3847 Nist Jobs - Page 35

Job Title: Chief Information Security Officer (CISO) Location: Mumbai, India (Mulund) Type : Full Time(On site, 5.5 days working) Department: Information Security Position Summary The Chief Information Security Officer (CISO) will be responsible for developing, implementing, and managing the enterprise-wide information security strategy. The role includes overseeing all cybersecurity operations, ensuring compliance with RBI guidelines, managing security incidents, and safeguarding critical payment data. The CISO will play a key leadership role in protecting the integrity of our payment ecosystem while facilitating regulatory compliance, risk mitigation, and secure technology enablement. Key Responsibilities 1. Security Strategy & Governance Develop and lead a comprehensive cybersecurity strategy in line with RBI regulations and industry standards (e.g., PCI-DSS, ISO 27001, NIST). Establish and maintain security policies, procedures, and controls to protect customer and transactional data. Oversee the operation and continuous improvement of the Information Security Management System (ISMS). 2. Regulatory Compliance Ensure full compliance with RBI Guidelines on Payment Aggregators, including mandatory 24-hour reporting of security incidents to RBI’s Department of Payment and Settlement Systems and CERT-In. Ensure adherence to applicable regulations such as PCI-DSS, GDPR (if applicable), and ISO standards. Liaise with internal/external auditors and regulators to conduct regular security reviews and audits. 3. Incident Management Design and maintain an effective cybersecurity incident response framework. Lead investigations, containment, remediation, and post-incident reviews of security breaches or cyber threats. Ensure timely submission of root cause analyses and regulatory reporting of incidents. 4. Vendor and Third-Party Risk Management Lead security assessments and due diligence of third-party service providers, technology partners, and cloud vendors. Evaluate vendor compliance with security certifications (e.g., ISO 27001, PCI-DSS) and reporting capabilities. Define and enforce security requirements in vendor contracts and SLAs. 5. Cyber Risk Management Conduct enterprise-wide risk assessments and develop risk treatment plans for critical systems and processes. Deploy controls to address threats such as data breaches, fraud, malware, and DDoS attacks. Monitor emerging threats, vulnerabilities, and attack trends in the digital payments landscape. 6. Team Leadership & Awareness Build, mentor, and manage a high-performing cybersecurity team. Promote a strong security culture through employee awareness programs and regular training. Work cross-functionally with IT, Compliance, Legal, and Operations to embed security into business workflows. 7. Technology Leadership Evaluate, deploy, and manage cutting-edge cybersecurity technologies including SIEM, firewalls, EDR, IDS/IPS, encryption, and fraud prevention systems. Ensure secure design and integration of APIs, payment gateways, and technical infrastructure. Stay informed of innovations in cybersecurity, digital payments, and data protection. Qualifications & Experience Education: Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or a related field. Professional certifications such as CISSP , CISM , CISA , or CRISC are highly preferred. Experience: Minimum 10+ years of progressive experience in cybersecurity, with at least 5 years in a senior leadership role . Extensive experience in managing security within payment processing, fintech, or financial services environments. Demonstrated experience in RBI-compliant security practices , incident reporting, and regulatory engagement. Proven track record of PCI-DSS and ISO 27001 compliance implementation and audit management. Skills & Competencies In-depth knowledge of information security standards and frameworks (e.g., ISO 27001, NIST, OWASP). Strong understanding of RBI Guidelines for Payment Aggregators and regulatory reporting procedures. Proficiency in cloud security , API security , encryption protocols , and fraud detection systems . Excellent leadership, communication, and stakeholder management skills. Ability to analyze complex risks and design effective, pragmatic solutions. Preferred Qualifications Experience working with regulatory authorities such as RBI, CERT-In, or NPCI. Background in vendor risk management and secure third-party integrations. Awareness of emerging technologies in payments, including blockchain , UPI , or tokenization . Why Join Us? Lead security for a growing and mission-driven fintech at the forefront of India’s digital payments revolution. Collaborate in a dynamic environment with innovation at its core. Competitive compensation, performance-based incentives, and comprehensive benefits. Opportunity to shape national payment security practices and influence regulatory policy adherence.

Experience 4 to 8 years Location Mumbai ( onsite) Roles and Responsibilities Maintain the firm’s security, standards and guidelines Enforce policy and regulatory compliance. Ability to develop Policies, Standards and Guidelines from scratch as well as modify the existing ones. Defining and reviewing architecture review for new server /VLAN setup in an organisation Providing IT Security Risk advisories for business teams of the organisation Understanding of Infrastructure, Application security assessment and secure SDLC framework. Conduct and document Application and System risk assessments using the firms’ global standards and develop risk mitigation strategies. Work closely with the business and operations teams to identify risk in different processes and provide assistance in closure of the same. Understanding of OWASP, SANS, and NIST standards Contribution to Information Security strategy and raising security awareness across the organisation. Extensive knowledge on Firewall rule review process, role has the scope to expand further based on success and integration of the above core function. Understanding of Vulnerability Management process and conducting operational tasks related to this process Conducting and maintaining follow-ups on periodic basis with Business /Application teams Years of Experience 3 to 5 years Must have key skills Network architecture (Firewall Rules) / Moderate knowledge for Microsoft and RedHat Operating System / Cyber Security / Network Security

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Job Title: AI Security Architect Job Description Cyber Security is seeking a Security architect to join the Cyber AI team. This position will use machine learning, data engineering, automation, and Data Science principles to solve enterprise problems and advance our mission. This role is a key contributor to our practice and will be directly responsible for design, development, deployment, design reviews and processing of all of AI first projects. The successful candidate will work closely with key stakeholders to drive key project activities and involve Cybersecurity domains are included in AI development. We are seeking candidates with passion to lead the implementation of cutting-edge technology and methodologies while establishing strong partnerships with data owners and stakeholders across Cyber Security. Responsibilities Work in or lead an agile team to design and build architectures on AI solutions. Engage proactively with customers to better understand their needs and obtain feedback. Acquire and develop technology agnostic reference architectures across AI Security Architecture. Reviewing current state AI system security architectural foundations and recommend enhancements with target roadmaps Develop vendor agnostic security solution architecture with technology reference architecture aligned to various best practices such as NIST, ENISA, ETSI etc. Vital contributor to develop security design patterns, framework, approach, and methodology in the discipline of AI Security, developing project timelines for ongoing system upgrades Ensure to collaborate across domain and solution architects at different sub-competency of Cyber Security and act as CoE Champion to aggregated best practices of security reference architecture. Conduct Technology and Infrastructure Security Assessment in terms of threat, vulnerability, and risk aspects of an enterprise security architecture perspective. Develop Technology design and program planning to bring in value added solution delivery and ensure strategic alignment and long-term business benefits Engage in grooming security analysts and solution architects to bring in holistic perspective in every solution delivery Ability to create AI models utilizing deep learning, neural networks, and ML algorithms to derive business insights and fuel informed decision-making. Thorough understanding of linear algebra, probability, and statistics to comprehend and use AI models such as Naive Bayes, Gaussian mixture models, and linear discriminant analysis. Knowledge to build a variety of AI applications, including language translation, visual recognition or perception, and targeted advertising based on sentiment analysis. Develop scalable algorithms capable of learning, analyzing and predicting future events. Structure business problems and drive viable, data-driven hypotheses in collaboration with business partners. Devise, develop and disseminate actionable intelligence from disparate data sources using advanced data analytics tools and techniques. Ability to perform in depth data analysis including but not limited to: Machine Learning Classification Optimization Time Series analysis Pattern Recognition Candidate must have thorough understanding and experience on following in terms of AI and AI Security Threat models Security analysis Design and integration into AI and ML infra Some familiarity with offensive perspective on AI – attack model perspective, model extraction, data poison, etc. QUALIFICATIONS: Required Skills 5+ years of experience as Architect with skills on AI and AI Systems. 3+ years working with languages Python and SQL 3+ years applying statistics in data analyses (ex. regression modeling, econometrics, classification labeling, recommendation, parametric/non-parametric modeling, etc.) 5 or more years’ experience presenting and delivering results to business partners and leadership. 2 or more years’ experience in Cyber Security domain knowledge. Strong project management, negotiation and interpersonal skills Advanced written and verbal communication skills and presentation skills You may also have a Bachelor's and/or post graduate degree in computer science, information systems, engineering, or a related major. Preferred Certifications in data science, deep learning, and ML Exposure to Generative AI and NLP Experience on multi cloud. 2 or more years skilled at data visualization (PowerPoint, Tableau, D3, ggplot, matlib, seaborn, etc.) 2 or more years with modern data engineering with APIs 2 or more years’ experience in Cyber Security domain knowledge. M.S. or PhD in a Science, Technology, Engineering, Mathematics (STEM) or Economics related field of study. 2 or more years applying agile SDLC. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job Title: SOC L2 Analyst Location: Gurgaon, India Job Summary: We are seeking an experienced SOC L2 Analyst to manage and enhance Security Operations Center (SOC) capabilities. This role involves incident investigation, threat detection, SIEM tuning, and mentoring L1 analysts to strengthen detection and response efforts. Key Responsibilities: Investigate security incidents and perform root cause analysis. Tune and validate SIEM correlation rules and propose new detection use cases. Lead incident response efforts and support forensic analysis. Monitor security alerts and identify threats or anomalies. Support and mentor L1 analysts. Collaborate with cross-functional teams to resolve complex issues. Document incidents and improve incident response playbooks. Requirements: 4–6 years of experience in SOC operations or incident response. Strong understanding of MITRE ATT&CK, NIST IR, and Cyber Kill Chain. Hands-on experience with EDR, DLP, firewall tools, and cloud security. In-depth knowledge of network protocols, IDS/IPS, malware analysis. Excellent communication and documentation skills.

Role Description As a Software Engineer - Network Security at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Nice-to-have skills Qualifications 3-5 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred

Are you a skilled cybersecurity professional with leadership experience in penetration testing? Join HackIT – a CERT-IN empaneled cybersecurity firm – as a Vulnerability Assessment and Penetration Testing (VAPT) Team Lead. What You'll Be Doing: Lead and manage a team of junior penetration testers Conduct Web, Mobile, API, and Network Security Testing (Manual + Automated) Perform SAST, DAST, and develop Proof-of-Concepts Guide clients with remediation plans and ensure project delivery within deadlines Communicate effectively with stakeholders and senior management Prepare high-quality technical reports What We’re Looking For: 3–5 years of experience in Application/Infrastructure/Network Pen Testing Prior experience as a Team Lead or Project Lead in a security testing role Strong knowledge of OWASP Top 10, NIST, MITRE ATT&CK Familiar with enterprise & open-source pen test tools Excellent problem-solving, leadership, and reporting skills Preferred Certifications: OSCP, CREST, GPEN, GXPN, Cloud Certifications, or equivalent Send your updated profiles to careers@hackit.co

Our technology services client is seeking multiple DevSecOps Security Engineer to join their team on a contract basis. These positions offer a strong potential for conversion to full-time employment upon completion of the initial contract period. Below are further details about the role: Role: DevSecOps Security Engineer Experience: 5- 7 Years Location: Mumbai, Pune, Hyderabad, Bangalore, Chennai, Kolkata Notice Period: Immediate- 15 Days Mandatory Skills: Devops Support, GitHub Actions, CI/CD Pipelines, Argocd , Snyk, multicloud (AWS/AZure/GCP) GIT, MS Tools, Docker, Kubernetes, Jfrog, SCA & SAST Job Description: A security expert who can write code as needed and knows the difference between Object vs Class vs Function programming. Strong passion and thorough understanding of what it takes to build and operate secure, reliable systems at scale. Strong passion and technical expertise to automate security functions via code. Strong technical expertise with Application, Cloud, Data, and Network Security best practices. Strong technical expertise with multi-cloud environments, including container/serverless and other microservice architectures. Strong technical expertise with older technology stacks, including mainframes and monolithic architectures. Strong technical expertise with SDLC, CI/CD tools, and Deployment Automation. Strong technical expertise with operating security for Windows Server and Linux Server systems. Strong technical expertise with configuration management, version control, and DevOps operational support. Strong experience with implementing security measures for both applications and data, with an understanding of the unique security requirements of data warehouse technologies such as Snowflake. Role Responsibilities Development & Enforcement Develop and enforce engineering security policies and standards. Develop and enforce data security policies and standards. Drive security awareness across the organization. Collaboration & Expertise Collaborate with Engineering and Business teams to develop secure engineering practices. Serve as the Subject Matter Expert for Application Security. Work with cross-functional teams to ensure security is considered throughout the software development lifecycle Analysis & Configuration Analyze, develop, and configure security solutions across multi-cloud, on-premises, and colocation environments, ensuring application security, integrity, confidentiality, and availability of data. Lead security testing, vulnerability analysis, and documentation. Operational Support Participate in operational on-call duties to support infrastructure across multiple regions and environments (cloud, on-premises, colocation). Develop incident response and recovery strategies. Qualifications Basic Qualifications 5+ years of experience in developing and deploying security technologies. A minimum of a Bachelor’s degree in Computer Science, Software Development, Software Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience is required. Experience with modern Software Development Lifecycles and CI/CD practices Experience for the remediation of vulnerabilities sourced from Static Analysis (SAST), Open Source Scanning (SCA), Mobile Scanning (MAST) and API Scanning Proficiency in Public Clo\ud (AWS/Azure/GCP) & Network Security. Experience with Docker, Kubernetes, Security-as-Code, and Infrastructure-as-Code. Experience with one or more general-purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, Shell Script, PowerShell. Strong experience with implementing and managing data protection measures and compliance with data protection regulations (e.g., GDPR, CCPA). Preferred Qualifications Strong technical expertise with Architecting Public Cloud solutions and processes. Strong technical expertise with Networking and Software-Defined Networking (SDN) principles. Strong technical expertise with developing and interpreting Network, Sequence, and Dataflow diagrams. Familiarity with OWASP Application Security Verification Standard Experience with direct, remote, and virtual teams. Understanding of at least one compliance framework (HIPAA, HITRUST, PCI, NIST, CSA). Strong technical expertise with Static Analysis, Open Source Scanning, Mobile Scanning, and API Scanning security solutions for data warehouses and big data platforms, particularly with technologies like GitHub Advanced Security, CodeQL, Checkmarx, and Snyk. Strong technical expertise in defining and implementing cyber resilience standards, policies, and programs for distributed cloud and network infrastructure, ensuring robust redundancy and system reliability. Education A minimum of a Bachelor’s degree in Computer Science, Software Development, Software Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience is required. If you are interested, share the updated resume to madhuri.p@s3staff.com

Job Description About Us: Tsaaro Consulting's prime focus is on Data Privacy and Security. Our team of specialist Data Privacy Consultants, Information Security Consultants, and penetration testers help and advise our Clients to make running a secure business easier with high efficiency. Everything We do is tailored to the individual, and organizational requirements, aligned with their budget and resource challenges. At Tsaaro, we adopt a pragmatic, risk-based strategy to deliver practical and effective advice. By providing real-world guidance, support, and actionable recommendations, we confidently equip our clients to address a broad spectrum of security and privacy challenges. Ready to elevate your career in a high-impact role? Tsaaro Consulting is hiring a Business Continuity Manager with expertise in BCP implementation, risk assessments, and DR testing. Collaborate with business and IT teams to build resilient strategies. Gain hands-on experience in data privacy and security, with guidance from industry experts. Responsibilities Collaboration and Implementation: Proven ability to work effectively with business and enterprise functions to structure and implement emergency response plans, ensuring coordinated and effective response during disruptions. Comprehensive BCM Expertise: Extensive experience in coordinating, performing, or assisting with BCP implementation and ongoing maintenance, ensuring program effectiveness and alignment with organizational needs. Testing and Improvement: Demonstrated skills in executing BCP/DR exercises and testing, identifying areas for improvement and fostering program effectiveness. Risk and Impact Assessment: Proven ability to conduct comprehensive risk assessments, threat analyses, and Business Impact Analyses (BIA) to understand potential disruptions, their impact on critical business processes, and the associated financial consequences. IT Alignment: Experience in collaborating with technology and digital teams (as specified) to develop and test IT recovery (DR) plans, ensuring seamless integration with overall BCM strategies. Awareness and Engagement: Expertise in conducting BCP awareness training, fostering a culture of preparedness within the organization. Stakeholder Management: Proven track record in maintaining a high level of stakeholder management and business engagement, ensuring buy-in and active participation from all relevant parties. Technical Standards: Familiarity with ISO 22301, NIST, ISO 27001, and other applicable standards (as specified), applying industry best practices for robust BCM implementation. Requirements Possess a sound knowledge of fundamentals of information security systems. Minimum 1 year of relevant experience in the field. Experience in collaborating with technology and digital teams to develop and test IT recovery (DR) plans, ensuring seamless integration with overall BCM strategies. Demonstrate proficiency in standards such as ISO 22301,ISO 27701etc. Expertise in conducting BCP awareness training to foster a culture of preparedness within the organization Extensive experience in coordinating, performing, or assisting with Business Continuity Planning (BCP) implementation and ongoing maintenance. Proficiency in Microsoft Office Suite (Word, Excel, Power point). Showcase excellent communication skills, both written and verbal. Benefits Competitive salary and performance-based bonuses. Professional development opportunities, including training and certifications. Flexible working hours. Collaborative and inclusive work environment. Opportunity to work with a passionate team dedicated to making a difference in data privacy and security. Tsaaro is committed to Equal Employment Opportunity. We base all employment decisions, including hiring, promotion, discipline, or discharge, on merit, competence, performance, and business needs. We foster an inclusive work environment and do not discriminate based on race, colour, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, gender, sexual orientation, gender identity or expression, or any other status protected under federal, state, or local law. We welcome and celebrate diversity in the workplace, encouraging individuals who identify as non-binary, gender non-conforming, and LGBTQIA+ community members to apply. check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#6875E2;border-color:#6875E2;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered="">

Description Job Description We’re hiring a detail-oriented and experienced SOC Analyst – L2 to join our Information Security Group (ISG) at Grazitti Interactive. In this role, you’ll investigate complex incidents, perform in-depth threat analysis, lead proactive threat-hunting efforts, and mentor junior analysts. If you’re looking to deepen your cybersecurity expertise, manage critical incidents, and contribute to a mature SOC environment, this opportunity is tailor-made for you. Skills Key Skills 2–3 years of experience in SOC or a similar cybersecurity-focused role Strong understanding of networking protocols, subnetting, routing, and addressing Proficient in Linux and Windows OS, system hardening, and architecture Deep understanding of Active Directory attacks and defense mechanisms Expertise in ELK Stack (Elasticsearch, Logstash, Kibana) for threat detection Experience in incident response, threat hunting, and forensic investigation Familiarity with OWASP Top 10, digital forensics, and malware analysis Proficiency in tools like TheHive, Cortex, MISP, OpenCTI, and Jira Ability to write detection rules for OWASP vulnerabilities and custom use cases Skilled in KQL, ESQL, and other query languages for log analysis Excellent communication and documentation skills Certifications like CompTIA Security+, CEH, OSDA, or BTL1 (preferred) Knowledge of frameworks such as MITRE ATT&CK and NIST CSF (a plus) Responsibilities Roles and Responsibilities Monitor security events and logs to detect advanced threats Conduct detailed investigations and lead real-time incident response Perform in-depth threat analysis using digital forensics tools Develop and optimize detection use cases and custom rules for SOC monitoring Harden Linux and Windows environments to prevent potential exploits Analyze threat intelligence and simulate attack scenarios to test detection readiness Collaborate across departments to embed cybersecurity into operations Mentor and guide junior SOC team members Regularly communicate security incidents and progress updates to stakeholders Contacts Email: careers@grazitti.com Address: HSIIDC Technology Park, Plot No – 19, Sector 22, 134104, Panchkula, Haryana, India

Description Job Description We’re hiring an entry-level SOC Analyst – L1 to join our Information Security Group (ISG) at Grazitti Interactive. In this role, you’ll actively monitor security alerts, investigate incidents, and support threat prevention efforts within our Security Operations Center (SOC). If you’re passionate about cybersecurity, eager to build hands-on experience in incident handling, and want to work with modern security tools and frameworks, this opportunity is a perfect fit. Skills Key Skills 1–2 years of experience in a SOC or similar cybersecurity role Strong knowledge of networking protocols, Linux/Windows OS, and system hardening Hands-on experience in incident response and digital forensics Familiarity with cybersecurity tools like ELK Stack, TheHive, Cortex, MISP, OpenCTI, and Jira Understanding of Active Directory architecture and attack vectors Working knowledge of OWASP Top 10 vulnerabilities and mitigation techniques Proficiency in query languages such as KQL and ESQL for log analysis Excellent written and verbal communication skills Relevant certifications such as CompTIA Security+, CEH, BTL1, OSDA (preferred) Familiarity with MITRE ATT&CK and NIST CSF (a plus) Responsibilities Roles and Responsibilities Continuously monitor security logs and alerts to detect potential threats Conduct triage, investigation, and documentation of incidents using forensic tools Harden Linux and Windows systems against known vulnerabilities Create and refine security use cases based on OWASP Top 10 and AD attack techniques Develop and maintain custom detection rules for enhanced SOC monitoring Optimize and manage security tools like ELK, Cortex, and MISP for effective response Collaborate with cross-functional teams to ensure compliance and integrate security best practices Simulate threat scenarios and participate in tabletop exercises Regularly communicate cybersecurity updates and incidents to internal stakeholders Contacts Email: careers@grazitti.com Address: HSIIDC Technology Park, Plot No – 19, Sector 22, 134104, Panchkula, Haryana, India

Category IT Security / Cyber Security Location Hyderabad, Telangana Job family IT Security Shift Evening Employee type Regular Full-Time Job Description (Summary) The primary responsibilities include managing vulnerability assessments using the Qualys tool, creating detailed metrics and reports, and collaborating with relevant teams to ensure timely remediation of identified vulnerabilities. To ensure the organization's IT infrastructure remains secure by proactively identifying, assessing, and mitigating vulnerabilities through effective use of the Qualys tool and coordinated efforts with cross-functional teams. The basic purpose of this position is to safeguard the organization's digital assets by maintaining a robust vulnerability management program that prioritizes risk reduction and compliance with security policies. Perform daily vulnerability assessments, create weekly metrics and reports, and handle ad-hoc requests as they arise. Work on analytical projects to enhance the vulnerability management process and develop strategies to address identified security issues. Prepare and present metrics and reports to senior leadership, showcasing trends in vulnerabilities over the year and how they are being addressed. Produce reports daily, weekly, and as needed on vulnerability assessments and remediation efforts. Responsible for training new hires and occasionally participating in candidate interviews. Technical/Job Specific Knowledge Vulnerability Management: In-depth knowledge of vulnerability assessment, prioritization, and remediation processes. Qualys: Proficiency in using Qualys for scanning, identifying, and managing vulnerabilities across various environments. Security Frameworks: Familiarity with industry standards and frameworks such as OWASP, NIST, and CIS. Network Security: Understanding of network protocols, firewalls, and intrusion detection/prevention systems. Skills Analytical Skills: Strong analytical abilities to identify and assess vulnerabilities and their potential impact. Technical Aptitude: Competence in using security tools and technologies to perform thorough assessments. Problem-Solving: Effective problem-solving skills to develop and implement remediation plans. Communication: Clear and concise communication skills to report findings and collaborate with different teams. Attention to Detail: High level of attention View more

The Opportunity “FICO is seeking Cyber Security Engineer to join our growing GRC Team. This is a full-time regular position (hybrid), and a great opportunity for an individual with strong PCI, ISO 27001, SOC2 audit skills or great interest in security Compliance and Risk Management frameworks and grow in exciting field of GRC" – Director, Cyber Security. What You’ll Contribute 2.8+ years of applicable work experience, in performing and running audits, certification programs and control assessments, including but not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, mapping issues to risks and socializing results. Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings. Strong knowledge of common security legal and regulatory requirements (e.g., PCI, SOC, CSA STAR, NIST, ISO/IEC 27001, COBIT, etc.) Work on compliance initiatives to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures. Monitor activities of assigned IT areas to ensure compliance with internal policies and standards. Assist Corporate Compliance and the Business with all required compliance/security-related documentation. Facilitate for external audits to ensure compliance with all industry-mandated regulations Participate in the development and implementation of new business initiatives to ensure functionality required to support compliance. Provide guidance to business functions on compliance/security-related matters. Good understanding of IT concepts, including Cloud hosting, containerization, encryption, networking, operating systems, databases, middleware, and applications Knowledge of or experience working with, Cloud technologies/environments, AWS or other related cloud experience is required. Ability to effectively communicate to all levels of the organization, including senior management, and other stakeholders that influence the security and compliance posture of FICO Ability to assess the nature of controls and identify automation opportunities for increased monitoring and scaling coverage What We're Seeking Bachelor’s degree in the field of Information Security, Computer Science or discipline and/or certifications (e.g., ISO 27001 LI/LA, ISA/QSA, CISSP, CISA, CISM, and related GIAC.) Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues. Experience implementing cloud security and compliance standards, frameworks, and controls (ISO/IEC 27001, SOC 2, PCI, NIST) for cloud service delivery models (IaaS, PaaS, SaaS) AWS Certifications (added advantage) Experience or understanding of governance, risk and compliance (GRC) processes and solutions. Background in security controls, auditing, network and system security. Ability to express technical concepts in business terms. Able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently. Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change. Regularly interact with all levels of management to present and discuss audit results and obtain gap remediation status. Our Offer to You An inclusive culture strongly reflecting our core values: Act Like an Owner, Delight Our Customers and Earn the Respect of Others. The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences. Highly competitive compensation, benefits and rewards programs that encourage you to bring your best every day and be recognized for doing so. An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie.

Bangalore, Maharashtra, India We are looking for a highly skilled and experienced Principal Security Engineer to lead the development and implementation of advanced security solutions across our AWS and Azure environments. This role requires a strong background in software development, cloud infrastructure, and security automation. You will play a critical role in reviewing software and infrastructure designs, engineering security controls, and building automation to streamline go-live security reviews. Key Responsibilities Security Engineering Leadership : Design, build, and maintain scalable security solutions across cloud environments (AWS and Azure). Architecture Collaboration : Partner with software and infrastructure architects to review designs and ensure security is embedded throughout the development lifecycle. Automation Development : Own the development of tools and pipelines to automate go-live security reviews and integrate security into CI/CD workflows. Cloud Security Implementation : Engineer and deploy security controls such as IAM policies, encryption, logging, and monitoring in cloud-native environments. Mentorship & Influence : Mentor junior engineers and influence security best practices across engineering teams. Incident Response Support : Collaborate with incident response teams to investigate and remediate cloud-related security incidents. Continuous Improvement : Identify gaps in current security posture and drive initiatives to improve security maturity and automation. Required Qualifications 8+ years of experience in security engineering, with significant experience in cloud environments. Strong software development skills (e.g., Python, Go, Java, or similar). Deep hands-on experience with AWS and Azure security services and infrastructure. Proven ability to develop and maintain automated security tooling and pipelines. Experience conducting security reviews of software and infrastructure architectures. Familiarity with infrastructure-as-code (e.g., Terraform, CloudFormation, Bicep). Strong understanding of DevSecOps practices and CI/CD integration. Excellent problem-solving skills and ability to work independently and collaboratively. Preferred Qualifications Security certifications such as AWS Certified Security – Specialty, Azure Security Engineer Associate, or OSCP. Experience with Kubernetes, container security, and serverless architectures. Knowledge of compliance frameworks (e.g., SOC 2, ISO 27001, HIPAA). Familiarity with security frameworks like NIST, MITRE ATT&CK, and CSA CCM Perks and Benefits Health & Wellness Dental Insurance Vision Insurance Health Insurance Life Insurance Paid Time Off PTO / Vacation Policy Paid Holidays Financial Benefits 401K / Retirement Plan Employee Stock Purchase Plan Tuition Reimbursement Office Perks Work From Home Policy

Bangalore, MAHARASHTRA, India As a Senior Vulnerability Engineer at First Advantage (FA), you will be responsible for leading and evolving the organization’s vulnerability management program across cloud, on-premises, and hybrid environments. You will drive the identification, analysis, and remediation of critical security issues, while developing automated workflows and executive-level reporting to measure and improve risk posture. You will serve as a key liaison between security, infrastructure, and compliance teams, ensuring alignment with industry standards and audit requirements. This role is ideal for a technically skilled and process-oriented professional who is passionate about reducing risk, mentoring others, and strengthening enterprise security through scalable and strategic solutions. Roles and responsibilities: Lead Vulnerability Scanning Operations: Oversee and optimize vulnerability scanning across cloud, on-premises, and hybrid environments to ensure comprehensive coverage and timely detection of security risks. Coordinate Risk Analysis and Remediation: Lead the triage and risk assessment of critical vulnerabilities, coordinating remediation efforts with technical teams to reduce exposure and improve response times. Develop Dashboards and Reports: Build and maintain executive-level dashboards and reports to track key metrics such as mean time to remediation (MTTR), vulnerability trends, and risk posture. Automate and Streamline Workflows: Design and implement automated scanning and remediation workflows to enhance efficiency, consistency, and scalability of the vulnerability management program. Collaborate Across Teams: Partner with infrastructure, application, compliance, and security teams to resolve systemic issues, align on priorities, and drive continuous improvement in security posture. Support Compliance and Audit Readiness: Assist in maintaining compliance with internal policies and external frameworks (e.g., NIST, ISO), and ensure audit-ready documentation of standards and procedures. Mentor and Develop Talent: Provide guidance and mentorship to Vulnerability Engineers, contributing to team training, knowledge sharing, and process development. Enhance Program Maturity: Continuously evaluate and improve vulnerability management practices, tools, and processes to align with evolving threats and organizational goals. Skill required: Vulnerability Management Expertise: Extensive experience with enterprise vulnerability scanning platforms (e.g., Tenable, Qualys, Rapid7) and the ability to interpret and act on scan results effectively. Experience building and deploying these tools preferred. Risk Analysis and Remediation Coordination: Proven ability to assess risk, prioritize vulnerabilities, and coordinate remediation efforts across technical teams. Cloud and Infrastructure Knowledge: Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and hybrid infrastructure environments, including native security tools and configurations. Reporting and Metrics Development: Experience building dashboards and reports to track key metrics like MTTR, exposure trends, and remediation progress using tools such as Power BI, Tableau, or similar. Communication and Cross-Functional Collaboration: Strong communication skills with the ability to present technical findings to both technical and executive stakeholders, and a proven track record of working collaboratively across infrastructure, application, and compliance teams to drive security improvements. Self-Starter : A self-starter with a continuous improvement mindset, demonstrating the ability to take initiative and drive projects forward in a cross-functional environment. Automation and Scripting: Proficiency in scripting languages such as Python, Bash, or PowerShell to automate scanning and remediation workflows preferred. Qualifications: Experience: 6-10+ years of experience in cybersecurity, with focus on vulnerability management and/or risk analysis Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field preferred; equivalent professional experience will also be considered. Certifications: Relevant certifications in cybersecurity, such as CISSP, OSCP, or GIAC preferred. Work Location: Mumbai / Bangalore Joining time needed :15 days Perks and Benefits Health & Wellness Dental Insurance Vision Insurance Health Insurance Life Insurance Paid Time Off PTO / Vacation Policy Paid Holidays Financial Benefits 401K / Retirement Plan Employee Stock Purchase Plan Tuition Reimbursement Office Perks Work From Home Policy

We're looking for a Cybersecurity Auditor - India This role is Hybrid, Mumbai Office Location: Mumbai/ Pune/ Hyderabad Title: Cybersecurity Auditor Position Summary: The global Governance, Risk and Assurance team is responsible for maintaining compliance with enterprise cybersecurity control frameworks, policies and procedures. The team is part of the global Cybersecurity Engineering and Assurance organization at Cornerstone OnDemand. The Cybersecurity Auditor is a critical role in supporting the overall strategy and vision of the Cybersecurity Engineering & Assurance team, and reports into the Associate Director of Cybersecurity & Assurance. In this role, you will be responsible for performing internal audits, enabling cyber certifications and external audits, managing cyber risk and ensuring continued assurance with the company’s compliance frameworks. Activities include working with cross-functional teams to improve the maturity and effectiveness of cybersecurity controls, executing internal audits, keeping policies and operating procedures up-to-date, responding to customer assessments, and producing metrics, scorecards, reports and dashboards periodically. Key Responsibilities: Perform cybersecurity audits and risk assessments in all areas of the organization in line with the global Internal Audit Program’s objectives Document audit procedures, recommend remediation plans and liaise independently with stakeholders to validate implementation Work with functional owners to ensure control objectives and activities meet compliance standards for effectiveness and assurance evidence Publish and present timely and high quality audit reports Partner with leaders across business functions such as Engineering, Cloud Operations, Privacy, Product and Customer Success to implement effective cybersecurity controls Identify emerging cybersecurity and information technology risks, evaluate internal controls to treat risks, and develop opportunities to continuously uplift control frameworks Work with Cornerstone’s external partners and cross functional teams to schedule appropriate internal audit testing and/or risk assessments. Perform formal reviews of new technologies, initiatives and strategic projects against the company’s cybersecurity requirements Recommend updates to cybersecurity policies, standards and operating procedures to address new industry practices, requirements and regulations Illustrate ownership and accountability and ensure operational efficiency Educational Background: Degree in Information Technology, Computer Science, Cybersecurity or related fields CISA, CRISC, CISSP and/or ISO 27001 LA/LI desired Skills and Experience: 3-6 total years of experience in cybersecurity, compliance, IT audits and/or cyber risk management Hands-on expertise in industry-standard cybersecurity assurance standards (e.g., SOC 2, ISO 27k, NIST, PCI DSS, etc.), trends and best practices Experience in auditing general and automated controls, including but not limited to logical security, physical security, change and problem management, data backup, disaster recovery and incident management Knowledge of security tools, technologies and control best practices for domains such as IAM, encryption, system hardening, anti-malware, data leakage prevention, NIDPS, network security and vulnerability management Hands-on exposure to auditing and/or securing leading cloud PaaS technologies platforms such as AWS, Google Cloud and Microsoft Azure Proficient in Word, Excel, PowerPoint and other Microsoft 365 tools Mature data analysis, documentation, articulation and presentation skills Ability to communicate effectively with stakeholders across global regions and organizational levels Ability to work autonomously with flexibility and excellent judgment Ability to work effectively under pressure to meet deadlines Ability to solve problems quickly and automate processes Ability to work cooperatively as part of a team #LI-Hybrid Our Culture: Spark Greatness. Shatter Boundaries. Share Success. Are you ready? Because here, right now – is where the future of work is happening. Where curious disruptors and change innovators like you are helping communities and customers enable everyone – anywhere – to learn, grow and advance. To be better tomorrow than they are today. Who We Are: Cornerstone powers the potential of organizations and their people to thrive in a changing world. Cornerstone Galaxy, the complete AI-powered workforce agility platform, meets organizations where they are. With Galaxy, organizations can identify skills gaps and development opportunities, retain and engage top talent, and provide multimodal learning experiences to meet the diverse needs of the modern workforce. More than 7,000 organizations and 100 million+ users in 180+ countries and in nearly 50 languages use Cornerstone Galaxy to build high-performing, future-ready organizations and people today. Check us out on LinkedIn, Comparably, Glassdoor, and Facebook!

Job Applicant Privacy Notice CyberArk, Security Cloud Consultant Publication Date: Jul 16, 2025 Ref. No: 534401 Location: Chennai, IN Role of Wealth Management Operational Security Engineer, being understood this role includes delegations from APAC WM CISO. The incumbent will be responsible for managing and implementing technical access controls, privilege access management, data leakage prevention and other related technologies to ensure the confidentiality, integrity, and availability of our organization’s data and systems. Responsibilities Direct Responsibilities: ü Technical Access Management / Privilege Access Management o Manage and maintain technical/privilege access controls for production and development environments o Ensure compliance with organizational technical access control security policies and procedures o Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance o Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation o Review technical access segregation between production and development environments with respective support teams ü Data Leakage Prevention (DLP) o Create, management and maintain DLP policies to detect and prevent data leaks o Deploy and maintain DLP infrastructure o Collaborate with IT teams to investigate and respond to data leak incidents ü Identity and Access Management (IAM) o Collaborate with IT teams to deploy and maintain data encryption solutions o IAM team to ensure seamless integration with technical access management solutions o Ensure compliance with organizational IAM policies and procedures ü Data Encryption Deployment & Monitoring o Collaborate with IT teams to deploy and maintain data encryption solutions o Ensure compliance with organizational data encryption policies and procedures ü Unstructured & Structured Data Discovery & Activity Monitoring o Collaborate with IT teams to: § Deploy and maintain unstructured & structured data discovery and activity monitoring solution § Identify and classify sensitive data § Monitor and analyse restricted and sensitive database activities § Remediate any non-compliant finding reported ü Infrastructure Vulnerability Management o Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. o Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers o Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. o Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. o Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. o Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. ü Application Security o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. o Identify and implement the latest security standards for internet facing and internal assets o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). o Perform Security risk assessments and reviews to be presented to respective committees o Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider ü Cybersecurity o Ensure the protection of WM business data with an adequate security level of WM assets based on review processes o Ensure the coordination with other IT security or other actors in the region or globally o Assist for a Risk Treatment for any APAC WM issue, based on the processes o Identify the IT security risks in advance, record and follow-up them o Define and contribute to processes from cybersecurity perspective o Periodic reporting of security status to IT Security Domain Head o Ensure the regular reporting for management follow-up o Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. o Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. ü Production Security o Ensure the effectiveness and success of vulnerability management process o Ensure the compliance level of the production environment and integrate to reporting ü IT Security Compliance (delegation on WM APAC scope) o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) o Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements o Ensure the compliance with the Third-party Technology risks and the Cloud security o Identify the process gaps and provide solutions ü Coordination with IT Security actors o Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) o Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. o Coordination with the global security teams concerning integration of WM assets within production sites o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group

At Adeptiv.AI, we're building the most advanced AI Governance Platform for enterprises. Our flagship Real-Time Evaluation module empowers businesses to test, evaluate, and trust their AI systems. We're now expanding this module to support ML models, explainability frameworks, and diverse AI use cases, and we're looking for a Senior AI Evaluation Engineer subject matter expert to lead this transformation. This role is ideal for someone who lives and breathes AI/ML evaluation, loves digging deep into models, and can bridge the gap between theory and production-grade software. Key Responsibilities: Design and lead the implementation of evaluation frameworks for ML and Gen AI systems. Define and guide the evaluation of different AI/ML metrics, such as Accuracy, Precision, Recall, AUC, BLEU, ROUGE, METEOR, etc. Develop strategies for model robustness, bias detection, and fairness evaluations. Implement tools like SHAP, LIME, Captum, DeepChecks, Foolbox, Evidently AI, Alibi Detect, etc. Define pipelines for automated test case execution, continuous evaluation, and report generation. Guide and mentor full-stack and backend engineers in integrating AI/ML testing logic into production-ready services. Establish standards for test dataset generation, edge-case simulation, and benchmarking. Validate the correctness of evaluations across supported AI use cases. Stay ahead of the curve on emerging research in AI evaluations and bring insights into the product. Must-Have Skills & Experience: 5+ years in AI/ML focused on the evaluation and testing of AI / ML systems Deep expertise in traditional ML evaluation, Computer Vision, and Generative AI metrics Strong familiarity with explainability tools (SHAP, LIME, Integrated Gradients, etc.) Experience evaluating models in one or more domains: NLP, Computer Vision, Tabular Data, Reinforcement Learning Hands-on experience with libraries like scikit-learn, huggingface, transformers, OpenAI, LangChain, TorchMetrics, Evidently, etc. Experience working in collaboration with engineering teams to productize evaluation pipelines Strong Python development and scripting capabilities Solid understanding of AI reliability, robustness, fairness, and auditability Good to Have: Experience with LLM evaluation, hallucination detection, and prompt scoring Prior contributions to AI testing or monitoring tools or open-source projects Understanding of MLOps/LLMOps workflows Familiarity with CI/CD of model evaluations in production Awareness of AI compliance and audit frameworks (like EU AI Act, NIST AI RMF) What You'll Bring A rigorous scientific mindset, but with a builder's attitude A passion to make AI trustworthy for enterprises Strong communication skills to work cross-functionally with product & engineering High ownership to shape a strategic product module from scratch Why Join Us? Be part of a cutting-edge product solving real challenges in AI Governance. Work directly with the founding team and make a massive impact in enterprises. Opportunity to influence the future of AI evaluation and reliability.

The DevSecOps Lead will be responsible for leading the implementation and continuous evolution of DevSecOps capabilities across our OT cybersecurity engineering ecosystem. This role will architect secure, scalable, and automated CI/CD pipelines, implement Infrastructure as Code (IaC), and integrate cybersecurity toolchains across development and operations workflows.You will be a key enabler for engineering velocity, code security, release stability, and automation maturity - bridging technology platforms, product teams, and cybersecurity operations. Preferred Qualifications Education : Bachelor’s degree in Computer Science, Engineering, or a related technical discipline. Master’s degree preferred (in Cybersecurity, Systems Engineering, or DevOps Automation). Certifications (preferred): DevOps: Certified Jenkins Engineer, GitHub Actions, Azure DevOps Expert, or similar. IaC / Automation: HashiCorp Terraform Associate, Red Hat Ansible Automation. Security Tooling: Practitioner-level training in SAST/DAST/SCA/EDR (e.g., Aqua Security, Snyk, SonarQube). Cloud Security: AWS Security Specialty, Azure Security Engineer, or CCSP. Compliance: Awareness training in IEC 62443 or NIST CSF is desirable. Key Requirements 8 + years of technology experience with strong focus on DevOps, cybersecurity integrations, and infrastructure automation. Expertise in building and governing CI/CD pipelines and cloud-native deployment workflows. Proven knowledge of tools such as Jenkins, GitHub Actions, ArgoCD, Terraform, Vault, and container security platforms. Hands-on experience with security tools integration (e.g., Checkmarx, SonarQube, Aqua, Snyk, Prisma Cloud). Familiarity with compliance and security frameworks (e.g., NIST, ISO 27001, IEC 62443) in OT/IT environments. Experience working with OT/ICS environments or industrial networks is preferred. Strong scripting and automation skills (Python, Shell, Go, etc.). Ability to work in cross-functional, Agile-driven teams and mentor engineers in secure software delivery practices. ONLY DevSecOps Lead may email resumes at joy.saha@adani.com

We are seeking an experienced cybersecurity manager to drive enterprise-grade Identity Governance & Administration (IGA) programs across our client landscape, with special emphasis on critical infrastructure and OT-integrated environments. This role will be responsible for designing, delivering, and managing scalable IGA solutions in alignment with zero-trust principles and global standards. Required Skills & Qualifications 12 + years of experience in Identity & Access Management, with minimum 6 years in IGA platforms Hands-on experience with SailPoint IIQ/Saviynt/ForgeRock IGA tools (implementation, administration, custom connectors) Proven track record in delivering end-to-end IGA projects at scale (10,000+ identities) Strong understanding of access governance, RBAC/ABAC, SoD frameworks, and regulatory compliance Experience integrating IGA with hybrid environments (cloud/on-prem/OT) Working knowledge of identity protocols: SAML, OAuth2, SCIM, OIDC Knowledge of OT protocols (Modbus, DNP3, OPC-UA) or IEC 62443 is a plus Excellent communication, team leadership, and client/stakeholder management skills Preferred Certifications SailPoint Certified Implementation Engineer or equivalent CISSP / CISM / ISO 27001 LA ITIL / PMP / TOGAF (as a bonus) Key Responsibilities Lead the implementation and operation of IGA platforms (e.g., SailPoint, Saviynt, ForgeRock) across enterprise and industrial environments Define and enforce identity lifecycle policies (JML), SoD controls, certification workflows, and role-based access models Manage a team of engineers and analysts across client engagements for successful IGA delivery Build and execute roadmaps for access governance, recertification campaigns, identity analytics, and compliance reporting Design integrations with HRMS, AD/Azure AD, ITSM, ERP, and OT domain directories and controllers Drive automation of user provisioning, deprovisioning, and policy enforcement across hybrid (IT+OT) landscapes Ensure all implementations align to frameworks like NIST, ISO 27001, and IEC 62443 where applicable Act as a SME for internal and customer audits, IAM maturity assessments, and zero-trust readiness Work closely with the Head of IDAM and collaborate with adjacent teams including PAM, CIAM, Service Delivery, and OT Security Train junior team members and contribute to IGA capability development within the company ONLY relevant experience with implementation & operation with IGA platforms may connect at 9898791075 OR email resumes at joy.saha@adani.com

The Security Operations & Incident Response professional will be responsible for orchestrating enterprise-wide incident response strategies across both OT and IT environments. The role demands deep operational expertise, the ability to coordinate with threat intelligence, forensics, red/blue teams, and the vision to continuously evolve detection and response capabilities in line with emerging threats. The role demands leadership in defending critical infrastructure, industrial networks, and enterprise systems. Qualifications & Certifications: Bachelor’s or Master’s in Cybersecurity, Computer Science, or Engineering Preferred certifications: CISSP, CISM, GCIA, GCIH, or SOC-related credentials 12 + years of cybersecurity experience, with at least 6 years in SOC/IR leadership roles Experience managing global SOC operations or OT-specific cyber operations is a strong plus Key Responsibilities: Oversee real-time incident handling, escalation management, and response coordination for cyber threats, breaches, and anomalies Act as the primary escalation point during high-severity incidents, ensuring containment and rapid resolution Design and maintain incident response runbooks, playbooks, SLA matrices, and crisis communication protocols Lead and manage triage activities Ensure tight integration between SOC operations, threat intelligence, DFIR, and red/blue teams Drive detection engineering efforts to improve alert quality, correlation logic, and MITRE ATT&CK mapping Implement continuous improvement programs in MTTR, false positive reduction, and analyst productivity Lead post-incident RCA reviews, reporting, and feedback loops to enhance readiness Manage relationships with OEMs, MSSPs, and security product vendors for technology alignment Mentor SOC managers, team leads, and analysts to build a resilient and responsive operations team Ensure compliance with security and privacy standards (e.g., NIST, IEC 62443, ISO 27001, DPDP Act) Key Skills & Technologies: Deep expertise in SIEM (e.g., Splunk, QRadar, LogRhythm, SentinelOne), SOAR platforms, EDR/XDR tools, threat intelligence platforms Strong knowledge of network security, log analysis, endpoint telemetry, and OT-specific telemetry correlation Familiarity with MITRE ATT&CK, cyber kill chain, and threat hunting techniques Knowledge of OT security architectures including SCADA, PLCs, DCS, and OT network segmentation Scripting and automation exposure (Python, PowerShell, Bash) preferred Familiarity with OT SOC environments, ICS protocol detection (Modbus, DNP3), and industrial anomaly detection tools (e.g., Nozomi, Claroty) Leadership & Personality Traits: Strategic thinker with an operations-first mindset and execution rigor Calm, decisive, and clear-headed in crisis and high-pressure scenarios Strong stakeholder engagement and communication skills across technical and executive levels Proven ability to lead multi-location teams with cultural sensitivity and high performance Continuous learner with a growth mindset and passion for cybersecurity excellence Preferred Industry Background: Large industrial conglomerates (Power, Ports, Renewables, Mining, Airports) OT and IT OEMs MSSPs, SOC service providers Consulting firms with cyber defence practices (e.g., Big 4) please email your resume at joy.saha@adani.com

Platform Engineering Lead will drive the design, development, and continuous evolution of scalable, secure, and high-performance platforms that support our OT cybersecurity services. This leader will be responsible for building a modular, multi-tenant technology foundation that supports rapid solution delivery, strong compliance postures (e.g., IEC 62443, NIST), and robust integrations with SIEM, IAM, EDR, and OEM tools. This role blends hands-on platform architecture leadership with strategic thinking, governance, vendor management, and team building across DevSecOps, infrastructure, and engineering teams. Preferred Qualifications Education : Bachelor’s or Master’s degree in Computer Science, Information Technology, or related field. Additional specialization in Cybersecurity, Cloud Architecture, or Systems Engineering is a strong plus. Certifications (preferred, not mandatory): Cloud Certifications: AWS Certified Solutions Architect – Professional, Azure Solutions Architect Expert, or GCP Professional Cloud Architect. Security Certifications: CISSP, CISM, or CISA (to demonstrate security leadership). DevOps / Architecture: TOGAF, Kubernetes CKA/CKAD, or HashiCorp Terraform Certification. Compliance: IEC 62443 awareness, or training in NIST/ISO 27001/GRC frameworks. Key Requirements 15+ years of experience in technology architecture or platform engineering, with minimum 5 years in leadership roles. Deep expertise in cloud-native architecture, DevSecOps, SRE, and cybersecurity integrations. Experience in microservices, modular platforms, and container orchestration (K8s, Docker). Strong exposure to at least two public clouds (AWS/Azure/GCP). Hands-on experience with infrastructure automation, secrets management, and release pipelines. Familiarity with compliance standards such as IEC 62443, NIST CSF, ISO 27001 is a plus. Prior experience in OT/ICS cybersecurity, IT-OT convergence, or critical infrastructure platforms is desirable. Proven ability to lead cross-functional teams, communicate with CXOs, and manage strategic vendors. Key Responsibilities Lead the architecture and engineering of modular, multi-tenant cybersecurity platforms for IT/OT convergence. Build and scale cloud-native infrastructures using AWS/Azure/GCP, ensuring 99.9% uptime, horizontal scalability, and security-by-design principles. Implement and govern robust CI/CD, IaC (e.g., Terraform), containerization (e.g., Kubernetes, Docker), and monitoring frameworks (e.g., Prometheus, Grafana, ELK). Ensure platform readiness for integration with cybersecurity tools including SIEM, SOAR, EDR/XDR, IAM, PKI, and asset discovery platforms. Drive DevSecOps maturity across environments, ensuring best practices in secure coding, automated testing, secrets management, and release pipelines. Define platform engineering OKRs, build sprint governance, and lead agile delivery teams across infrastructure, tooling, and backend development. Collaborate with Product, Delivery, OT Engineering, and GRC teams to ensure platform alignment to business goals, service offerings, and compliance needs. Lead vendor evaluations, tool benchmarking, and integration programs with OEM cybersecurity, cloud, and automation partners. ONLY Relevant Platform Engineering Leaders with expertise in cloud-native architecture, DevSecOps, SRE, and cybersecurity integrations can email at joy.saha@adani.com

We’re Hiring: Cybersecurity & GRC Audit (2+ Years Experience) Location: Mumbai / Gurgaon/ Bengaluru / Hybrid Experience: 3+ Years Budget: Competitive, based on experience Role: Cybersecurity Analyst / GRC Consultant / IT Risk & Compliance Specialist Are you a certified cybersecurity and GRC professional with 3+ years of experience looking to grow in a fast-paced, compliance-driven environment? We're looking for a motivated expert to support IT audits, compliance, risk assessments , and governance frameworks across leading clients and internal operations. What We’re Looking For: 3+ years of experience in Cybersecurity, IT Audit, Risk & Compliance Strong knowledge of frameworks and standards like ISO 27001:2022, GDPR, NIST, SOX, PCI-DSS, ITGC, COBIT, CIS Controls Certifications preferred: CISA, CISM, ISO 27001 LA, CRISC, or CISSP Hands-on experience with data protection , cloud security , SIEM/DLP tools , and policy documentation Ability to manage internal audits , perform gap assessments , and ensure regulatory compliance Key Responsibilities: Support implementation and audit of ISO 27001 , GDPR , NIST , and other compliance frameworks Perform risk assessments, policy reviews, and control validations Prepare audit documentation and reports for stakeholders Collaborate with IT, legal, and business teams to align security and compliance goals Monitor security events using tools like SIEM, DLP, EDR , and support in mitigation planning Nice to Have: Exposure to cloud platforms (Azure, AWS) Experience with tools like Qualys, Wireshark, ServiceNow, JIRA Strong communication and reporting skills

A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe. The Cyber Penetration Testing (CPT2) team focuses on delivering threat actor simulation services, device or application assessments, and penetration tests. You will help clients understand the tangible risks they face from a variety of threat actors and what they target to include different postures, scenarios, or targeted assets. Working as a member of CPT2 also provides the opportunity to directly help clients enhance or tune their preventative, and detective controls on a proactive basis. Our team focuses on assessment and recommendation services that blend deep technical manual tradecraft with targeted automation to simulate real threats to a client’s environments. As a part of this center of excellence, you will drive change at PwC’s clients by providing risk outside of the theoretical while contributing to the technical acumen of the practice and amplifying your own personal capabilities. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. As a Senior Associate, You'll Work As Part Of a Team Of Problem Solvers, Helping To Solve Complex Business Issues From Strategy To Execution. PwC Professional Skills And Responsibilities For This Management Level Include But Are Not Limited To: Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities and coach to help deliver results. Develop new ideas and propose innovative solutions to problems. Use a broad range of tools and techniques to extract insights from from current trends in business area. Review your work and that of others for quality, accuracy and relevance. Share relevant thought leadership. Use straightforward communication, in a structured way, when influencing others. Able to read situations and modify behavior to build quality, diverse relationships. Uphold the firm's code of ethics and business conduct. As a Technical Writer, You Will Work As Part Of a Team, Helping To Producing High-quality Documentation For Threat Actor Simulation Services, Device And Application Assessments, And Penetration Test Results. PwC Professional Skills And Responsibilities For This Management Level Include But Are Not Limited To: Work closely with business team to gather information and understand documentation requirements; Create, edit, and maintain documentation for penetration testing reports, procedures, guidelines, and standards. Explain complex technical concepts clearly and concisely; Write clear, concise, and user-friendly content tailored to various audiences, including technical and non-technical stakeholders; Stay updated on the latest cybersecurity trends and technologies to ensure documentation reflects current practices and solutions; Analyze existing content to recommend and implement improvements; Ensure documentation meets industry standards, regulatory requirements, and organizational compliance needs; Identify opportunities to improve documentation processes and tools; Manage a variety of viewpoints to build consensus and create positive outcomes for all parties; Focus on building trusted relationships; and, Uphold the firm's code of ethics and business conduct. Basic Qualifications : Job Requirements and Preferences : Minimum Degree Required : bachelor’s degree Minimum Years Of Experience : 4-9 year(s) Preferred Qualifications : Preferred Fields of Study : Computer and Information Science, Information Security, Information Technology, Management Information Systems, Computer Applications, Computer Engineering Certification(s) Preferred : Certification in Technical Writing Preferred Knowledge/Skills : Demonstrates extensive abilities and/or a proven record of success in the following areas: Familiarity with technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management; Familiarity with security testing tools, such as BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Responder, Nmap, or other tools included within the Kali Linux distribution; Knowledge of networking protocols, TCP/IP stack, systems architecture, and operating systems; Familiarity with well-known Cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS; and, Demonstrates extensive abilities and/or a proven record of success in the following areas: Experience in writing about cybersecurity articles, reports, tools, protocols, and best practices; Experience in translating technical jargon into clear, concise, and accessible language for various audiences; Experience in developing and maintaining a library of technical documentation that meets organizational standards; Experience in collaborating with cybersecurity professionals to gather information and clarify technical details; Proven skills in analyzing and synthesizing information from multiple sources to produce comprehensive and accurate documentation; Ability to manage multiple documentation requirements effectively, ensuring timely delivery and adherence to deadlines; Ability to ensure accuracy and consistency in all documentation, minimizing errors and omissions to meet quality standards; Adapting writing styles and content formats to suit different platforms and audience needs; Ability to leverage graphic design and visualization tools to enhance documentation clarity and user engagement; Proactively seeking feedback. Guidance, clarification and making iterative improvements to documentation processes and outputs; and, Keeping leadership informed of progress and issues. Professional and Educational Background Bachelor's Degree Preferred.

At PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice, and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively. As a risk management generalist at PwC, you will provide advisory and practical support to teams across a wide range of specialist risk and compliance areas. Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Respond effectively to the diverse perspectives, needs, and feelings of others. Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems. Use critical thinking to break down complex concepts. Understand the broader objectives of your project or role and how your work fits into the overall strategy. Develop a deeper understanding of the business context and how it is changing. Use reflection to develop self awareness, enhance strengths and address development areas. Interpret data to inform insights and recommendations. Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements. As a Senior Associate, you will be aligned to our Strategy, Risk, & Compliance team which is focused on helping clients with their cybersecurity risk, compliance and governance efforts. You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans. you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. Position Requirements Security strategy and governance projects (security strategy, operating model, org structure etc.) Assessments: Maturity assessment, Audit readiness, planning and framework assessment, cloud migration requirements, business case development, comparisons and vendor evaluation Frameworks: Design framework program objectives, first/second/third line of defense, vision and mission statements, current state assessment and gap analysis, roadmap planning and estimation for the program, program governance and target operating model for NIST, PCI-DSS, HIPAA, HITRUST, ISO, COBIT etc. and vendor evaluation. Good experience in performing Organization Standard/Policy GAP assessment and Maturity assessments with Industry best practices (NIST/ISO/PCI...etc.). Policy management (policy writing, policy review, policy lifecycle) projects Cloud architecture definition and assessment: development of cloud reference architecture, target state cloud architecture definition, compliance requirements, migration strategies. Must have hands on experience and well proficient in Cybersecurity standard creation, policy writing and maintenance Good understanding of Legal, Regulatory and Privacy requirements to integrate within the Cybersecurity Program. Good understanding of various components of an enterprise Cybersecurity program, including governance structures, Risk and Threat Management, key controls, key processes, Security architecture and Security training program Recommending Cybersecurity action plans for organizations to achieve their overall cybersecurity objective Good Knowledge and experience with GRC tools such as MetricStream, Open Pages, Archer and data analytics & \visualization tools used in the Industry such as PowerBI, Alteryx and Tableau. Experience in partnering with various functions within the Cybersecurity organization to capture and document the services and associated core processes, work instructions, and templates. Analyze the security posture of the organizations by assessing the design and implementation of security controls. Experience in Vendor risk management, Outsourcing risk management, Technology Risk, Information Security. Strong understanding of Cybersecurity and Risk Control frameworks and their adoption in the Supplier management domain. Experience in implementing effective and innovative technology solutions. Desired Knowledge Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute in a team environment. Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance. Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs. Ability to create domain specific training content and deliver trainings effectively Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities. Develop/implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture. Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in client’s security strategy plans and architecture artifacts. Professional & Educational Background MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems). Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) Additional Information Travel Requirements: Not Applicable Line of Service: Advisory Industry: Consulting Must be ready to work on-site full-time (timings will be 2 pm or sooner until 11 pm IST) Minimum Years Of Experience 3 - 8 years

At PwC, our people in risk and compliance focus on maintaining regulatory compliance and managing risks for clients, providing advice, and solutions. They help organisations navigate complex regulatory landscapes and enhance their internal controls to mitigate risks effectively. As a risk management generalist at PwC, you will provide advisory and practical support to teams across a wide range of specialist risk and compliance areas. Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow. Skills Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to: Respond effectively to the diverse perspectives, needs, and feelings of others. Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems. Use critical thinking to break down complex concepts. Understand the broader objectives of your project or role and how your work fits into the overall strategy. Develop a deeper understanding of the business context and how it is changing. Use reflection to develop self awareness, enhance strengths and address development areas. Interpret data to inform insights and recommendations. Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements. As a Senior Associate, you will be aligned to our Strategy, Risk, & Compliance team which is focused on helping clients with their cybersecurity risk, compliance and governance efforts. You will be working as a part of the Risk & compliance team which is responsible for helping clients and organizations identify risks and create mitigation plans. you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. Position Requirements Security strategy and governance projects (security strategy, operating model, org structure etc.) Assessments: Maturity assessment, Audit readiness, planning and framework assessment, cloud migration requirements, business case development, comparisons and vendor evaluation Frameworks: Design framework program objectives, first/second/third line of defense, vision and mission statements, current state assessment and gap analysis, roadmap planning and estimation for the program, program governance and target operating model for NIST, PCI-DSS, HIPAA, HITRUST, ISO, COBIT etc. and vendor evaluation. Good experience in performing Organization Standard/Policy GAP assessment and Maturity assessments with Industry best practices (NIST/ISO/PCI...etc.). Policy management (policy writing, policy review, policy lifecycle) projects Cloud architecture definition and assessment: development of cloud reference architecture, target state cloud architecture definition, compliance requirements, migration strategies. Must have hands on experience and well proficient in Cybersecurity standard creation, policy writing and maintenance Good understanding of Legal, Regulatory and Privacy requirements to integrate within the Cybersecurity Program. Good understanding of various components of an enterprise Cybersecurity program, including governance structures, Risk and Threat Management, key controls, key processes, Security architecture and Security training program Recommending Cybersecurity action plans for organizations to achieve their overall cybersecurity objective Good Knowledge and experience with GRC tools such as MetricStream, Open Pages, Archer and data analytics & \visualization tools used in the Industry such as PowerBI, Alteryx and Tableau. Experience in partnering with various functions within the Cybersecurity organization to capture and document the services and associated core processes, work instructions, and templates. Analyze the security posture of the organizations by assessing the design and implementation of security controls. Experience in Vendor risk management, Outsourcing risk management, Technology Risk, Information Security. Strong understanding of Cybersecurity and Risk Control frameworks and their adoption in the Supplier management domain. Experience in implementing effective and innovative technology solutions. Desired Knowledge Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute in a team environment. Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance. Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative, and utilizing Office 365, MS Office (Word, Excel, Access, PowerPoint) and Google Docs. Ability to create domain specific training content and deliver trainings effectively Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities. Develop/implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture. Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in client’s security strategy plans and architecture artifacts. Professional & Educational Background MCA / BE / B Tech / MS (Field of Study: Computer and Information Science, Information Cybersecurity, Information Technology, Management Information Systems). Certification(s) Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) Additional Information Travel Requirements: Not Applicable Line of Service: Advisory Industry: Consulting Must be ready to work on-site full-time (timings will be 2 pm or sooner until 11 pm IST) Minimum Years Of Experience 3 - 8 years