potential here is limitless and we'll provide you with motivating and fulfilling experiences throughout your career to help you on the path to becoming your best professional self. About EY-Parthenon EY-Parthenon is a leading global strategy consulting organization, providing deep sector expertise and strategic insights to help clients navigate complex business challenges. We offer a dynamic work environment that fosters innovation and growth, with a strong emphasis on client impact and personal development. Within SaT – EY Parthenon, the Transaction Strategy and Execution team services clients with a full range of hands-on, operationally focused support and advice across the transaction life cycle, across buyers and sellers. We cover a wide range of operational aspects, including divestiture advisory services, carve-out readiness and support, operational due diligence, synergy assessment and delivery, day-one readiness assessment, 100- day planning, integration process support, carve-out/stand-alone costs assessment and risks, and cost reduction. Our professionals work on transactions and business development across the globe. GDS SaT – Transaction Strategy and Execution – Deal Tech - IT Infrastructure - Manager, India The Opportunity EY-Parthenon’s GDS Transaction Strategy and Execution (TSE) Technology team helps clients with IT-related aspects of M&A transactions: IT diligence: EY-Parthenon professionals evaluate a target's IT infrastructure & Cyber security to help clients assess its attractiveness. Deal tech: The TSE Technology team assesses the technology ecosystem and its role in M&A transactions. Infrastructure: Managing IT due diligence, sign-to-close, and post-integration activities from an IT Infrastructure perspective EY-Parthenon’s GDS TSE Technology professionals help clients navigate transaction risk and increase value from the beginning of a deal to its execution. This role requires prior expertise in managing complex IT integrations, separations, and transitions during mergers, acquisitions with extensive knowledge of IT systems, Datacentre, Cloud, Networking, Microsoft 365 and IT Security. Key Responsibilities Manage large to mid-sized engagements or workstreams of large engagements that help our clients solve some of their most pressing issues during transaction lifecycle. Support key decision makers in developing and executing their transaction strategy to secure deal value. Lead projects that span one or more IT Infrastructure (Hosting, Network, Digital Workplace, Messaging & Collaboration, Active Directory, Service Excellence) and cyber security (identifying vulnerabilities, risks, and gaps) functions in both deal and non-deal environments. Manage engagements, problem-solve, facilitate, ensure engagement success, and quality in delivery, Establish regular connectivity and reporting to the regional TSE partners. Build relationships with EY offices across the globe. Responsible for high degree of GDS user satisfaction with engagement processes and work products Assist in business development activities, including preparing internal materials, GTM content and presentations for client and internal pursuit meetings, engage on larger SaT projects and pitch for potential technology interventions. Ability to analyse the evolving market environment and build solutions / services to cater to the same. Develop Point of View documents and support business development initiatives Provide insights and observations based on technology, industry and functional knowledge and best practices. Leverage expertise in transactions, synergy assessments, and deal implementation on transactions related projects Conduct IT due diligence to assess the IT infrastructure of target companies, including hardware, software, networks, datacentres, and cybersecurity. Develop IT integration plans and roadmaps that align with the overall deal strategy and business objectives. Collaborate with cross-functional teams to ensure seamless IT integration during the sign-to-close phase. Manage the execution of IT integration projects, ensuring they are completed on time, within budget, and to the required quality standards. Identify risks and issues related to IT infrastructure during the deal process and develop mitigation strategies. Provide expertise in IT infrastructure optimization and consolidation post-deal closure. Lead IT infrastructure transitions during M&A, including cloud and datacentre migration, network integration, and identity management, ensuring minimal disruption and security compliance. Oversee Microsoft 365 migration, service desk consolidation, and IT monitoring to enable seamless post-transaction operations. Establish and maintain communication with key stakeholders to provide updates on project status and resolve any concerns. Ensure compliance with regulatory requirements and company policies throughout the deal process. Document lessons learned and best practices to improve future IT deal processes Skills and attributes for success Business and Commercially Driven - work in a fast-paced, exciting environment with strong business acumen to drive value to our clients Capability Development - contribute to our practice development initiatives, supporting the continued focus on our team as a great place to work Learning - learn and develop technical and personal skills to support achievement of career goals, through a blend of structured learning, coaching and experiences Building Relationships - cultivate strong working relationships with clients and support to key decision makers To qualify for the role, you must have A post Graduate degree in business management from a premier institute with 5-8 years of applicable consulting experience At least 4 years of experience in Transaction Strategy, Technology Strategy or Technology Transformation in a top tier consulting firm Lead large IT project execution experience with in-depth knowledge of IT project life cycles. Broad knowledge and deep understanding of one or more technical areas such as Infrastructure and Network, Cyber Security Framework (e.g., NIST, ISO 27001, GDPR, HIPAA), Solution Architecture / Pre-Sales, IT Contracts Management, Enterprise Architecture, Cloud / On-premise Technology etc. Experience in Technology aspects of Transaction lifecycle during Mergers, Acquisitions, Divestitures, and Carveouts. Due Diligence: Working experience in Due Diligence, particularly IT Due Diligence, Cyber Diligence, and Technology Diligence. Post-Deal transaction lifecycle: Working experience in post-deal lifecycle for Sell and Separate and Buy and Integrate transactions: Separation / Integration planning, Standalone models and Costing, Infrastructure Separation, Cutover Management, TSA Costing and Exit, Day-1 planning, and Logical Separation Technology Strategy: Experience in Technology Cost optimization, Technology Business Management, IT Budget forecasting, IT Chargeback, Cloud Economics, Cloud Financial Management, IT Value realization, IT Org sizing Experienced in Business Development activities such as RFPs, opportunity pursuits, winning large to mid-sized deals Strong leadership and team management abilities, with experience in building and motivating high-performing teams Exceptional communication and interpersonal skills, with the ability to engage and influence stakeholders at all levels Good to have relevant certifications (e.g., AWS/Azure/GCP Solution Architect, PMP, ITIL, MCSE, CCNA) What you can look for A Team of people with commercial acumen, technology experience and enthusiasm to learn new things in this fast-moving environment An opportunity to be a part of market-leading, multi-disciplinary team of 3,500+ professionals Opportunities to work with EY SaT practices globally with leading businesses across a range of industries What We Offer EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Poland and the UK – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career. Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next. Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Site Name: Bengaluru Luxor North Tower Posted Date: Jul 14 2025 Support the Supplier Cyber Risk and Assurance processes for all business units and support functions across GSK, to ensure cyber security risks that may be introduced by third-parties are understood, managed or mitigated Key Responsibilities Conduct comprehensive supplier cybersecurity assessments and generate detailed reports, ensuring alignment with up-to-date departmental procedures and industry best practices. Continuously develop and enhance the third-party risk management process framework for security risk, incorporating the latest standards, procedures, emerging technologies, and AI-driven insights. Review and analyse supplier security practices through questionnaires, audits, scans and assessments to ensure compliance with company cyber security standards. Coordinate and respond to security incidents involving suppliers, including investigation, mitigation, and reporting. Examine supplier contracts to ensure they include necessary security clauses and negotiate terms to address identified risks. Provide clear and effective support to internal third-party relationship owners and external third-party representatives, facilitating accurate responses to the security risk assessment questionnaire. Collaborate closely with Legal, Procurement teams to ensure the inclusion of robust security and privacy clauses in third-party contracts, in line with current regulatory and industry requirements. Accurately interpret third-party responses to assessment questionnaires, using AI and automation tools to translate them into concise and actionable risk exposure reports for internal stakeholders. Work with internal third-party relationship owners and external third-party representatives to recommend and implement effective cyber security controls to mitigate risks to GSK. Ensure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes Deliver ongoing training and awareness programs related to the supplier cyber risk and assurance process, keeping pace with the latest industry trends and threats. Aggregate and distribute periodic program metrics and dashboards, leveraging advanced analytics and reporting tools. Provide expert consultancy and subject matter expertise (SME) support in conducting security posture assessments, as part of continuous monitoring or post-breach scenarios, ensuring that suppliers maintain robust and up-to-date security controls with the assistance of AI and automation technologies. Ability to Perform detailed assessments of AI-enabled tools to identify potential risks related to compliance, security, bias, and ethical considerations. Ability to evaluate the service specific AI risks, brainstorming of the changing landscape of the AI like Gen AI & Agentic AI to provide assessment questionnaires inputs. Develop and implement strategies to mitigate identified risks in AI tools. Evaluate tools for vulnerabilities, including data privacy, algorithmic transparency, and unintended consequences. General Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc. Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products Security Certification: Preferred Security Certifications: CISSP, CISM, CISA, CTPRA, CTPRP, CRISC, ISO27001: 2022 LA & LI, ISO42001 AI. Understanding of relevant regulations and compliance standards GDPR, HIPAA, PCI-DSS etc Practical experience with third-party risk management tools such as Archer, OneTrust, Certa, CyberGRX, UpGuard, and ServiceNow is highly preferred. Sound knowledge in Power BI, Tableau, Excel advanced features. Prior experience in conducting cyber-Security risk assessments and 3rd party security and data privacy assessments. Ensuring 3rd parties adhere to data protection laws and best practices for safeguarding sensitive information. Strong analytical skills to identify, evaluate, and prioritize potential cyber risks from suppliers. Understanding of cybersecurity principles, tools, and technologies used to protect against threats. Proficiency in documenting cyber security findings, creating reports, and presenting recommendations to management. Preparedness to coordinate and respond to cyber security incidents involving suppliers. Expertise in reviewing and negotiating supplier contracts to ensure they include necessary security clauses. Stakeholder/ internal business management experience Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork Extensive experience in designing and developing security policies, processes, standards, and contracts. Strong understanding of inherent and residual risks, as well as expertise in risk assessment methodologies. Work with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles. Exposure to any GRC technologies to conduct cyber risk management Strong understanding of AI systems, machine learning, and data analytics. Knowledge of relevant regulations, standards, and ethical frameworks related to AI. Good theoretical knowledge of Application programming and security, Machine Learning OWASP, Big Data, AI Production Environment like Kubernetes. Knowledge of DevSecOps will be a plus. Technical/Functional (Line) Expertise Experience in evaluating third parties for the presence of fundamental information security controls. Experience conducting risk assessments and applying concepts of inherent and residual risk in order to draw appropriate conclusions and articulate the same to non-technical audiences. Ability to effectively negotiate appropriate remediation of security gaps with third party representatives to ensure protection of GSK information. Leadership Influencing action across various business lines and geographies to achieve program objectives. Ability to effectively manage conflicting priorities in alignment with overall business and departmental strategies. Developing strong relationships with leaders of complementary programs (e.g. Procurement, Legal, Ethics & Compliance) to ensure harmonization. Decision-making and Autonomy Operates autonomously in the execution of the third-party security risk program framework. Serves as central point-of-contact for evaluating security risks associated with all third-party engagements. Recommends and agrees with Line Manager the need for shifts in program strategy. Interaction Excellent project management skills to effectively balance unexpected and conflicting priorities as they arise Experience operating effectively across matrixed organizations Intercultural sensitivity Innovation Understand innovations and evolving best practices amongst industry practitioners of third-party security risk management to continually mature GSK’s program. Ability to apply innovative approaches to balancing business constraints with program goals to identify win-win solutions. Complexity Global SME role, but with coordination to the global third-party program. Operate across geographies and across business lines. Collaborate effectively with relevant third parties and managed service provider. Skills Identity Access Management (IAM), Risk Assessments, Risk Management, Risk Management Framework, Security Architecture Design, Security Compliance, Security Policies, Security Risk, Vulnerability Management Why GSK? Uniting science, technology and talent to get ahead of disease together. GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology). Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together. Important notice to Employment businesses/ Agencies GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site. It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way. GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable. If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.

All roles at JumpCloud are Remote unless otherwise specified in the Job Description. About JumpCloud JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud®, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform. JumpCloud® is IT Simplified. About the Role: We are seeking a Staff Product Manager with deep expertise in AI, Data Science, and Cybersecurity to lead the development of a transformative Security Data Fabric and Exposure Management Platform (ISPM, ITDR etc). In a world of siloed security tools and scattered data, your mission is to turn data chaos into clarity—helping organizations see, understand, and act on their cyber risk with precision and speed. The JumpCloud access and authentication team is changing the way IT admins and users authenticate to their JumpCloud managed IT resources for a frictionless experience to get work done. The days of the traditional corporate security perimeter are over. Remote work – and the domainless enterprise – are here to stay. As such, we believe securing all endpoints is at the crux of establishing trust, granting resource access, and otherwise managing a modern workforce. Our Cloud Directory Platform supports diverse IT endpoints from devices, SSO applications, infrastructure servers, RADIUS, and LDAP is making it easy for IT admins to manage the authentication required from MFA to zero trust using conditional access based on Identity Trust, Network Trust, Geolocation Trust, and Device Trust based on X509 certificates. If you want to build on this success and drive the future of authentication at JumpCloud come join us. You’ll be at the forefront of designing a next-generation data platform that: Creates a Security Data Fabric to unify signals from across the attack surface Uses AI to resolve entities and uncover hidden relationships Drives real-time Exposure Management to reduce risk faster than adversaries can act You will be responsible for: Define and drive the product strategy for the Security Data Fabric and Exposure Management platform (ISPM, ITDR etc) , aligned with customer needs and business goals Engage with CISOs, security analysts, and risk leaders to deeply understand pain points in exposure management and cyber risk visibility. Translate strategic objectives into clear, actionable product requirements that leverage AI/ML and data science to unify and contextualize security signals Collaborate closely with engineering, data science, UX, sales, and security research to deliver scalable and performant solutions Champion a data-centric mindset—shaping features like entity resolution, risk scoring, and automated remediation workflows powered by advanced analytics Champion a data-centric mindset—shaping features like entity resolution, risk scoring, and automated remediation workflows powered by advanced analytics You Have: 10+ years of experience in product management, with at least 5 years in cybersecurity or enterprise AI/data products Deep understanding of AI/ML, data science, entity resolution, and knowledge graphs in practical applications Experience building or integrating security analytics, threat detection, vulnerability management, or SIEM/XDR solutions Ability to untangle the interconnectedness of the complex authentication mess and simplify the same to drive the cross-functional team in the same direction Proven ability to define and deliver complex B2B platforms, especially in data-heavy, high-stakes environments Excellent communication and storytelling skills to align cross-functional teams and influence stakeholders Nice to have: Experience with graph databases, ontologies, or large-scale entity disambiguation Familiarity with security standards (MITRE ATT&CK, CVSS, etc.) and frameworks (NIST CSF, ISO 27001 etc) Prior experience launching products in cloud-native or hybrid enterprise environments Degree in Computer Science, Information Systems or Engineering. MBA is a plus Where you’ll be working/Location: JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description. This role is remote in the country of India. You must be located in and authorized to work in India to be considered for this role. Language: JumpCloud® has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud®, you will be required to speak and write in English fluently. Any additional language requirements will be included in the details of the job description. Why JumpCloud? If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud® is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about. One of JumpCloud®'s three core values is to “Build Connections.” To us that means creating " human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed." - Rajat Bhargava, CEO Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud®. Please note JumpCloud® is not accepting third party resumes at this time. JumpCloud® is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. Scam Notice: Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment. All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at recruiting@jumpcloud.com with the subject line "Scam Notice" #BI-Remote

All roles at JumpCloud are Remote unless otherwise specified in the Job Description. About JumpCloud JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud®, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform. JumpCloud® is IT Simplified. About the Role: We are seeking a Staff Product Manager with deep expertise in AI, Data Science, and Cybersecurity to lead the development of a transformative Security Data Fabric and Exposure Management Platform (ISPM, ITDR etc). In a world of siloed security tools and scattered data, your mission is to turn data chaos into clarity—helping organizations see, understand, and act on their cyber risk with precision and speed. The JumpCloud access and authentication team is changing the way IT admins and users authenticate to their JumpCloud managed IT resources for a frictionless experience to get work done. The days of the traditional corporate security perimeter are over. Remote work – and the domainless enterprise – are here to stay. As such, we believe securing all endpoints is at the crux of establishing trust, granting resource access, and otherwise managing a modern workforce. Our Cloud Directory Platform supports diverse IT endpoints from devices, SSO applications, infrastructure servers, RADIUS, and LDAP is making it easy for IT admins to manage the authentication required from MFA to zero trust using conditional access based on Identity Trust, Network Trust, Geolocation Trust, and Device Trust based on X509 certificates. If you want to build on this success and drive the future of authentication at JumpCloud come join us. You’ll be at the forefront of designing a next-generation data platform that: Creates a Security Data Fabric to unify signals from across the attack surface Uses AI to resolve entities and uncover hidden relationships Drives real-time Exposure Management to reduce risk faster than adversaries can act You will be responsible for: Define and drive the product strategy for the Security Data Fabric and Exposure Management platform (ISPM, ITDR etc) , aligned with customer needs and business goals Engage with CISOs, security analysts, and risk leaders to deeply understand pain points in exposure management and cyber risk visibility. Translate strategic objectives into clear, actionable product requirements that leverage AI/ML and data science to unify and contextualize security signals Collaborate closely with engineering, data science, UX, sales, and security research to deliver scalable and performant solutions Champion a data-centric mindset—shaping features like entity resolution, risk scoring, and automated remediation workflows powered by advanced analytics Champion a data-centric mindset—shaping features like entity resolution, risk scoring, and automated remediation workflows powered by advanced analytics You Have: 10+ years of experience in product management, with at least 5 years in cybersecurity or enterprise AI/data products Deep understanding of AI/ML, data science, entity resolution, and knowledge graphs in practical applications Experience building or integrating security analytics, threat detection, vulnerability management, or SIEM/XDR solutions Ability to untangle the interconnectedness of the complex authentication mess and simplify the same to drive the cross-functional team in the same direction Proven ability to define and deliver complex B2B platforms, especially in data-heavy, high-stakes environments Excellent communication and storytelling skills to align cross-functional teams and influence stakeholders Nice to have: Experience with graph databases, ontologies, or large-scale entity disambiguation Familiarity with security standards (MITRE ATT&CK, CVSS, etc.) and frameworks (NIST CSF, ISO 27001 etc) Prior experience launching products in cloud-native or hybrid enterprise environments Degree in Computer Science, Information Systems or Engineering. MBA is a plus Where you’ll be working/Location: JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description. This role is remote in the country of India. You must be located in and authorized to work in India to be considered for this role. Language: JumpCloud® has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud®, you will be required to speak and write in English fluently. Any additional language requirements will be included in the details of the job description. Why JumpCloud? If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud® is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about. One of JumpCloud®'s three core values is to “Build Connections.” To us that means creating " human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed." - Rajat Bhargava, CEO Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud®. Please note JumpCloud® is not accepting third party resumes at this time. JumpCloud® is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. Scam Notice: Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment. All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at recruiting@jumpcloud.com with the subject line "Scam Notice" #BI-Remote

All roles at JumpCloud are Remote unless otherwise specified in the Job Description. About JumpCloud JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud®, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform. JumpCloud® is IT Simplified. About the Role: We are seeking a Staff Product Manager with deep expertise in AI, Data Science, and Cybersecurity to lead the development of a transformative Security Data Fabric and Exposure Management Platform (ISPM, ITDR etc). In a world of siloed security tools and scattered data, your mission is to turn data chaos into clarity—helping organizations see, understand, and act on their cyber risk with precision and speed. The JumpCloud access and authentication team is changing the way IT admins and users authenticate to their JumpCloud managed IT resources for a frictionless experience to get work done. The days of the traditional corporate security perimeter are over. Remote work – and the domainless enterprise – are here to stay. As such, we believe securing all endpoints is at the crux of establishing trust, granting resource access, and otherwise managing a modern workforce. Our Cloud Directory Platform supports diverse IT endpoints from devices, SSO applications, infrastructure servers, RADIUS, and LDAP is making it easy for IT admins to manage the authentication required from MFA to zero trust using conditional access based on Identity Trust, Network Trust, Geolocation Trust, and Device Trust based on X509 certificates. If you want to build on this success and drive the future of authentication at JumpCloud come join us. You’ll be at the forefront of designing a next-generation data platform that: Creates a Security Data Fabric to unify signals from across the attack surface Uses AI to resolve entities and uncover hidden relationships Drives real-time Exposure Management to reduce risk faster than adversaries can act You will be responsible for: Define and drive the product strategy for the Security Data Fabric and Exposure Management platform (ISPM, ITDR etc) , aligned with customer needs and business goals Engage with CISOs, security analysts, and risk leaders to deeply understand pain points in exposure management and cyber risk visibility. Translate strategic objectives into clear, actionable product requirements that leverage AI/ML and data science to unify and contextualize security signals Collaborate closely with engineering, data science, UX, sales, and security research to deliver scalable and performant solutions Champion a data-centric mindset—shaping features like entity resolution, risk scoring, and automated remediation workflows powered by advanced analytics Champion a data-centric mindset—shaping features like entity resolution, risk scoring, and automated remediation workflows powered by advanced analytics You Have: 10+ years of experience in product management, with at least 5 years in cybersecurity or enterprise AI/data products Deep understanding of AI/ML, data science, entity resolution, and knowledge graphs in practical applications Experience building or integrating security analytics, threat detection, vulnerability management, or SIEM/XDR solutions Ability to untangle the interconnectedness of the complex authentication mess and simplify the same to drive the cross-functional team in the same direction Proven ability to define and deliver complex B2B platforms, especially in data-heavy, high-stakes environments Excellent communication and storytelling skills to align cross-functional teams and influence stakeholders Nice to have: Experience with graph databases, ontologies, or large-scale entity disambiguation Familiarity with security standards (MITRE ATT&CK, CVSS, etc.) and frameworks (NIST CSF, ISO 27001 etc) Prior experience launching products in cloud-native or hybrid enterprise environments Degree in Computer Science, Information Systems or Engineering. MBA is a plus Where you’ll be working/Location: JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description. This role is remote in the country of India. You must be located in and authorized to work in India to be considered for this role. Language: JumpCloud® has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud®, you will be required to speak and write in English fluently. Any additional language requirements will be included in the details of the job description. Why JumpCloud? If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud® is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about. One of JumpCloud®'s three core values is to “Build Connections.” To us that means creating " human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed." - Rajat Bhargava, CEO Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud®. Please note JumpCloud® is not accepting third party resumes at this time. JumpCloud® is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. Scam Notice: Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment. All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at recruiting@jumpcloud.com with the subject line "Scam Notice" #BI-Remote

All roles at JumpCloud are Remote unless otherwise specified in the Job Description. About JumpCloud JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud®, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform. JumpCloud® is IT Simplified. About the Role: We are seeking a Staff Product Manager with deep expertise in AI, Data Science, and Cybersecurity to lead the development of a transformative Security Data Fabric and Exposure Management Platform (ISPM, ITDR etc). In a world of siloed security tools and scattered data, your mission is to turn data chaos into clarity—helping organizations see, understand, and act on their cyber risk with precision and speed. The JumpCloud access and authentication team is changing the way IT admins and users authenticate to their JumpCloud managed IT resources for a frictionless experience to get work done. The days of the traditional corporate security perimeter are over. Remote work – and the domainless enterprise – are here to stay. As such, we believe securing all endpoints is at the crux of establishing trust, granting resource access, and otherwise managing a modern workforce. Our Cloud Directory Platform supports diverse IT endpoints from devices, SSO applications, infrastructure servers, RADIUS, and LDAP is making it easy for IT admins to manage the authentication required from MFA to zero trust using conditional access based on Identity Trust, Network Trust, Geolocation Trust, and Device Trust based on X509 certificates. If you want to build on this success and drive the future of authentication at JumpCloud come join us. You’ll be at the forefront of designing a next-generation data platform that: Creates a Security Data Fabric to unify signals from across the attack surface Uses AI to resolve entities and uncover hidden relationships Drives real-time Exposure Management to reduce risk faster than adversaries can act You will be responsible for: Define and drive the product strategy for the Security Data Fabric and Exposure Management platform (ISPM, ITDR etc) , aligned with customer needs and business goals Engage with CISOs, security analysts, and risk leaders to deeply understand pain points in exposure management and cyber risk visibility. Translate strategic objectives into clear, actionable product requirements that leverage AI/ML and data science to unify and contextualize security signals Collaborate closely with engineering, data science, UX, sales, and security research to deliver scalable and performant solutions Champion a data-centric mindset—shaping features like entity resolution, risk scoring, and automated remediation workflows powered by advanced analytics Champion a data-centric mindset—shaping features like entity resolution, risk scoring, and automated remediation workflows powered by advanced analytics You Have: 10+ years of experience in product management, with at least 5 years in cybersecurity or enterprise AI/data products Deep understanding of AI/ML, data science, entity resolution, and knowledge graphs in practical applications Experience building or integrating security analytics, threat detection, vulnerability management, or SIEM/XDR solutions Ability to untangle the interconnectedness of the complex authentication mess and simplify the same to drive the cross-functional team in the same direction Proven ability to define and deliver complex B2B platforms, especially in data-heavy, high-stakes environments Excellent communication and storytelling skills to align cross-functional teams and influence stakeholders Nice to have: Experience with graph databases, ontologies, or large-scale entity disambiguation Familiarity with security standards (MITRE ATT&CK, CVSS, etc.) and frameworks (NIST CSF, ISO 27001 etc) Prior experience launching products in cloud-native or hybrid enterprise environments Degree in Computer Science, Information Systems or Engineering. MBA is a plus Where you’ll be working/Location: JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description. This role is remote in the country of India. You must be located in and authorized to work in India to be considered for this role. Language: JumpCloud® has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud®, you will be required to speak and write in English fluently. Any additional language requirements will be included in the details of the job description. Why JumpCloud? If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud® is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about. One of JumpCloud®'s three core values is to “Build Connections.” To us that means creating " human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed." - Rajat Bhargava, CEO Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud®. Please note JumpCloud® is not accepting third party resumes at this time. JumpCloud® is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. Scam Notice: Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment. All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at recruiting@jumpcloud.com with the subject line "Scam Notice" #BI-Remote

The IS Analyst- Vulnerability Management position is an integral member of the GCS IS team and shall contribute recommendations regarding physical and technical information security best practices. The IS Analyst- Vulnerability Management position consults with local offices and their administrators to assist in the implementation of administrative and technical procedures for their networks and applications. The position reports to the Information Security Manager in India. Duties/Responsibilities Key member of the GCS IS Ethical Hacking & Data Protection Team Conduct regular vulnerability assessments using industry-standard tools (e.g., Qualys, Nessus). Analyze scan results, prioritize vulnerabilities based on risk, and coordinate remediation efforts with IT and development teams. Maintain and improve vulnerability management lifecycle, including scanning, reporting, tracking, and verification. Monitor threat intelligence feeds and correlates internal findings to assess potential impact. Develop and maintain dashboards and metrics to report on vulnerability trends and remediation progress. Assist in the development and enforcement of security policies, standards, and procedures. Keep up to date on information security threats and countermeasures and advise technical staff. Participate as a member of the GCS Cyber Security Incident Response Team (CSIRT) as needed to consult on compromise vectors or the cyber kill chain. Required Skills & Attributes Experience with vulnerability management tools- Qualys VMDR, Cloud Agents, and Nessus Professional. Exhibit skills in the Vulnerability Management lifecycle, including vulnerability scanning, remediation and validation. Proficiency with vulnerability scanning tools and interpreting CVSS scores. Strong knowledge of operating systems (Windows, Linux), networking, and cloud environments. Understanding of scanning cloud services (Azure, AWS) environment. Strong English verbal and written communication skills—including the ability to effectively document and ability to clearly communicate vulnerability to the network administrators, asset owners, and key stakeholder. Strong ability to work in a team effectively and collaborate across multiple time zones. Required Qualifications Bachelor’s degree in Computer Science, Information Security, or a related field. 5+ years of experience in vulnerability management or a related cybersecurity role. Familiarity with regulatory and compliance frameworks (e.g., ISO 27001, NIST, PCI-DSS). Preferred Skills & Attributes One (or more) relevant certifications: CISSP, CEH, CompTIA Security+, Qualys VMDR, etc. Ability to interpret information security data and processes to identify potential compliance issues. Decision-making and problem-solving skills including the ability to clearly define and resolve issues. Assertive and proactive in identifying and resolving issues and concerns. Excellent time management skills including the ability to prepare prioritize and complete work plans. Ability to work with geographically diverse offices in a global organization, with a willingness to work offset hours occasionally to accommodate time zones.