3864 Nist Jobs - Page 41

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : CyberArk Privileged Access Management Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitate the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will also engage in discussions to refine security strategies and address any emerging challenges in the cloud environment, contributing to a secure and efficient operational landscape. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Develop and maintain comprehensive documentation of cloud security architecture and controls.- Evaluate and recommend security technologies and practices to enhance the cloud security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in CyberArk Privileged Access Management.- Strong understanding of cloud security principles and best practices.- Experience with identity and access management solutions.- Familiarity with compliance frameworks such as ISO 27001, NIST, or GDPR.- Ability to analyze security incidents and implement corrective actions. Additional Information:- The candidate should have minimum 3 years of experience in CyberArk Privileged Access Management.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Delivery Governance Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:- 1. Identity and Access Management (IAM)IAM ensures that only authorized individuals have access to the systems and data they need to perform their job functions. Proper governance ensures compliance with security policies, legal regulations, and business requirements.Key Aspects:Identity Lifecycle Management:Governance involves defining policies for how identities are created, modified, and deleted. This includes managing user access rights and ensuring that users have appropriate permissions for their roles.Authentication and Authorization:Governance ensures that access is properly authenticated (e.g., multi-factor authentication) and authorized based on role-based or attribute-based access control.Compliance:IAM governance helps organizations adhere to industry regulations (e.g., GDPR, HIPAA) by enforcing policies around data access and ensuring that sensitive information is adequately protected.Audit and Monitoring:Regular audits and monitoring help ensure that access is being granted according to policy, and that improper access is flagged and remediated.2. Security Operations Center (SOC)A SOC is responsible for detecting, analyzing, and responding to security incidents and events in real-time. Governance in this area is crucial to ensuring that the SOC operates efficiently, effectively, and in line with corporate and legal requirements.Key Aspects:Incident Response:A key element of governance in SOC is ensuring that incident response procedures are well-defined, tested, and followed when a security breach or anomaly is detected.Monitoring and Detection:Ensuring that SOC uses appropriate tools (e.g., SIEM, IDS/IPS) to monitor network traffic and detect suspicious activities in real-time.Compliance and Reporting:The SOC must generate reports for regulatory compliance (e.g., PCI-DSS, NIST) and provide visibility into the organization's security posture.Continuous Improvement:Governance includes reviewing the performance of SOC teams, assessing incidents, and refining processes to improve the security posture over time.3. Network Security (NetSec)Network security governance focuses on protecting an organization's network infrastructure from internal and external threats. Proper governance ensures that network security policies are in place, enforced, and continuously reviewed.Key Aspects:Firewall and Perimeter Security:Ensuring that the network perimeter is adequately secured by firewalls, intrusion prevention systems (IPS), and other technologies.Network Segmentation:Governance involves defining policies around network segmentation to limit the spread of threats and control traffic flow.Encryption and Data Protection:Ensuring that sensitive data in transit and at rest is encrypted, and that secure communication protocols are enforced.Vulnerability Management:Network security governance requires regular vulnerability assessments and patch management to address known threats and weaknesses.Security Delivery Governance FrameworkTo ensure effective security governance across IAM, SOC, and NetSec, a comprehensive framework should include:Policies and Procedures:Clear, actionable security policies, procedures, and guidelines must be established and regularly updated. These should cover all aspects of IAM, SOC, and NetSec.Risk Management:Regular risk assessments to identify vulnerabilities and mitigate them proactively. This involves continuous evaluation of potential threats and alignment with the overall risk tolerance of the organization.Compliance and Legal Requirements:Governance must ensure that all activities related to IAM, SOC, and NetSec are compliant with relevant laws and regulations, such as GDPR, HIPAA, PCI-DSS, and more.Incident Management and Response:Well-defined processes for responding to incidents that include communication protocols, escalation procedures, and documentation to ensure compliance and improvement.Auditing and Reporting:Regular audits should be conducted across IAM systems, SOC operations, and network security controls to ensure compliance with the organizations security policies and regulatory requirements.Continuous Monitoring and Improvement:An ongoing process of reviewing and refining security strategies, implementing new technologies, and training staff to adapt to emerging threats. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Delivery Governance.- Strong understanding of security architecture principles.- Experience in implementing security controls in cloud environments.- Knowledge of regulatory compliance requirements.- Hands-on experience with security tools and technologies. Additional Information:- The candidate should have a minimum of 12 years of experience in Security Delivery Governance.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:1)Design and implement Microsoft Sentinel architecture, including data connectors, analytics rules, and workbooks.2)Integrate Sentinel with various data sources, including Azure services on-premises systems, and third-party security products.3)Develop and maintain data connectors, APIs and custom integrations.4)Configure and optimize incident response workflows, including automated response actions and playbooks.5)Collaborate with security operations teams to implement Sentinel-based security monitoring and incident response processes.6)Provide training and support to security teams on Sentinel features and functionality7)Continuously monitor and optimize Sentinel performance, scalability, and reliability8)Develop and maintain custom dashboards, reports, and workbooks to provide security insights and metrics. 9)Integrate Azure Logic Apps with Azure Sentinel to automate security workflows and incident response.10)Develop custom connectors for Logic apps to integrate with Azure Sentinel and other security tools. 11)Collaborate with security teams, developers, and operation teams to ensure seamless integration and deployment of Logic Apps with Azure Sentinel12)Configure and maintain Sentinel workspaces, including data connectors, analytics rules. 13)Optimize Sentinel workspace performance, scalability, and security.14)Develop and maintain reports and dashboards to provide visibility into security metrics and trends.15)Strong knowledge of KQL and experience writing complex queries. Proficiency in Microsoft Sentinel, Azure Security Center and Azure Monitor- Experience with data analytics, machine learning, and threat intelligence. Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and frameworks.- Conduct regular assessments and audits to ensure compliance with security policies and standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in Sentinel SIEM & KQL query.- Strong understanding of cloud security principles and practices.- Experience with security incident response and management.- Familiarity with compliance frameworks such as ISO 27001, NIST, or GDPR.- Knowledge of network security protocols and technologies. Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based in Pune.- A 15 years full time education is required. Qualification 15 years full time education

Overview JAGGAER provides an intelligent Source-to-Pay and Supplier Collaboration Platform that empowers organizations to manage and automate complex processes while enabling a highly resilient, responsible, and integrated supplier base. With 30 years of expertise, we specialize in solving complex procurement and supply chain challenges across various industries. Our 1,200+ global employees are obsessed with ensuring customers get full value from our products - ultimately enhancing and transforming their businesses. For more information, visit www.jaggaer.com We are seeking a highly skilled and motivated Cloud Engineer to join our team. The ideal candidate will have extensive experience with AWS and a strong background in cloud infrastructure, automation, and security. This role requires expertise in managing cloud-first environments, leveraging Infrastructure as Code (IaC) tools, and ensuring compliance with industry frameworks. As a Cloud Engineer, you will play a key role in designing, deploying, and maintaining cloud-based solutions that align with our business objectives and operational requirements. Principal Responsibilities Design, implement, and manage cloud infrastructure primarily in AWS, with limited exposure to Google Cloud Console and Azure (Microsoft 365 and SSO). Develop and maintain Infrastructure as Code (IaC) solutions using Terraform and Spacelift. Automate system administration tasks and configuration management with Ansible. Manage AWS services including but not limited to EC2, S3, RDS, VPC, TransitGateway, Config, WAF, Lambda, IAM, IAM Identity Center, Control Tower, and Redshift. Enhance cloud security posture by implementing best practices aligned with NIST, SOC, PCI, ISO, and CIS baselines. Optimize and manage Linux-based environments (Amazon Linux, RHEL, Ubuntu) and support Windows systems in corporate and production settings. Implement and maintain monitoring, logging, and alerting solutions to ensure system reliability and performance. Collaborate with cross-functional teams to deploy and troubleshoot applications in a cloud environment. Support network and security configurations, including firewalls, VPNs, and identity management. Manage vulnerability scanning and remediation using tools such as Rapid7 (VM, ICS) and endpoint management via Ninja1. Provide documentation, training, and knowledge sharing across teams. Stay updated on industry trends and emerging cloud technologies to drive innovation and efficiency. Position Requirements Bachelor’s degree in Computer Science, Information Technology, or equivalent work experience. 3+ years of experience in cloud engineering or related roles. Experience with scripting languages (Python, Bash, PowerShell). Strong proficiency in AWS services, networking, and security. Hands-on experience with Terraform, Spacelift, and Ansible. Familiarity with compliance frameworks including NIST, SOC, PCI, ISO, and CIS. Expertise in Linux system administration (RHEL, Amazon Linux, Ubuntu) and Windows support. Experience with CI/CD pipelines and automation. Experience with logging and monitoring tools like CloudWatch, Splunk, or Prometheus. Strong troubleshooting skills and ability to diagnose complex cloud-related issues. Goal-oriented with a proactive mindset for continuous improvement and innovation. Excellent communication and collaboration skills. Ability to work independently and in a team-oriented environment. Equal Opportunity/Affirmative Action Employer M/F/D/V Preferred Qualifications AWS certifications (e.g., AWS Certified Solutions Architect, AWS Certified DevOps Engineer). Knowledge of containerization and orchestration tools such as Docker and Kubernetes. Experience with logging and monitoring tools like CloudWatch, Splunk, or Prometheus. Familiarity with Zero Trust security principles and best practices. What We Offer At JAGGAER you’ll find great benefits, empowering culture, flexible work environment, much more! Apply now and be part of our success! Our Values At JAGGAER, our values shape everything we do—from supporting customers and collaborating with teammates to building products and fostering our culture. Be Collaborative: Promote mutual respect, work productively with others, and share responsibility for success. Be Accountable: Own your actions, learn from challenges, and stay proactive to achieve results. Be Adaptable: Embrace change, encourage innovation, and stay effective through significant transitions.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : BE or MCA or MSc with Good Computer Science Background with good academic record of 65 and above Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure and efficient cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and controls.- Conduct regular assessments of security measures to identify areas for improvement. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Architecture Design.- Strong understanding of cloud security principles and frameworks.- Experience with risk assessment and management methodologies.- Knowledge of compliance standards such as ISO 27001, NIST, or GDPR.- Familiarity with security tools and technologies for threat detection and response. Additional Information:- The candidate should have minimum 5 years of experience in Security Architecture Design.- This position is based in Coimbatore.- A BE or MCA or MSc with Good Computer Science Background with good academic record of 65 and above is required. Qualification BE or MCA or MSc with Good Computer Science Background with good academic record of 65 and above

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Integrated Security Risk Management Good to have skills : Security Architecture Design Minimum 7.5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. Roles & Responsibilities: - Expected to be an SME. - Collaborate and manage the team to perform. - Responsible for team decisions. - Engage with multiple teams and contribute on key decisions. - Provide solutions to problems for their immediate team and across multiple teams. - Conduct regular assessments of security frameworks to ensure alignment with evolving business needs. - Facilitate training sessions for team members to enhance their understanding of security protocols. Professional & Technical Skills: - Must To Have Skills: Proficiency in Integrated Security Risk Management. - Good To Have Skills: Experience with Security Architecture Design. - Strong knowledge of cloud security principles and practices. - Experience in risk assessment methodologies and frameworks. - Familiarity with compliance standards such as ISO 27001 and NIST. Additional Information: - The candidate should have minimum 7.5 years of experience in Integrated Security Risk Management. - This position is based at our Chennai office. - A 15 years full time education is required.

Description and Requirements "At BMC trust is not just a word - it's a way of life!" Hybrid Description and Requirements "At BMC trust is not just a word - it's a way of life!" We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation! The IZOT product line includes BMC’s Intelligent Z Optimization & Transformation products, which help the world’s largest companies to monitor and manage their mainframe systems. The modernization of mainframe is the beating heart of our product line, and we achieve this goal by developing products that improve the developer experience, the mainframe integration, the speed of application development, the quality of the code and the applications’ security, while reducing operational costs and risks. We acquired several companies along the way, and we continue to grow, innovate, and perfect our solutions on an ongoing basis. We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles And Responsibilities Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure you’re set up for success, you will bring the following skillset & experience: 3+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes. CA-DNP Our commitment to you! BMC’s culture is built around its people. We have 6000+ brilliant minds working together across the globe. You won’t be known just by your employee number, but for your true authentic self. BMC lets you be YOU! If after reading the above, You’re unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply! We want to attract talents from diverse backgrounds and experience to ensure we face the world together with the best ideas! BMC is committed to equal opportunity employment regardless of race, age, sex, creed, color, religion, citizenship status, sexual orientation, gender, gender expression, gender identity, national origin, disability, marital status, pregnancy, disabled veteran or status as a protected veteran. If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page. BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process. At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 1,725,800 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs. The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits. We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices. ( Returnship@BMC ) Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to https://bmcrecruit.avature.net/returnship know more and how to apply.

Area(s) of responsibility About Us Birlasoft, a global leader at the forefront of Cloud, AI, and Digital technologies, seamlessly blends domain expertise with enterprise solutions. The company’s consultative and design-thinking approach empowers societies worldwide, enhancing the efficiency and productivity of businesses. As part of the multibillion-dollar diversified CKA Birla Group, Birlasoft with its 12,000+ professionals, is committed to continuing the Group’s 170-year heritage of building sustainable communities. Location -Mumbai ,Pune ,Bangalore, Hyderabad , Noida Exp -8 yrs to 10 yrs About The Role We are seeking a skilled Network Security Engineer to design, implement, and maintain secure network infrastructures. The ideal candidate will possess strong expertise in network protocols, firewall and IDS/IPS configuration, VPN solutions, and security compliance standards. You will be instrumental in enhancing our network security posture through threat detection, risk assessment, and zero trust architecture implementation. Key Responsibilities Design, configure, and manage network security devices including firewalls (Palo Alto, Fortinet, Cisco ASA) and intrusion detection/prevention systems (Snort, Suricata). Implement and manage Network Access Control (NAC) systems utilizing 802.1X, RADIUS, and Cisco ISE for role-based access control. Configure and maintain secure VPN solutions including IPsec, SSL VPNs, and site-to-site tunnels. Conduct SIEM and log analysis using tools such as Splunk, QRadar, and ELK Stack to detect and respond to security threats. Design and enforce network segmentation and apply Zero Trust security principles. Ensure compliance with security standards such as ISO 27001, NIST, PCI-DSS, GDPR, and HIPAA. Perform threat modeling, vulnerability assessments, and risk analysis to mitigate security risks. Collaborate with cross-functional teams to develop and enforce security policies and procedures. Core Technical Competencies Deep understanding of network protocols including TCP/IP, UDP, ICMP, DNS, HTTP/S, FTP. Hands-on experience with firewall and IDS/IPS tools such as Palo Alto, Fortinet, Cisco ASA, Snort, and Suricata. Familiarity with Network Access Control frameworks (802.1X, RADIUS), especially Cisco ISE. Expertise in VPN technologies like IPsec and SSL VPNs. Proficiency in SIEM platforms and log correlation for threat detection and incident response. Knowledge of network segmentation strategies and Zero Trust architecture. Strong understanding of compliance requirements (ISO 27001, NIST, PCI-DSS, GDPR, HIPAA). Ability to conduct threat modeling and risk assessments. Required Certifications CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CEH (Certified Ethical Hacker) CompTIA Security+ CCNP Security (Cisco Certified Network Professional Security) Palo Alto PCNSA/PCNSE Qualifications Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience). Proven experience in network security engineering or a similar role. Why Join Us? Work with cutting-edge security technologies. Collaborate with a passionate and dynamic security team. Opportunities for professional growth and certification support.

About Us: Birlasoft, a global leader at the forefront of Cloud, AI, and Digital technologies, seamlessly blends domain expertise with enterprise solutions. The company’s consultative and design-thinking approach empowers societies worldwide, enhancing the efficiency and productivity of businesses. As part of the multibillion-dollar diversified CKA Birla Group, Birlasoft with its 12,000+ professionals, is committed to continuing the Group’s 170-year heritage of building sustainable communities. Location -Mumbai ,Pune ,Bangalore, Hyderabad , Noida Exp -8 yrs to 10 yrs About the Role: We are seeking a skilled Network Security Engineer to design, implement, and maintain secure network infrastructures. The ideal candidate will possess strong expertise in network protocols, firewall and IDS/IPS configuration, VPN solutions, and security compliance standards. You will be instrumental in enhancing our network security posture through threat detection, risk assessment, and zero trust architecture implementation. Key Responsibilities: Design, configure, and manage network security devices including firewalls (Palo Alto, Fortinet, Cisco ASA) and intrusion detection/prevention systems (Snort, Suricata). Implement and manage Network Access Control (NAC) systems utilizing 802.1X, RADIUS, and Cisco ISE for role-based access control. Configure and maintain secure VPN solutions including IPsec, SSL VPNs, and site-to-site tunnels. Conduct SIEM and log analysis using tools such as Splunk, QRadar, and ELK Stack to detect and respond to security threats. Design and enforce network segmentation and apply Zero Trust security principles. Ensure compliance with security standards such as ISO 27001, NIST, PCI-DSS, GDPR, and HIPAA. Perform threat modeling, vulnerability assessments, and risk analysis to mitigate security risks. Collaborate with cross-functional teams to develop and enforce security policies and procedures. Core Technical Competencies: Deep understanding of network protocols including TCP/IP, UDP, ICMP, DNS, HTTP/S, FTP. Hands-on experience with firewall and IDS/IPS tools such as Palo Alto, Fortinet, Cisco ASA, Snort, and Suricata. Familiarity with Network Access Control frameworks (802.1X, RADIUS), especially Cisco ISE. Expertise in VPN technologies like IPsec and SSL VPNs. Proficiency in SIEM platforms and log correlation for threat detection and incident response. Knowledge of network segmentation strategies and Zero Trust architecture. Strong understanding of compliance requirements (ISO 27001, NIST, PCI-DSS, GDPR, HIPAA). Ability to conduct threat modeling and risk assessments. Required Certifications: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CEH (Certified Ethical Hacker) CompTIA Security+ CCNP Security (Cisco Certified Network Professional Security) Palo Alto PCNSA/PCNSE Qualifications: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience). Proven experience in network security engineering or a similar role. Why Join Us? Work with cutting-edge security technologies. Collaborate with a passionate and dynamic security team. Opportunities for professional growth and certification support.

We are seeking a highly skilled and experienced Security Consultant to join our team. The ideal candidate should have experience in ISO consulting and implementation, with a strong understanding of information security standards and best practices. . Experience: 5+ years. Location: Kozhikode, Kerala. Working Mode : Hybrid Key Responsibilities: ISO27001 Consulting: Conduct gap analysis and readiness assessments for ISO27001 . Develop and implement Information Security Management Systems (ISMS) based on ISO27001 standards. Perform internal audits and support clients during external audits. Provide ongoing support and guidance to ensure continuous compliance with ISO27001. GDPR / Data Privacy: Assist in conducting data privacy impact assessments ( DPIAs ). Develop data protection policies and procedures. Support the implementation of data privacy frameworks. Risk Management: Identify, assess, and mitigate risks related to information security and data privacy. Develop risk management strategies and frameworks. Conduct risk assessments and provide recommendations for risk treatment. Client Engagement: Work closely with clients from India & Middle East to understand their specific needs and requirements. Prepare detailed reports and presentations for clients. Qualifications: Bachelor’s degree in Computer Science, Information Security, or related field. At least 5-6 years of experience in information security. Experience in ISO consulting and implementation. Familiarity with security frameworks such as NIST, CIS , and ISO 27001. Strong analytical and problem-solving skills. Excellent communication and interpersonal skills. Ability to work independently and as part of a team. Relevant certifications such as CISA or ISO Lead Implementer/Auditor are preferred. Job Types: Full-time, Permanent Pay: ₹1,000,000.00 - ₹2,000,000.00 per year Benefits: Flexible schedule Health insurance Paid sick time Provident Fund Work from home Application Question(s): Do you have the certificate of ISO27001 ? Experience: Cybersecurity: 5 years (Required) data privacy impact assessments : 5 years (Required) ISMS based on ISO27001 standards: 5 years (Required) NIST, CIS: 5 years (Required) data protection policies and procedures. : 5 years (Required) Location: Kozhikode, Kerala (Required) Work Location: In person

Senior Platform Security Engineer As a Senior Platform Security Engineer, you will play a pivotal role in shaping and securing our cloud and on-premises compute infrastructure. You will be responsible for implementing and maintaining robust security solutions for our AWS and Azure environments. This role requires a deep understanding of security principles, cloud technologies and infrastructure as code practices. As a Platform Security Engineer, you will participate in security reviews, design and develop innovative security solutions and tools to enhance our security posture and visibility. Key Responsibilities: Leadership & Strategy: Exemplify security principles and culture Develop and implement the long-term platform security strategy Effectively partner across security, technology, and business teams Provide technical leadership and expertise to cloud, server, and container security efforts Develop effective platform security metrics and use them to drive improvements Cloud Security Standards: Continuously improve cloud, server, and container security standards and guidelines in alignment with risk and compliance requirements Measure and report on CDK’s compliance with cloud security standards Drive adoption of security standards through close partnership with technology teams, collaborative roadmap alignment, and transparent reporting Cloud Security Architecture and Engineering: Develop and continuously improve security architecture for our public cloud environments (AWS, Azure, other ). Design and implement security controls, including network security, identity and access management, data protection, and threat detection. In collaboration with GRC and technology teams, align security architecture and standards to key risks, compliance requirements, and business needs. Infrastructure as Code ( IaC ) Deep knowledge of IaC tools like Terraform, CloudFormation, Azure Resource Manager and Deployment Manager. Collaborate with development and cloud governance teams to develop and maintain secure IaC templates and standards. Review IaC templates for security best practices and compliance. Implement security controls and best practices within IaC templates. Security Tooling and Automation Evaluate and implement security tools to automate security tasks and enhance our security posture. Collaborate with cross-functional teams to identify security requirements and engineer effective solutions. Develop custom scripts and implement security tools to automate security tasks and processes. Integrate security tools with CI/CD pipelines to ensure security is built into the development process. Cloud Security Operations In collaboration with Security Operations, conduct regular compute platform security assessments and penetration tests Operationalize remediation of discovered vulnerabilities in cloud security posture Enable Security Operations team to monitor security logs and alerts to identify and respond to security threats in the cloud. Collaborate with Security Operations team on developing and automating alert response processes and playbooks Serve as an escalation point for cloud security incident investigations and response activities. Stay up-to-date with the latest security threats and vulnerabilities. Required Qualifications: Strong understanding of cloud security principles, including network security, identity and access management, data protection, and threat detection. Extensive experience with AWS, Azure and GCP, including infrastructure, security, and compliance. Proficiency in Infrastructure as Code ( IaC ) tools Experience with scripting languages (Python, Bash, PowerShell) and automation tools such as Ansible. Knowledge of security tools and technologies, such as SIEM, CSPM, SOAR, WAF, and IDS/IPS. Strong problem-solving and troubleshooting skills. Excellent communication and collaboration skills. Desired Qualifications: Experience with cloud security frameworks (e.g., CIS Benchmarks, NIST CSF). Knowledge of container security and Kubernetes. Experience with DevSecOps practices. Ability to lead and mentor security engineers. This revised job description emphasizes the importance of deep IaC knowledge across multiple cloud platforms, aligning with the desired focus. At CDK, we believe inclusion and diversity are essential in inspiring meaningful connections to our people, customers and communities. We are open, curious and encourage different views, so that everyone can be their best selves and make an impact. CDK is an Equal Opportunity Employer committed to creating an inclusive workforce where everyone is valued. Qualified applicants will receive consideration for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, creed or religion, age, disability (including pregnancy), results of genetic testing, service in the military, veteran status or any other category protected by law. Applicants for employment in the US must be authorized to work in the US. CDK may offer employer visa sponsorship to applicants.

Our people work differently depending on their jobs and needs. From hybrid working to flexible hours, we have plenty of options that help our people to thrive. This role is based in India and as such all normal working days must be carried out in India. Job description Join us as a Technology Controls Testing Analyst We’ll look to you to protect the bank by assuring that our applications and technology infrastructure is adequate, effective and fit for purpose on an end-to-end basis You’ll clearly document any control weaknesses identified within the adequacy and effectiveness assessments and testing undertaken This is a chance to join a talented and supportive team that will help you achieve great exposure as you develop with us We're offering this role at associate level What you'll do In this role, you’ll work with Information Technology General Controls, including complex Automated Controls and contribute to the ongoing design and development of assurance processes and methodology. You’ll also maintain detailed test documentation and reports for the technology you assess, keeping stakeholders informed of testing progress and results, in line with quality expectations. We’ll look to you to clearly communicate any identified control weaknesses to the team, relevant business contact or SME. In addition, you’ll: Contribute to the development and delivery of an annual risk-based assurance programme Collaborate with business teams, at relevant level, to ensure a comprehensive understanding of controls and their testing procedures Perform walkthroughs with stakeholders on the technology you assess, documenting high quality control testing workpapers Stay up to date with regulatory requirements and industry best practices for technology controls Undertake adequacy and effectiveness assessments of technology controls The skills you'll need To excel in this role, you’ll have a proven experience of developing and executing test plans on technology with IT General Controls and complex Automated Controls, including adequacy and effectiveness of technology controls. You’ll also have: Experience in developing and executing test plans for IT General Controls and complex Automated Controls. Strong understanding control frameworks (e.g., COSO, COBIT) and relevant regulations (e.g., SOX, GDPR, CCPA) and industry standards (e.g., NIST, ISO 27001) and their application in technology and financial processes. Proven ability to perform control testing activities. Excellent communication skills, with the ability to present findings to technical and non-technical audiences. A proactive mindset with a focus on continuous improvement and collaboration.

Who We Are Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact. To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive. What You'll Do The Global Information and AI Security Senior Manager provides internal BCG technical consulting around information security architecture and security design measures for new projects, ventures and systems. The architect defines the desired end state to meet solution Security Goals and overall business goals. The Security Architect ensures the digital applications, tools, and services protect our data, our clients’ data, and our intellectual property; are resilient to cyber-attack; meet BCG policy and standards, regulatory requirements, and industry best practices; while using a risk-based approach to meeting BCG business needs and objectives. The Global Information and AI Security Senior Manager works with teams inside BCG to secure the building and maintenance of complex computing environments to train, deploy, and operate Artificial Intelligence/ML systems by determining security requirements; planning, implementing and testing security systems; participate in AI/ML/LLM projects as the Security Subject Matter Expert; preparing security standards, policies and procedures; and mentoring team members. What You'll Bring Bachelor's degree (or equivalent experience) required. CSSLP certification required; additional certifications such as CISSP, CCSP, or CCSK strongly preferred. 7+ years of progressive experience in information security, specifically focused on secure architecture, secure development practices, and cloud-native security. Proven expertise supporting software engineering, data science, and AI/ML development teams, specifically with secure model lifecycle management, secure deployment practices, and secure data engineering. Expert understanding of the Secure Software Development Lifecycle (SSDLC), including secure architecture, threat modeling frameworks (e.g., MAESTRO, PASTA, STRIDE), penetration testing, secure coding practices, vulnerability management, and incident response. Demonstrated technical proficiency across multiple security technologies, platforms, and frameworks, with strong hands-on experience implementing secure cloud-native infrastructures (AWS, Azure, GCP). Familiarity with data warehouse and data lake environments such as Databricks, Azure Fabric, or Snowflake, including security best practices in managing and securing large-scale data ecosystems. In-depth knowledge and practical experience with AI and machine learning model security, ethical AI frameworks, secure handling of data, and comprehensive understanding of CI/CD pipelines specifically tailored for data science workloads. Extensive experience conducting security assessments, vulnerability triage, intrusion detection and prevention, firewall management, network vulnerability analysis, cryptographic implementations, and incident response analysis. Exceptional communication skills (written and oral), influencing capabilities, and ability to clearly articulate complex security concepts to stakeholders across various levels of the organization. Proactive professional development, continuous learning, active participation in industry forums, professional networks, and familiarity with current and emerging security trends and standards. Additional info YOU'RE GOOD AT The Senior Manager, Security and AI Architect excels at: Collaborating closely with software engineering, data science, data engineering, and cybersecurity teams to design, implement, and maintain secure solutions in agile environments leveraging cloud-native technologies and infrastructure. Defining security requirements by deeply understanding business objectives, evaluating strategies, and implementing robust security standards throughout the full Software Development Life Cycle (SDLC). Leading security risk assessments, threat modeling (utilizing frameworks such as MAESTRO, PASTA, STRIDE, etc.), security architecture reviews, and vulnerability analyses for client-facing digital products, particularly involving complex AI/ML-driven solutions. Advising development teams, including AI engineers and data scientists, on secure coding practices, secure data handling, secure AI/ML model deployment, and related infrastructure security considerations. Providing specialized guidance on secure AI model development lifecycle, including secure data usage, ethical AI practices, and robust security controls in Generative AI and large language model deployments. Actively participating in the APAC Dex process for managing digital builds, ensuring alignment with regional requirements, standards, and best practices. Staying ahead of emerging security trends and technologies, conducting continuous research, evaluation, and advocacy of new security tools, frameworks, and architectures relevant to digital solutions. Ensuring robust compliance with regulatory frameworks and industry standards, including ISO 27001, SOC2, NIST, and GDPR, particularly as they pertain to data privacy and AI-driven product development. Developing and delivering training programs on secure development, AI security considerations, and incident response practices. Partnering with internal stakeholders, articulating security risks clearly, influencing technical directions, and promoting comprehensive secure architecture roadmaps. Conducting vendor and market assessments, guiding tests, evaluations, and implementation of security products that address enterprise and client-specific information security requirements. Advising teams on compensating controls and alternative security measures to facilitate business agility without compromising security posture. Leading the implementation and continuous improvement of security tooling and practices within CI/CD pipelines, infrastructure-as-code (IaC), and model deployment automation. Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws. BCG is an E - Verify Employer. Click here for more information on E-Verify.

We are looking for a Cloud Security Engineer to join our team and work together with our other team members on our enterprise customer projects. This is a well-paid remote role that you can do from anywhere. Responsibilities Assist in maintaining our cloud infrastructure under supervision. Learn Kubernetes fundamentals and AWS services. Help implement and maintain CI/CD pipelines. Maintain an open-source SIEM Infrastructure. Operate a small SOC service. Monitor and respond to security alerts and events. Follow incident response procedures. Document security findings and maintain compliance requirements. Stay up to date with new emerging threats and vulnerabilities. Be available for 24/7 on-call rotation to respond to critical security incidents, though call volume is expected not to be frequent. Assist with routine monitoring and alerting tasks. Respond quickly to security incidents and alerts, with target response time under 30 minutes for critical issues. Your profile 0-3 years of experience with cloud infrastructure (AWS preferred). 0-3 years of experience with Terraform. Understanding of security concepts for infrastructure and networks. Willingness to learn Kubernetes and container technologies. Monitor and analyze security alerts from multiple sources including SIEM, EDR, and cloud security tools. Perform incident triage, investigation, and response according to established procedures. Assist with managing and optimizing SIEM rules, alerts, and dashboards. Help create and maintain security documentation, playbooks, and incident response procedures. Basic knowledge of Linux and Windows Server operating systems. Strong desire to learn about threat modeling and threat identification techniques. Excellent English – written and verbal. Service-oriented and customer-centric mindset. Ability to follow established processes. Nice to have: BSc or MSc in any relevant IT field. Basic scripting knowledge (Python, Shell Script, PowerShell). Interest in pursuing security certifications (e.g., Security+ certification). Familiarity with basic security concepts and tools. Knowledge of security frameworks and standards (ISO 27001, NIST, CIS). Basic understanding of cloud security principles. Eagerness to learn about threat hunting techniques. If this role excites you, but you are worried that you don't fit all the requirements, please send your application anyway. We would love to get in touch

Senior Manager EXL/SM/1419365 Global TechnologyNoida Posted On 16 Jul 2025 End Date 30 Aug 2025 Required Experience 10 - 12 Years Basic Section Number Of Positions 1 Band C2 Band Name Senior Manager Cost Code G070601 Campus/Non Campus NON CAMPUS Employment Type Permanent Requisition Type New Max CTC 2500000.0000 - 3000000.0000 Complexity Level Not Applicable Work Type Hybrid – Working Partly From Home And Partly From Office Organisational Group Enabling Sub Group Global Technology Organization Global Technology LOB Global Technology SBU Technology Operations Country India City Noida Center Noida - Centre 59 Skills Skill RISK & COMPLIANCE AUDITS CLOUD SECURITY AI TOOLS CYBER SECURITY ENDPOINT SECURITY Minimum Qualification BCA Certification No data available Job Description Key Responsibilities Assess, design, implement, and govern enterprise-wide cybersecurity and technology risk frameworks , including NIST, Zero Trust Architecture, MITRE ATT&CK , and other global standards. Build and deploy AI/ML and Generative AI-based solutions to automate cyber risk detection, response, control validation, and reporting processes. Utilize Prompt Engineering and Large Language Models (LLMs) such as GPT (OpenAI), Gemini (Google), LLaMA (Meta), Claude (Anthropic), etc., to solve real-world cybersecurity challenges. Apply code, low-code, and no-code approaches for automating and modernizing risk controls and compliance processes. Leverage advanced technologies including Next-Gen SIEM, SOAR, CNAPP, ZTNA, passwordless authentication , EDR/XDR, DLP, Microsegmentation, and multi-cloud native security services . Lead the design and implementation of AI-powered observability platforms to drive real-time telemetry, threat detection, behavioral analytics, and performance insights across infrastructure, applications, and security domains. Familiarity with platforms like Datadog, Dynatrace, New Relic, Splunk, Azure Monitor, Elastic, OpenTelemetry, and Grafana is expected. Collaborate across cross-functional teams to deliver secure-by-design outcomes for digital transformation and modernization programs. Frontend Internal / External audits and First Line Compliance control assurance and ensure key Risks are Self-Identified. Required Skills & Experience 10–12 years of experience in cybersecurity, technology risk, and compliance , with proven delivery in AI-infused environments . Hands-on expertise in Generative AI , ML , LLMs , vector databases , and related toolchains (e.g., LangChain, OpenAI APIs, HuggingFace, Pinecone, Weaviate). Experience with observability, AIOps, and telemetry pipelines using tools like Datadog, Prometheus, Loki, Fluentd, and Elastic Stack . Strong scripting and automation experience (e.g., Python, PowerShell, Bash, YAML) and proficiency in low-code/no-code platforms (e.g., Power Automate, ServiceNow, UiPath). Deep understanding of cloud-native security , DevSecOps , and risk automation across AWS, Azure, and GCP environments. Strong communication, stakeholder engagement, and analytical problem-solving abilities. Preferred Certifications CISSP, CISM, CRISC, CCSP, or equivalent cybersecurity and risk credentials. Certifications in AI/ML , cloud platforms (AWS, Azure, GCP) , are a plus. Mindset & Culture Fit Passion for innovation, automation, and continuous learning in cybersecurity and AI. Ability to collaborate across technology, operations, compliance, and business teams to build future-ready solutions. Self-starter with a bias toward action and measurable impact. Workflow Workflow Type L&S-DA-Consulting

Manager EXL/M/1424185 Emerging ConsultingNoida Posted On 17 Jul 2025 End Date 31 Aug 2025 Required Experience 5 - 10 Years Basic Section Number Of Positions 1 Band C1 Band Name Manager Cost Code P050117 Campus/Non Campus NON CAMPUS Employment Type Permanent Requisition Type New Max CTC 1725000.0000 - 2085000.0000 Complexity Level Not Applicable Work Type Hybrid – Working Partly From Home And Partly From Office Organisational Group Emerging Sub Group Emerging Business Unit Organization Emerging Consulting LOB FRAC Consulting SBU FRAC Consulting Country India City Noida Center Noida - Centre 42 Skills Skill ITGC IT AUDIT IT GOVERNANCE AND RISK CONTROLS INFORMATION SECURITY GOVERNANCE Minimum Qualification BTECH CA BCOM Certification No data available Job Description The Audit Manager position will be required to lead audit staff and manage the execution of IT and information system security audits along with leading operational assurance and advisory projects. Successful IT Audit Manager candidates must be able to lead the completion of technical IT audits that support financial or business operations including Sarbanes-Oxley 404 requirements. The IT Audit Manager must be able to effectively interact with IT and business leadership to drive risk mitigation and to stay abreast IT operational changes and emerging technologies. This position will be required to work with IT on key IT initiatives and priorities including Enterprise Risk Management. MUST : Business Development experienced professional with IT internal audit or controls experience to align on sales agenda while integrating practical knowledge on governance Proficient in SAP, S4 HANA, SAP GRC. Responsibilities Managing a team of auditors performing both IT audit and other advisory and assurance projects Building a team of talented IT auditors through coaching and development activities Developing annual IT audit plan of high risk / importance projects based on independent research and knowledge, interactions with Company leadership and peer benchmarking Performing pre- and post-implementation audits of new system implementations, expanding ERP footprint, application re-writes, etc. Auditing key system functionality and systematic controls Working together with management to assist in identifying opportunities to enhance efficiencies and effectiveness of processes and strengthen controls Liaising with IT management to provide ongoing advisory support for system implementations and key IT initiatives (IT security, BCDR, etc.) Evaluating the design and execution of the IT general and application controls for Sarbanes-Oxley compliance Establishing and maintaining effective relationships with management, external auditors, and other partners to further develop Company knowledge and auditing skills Requirements Bachelor's Degree, preferably in Management Information Systems, Accounting Information Systems, Computer Science or other IT related discipline. Master’s Degree preferred CISA, CISSP, CPA or CIA a plus Minimum of seven years of experience in IT audit, IT development, internal audit, public accounting, finance, and/or information systems Minimum of four years of experience in leading audit staff and managing execution of the audit plan Strong human relations, analytical, and oral and written communications skills Understanding of key IT processes such as Disaster Recovery, IT Security, Software Licensing, Third Party Hosted Services, etc. Knowledge of internal audit principles (IIA Standards, and COSO) and IT control frameworks (COBIT, NIST, SANS, and ISO) Familiarity with the following technical areas/platforms beneficial: Operating Systems: IBM Mainframe/RACF, Linux, AIX Databases: Oracle, SQL Server, Informix ERP: SAP, SAP HANA, S4 HANA, JDE Experience in conducting risk assessments and facilitating enterprise risk management a plus Experience developing and leading a data analytics program a plus Workflow Workflow Type L&S-DA-Consulting

The Audit Manager position will be required to lead audit staff and manage the execution of IT and information system security audits along with leading operational assurance and advisory projects. Successful IT Audit Manager candidates must be able to lead the completion of technical IT audits that support financial or business operations including Sarbanes-Oxley 404 requirements. The IT Audit Manager must be able to effectively interact with IT and business leadership to drive risk mitigation and to stay abreast IT operational changes and emerging technologies. This position will be required to work with IT on key IT initiatives and priorities including Enterprise Risk Management. MUST : Business Development experienced professional with IT internal audit or controls experience to align on sales agenda while integrating practical knowledge on governance Proficient in SAP, S4 HANA, SAP GRC. Responsibilities Managing a team of auditors performing both IT audit and other advisory and assurance projects Building a team of talented IT auditors through coaching and development activities Developing annual IT audit plan of high risk / importance projects based on independent research and knowledge, interactions with Company leadership and peer benchmarking Performing pre- and post-implementation audits of new system implementations, expanding ERP footprint, application re-writes, etc. Auditing key system functionality and systematic controls Working together with management to assist in identifying opportunities to enhance efficiencies and effectiveness of processes and strengthen controls Liaising with IT management to provide ongoing advisory support for system implementations and key IT initiatives (IT security, BCDR, etc.) Evaluating the design and execution of the IT general and application controls for Sarbanes-Oxley compliance Establishing and maintaining effective relationships with management, external auditors, and other partners to further develop Company knowledge and auditing skills Requirements Bachelor's Degree, preferably in Management Information Systems, Accounting Information Systems, Computer Science or other IT related discipline. Master’s Degree preferred CISA, CISSP, CPA or CIA a plus Minimum of seven years of experience in IT audit, IT development, internal audit, public accounting, finance, and/or information systems Minimum of four years of experience in leading audit staff and managing execution of the audit plan Strong human relations, analytical, and oral and written communications skills Understanding of key IT processes such as Disaster Recovery, IT Security, Software Licensing, Third Party Hosted Services, etc. Knowledge of internal audit principles (IIA Standards, and COSO) and IT control frameworks (COBIT, NIST, SANS, and ISO) Familiarity with the following technical areas/platforms beneficial: Operating Systems: IBM Mainframe/RACF, Linux, AIX Databases: Oracle, SQL Server, Informix ERP: SAP, SAP HANA, S4 HANA, JDE Experience in conducting risk assessments and facilitating enterprise risk management a plus Experience developing and leading a data analytics program a plus

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY-Digital Risk – OT – Manager As part of our Risk Consulting, you will be joining the Digital Risk Consulting Team. As part of the Consulting, you will handle leading and managing OT security engagements for various clients across the MENA region. Working with Digital Risk team, you will also perform IT/IS/OT Risk assessment, IT/IS Governance, ERP reviews and conduct maturity assessment on the client’s current IT/IS/OT posture. The client base spans across various sectors and includes collaboration with other teams within Consulting services. The opportunity We are looking for a manager with expertise in IT/ OT Assessments/Framework Implementation to join the Digital Risk team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of our service offering. Your Key Responsibilities Responsible for working with multiple client engagements and teams at a Senior level within the MENA region. Lead and deliver OT Risk assessments, Architecture review, and maturity evaluation across DCS and ICS environments. You can expect to work with high level client personnel to address Information security, IT/OT Security and Business continuity risks. You are also expected to perform internal control testing, develop control frameworks, and provide internal audit services in IT/OT/InfoSec space for the MENA stakeholders. You will assess the client’s current state of internal controls and identify risks and subsequent recommendations. Working with client personnel to analyse, evaluate and enhance systems facilitating the process control, and assisting clients and other technology professionals in performing IT/OT control audits, IT/OT security framework development engagements. Mentor and coach junior team members, fostering their technical and professional development. Help develop/respond to go to market, RFP/RFI responses. Practice building Skills And Attributes For Success Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies. Good understanding of how OT and IT devices interact with each other and how OT devices work. Good to have knowledge of regulatory requirements and standards related to ICS/OT security (e.g., NIST, IEC 62443) Excellent communication and stakeholder management skills, especially in cross functional industrial settings. Experience with network security solutions, including firewalls, intrusion detection systems (IDS) etc. Analytical skills to screen through data and logs to identify the patterns indicative of cyber threats or threat actor methods. Effective communication skills for interacting with technical and non-technical colleagues and stakeholders. Demonstrating and applying strong project management skills, inspiring teamwork, and responsibility with engagement team members Relevant certifications are desirable. To qualify for the role, you must have A bachelor’s degree A minimum of 10-15 years of experience working as Information security professional with IT/IS/OT internal audit background in a professional services firm. Excellent communication skills with consulting experience preferred. A valid passport for travel. Ideally, you’ll also have B. Tech/ B.E. / B.Sc. / M. Sc. in Computer Applications / Engineering, or a related discipline. ISA 62443 expert, CISA, CISSP, GICSP (anyone certification is desired) What Working At EY Offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

At the International Maritime Institute (IMI), we are on a mission to prepare the next generation of seafarers who will shape the future of our global supply chain. As the Senior IT Operations Manager, you will be at the helm of our technological infrastructure and applications, ensuring smooth operations that propel our mission forward. This is your chance to help shape and drive the IT landscape across three campuses and over 700 students. Based in Delhi (Noida), you will be a vital member of the Caravel Group, which includes both IMI and Fleet Management Limited. Reporting to the Head of IT Operations in Hong Kong, you will collaborate closely in Delhi, giving you the unique opportunity to influence campus services and ensure they meet service-level agreements—all while championing high security and efficiency standards. We seek a dynamic leader with a strong technical background in IT infrastructure, system security, vendor management and cloud technologies. In this role, you will lead the IT team forging partnerships with academic and administrative stakeholders to build a secure and highly available IT ecosystem. If you are ready to tackle exciting technological challenges, drive transformative solutions and leave your mark on the future of maritime education then this is the role for you. Job Description : As an Senior IT Operations Manager, your typical day might include: Service Maestro: Mastering Incident & Change Management Handle incidents, problems, and change with precision, ensuring all issues are resolved within SLA. Escalate to internal and external teams as needed Continuously enhance your skills to assist with first-time incident resolution, transforming challenges into learning opportunities Identify recurring issues and service risks, crafting innovative solution to prevent future occurrences. Analyze incidents to uncover root causes and implement effective changes Infrastructure & Cloud Guardian: Elevating Technology Solutions Guide the organization in leveraging technology to achieve strategic outcomes, ensuring our systems are equipped for success Develop, build and implement a strategic roadmap to align to wider business goals for the growth of IMI Supervise upgrades and installations, guaranteeing that all systems are built and maintained to the highest standards Ensure adherence to policies for cloud management, including regular disaster recovery testing, safeguarding our digital assets Take ownership of risks identified in the Risk Register related to infrastructure, proactively addressing potential vulnerabilities Leader & Cross Functional Collaborator: Driving Excellence Inspire and develop team members to reach their full potential, fostering a culture of growth and excellence Encourage team members to share knowledge articles for the self-service portal, empowering others through information Work closely with the broader IMI family, including Caravel Group and Fleet Management Limited, ensuring seamless collaboration and standards across the Group. Essential – You must be able to show… 7+ years of experience independently leading IT Operations at a company with 200 staff members across 3 locations. Proven people management skills - Experience in leading, mentoring and developing a team of at least 3 people Experience with IT asset management and Firewalls such Meraki & Cisco Familiar and implementation experience of security standards such as ISO27001/NIST/CIS Strong vendor management skills, particularly for infrastructure and ERP systems Strong analysis skills in identifying root causes, defining options and recommendations Demonstrable in defining, leading and implementing continuous improvement plans Ability to influence and communicate effectively with senior (C-Level) executives in spoken and written English Desirable – Would be great if you have these… Industry certifications in Microsoft MCSE, Microsoft 365, AWS, Google Cloud, Azure, Security, or ITIL Project Management experience, focused around integrating external / SaaS solutions. Experience managing Linux Operating Systems and/or cloud environments such as AWS or Azure.

Information Protection Senior Advisor - HIH - Evernorth (Cyber S ecurity Architect) Position Summary: This role is for a highly motivated Security Architect, with a background in cloud and DevOps security. The Security Architect (PSA) works closely with architecture, development, product, and other teams across the enterprise to design and integrate security into the solution lifecycle from design through deployment. This person will be responsible for defining security requirements, performing security design assessments, and providing teams with remediation and mitigation guidance and advice. Security Architects engage on strategic initiatives, programs, and projects throughout the enterprise including cloud, AI/ML, etc., as well as provide on-going guidance on security best practices. Experience Required: 13-16 years’ experience in information technology Min 8+ years’ experience in an information security architecture Min 5+ years application development and/or administrating and managing cloud solutions Practical experience in the application of security controls in security engineering, design, or developing reference architectures: NIST 800-53r(4/5), ISO 27001 Annex A / ISO 27002, Cloud Security Alliance – Cloud Controls Matrix (CCM v4), Center for Internet Security – Critical Security Controls (v7/8) Solid understanding of services and capabilities delivered by mainstream cloud service providers. Job Description & Responsibilities : Translate business priorities into information security requirements to ensure protections regarding the confidentiality, integrity, availability, and privacy of the enterprise’s technologies and its data. Monitor current and future security trends, changes in the business and business environment, as well as the evolving regulatory landscape and incorporate emerging trends into architecture engagements and strategic planning. Produce written technical reports and documentation; develop presentations on security approaches and solutions. Work directly with program and project teams to ensure that all relevant security risks are identified, evaluated, and appropriate security solutions are implemented to help manage risks to the enterprise. Provide strategic and technical security guidance for cloud programs and projects deploying in cloud environments. Responsible for the identification and documentation of architectural gaps and inefficiencies in existing solutions; support remediation and mitigation efforts through appropriate planning and roadmap development. Solid understanding of services and capabilities delivered by mainstream cloud service providers. Solid understanding of DevOps processes and associated security requirements and capabilities. Contribute to the Security Architecture guidance library including the development of reference architecture, security standards, security baselines, and other reference material. Strong work ethic and sense of urgency Ability to influence technical discussions and decisions. Ability to interact with a broad cross-section of personnel throughout the global enterprise to explain and compel adoption of security requirements. Other job duties as assigned. Experience Desired: Certification GIAC Defensible Security Architecture (GDSA) or other security architecture certification (ex. SABSA). Familiarity with Security life cycle, design review across concept, development through deployment Experience with threat modeling (all OSI layers), security analysis Education and Training Required: BE degree in MIS/Computer Science or related degree required. Professional Certification such as (any one): Certified Information Systems Security Professional (CISSP) SANS GIAC Certification(s) AWS/Azure Cloud Engineering Certifications Primary Skills: Written Communication Produce written technical documentation and reports that will be consumed by partners in the U.S. and throughout the global enterprise. Verbal Communication Ability to communicate with and influence a broad cross-section of personnel throughout the global enterprise to explain and compel adoption of security requirements. Time Management Relationship Management Self-Starter About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Information Protection Associate Advisor - HIH - Evernorth Position Summary: The Security Architect role will report to the Senior Director of CIP Global Security Architecture and will be responsible for the development and maintenance of the Enterprise Security Architecture documents that comprise the security guidance library to support the enterprise security frameworks which consist of; Security Architecture Requirements, Design Patterns and Reference Architecture documents. This role engages with strategic initiatives and enterprise solutions in the development of security guidance and requirements that aims to better protect the confidentiality, integrity, availability, and privacy of the technology and data of the enterprise. Experience Required: 8+ years’ experience in information technology 5+ years’ experience in an information security architecture or similar role 3+ years administrating and configuring IT systems Practical experience in the application of security controls in security engineering, design, or developing reference architectures: NIST 800-53r(4/5), ISO 27001 Annex A / ISO 27002, Cloud Security Alliance – Cloud Controls Matrix (CCM v4), Center for Internet Security – Critical Security Controls (v7/8) UML diagramming using tools such as MS Visio Job Description & Responsibilities : Monitor current and future security trends, changes in the business and business environment, as well as the evolving regulatory landscape and incorporate emerging trends into security architecture guidance and input into strategic planning. Produce written technical documentation and reports; develop presentations on security approaches and solutions. Maintain a centralized Information Security Architecture data repository that includes reference architectures, security design patterns, security requirements, and other security reference material. Provide technical and security expertise to IT and business teams with a focus on developing the reference architectures, design patterns and associated security standards that ensure the protection of the corporate assets, brand, and data. Solid understanding of security protocols, cryptography, authentication, authorization, and other information security controls and associated best practices. Proven ability to influence other key IT and engineering constituents on the opportunity and appropriate use of security patterns and frameworks. Excellent written and verbal communication skills as well as business acumen. Strong work ethic and sense of urgency. Other job duties as assigned. Experience Desired: Security architecture certification (SABSA) or Architecture certification (TOGAF). Experience with threat modeling (all OSI layers), security analysis Familiarity with Security life cycle, design review across concept, development through deployment Solid understanding of services and capabilities delivered by mainstream cloud service providers. Education and Training Required: BA/BS degree in MIS/Computer Science or related degree required. Professional Certification/Training such as: Certified Information Systems Security Professional (CISSP) SANS GIAC Certification(s) Primary Skills: Written Communication Produce written technical documentation and reports that will be consumed by partners in the U.S. and throughout the global enterprise. Verbal Communication Ability to communicate with and influence a broad cross-section of personnel throughout the global enterprise to explain and compel adoption of security requirements. Presenting security concepts to technical and non-technical audiences in-person and online video conferencing Time Management Relationship Management Self-Starter About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

What are we looking for? Consultants, Senior Consultants Where are we hiring? India Job Requirements: Responsible AI SME/Project Manager We are looking for people who have demonstrated proven success in roles and through abilities in managing AI Governance projects, perform RAI assessments, understanding of global AI regulations and exposure to implementing AI guardrails . The candidate will be working as part of a Responsible AI and risk management team and deliver individual competencies as per the delivery plan. Infosys is a global leader in next-generation digital services and consulting with annual revenues of $16.31B (FY ‘22). We enable clients in 46 countries to navigate their digital transformation. Infosys Consulting partners with clients from strategy through execution to transform their businesses in areas such as business/ IT strategy, processes, organization, systems and risk. Infosys Consulting has 2,500+ people across the US, Europe, APAC and India from strategy / setting direction through execution, including operating and optimizing delivered solutions. IC-LS is dedicated to serving Life Sciences firms globally. Activities in scope for the requirement : Develop Responsible AI roadmap for the client to transition from current state to target state Perform AI governance maturity assessment to understand the current state Responsible AI capabilities and if required recommend the target state and outline a roadmap from AS-IS to TO-BE state. Identify Responsible AI principles applicable for different clients Identify risks associated with different use case themes like consumer facing chatbots, marketing use cases, contact center operations, etc. Identify risks associated due to data used, model being used, industry where AI product will operate, version of AI product, intended and impacted end users Categorize risk level of use cases based on EUR AI Act Recommend mitigation strategies against the risks identified and ensuring that the recommendations are implemented Identify relevant controls for organizations based on ISO 42001:2023 and NIST AI RMF Collaborate with Governance, risk and compliance team to help draft AI related documents Development of AI literacy roadmap based on regulatory requirements. Able to identify preliminary mitigation steps required to be followed for high-risk use cases Conduct Responsible AI knowledge sharing sessions for clients Recommend the suitable AI governance tool to the client based customized to their needs Lead client proposals around Responsible AI strategy and implementation Contribute to Responsible AI process refinement. Skill requirements : Mandatory Requirements : Experience in working on different types of risks related to AI – pre implementation, during implementation and post implementation Experience in categorizing risks & conducting RAI assessments for different types of use cases/applications/tools Experience in assessing both in-house and 3rd party procured AI/Gen AI applications to identify relevant risks Experience in working on go-to-market strategy with RAI offering/capability Experience in working on AI governance tools like OneTrust, Archer, IBM WatsonX Experience managing vendors and stakeholders for the end-to-end implementation of an AI governance solution at the organizational level. Understanding of global regulatory requirement related to AI development and implementation (EUR AI Act, NIST AI framework, ISO 42001:2023) Experience in working on training modules for Responsible AI implementation Display a strong awareness of the current landscape in terms of data and AI and associated risks. Display original thinking and ability to collaborate to ideate and implement innovative solutions to complex problems, aligned to the organization’s data and AI risk appetite Excellent communication skills, both verbal and written. Able to identify and establish relationships with senior stakeholders and be able to simplify complex problems to be quickly understood. Preferred Requirements: Master’s degree or local equivalent. Proven experience of Responsible AI or AI governance from a large organization. Experience in FMCG, FMCH, Pharmaceutical Industries. Knowledge of AI, Gen AI and RAI. Where are we hiring? Multiple Locations (India) Key words: Responsible AI , AI Governance, RAI assessments, RAI, AIGP, AI risks, RAI frameworks, AI risk management, Responsible AI compliance, Adherence to Responsible AI standards, Responsible AI maturity assessment

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. EY-Digital Risk – OT – Manager As part of our Risk Consulting, you will be joining the Digital Risk Consulting Team. As part of the Consulting, you will handle leading and managing OT security engagements for various clients across the MENA region. Working with Digital Risk team, you will also perform IT/IS/OT Risk assessment, IT/IS Governance, ERP reviews and conduct maturity assessment on the client’s current IT/IS/OT posture. The client base spans across various sectors and includes collaboration with other teams within Consulting services. The opportunity We are looking for a manager with expertise in IT/ OT Assessments/Framework Implementation to join the Digital Risk team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of our service offering. Your Key Responsibilities Responsible for working with multiple client engagements and teams at a Senior level within the MENA region. Lead and deliver OT Risk assessments, Architecture review, and maturity evaluation across DCS and ICS environments. You can expect to work with high level client personnel to address Information security, IT/OT Security and Business continuity risks. You are also expected to perform internal control testing, develop control frameworks, and provide internal audit services in IT/OT/InfoSec space for the MENA stakeholders. You will assess the client’s current state of internal controls and identify risks and subsequent recommendations. Working with client personnel to analyse, evaluate and enhance systems facilitating the process control, and assisting clients and other technology professionals in performing IT/OT control audits, IT/OT security framework development engagements. Mentor and coach junior team members, fostering their technical and professional development. Help develop/respond to go to market, RFP/RFI responses. Practice building Skills And Attributes For Success Strong knowledge of industrial control systems (ICS), SCADA systems, and other OT technologies. Good understanding of how OT and IT devices interact with each other and how OT devices work. Good to have knowledge of regulatory requirements and standards related to ICS/OT security (e.g., NIST, IEC 62443) Excellent communication and stakeholder management skills, especially in cross functional industrial settings. Experience with network security solutions, including firewalls, intrusion detection systems (IDS) etc. Analytical skills to screen through data and logs to identify the patterns indicative of cyber threats or threat actor methods. Effective communication skills for interacting with technical and non-technical colleagues and stakeholders. Demonstrating and applying strong project management skills, inspiring teamwork, and responsibility with engagement team members Relevant certifications are desirable. To qualify for the role, you must have A bachelor’s degree A minimum of 10-15 years of experience working as Information security professional with IT/IS/OT internal audit background in a professional services firm. Excellent communication skills with consulting experience preferred. A valid passport for travel. Ideally, you’ll also have B. Tech/ B.E. / B.Sc. / M. Sc. in Computer Applications / Engineering, or a related discipline. ISA 62443 expert, CISA, CISSP, GICSP (anyone certification is desired) What Working At EY Offers At EY, we are dedicated to helping our clients, from startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career. The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

Our client in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Our professionals provide the experience to help companies stay on track and deal with risks that could unhinge their business survival. Our services enable clients to effectively co-ordinate their key growth, quality and operational challenges and working in partnership with us, clients have the benefits of the client's experienced, objective, and industry-grounded viewpoints. Requirements Role & RESPONSIBILTY: Cyber Security Strategy and Governance Roles and Responsibilities: You will be responsible to perform multiple risk and gap assessments on various applications, services and Infrastructure components. You will be required to have impeccable interpersonal skill and will require to connect with various stakeholders across the globe. >> Skills: Knowledge of various Information Security Compliance and frameworks such as ISO 27001, NIST, etc Ability to understand and have experience in ISO 27001 : 2013 implementation for large organizations Ability to write information security policies and procedures as per best practices Possess understanding of key cyber security tools and solutions Ability to assess maturity of cyber security using various standards and guidelines Ability to "talk the security language" with client's management Possess excellent communication skills and should be willing to walk the extra mile on client delivery and excellence Must be an excellent team member and willing to participate in organization's initiatives on cyber security >> For Senior Managers: Should demonstrate capabilities of driving sales and engagement management for clients Should be a Technically capable of showcasing SME abilities on cyber security domains Candidates from other consulting firms will be preferred >> Certifications: Candidates must possess ISO 27001 : 2013 LI/LA and should be able to demonstrate their knowledge on the certified standard CISA, CISSP, CISM would be preferred Cloud certifications like CCSP, CompTIA would be an added advantage >> Educational Qualifications: Bachelor of Science / Bachelor in Engineering or Technology Masters program in Technology / IT or Information Security >> Compensation Compensation is competitive with industry standards Details of the compensation breakup will be shared with short-listed candidates only Benefits People BENEFITS Continuous learning program Driving a culture of recognition through ‘ENCORE' our quarterly rewards and recognition program Comprehensive medical insurance coverage for staff and family Expansive general and accidental coverage for staff Executive Health check-up (Manager & above, and for staff above the age of 30) Les Concierge desks Internal & Global mobility Various other people friendly initiatives Strong commitment to our Values such as CSR initiatives

Role: Security Engineer – Security Audit & Compliance Management Location: Turbhe Working Days: 6 days a week (Alternative Saturdays off) Salary Range - 22LPA Job Description: To ensure the organization's security controls, processes, and systems comply with internal policies, industry standards, and regulatory requirements by managing audits and driving continuous compliance improvements. Responsibilities: Lead and support internal and external audits (e.g., ISO 27001, SOC 2, PCI-DSS). Ensure security controls meet compliance obligations. Collaborate with teams to collect evidence, close audit findings, and improve security posture. Conduct compliance assessments and risk-based control reviews. Maintain documentation, compliance dashboards, and audit logs. Align security practices with frameworks like NIST, CIS, and COBIT. Monitor regulatory changes and update policies accordingly. Work with stakeholders to address gaps and enhance audit readiness. Promote a culture of compliance across the organization. Establish compliance framework including supporting policies, procedures, checklists, control narrations for new regulatory circulars and notification. Liase across organization for validating and improving security controls If you feel interested call or Whatsapp -8591744131